> Wrong. It leaks the whole content of both packets.
Tero - it's the L2 MIC that we're talking about. The packets aren't
encrypted at L2.
The entire contents of both packets is transmitted in the clear, by design.
End-to-end transport payloads SHOULD be encrypted (in my opinion),
but that's a different topic.
ksjp
On 4/13/2015 4:31 AM, Tero Kivinen wrote:
Kris Pister writes:
In HART, you join with EUI-64, and all transport sessions use that.
The network manager assigns and knows the mapping from two-byte
short address to EUI-64.
For the MIC at L2 your neighbors don't know or care what your real name is.
They just use the two byte (unique for this network) short address.
If the manager were to assign duplicate short addresses, then two or
more packets sent in the same ASN from the same short address would
have the same nonce and L2 MIC key, which is not good policy but
leaks exactly nothing.
Wrong. It leaks the whole content of both packets.
I.e. if you xor the packets together that will competely remove the
encryption and then you have xor of two plain text packets. From there
it is usually very easy to find out what the both frames contain.
Lets say another frame is some kind of temperature measurement packet,
and other is the frame reconfiguring the door keypad with new pin
code, then knowing what temperature actually was at the time when the
packet was sent, you can reconstruct the temperature measurement
packet and xoring that to the frame will give you the pin code...
There was some product which transmitted the WLAN WPA2 password over
the 802.15.4 radio without encryption, so even if "fix" the problem by
turning 802.15.4 encryption on this attack would still leak the
password out...
It seems like saying something along the lines of "don't use short
addresses in nonce construction if there is a chance that short
addresses will be duplicated with the same key" would be an
appropriate warning to see in -2015.
That is not enough. As I mentioned earlier you also need to make sure
there is no collisions between the short addresses and extended
addresses. You said that in 6tisch we only use short addresses, and
never use extended addresses for encrypted packets, but your text
would be meaningless if you cannot use extended address in those cases
where short addresses might get duplicated.
_______________________________________________
6tisch mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6tisch
