]> Sandelman Software Works

mcr+ietf@sandelman.ca

Internet 6tisch Working Group Internet-Draft Charter: The WG will continue working on securing the join process and making that fit within the constraints of high latency, low throughput and small frame sizes that characterize IEEE802.15.4 TSCH.

Enrollment of new nodes into LLNs present unique challenges. The constrained nodes has no user interfaces, and even if they did, configuring thousands of such nodes manually is undesireable from a human resources issue, as well as the difficulty in getting consistent results. This document is about a standard way to introduce new nodes into a 6tisch network that does not involve any direct manipulation of the nodes themselves. This act has been called "zero-touch" provisioning, and it does not occur by chance, but requires coordination between the manufacturer of the node, the service operator running the LLN, and the installers actually taking the devices out of the shipping boxes. In other installations (such as some factory/industrial settings, and for some utilities), it is possible to pass devices through a "provisioning" room of some kind where the device in factory default state may be touched once (via a cable, or a push button, or by being placed in a faraday cage, etc.) such that the devices can be initialized in a way specific to that installation. The devices are then returned to inventory, and may be deployed at some future time. The node is not provisioned with the current keying material, as the network will need to be regularly rekeyed (even the algorithms may change!), so in the one-touch provisioning case, the goal is simply to introduce some elements into the new node (the "pledge") such that the enrollment process will take less energy and fewer network resources.

In this document, the key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" are to be interpreted as described in BCP 14, RFC 2119 and indicate requirement levels for compliant STuPiD implementations. The following terminology is repeated from so as to have a common way to speak: The physical distribution of equipment containing the "factory default" configuration to a final destination. In zero-touch scenarios there is no staging or pre-configuration during drop-ship. the process where a device obtains the cryptographic key material to identity and trust future interactions with a network. This term is taken from Konrad Lorenz's work in biology with new ducklings: during a critical period, the duckling would assume that anything that looks like a mother duck is in fact their mother. An equivalent for a device is to obtain the fingerprint of the network's root certification authority certificate. A device that imprints on an attacker suffers a similar fate to a duckling that imprints on a hungry wolf. Securely imprinting is a primary focus of this document. anticipates this use. the process where a device presents key material to a network and acquires a network specific identity. For example when a certificate signing request is presented to a certification authority and a certificate is obtained in response. the prospective device, which has the identity provided to at the factory. Neither the device nor the network knows if the device yet knows if this device belongs with this network. This is definition 6, according to . A signed token from the manufacturer authorized signing authority indicating that the bootstrapping event has been successfully logged. This has been referred to as an "authorization token" indicating that it authorizes bootstrapping to proceed. A signed voucher from the vendor vouching that a specific domain "owns" the new entity as defined in .

In the zero-touch scenario, every device expected to be drop shipped would have an manufacturer installed certificate (MIC). The private key part of the certificate would either be generated in the device, or installed securely (and privately) as part of the manufacturer process. provides an example of process which has been active for a good part of a decade. The MIC would be signed by the manufacturer's CA, the public key component of that would be included in the firmware.

In a one-touch scenario, devices would be provided with some mechanism by which a secure association may be made in a controlled environment. There are many ways in which this might be done, and detailing any of them is out of scope for this document. But, some notion of how this might be done is important so that the underlying assumptions can be reasoned about. Some examples of how to do this could include: * JTAG interface * serial (craft) console interface * pushes of physical buttons simulatenous to network attachment * insecured devices operated in a Faraday cage There are likely many other ways as well. What is assumed is that there can be a secure, private conversation between the Join Coordination Entity, and the Pledge, and that the two devices can exchange some trusted bytes of information.

When a manufacturer installed certificate is provided as the IDevID, it SHOULD contain a number of fields. provides a detailed set of requirements. A manufacturer unique serial number MUST be provided in the serialNumber SubjectAltName extension, and MAY be repeated in the Common Name. There are no sequential or numeric requirements on the serialNumber, it may be any unique value that the manufacturer wants to use. The serialNumber SHOULD be printed on the packaging and/or on the device in a discrete way.

The goal of the bootstrap process is to introduce one or more new locally relevant credentials: a certificate signed by a local certificate authority/registrar. This is the LDevID of . alternatively, a network-wide key to be used to secure L2 traffic. alternatively, a network-wide key to be used to authenticate per-peer keying of L2 traffic using a mechanism such as provided by .

This document is about enrollment of constrained devices to a constrained network. Constrained networks is such as , and in particular the time-slotted, channel hopping (tsch) mode, feature low bandwidths, and limited opportunities to transmit. A key feature of these networks is that receivers are only listening at certain times.

802.15.4 networks have three kinds of layer-2 security: a network key that is shared with all nodes and is used for unicast and multicast. a series of network keys that are shared (agreed to) between pairs of nodes (the per-peer key) a network key that is shared with all nodes (through a group key management system), and is used for multicast traffic only Setting up the credentials to bootstrap one of these kinds of security, (or directly configuring the key itself for the first case) is required. This is the security below the IP layer. Security is required above the IP layer: there are three aspects which the credentials in the previous section are to be used. to provide for secure connection with a Path Computation Element , or other LLC (see ({RFC7554}} section 3). to initiate a connection between a Resource Server (RS) and an application layer Authorization Server (AS and CAS from ).

Perfert Forward Secrecy (PFS) is the property of a protocol such that complete knowledge of the crypto state (for instance, via a memory dump) at time X does not imply that data from a disjoint time Y can also be recovered. (). PFS is important for two reasons: one is that it offers protection against the compromise of a node. It does this by changing the keys in a non-deterministic way. This second property also makes it much easier to remove a node from the network, as any node which has not participated in the key changing process will find itself no longer connected.

The network which the new pledge will connect to will have to have the following properties: a known PANID. The PANID 0xXXXX where XXXX is the assigned RFC# for this document is suggested. a minimal schedule with some Aloha time. This is usually in the same slotframe as the Extended Beacon, but a pledge MUST listen for an unencrypted Extended Beacon to so that it can synchronize. a known K1 key, as described in section 10, and used for reasons similar to .

This section describes the interaction between a new pledge and the Join Assistant.

This time sequence diagram intentionally shows additional layer-2 and layer-3 interactions, in order to put the entire process into context.

(2) ------- QUERY----> (3) <------ REPLY----- (4) <--- NA answer---- (5) some time later <-----coaps--------<=======IPIP-COAPS==== (6) multiple trips ------------------->====================> (7) ]]>

A new pledge must listen for a beacon for a period of at least 2s (HELP) on each of the 16 possible channels. The pledge SHOULD collect all beacons from heard on all channels before selecting a beacon to start with. If the pledge is unable to record all of the beacons that it hears due to limitations on volatile storage, then it should at least attempt to record the detail as to how to find that beacon again (channel, time sequence). This search process entails having the pledge keep the receiver portion of it's radio active for the entire period of time. The selection of which beacon to start with is outside the scope of this document. Implementers SHOULD make use of information such as: whether the L2 address of the Beacon has been tried before, whether a Router Advertisement IE is present, any Network Identifier seen, and the strength of the signal. Once a candidate network has been selected, the pledge can transition into a low-power duty cycle, waking only when the provided schedule indicates ALOHA slots which the pledge may use for the join process.

If has not been used to embed a router advertisement in the Enhanced Beacon, then the pledge MUST wait to hear a Router Advertisement to know the layer-3 address of the adjacent router. These will be broadcast periodically during the ALOHA slot. A pledge MAY timeout and send a layer-2 unicast Router Solicitation (to the layer-2 of the Enhanced Beacon) to the layer-3 all-routers address. A pledge MAY also take this timeout to mean that this router is unwilling to perform Join Assistant activities and the pledge should move on to another Enhanced Beacon.

This NS message is formed much like a Duplicate Address Detection (DAD) message described in section-4.3: it is a solicitation by the pledge for it's own address. does not describe doing DAD for link-local address however, so this aspect is new. The Join Assistant will not validate the uniqueness using the DAR/DAC mechanism, but will otherwise process the NS as per normal: populating neighbor cache entries. The Join Assistant will take extra care with expiring neighbor cache entries: unsecured NS should never push secured NCE entries out of the cache or overwrite them. There are two equivalent ways to do this: marking the origin of the NCE and limiting unsecured ones to some portion of the entries; by considering unsecured NS to be arriving from a different virtual interface (different if_index) than secured ones. NCEs from different interfaces SHOULD already not be mixed. The pledge SHOULD NOT have configured a short Layer-2 address as it has no way to allocate a non-duplicate short address. It SHOULD have formed a standard 64-bit layer-3 link-local address using a built-in IID. This IID MUST be placed into the Address Resolution option (ARO) option in the Neighbor Soliciation, as it serves as the index by which the domain registrar will use to identify the device. The IID MAY be related to the layer-2 address, but privacy considerations recommend that the IID SHOULD instead be a form a stable privacy address . Whichever method is used MUST be decided at manufacturing time, as the IID is also repeated as the SerialNumber in the Manufacturer Installed Certificate (MIC), also referred to as the 802.1AR IDevID.

This step does not involve the pledge, and it is described in section (#jastates).

This step does not involve the pledge, and it is described in section (#jastates).

This NA message is again identical to the Duplicate Address Detection mechanism described in . The status field of the ARO is extended (see (#ianaconsiderations)) to include an additional status value ND_NS_JOIN_DECLINED. The pledge, upon receipt of ND_NS_JOIN_DECLINED considers that this network is not an appropriate network to join, and SHOULD move on to attempt other networks. The pledge MUST also realize that this NA message MAY have been forced, and it SHOULD attempt joining this network again at a future time, but MUST NOT repeatedly attempt to join the same network. The pledge, upon receipt of a Neighbor Cache Full response SHOULD attempt to join using a different join assistant on the same network. The pledge, upon receipt of a Duplicate Address response SHOULD attempt to join using a different join assistant on a different network, if it has such offers. If it has no such offers, it should wait at least NEIGHBOR-CACHE TIMEOUT, and then retry. This may be a sign of a Denial of Service attack, or it may be a non-malicious mis-configuration. Upon receive of a successful NA, the pledge SHOULD consider that it is now in enrolled in a join queue. The pledge SHOULD resend Neighbor Soliciation (NUD) messages periodically as described in to maintain the neighbor cache entry. A pledge with other Join Assistant offers MAY abandon this Join Assistant after a period of XXX minutes and attempt to join using a different Join Assistant.

| sleep 1m | | beacons |<----- +~~~~~~~~~~+ +----------------+ \______/ ^ | | V | no beacons +-----------------+ | remain | try next/first | | | beacon/sched |-----------------/ +-----------------+<____________ timeout | \--.<--. | send NS/DAD <-------. | | /-------->| w/ARO | | | | | timeout| | | | V retries<3 | | | | +-----------------+ | | | | | waiting for | | | | | | NA w/ARO |----------->----> | | +-----------------+ or invalid NA | | | | | | | | | | | V | | +-----------------+ DTLS failure | | | open DTLS 6p |--------------------/ | | for system | ^ | | keychain |<--------\ | | +-----------------+ | | | | | conclude | | | kill DTLS | not net | | | try again | looking | | | retries<3 | for | | V | | | +-----------------+ | | | | validate audit |---------/----------/ | |token posted to | does not validate | | proper URL | | +-----------------+ | | |too long | validate |try | audit |again | token | V | +-----------------+ \-| accept 6p trans-| | actions for new | | certificate | +-----------------+ | | receive new certificate, V restart with beacon X run appropriate KMP ]]>

The Join Assistant is a standard 6LR. It processes packets as described in , from secured (encrypted) sources. In particular the maintenance of Neighbor Cache Entries as described in section 3.5. The Join Assistant maintains two sets of NCE for each physical interface that it has: one set is for secured neighbors, and the other is for new pledges that wish to join. The storage allocated for pledges will generally be a small fraction of available space. The Join Assistant will garbage collect the different caches according to different thresholds. It MAY chose to free space from the insecure cache to make space for additional secure entries, but it MUST NOT do the opposite. It sends Enhanced Beacons which are authenticated with the network-wide key ("K2"), but it does not encrypt the Beacons. In addition, it listen for packets "encrypted" with the well-known "K1" key, and when it receives them, it considers them to be as "Insecure Packets". It MAY also accept unencrypted, unauthenticated packets as being "Insecure Packets" Non-Join Assistant 6LRs would never accept K1 packets, nor unauthenticated packets. Normal 6LRs and hosts MUST accept unencrypted Enhanced Beacons which can be authenticated with the "K2" key. In addition to seperating the secured and insecured packets for inbound processing, the Join Assistant also allocates a unique IID for the insecured interface. This IID is used to configure the Link Local address on that virtual interface. This Link Local address is called the Insecure Join Assistant Link Local, or IJALL. In addition, this IID is combined with the global prefix(es) (as found in various PIO(s) from the routing protocols). This additional address is configured as an alias on the loopback interface such that the Join Assistant can receive packets to this address via secured network. This activity SHOULD generate a routing protocol update (such as an updated DAO). This IID SHOULD be generated using a stable privacy address mechanism as described in . The easiest is to assign the insecure virtual interface a unique if_index. This new address is called the Pledge Tunnel End Point Address, or PTEPA.

Only the following insecure packets are to be accepted by the Join Assistant: Unicast Neighbor Solicitations. Unicast Link-Local UDP packets with a destination port that map to the Join Assistant's IPIP proxy.

Upon receipt of an insecure unicast NS with an ARO option, the Join Assistant looks up an NCE by the IID contained in the ARO in the insecure cache. If it finds an existing there are three possibilities: a lookup for this entry has previously been completed, and has resulted in a negative result. In this case, a negative ND_NS_JOIN_DECLINED NA is returned. The Join Assistant SHOULD rate limit the number of these messages that it is willing to return. a lookup for this entry has previously been done, and has resulted in a positive result. The NCE entry should be "refresh", to keep it in the cache for a longer period of time, and a new NA returned with a positive status. a lookup for this entry has previously been started, but no result has been received. In this case the Join Assistant SHOULD remain silent. The Join Assistant may wish to send a GRASP M_NOOP message to verify that the connection is still useable if it has not receive any traffic in some time. If it does not find an existing entry, and there is space for another entry, (or it can make space via garbage collection), then a new entry is created, marked to be "in progress", and a new GRASP 6JOIN query is initiated, see section (#6joingrasp).

There are three aspects to the protocols that the Join Assistant uses to communicate about its needs. They are: Discovery of Registrar Notification of new pledge to Registrar Passing of traffic from Pledge to Registar

The address of the registrar MAY be determined by other protocols, such as DHCP, RA or RPL extensions, or provisioned into the Join Assistant via other configuration protocol such as 6p. In order to support fully autonomic operations, the Join Assistant MAY use a GRASP discovery () to find the address of the Registrar. describes the details of the process. In 6tisch networks multicast is not always available, requiring additional protocol effort. Instead of doing a multicast GRASP discovery, the Join Assistant SHOULD instead to a TCP connect to the GRASP_LISTEN_PORT on the IP address of the DODAG root (when RPL is used as the routing protocol for 6tisch), or the ABRO address when another protocol is used. The Join Assistant should then issue the appropriate M_DISCOVERY method using the 6JOIN objective. The GRASP discovery will then reply using the same TCP connection as per Unicast Discovery in section TBD.

As illustrated in (#joindiagram), when the Join Assistant receives a Neighbor Solication from a pledge, it must notify the Registar of the pledge, indicating to it how to reach the new pledge. The Registrar will respond with a positive acknowledgement if the Registrar is willing/able to accept the pledge. The Registrar will respond with a negative acknowledgement if the provided pledge identity (the IID in the ARO) is not one that the Registrar recognizes as belonging to this network. The Registrar runs an ASA which is called the 6JOIN ASA (which can be discovered above). This query/response is done using GRASP with the discovered ASA process. The query process is described in CDDL as:

The response from the Registrar is describe as:

or for a negative response:

for the 6p-ipip, the Registrar will need to know where to send the IPIP packets to. The Join Assistant will initiate the TCP connection to the Registrar's ASA using the IPv6 address associated with the insecure interface on which the pledge is located, i.e. using the PTEPA.

When the Registrar is ready to initiate the pledge into the domain, the Registrar will reach out to the pledge using a secure CoAP protocol (6p). The security is provided using DTLS or EDHOC. As the pledge has only a link-local address, and the Registrar is not co-located on the same layer-2 as the pledge, the traffic must be relayed through the Join Assistant. To do this the Registrar needs to configure a Link Local address on a virtual inteface which is the same as the PTEPA derived address. The Registrar then sends it's traffic (UDP packets with CoAPS inside), inside of an IPIP header to the Join Assistant. The outer IP header is from the Registrar to the PTEPA. The inner IP is from the link local address configured above, and the destination is the Link Local address of the pledge. The Registrar knows the IJALL by taking the IID from the connection address above, and knows the Link Local of the pledge from the IID in the objective message. The Join Assistant, upon receipt of the IPIP traffic from the Registar on it's PTEPA, then decapsulates it and forwards it on the appropriate. (This is identical code to decapsulation of IPIP headers as specified in . The Join Assistant, upon receiving traffic from the pledge to the IJALL, it encapsulates it into an IPIP header, setting the source of this outer header to the PTEPA, and the destination being the Registrar. The Join Assistant can do this for as many pledges as the Registrar decides to communicate with, without using any additional per-pledge state other than the obligatory Neighbor Cache Entries needed to translate L3 addresses to L2 addresses.

details a number of privacy considerations important in Resource Constrained nodes. There are two networks and three sets of constrained nodes to consider. They are: 1. the production nodes on the production network. 2. the new pledges, which have yet to enroll, and which are on a join network. 3. the production nodes which are also acting as proxy nodes.

The details of this are out of scope for this document.

New Pledges do not yet receive Router Advertisements with PIO options, and so configure link-local addresses only based upon layer-2 addresses using the normal SLAAC mechanisms described in . These link-local addresses are visible to any on-link eavesdropper (who is synchronized to the same Join Assistant), so regardless of what is chosen they can be seen. This link-layer traffic is encapsulated by the Join Assistant into IPIP packets and carried to the JCE. The traffic SHOULD never leave the operator's network, and no outside traffic should enter, so it should not be possible to do any ICMP scanning as described in . The join process described herein requires that some identifier meaningful to the network operator be communicated to the JCE via the Neighbor Advertisement's ARO option. This need not be a manufacturer created EUI-64 as assigned by IEEE; it could be another value with higher entropy and less interesting vendor/device information. Regardless of what is chosen, it can be used to track where the device attaches. For most constrained device, network attachment occurs very infrequently, often only once in their lifetime, so tracking opportunities may be rare. Further, during the enrollment process, a DTLS connection connection will be created. Unless TLS1.3 is used, the device identity will be visible to passive observers in the 802.11AR IDevID certificate that is sent. Even when TLS1.3 is used, an active attacker could collect the information by simply connecting to the device; it would not have to successful complete the negotiation either, or even attempt to Man-In-The-Middle the device. There is, at the same time, significant value in avoiding a link-local DAD process by using an IEEE assigned EUI-64, and there is also significant advantage to the operator being able to see what the vendor of the new device is.

It is therefore suggested that the IID used in the link-local address used during the join process be a vendor assigned EUI-64. After the join process has concluded, the device SHOULD be assigned a unique randomly generated long address, and a unique short address (not based upon the vendor EUI-64) for use at link-layer. At that point, all layer-3 content is encrypted by the layer-2 key.

This document allocates one value from the subregistry "Address Registration Option Status Values": ND_NS_JOIN_DECLINED Join Assistant, JOIN DECLINED (TBD-AA)

&RFC2119; &I-D.ietf-6lo-privacy-considerations; &RFC7228; &I-D.ietf-anima-bootstrapping-keyinfra; &I-D.ietf-6tisch-minimal; &I-D.ietf-anima-grasp; &I-D.richardson-anima-6join-discovery; Cisco &RFC7217; &I-D.richardson-6lo-ra-in-ie; &RFC6775; &I-D.ietf-netconf-zerotouch; &RFC4655; &RFC7554; &RFC4191; &RFC7731; &I-D.ietf-roll-useofrplinfo; &I-D.ietf-ace-actors;

insert appendix here