[Docs] [txt|pdf|xml|html] [Tracker] [Email] [Nits]

Versions: 00

Delay-Tolerant Networking                                     E. Birrane
Internet-Draft                                                   JHU/APL
Intended status: Standards Track                            July 1, 2017
Expires: January 2, 2018


                  BPSec Interoperability Cipher Suites
                 draft-birrane-dtn-bpsec-interop-cs-00

Abstract

   This document defines a set of integrity and confidentiality cipher
   suites suitable for testing the interoperability of Bundle Protocol
   Security (BPSec) implementations.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 2, 2018.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.





Birrane                  Expires January 2, 2018                [Page 1]


Internet-Draft    BPSec Interoperability Cipher Suites         July 2017


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Requirements Language . . . . . . . . . . . . . . . . . . . .   3
   3.  Suite BIB-HMAC256-SHA256  . . . . . . . . . . . . . . . . . .   3
     3.1.  Cipher Suite Overview . . . . . . . . . . . . . . . . . .   3
     3.2.  Key Considerations  . . . . . . . . . . . . . . . . . . .   3
     3.3.  Canonicalization Algorithms . . . . . . . . . . . . . . .   3
     3.4.  Cipher Suite Parameter Definitions  . . . . . . . . . . .   3
     3.5.  Security Result Definitions . . . . . . . . . . . . . . .   4
   4.  Suite BCB-AES-GCM-128 . . . . . . . . . . . . . . . . . . . .   4
     4.1.  Cipher Suite Overview . . . . . . . . . . . . . . . . . .   4
     4.2.  Key Considerations  . . . . . . . . . . . . . . . . . . .   4
     4.3.  Canonicalization Algorithms . . . . . . . . . . . . . . .   5
     4.4.  Cipher Suite Parameter Definitions  . . . . . . . . . . .   5
     4.5.  Security Result Definitions . . . . . . . . . . . . . . .   5
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
     5.1.  Bundle Block Types  . . . . . . . . . . . . . . . . . . .   6
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   6
     6.1.  Normative References  . . . . . . . . . . . . . . . . . .   6
     6.2.  Informative References  . . . . . . . . . . . . . . . . .   7
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   7

1.  Introduction

   The Bundle Protocol Security (BPSec) [BPSEC] specification provides
   inter-bundle integrity and confidentiality features for networks
   deploying the Bundle Protocol (BP) [BPBIS].  BPSec defines a set of
   BP extension blocks to carry cipher suite results and associated
   meta-data, but does not define a common set of supported cipher
   suites.

   This document defines an integrity cipher suite and a confidentiality
   cipher suite suitable for populating BPSec Block Integrity Blocks
   (BIBs) and Block Confidentiality Blocks (BCBs), respectively.

   This purpose of the cipher suites described in this document is
   twofold.  First, these suites should be used to test the
   interoperability of BPSec implementations.  Second, this
   specification can serve as a template to be followed by other BPSec
   cipher suite authors.

   The intent of these cipher suite definitions is to provide a
   mechanism for interoperability testing.  There is no claim that these
   cipher suites are suitable for operational deployment in any
   particular networking scenario.





Birrane                  Expires January 2, 2018                [Page 2]


Internet-Draft    BPSec Interoperability Cipher Suites         July 2017


2.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   [RFC2119].

3.  Suite BIB-HMAC256-SHA256

3.1.  Cipher Suite Overview

   The integrity cipher suite provides a signed hash over the security
   target based on the use of the SHA-256 message digest algorithm
   [RFC4634] combined with HMAC [RFC2104] with a 256 bit truncation
   length.  This formulation is based on the HMAC 256/256 algorithm
   defined in [COSE] Table 7: HMAC Algorithm Values.

   The BIB-HMAC256-SHA256 ciphersuite has ciphersuite ID value 0x01.

3.2.  Key Considerations

   Keys used with this specification MUST be symmetric and 256 bits in
   length.

   This cipher suite provides no requirements on the configuration or
   management of keys.

3.3.  Canonicalization Algorithms

   BIB-HMAC256-SHA256 uses the standard canonicalization algorithms
   defined in BPSec and operates over the entire contents of the
   security target data block.  This ciphersuite does not include
   hashing over other parts of the target block header, such as the
   block type and block length.

3.4.  Cipher Suite Parameter Definitions

   BIB-HMAC256-SHA256 defines the following cipher suite parameters.













Birrane                  Expires January 2, 2018                [Page 3]


Internet-Draft    BPSec Interoperability Cipher Suites         July 2017


                       BIB-HMAC256-SHA256 Parameters

   +------+------+-----------+-----------------------------------------+
   | Parm | Parm | CBOR Type |               Description               |
   |  Id  | Name |           |                                         |
   +------+------+-----------+-----------------------------------------+
   |  1   | Key  |    byte   | Material encoded or proteted by the key |
   |      |      |   string  | management system and used to transport |
   |      |      |   (major  |  an ephemeral key protected by a long-  |
   |      |      |  type 2)  |                term key.                |
   +------+------+-----------+-----------------------------------------+

                                  Table 1

3.5.  Security Result Definitions

   BIB-HMAC256-SHA256 defines the following security results.

                    BIB-HMAC256-SHA256 Security Results

   +----------+-----------+---------------------+----------------------+
   |  Result  |   Result  |      CBOR Type      |     Description      |
   |    Id    |    Name   |                     |                      |
   +----------+-----------+---------------------+----------------------+
   |    1     |    Tag    |  byte string (major | The tag produced by  |
   |          |           |       type 2)       |        HMAC.         |
   +----------+-----------+---------------------+----------------------+

                                  Table 2

4.  Suite BCB-AES-GCM-128

4.1.  Cipher Suite Overview

   The confidentiality cipher suite provides cipher text to replace the
   data contents of the target block using the AES cipher operating in
   GCM mode [AES-GCM].  This formulation is based on the A128GCM
   algorithm defined in [COSE] Table 9: Algorithm Value for AES-GCM.

   The BCB-AES-GCM-128 ciphersuite has ciphersuite ID value 0x02.

4.2.  Key Considerations

   Keys used with this specification MUST be symmetric and 128 bits in
   length.

   This cipher suite provides no requirements on the configuration or
   management of keys.



Birrane                  Expires January 2, 2018                [Page 4]


Internet-Draft    BPSec Interoperability Cipher Suites         July 2017


4.3.  Canonicalization Algorithms

   BCB-AES-GCM-128 uses the standard canonicalization algorithms defined
   in BPSec and operates over the entire contents of the security target
   data block.  This ciphersuite does not include encryption over other
   parts of the target block header, such as the block type and block
   length.

4.4.  Cipher Suite Parameter Definitions

   BCB-AES-GCM-128 defines the following cipher suite parameters.  It
   should be noted in this specification there is no additional
   authenticated data passed in to the AES-GCM cipher.  The plaintext is
   the only data input and MUST be the data contents of the target
   block.

                        BCB-AES-GCM-128 Parameters

   +------+----------------+---------+---------------------------------+
   | Parm |   Parm Name    |   CBOR  |           Description           |
   |  Id  |                |   Type  |                                 |
   +------+----------------+---------+---------------------------------+
   |  1   |      Key       |   byte  | Material encoded or proteted by |
   |      |                |  string |  the key management system and  |
   |      |                |  (major |  used to transport an ephemeral |
   |      |                | type 2) |   key protected by a long-term  |
   |      |                |         |               key.              |
   |  2   | Initialization |   byte  |   The initialization vector. A  |
   |      |     Vector     |  string |    random value between 8-16    |
   |      |                |  (major | bytes. 12 bytes is recommended. |
   |      |                | type 2) |                                 |
   +------+----------------+---------+---------------------------------+

                                  Table 3

4.5.  Security Result Definitions

   BCB-AES-GCM-128 defines the following security results.  It should be
   noted that cipher-text is not a security result as the resultant
   cipher text is stored in the target block.  When operating in GCM
   mode, AES produces cipher-text of the same size as its plain-text
   and, therefore, no security results are necessary to capture padding
   information.








Birrane                  Expires January 2, 2018                [Page 5]


Internet-Draft    BPSec Interoperability Cipher Suites         July 2017


                     BCB-AES-GCM-128 Security Results

   +--------+----------------+-------------+---------------------------+
   | Result |  Result Name   |  CBOR Type  |        Description        |
   |   Id   |                |             |                           |
   +--------+----------------+-------------+---------------------------+
   |   1    | Authentication | byte string |  Output from the AES-GCM  |
   |        |      Tag       | (major type |  cipher. This value MUST  |
   |        |                |      2)     |     be 16 bytes long.     |
   +--------+----------------+-------------+---------------------------+

                                  Table 4

5.  IANA Considerations

5.1.  Bundle Block Types

   This specification allocates two block types from the existing "BPSec
   Cipher Suite IDs" registry defined in [BPSEC].

                    Additional BPSec Cipher Suite IDs:

              +-------+--------------------+---------------+
              | Value |    Description     |   Reference   |
              +-------+--------------------+---------------+
              |   1   | BIB-HMAC256-SHA256 | This document |
              |   2   |  BCB-AES-GCM-128   | This document |
              +-------+--------------------+---------------+

                                  Table 5

6.  References

6.1.  Normative References

   [AES-GCM]  Dworkin, M., "NIST Special Publication 800-38D:
              Recommendation for Block Cipher Modes of Operation:
              Galois/Counter Mode (GCM) and GMAC.", November 2007.

   [BPBIS]    Burleigh, S., Fall, K., and E. Birrane, "Bundle Protocol",
              draft-ietf-dtn-bpbis-06 (work in progress), July 2016.

   [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
              Hashing for Message Authentication", RFC 2104,
              DOI 10.17487/RFC2104, February 1997,
              <http://www.rfc-editor.org/info/rfc2104>.





Birrane                  Expires January 2, 2018                [Page 6]


Internet-Draft    BPSec Interoperability Cipher Suites         July 2017


   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC4634]  Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms
              (SHA and HMAC-SHA)", RFC 4634, DOI 10.17487/RFC4634, July
              2006, <http://www.rfc-editor.org/info/rfc4634>.

6.2.  Informative References

   [BPSEC]    Birrane, E. and K. McKeever, "Bundle Security Protocol",
              draft-ietf-dtn-bpsec-05 (work in progress), October 2015.

   [COSE]     Schaad, J., "CBOR Object Signing and Encryption (COSE)",
              draft-ietf-cose-msg-24 (work in progress), November 2016.

Author's Address

   Edward J. Birrane, III
   The Johns Hopkins University Applied Physics Laboratory
   11100 Johns Hopkins Rd.
   Laurel, MD  20723
   US

   Phone: +1 443 778 7423
   Email: Edward.Birrane@jhuapl.edu
























Birrane                  Expires January 2, 2018                [Page 7]


Html markup produced by rfcmarkup 1.122, available from https://tools.ietf.org/tools/rfcmarkup/