Kris Pister writes: > Alice and Bob make wireless temperature sensors that run a 6tisch stack. > Charlie owns a nationwide chain grocery store and is rolling out 6tisch > everywhere. > Zelda sells wireless toys that use 802.15.4e. > Mallory is always lurking. > > Charlie needs to decide if and how to use message integrity checks on > enhanced beacons. > He thinks that he has three options: > 1) don't use MICs on EBs. > 2) use MICs on EBs, with a secret key > 3) use MICs on EBs, with a well-known key
But the best option is to use option 4 4) Use MICs on EBs, with a secret key distributed during the joining process, and add vendor specific IE to identify the network. In this case the EBs are authenticated with MIC, but when the Alice and Bob's devices try to connect it they do not know the key, so they cannot verify the authentication information, but as the frames are not encrypted they can still see the vendor specfic IE, and check that it matches what they expect it to match. This way they will be able to filter out EBs which they want to hear. I.e. after finding the EB which has suitable IE they start joining process to that network. During that joining process they will get the secret key used to protect the EBs and secret key used to protect the normal data traffic. After that they can use the draft-ietf-6tisch-minimal to talk to the network, and they can use it securely as they can now authenticate the IEs sent in the EBs, and they know Mallory cannot fake those, as Mallory does not know the secret key, so they do not need to do any other protocol. If they would be using the option 3, they cannot trust anything EBs have, thus they cannot use draft-ietf-6tisch-minimal at all, as Mallory could mess up the network very easily by just sending few EBs with wrong data in IEs. Also now as the Charlie has IE which is used to separate the networks from each other, when it makes new network used for its cashier machines, and it does not want to share the cashier machine keys with the temperature sensors it wants to use different keys, and it also wants to make sure that the temperature sensors do not needlessly try to join the other network, he can just use different content for that IE. Also as the those two networks use different secret keys, both networks can trust the data sent on their EBs. This EB secret key is different for every site, and might even be rekeyed every now and then. And yes, Mallory can still send fake EBs with same IE content, trying to trick the temperature sensors to join his network, but as the joining process authentication fails, the temperature sensors will not join his network, but try to find better network i.e the real network. > But if Charlie uses option 3, a well-known key, Mallory will be able to > spoof EBs. > Of course, if he uses no MIC at all, Mallory will also be able to spoof EBs. And if Mallory can spoof EBs he can easily mess up the network completely. This also means that devices cannot use draft-ietf-6tisch-minimal as they cannot trust anything that is sent in the EBs, so some other protocol is used to know even the shared slots used to talk to anybody. > What should Charlie do? Use option 4... -- [email protected] _______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
