Pascal Thubert (pthubert) writes: > The fact that the MIC provides a protection against transmission > errors cannot be ignored. 2 octets CRC is really weak. Consequences > of undetected errors can be anything. CRC errors have blocked > transcontinental lines in the past, and there is no bug fix for > them. You have to change the protocol when you do things wrong. I > have seen that happen.
If you think it is too short, then you can select PHY that supports better error correction properties. Yes, MIC do provide better protection, but I doubt you really claim that 802.15.4 cannot be used at all without security as it only uses 2-octet CRC? If that is really true, then perhaps the 802.15.4 should make security mandatory... > When we have billions of devices, that will be millions of networks, > that's thousands of undetected EB transmission errors every whatever > period makes sense. Yes, and the issue will be what? When EBs are only used during the bootstrap process, then we are only interested in the few tens of seconds time window for the lifetime of the device. I.e. the joining node needs to receive ONE (1) EB properly before it can start joining the network. If this really is that big issue then implementations might keep on doing passive scan for longer and wait until they get for example 2-3 identical EBs from the same coordinator, and only after that try to join that network. This is something they can already do without any changes in any of the other nodes in the network. This will lengthen the initial passive scan from 10 seconds to 30 seconds. And if the EBs are used after that then proper K1 key will be needed, and that will protect them. > Do we have an analysis of what any combination of bits that are > wrong in a beacon may cause when undetected? No, but it is much more likely to have the attacker flipping those bits intentionally to get worst possible effect, than them getting flipped randomly so that the FCS still matches. I.e. the implementations MUST be able to cope with EBs having worst possible values regardless wheter the EBs are protected by the well-known key or no key at all. And, yes the security considerations section of the minimal should explain what kind of attacks can be done by sending "bad" EBs, and how those issues can be solved. -- [email protected] _______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
