Kris Pister writes: > In HART, you join with EUI-64, and all transport sessions use that. > The network manager assigns and knows the mapping from two-byte > short address to EUI-64. > > For the MIC at L2 your neighbors don't know or care what your real name is. > They just use the two byte (unique for this network) short address. > > If the manager were to assign duplicate short addresses, then two or > more packets sent in the same ASN from the same short address would > have the same nonce and L2 MIC key, which is not good policy but > leaks exactly nothing.
Wrong. It leaks the whole content of both packets. I.e. if you xor the packets together that will competely remove the encryption and then you have xor of two plain text packets. From there it is usually very easy to find out what the both frames contain. Lets say another frame is some kind of temperature measurement packet, and other is the frame reconfiguring the door keypad with new pin code, then knowing what temperature actually was at the time when the packet was sent, you can reconstruct the temperature measurement packet and xoring that to the frame will give you the pin code... There was some product which transmitted the WLAN WPA2 password over the 802.15.4 radio without encryption, so even if "fix" the problem by turning 802.15.4 encryption on this attack would still leak the password out... > It seems like saying something along the lines of "don't use short > addresses in nonce construction if there is a chance that short > addresses will be duplicated with the same key" would be an > appropriate warning to see in -2015. That is not enough. As I mentioned earlier you also need to make sure there is no collisions between the short addresses and extended addresses. You said that in 6tisch we only use short addresses, and never use extended addresses for encrypted packets, but your text would be meaningless if you cannot use extended address in those cases where short addresses might get duplicated. -- [email protected] _______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
