Hi, Rene and Steve Thanks for your comments.
First of all, one thing needs to clarify: each node shares a secret key with its neighbour as well as the base station, respectively. You are right that the current version does not describe the issue of multiple trust domains. If these multiple domains are managed by one base station (key centre), the proposed protocol can simplify be employed on this scenario. If these multiple domains have their own base station, there are 2 sub-scenarios: 1) if the sensor node know its destination base station, the current protocol can be use without any change, but extend the node's cache table to store the secret between node and these base stations. 2) if the sensor node cannot decide which base station is its destination, we need to modify the req message. One possible solution could let the req message carry a catenation of all of MACs with generated by the secret between the node and the basestaion, respectively. But I do not think it is a good solution because the req message would be longer and cost much more transit energy. Since the node has different keys with its neighbours respectively, one compromised router would not affect the entire system but its neighbour nodes. In the section 5, we briefed the security analysis. In fact, the protocol is similar with the well-known Kerberos protocol. Our protocol tries to reduce the handshake messages. Steve, could you please provide more information on your project? Regards and Thanks Qiu Ying > -----Original Message----- > From: Childress, Steve [mailto:[email protected]] > Sent: Thursday, October 28, 2010 4:12 AM > To: Rene Struik; QIU Ying > Cc: [email protected]; [email protected] > Subject: RE: [Roll] FW: New Version Notification fordraft-qiu-6lowpan- > secure-router-01 > > On: "What about the scenario where one has multiple trust domains (e.g., > when one procures sensors from > different vendors)?" > > This is the nature of our current project and implementation, using > 802.15.4 sans full NWK layer. > > Steve Childress > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Rene Struik > Sent: Wednesday, October 27, 2010 6:18 AM > To: QIU Ying > Cc: [email protected]; [email protected] > Subject: Re: [Roll] FW: New Version Notification > fordraft-qiu-6lowpan-secure-router-01 > > Hi Qiu: > > Thanks for your draft. > > Your draft seems to suggest a single trust domain, where each node > shares a secret key with the base station. What about the scenario where > > one has multiple trust domains (e.g., when one procures sensors from > different vendors)? Doesn't the security fall apart if a router gets > compromised? What prevents an adversary from replaying past (sensor > node, request) pairs and triggering traffic flows and key updates with > routers this way? > > Do you have a paper that provides a more formal analysis of the security > > properties provided by the protocol you suggest? > > Best regards, Rene > > On 27/10/2010 6:22 AM, QIU Ying wrote: > > http://tools.ietf.org/id/draft-qiu-6lowpan-secure-router-01.txt > > > > The title of the draft had been changed to "Lightweight Key > Establishment and Management Protocol in Dynamic Sensor Networks (KEMP)" > instead of "Lightweight Secure Router Protocol" in order to make the > work more clearly. It will be presented at ROLL WG. > > > > > Any comments are appreciated. > > > > Regards > > QIU Ying > > > > > > -----Original Message----- > > From: IETF I-D Submission Tool [mailto:[email protected]] > > Sent: Tuesday, October 26, 2010 6:22 AM > > To: [email protected] > > Cc: [email protected]; [email protected] > > Subject: New Version Notification for > draft-qiu-6lowpan-secure-router-01 > > > > > > A new version of I-D, draft-qiu-6lowpan-secure-router-01.txt has been > successfully submitted by QIU Ying and posted to the IETF repository. > > > > Filename: draft-qiu-6lowpan-secure-router > > Revision: 01 > > Title: Lightweight Key Establishment and Management > Protocol in Dymanmic Sensor Networks (KEMP) > > Creation_date: 2010-10-26 > > WG ID: Independent Submission > > Number_of_pages: 17 > > > > Abstract: > > When a sensor node roams within a very large and distributed wireless > > sensor network, which consists of numerous sensor nodes, its routing > > path and neighborhood keep changing. In order to provide a high > > level of security in this environment, the moving sensor node needs > > to be authenticated to new neighboring nodes as well as to establish > > a key for secure communication. The document proposes an efficient > > and scalable protocol to establish and update the secure key in a > > dynamic wireless sensor network environment. The protocol guarantees > > that two sensor nodes share at least one key with probability 1 > > (100%) with less memory and energy cost, while not causing > > considerable communication overhead. > > > > > > > > The IETF Secretariat. > > > > > > Institute for Infocomm Research disclaimer: "This email is > confidential and may be privileged. If you are not the intended > recipient, please delete it and notify us immediately. Please do not > copy or use it for any purpose, or disclose its contents to any other > person. Thank you." > > _______________________________________________ > > Roll mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/roll > > > -- > email: [email protected] > Skype: rstruik > cell: +1 (647) 867-5658 > USA Google voice: +1 (415) 690-7363 > > _______________________________________________ > Roll mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/roll Institute for Infocomm Research disclaimer: "This email is confidential and may be privileged. If you are not the intended recipient, please delete it and notify us immediately. Please do not copy or use it for any purpose, or disclose its contents to any other person. Thank you." _______________________________________________ 6lowpan mailing list [email protected] https://www.ietf.org/mailman/listinfo/6lowpan
