draft-ietf-roll-security-framework-04.txt   draft-ietf-roll-security-framework-05.txt 
Networking Working Group T. Tsao Networking Working Group T. Tsao
Internet-Draft R. Alexander Internet-Draft R. Alexander
Intended status: Informational Cooper Power Systems Intended status: Informational Cooper Power Systems
Expires: July 17, 2011 M. Dohler Expires: October 26, 2011 M. Dohler
CTTC CTTC
V. Daza V. Daza
A. Lozano A. Lozano
Universitat Pompeu Fabra Universitat Pompeu Fabra
January 13, 2011 April 24, 2011
A Security Framework for Routing over Low Power and Lossy Networks A Security Framework for Routing over Low Power and Lossy Networks
draft-ietf-roll-security-framework-04 draft-ietf-roll-security-framework-05
Abstract Abstract
This document presents a security framework for routing over low This document presents a security framework for routing over low
power and lossy networks (LLN). The development builds upon previous power and lossy networks (LLN). The development builds upon previous
work on routing security and adapts the assessments to the issues and work on routing security and adapts the assessments to the issues and
constraints specific to low power and lossy networks. A systematic constraints specific to low power and lossy networks. A systematic
approach is used in defining and evaluating the security threats and approach is used in defining and evaluating the security threats and
identifying applicable countermeasures. These assessments provide identifying applicable countermeasures. These assessments provide
the basis of the security recommendations for incorporation into low the basis of the security recommendations for incorporation into low
skipping to change at page 2, line 4 skipping to change at page 2, line 4
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 17, 2011. This Internet-Draft will expire on October 26, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 34 skipping to change at page 3, line 34
4.3.2. Network Traffic Forwarding Disruption . . . . . . . . 17 4.3.2. Network Traffic Forwarding Disruption . . . . . . . . 17
4.3.3. Communications Resource Disruption . . . . . . . . . . 18 4.3.3. Communications Resource Disruption . . . . . . . . . . 18
4.3.4. Node Resource Exhaustion . . . . . . . . . . . . . . . 19 4.3.4. Node Resource Exhaustion . . . . . . . . . . . . . . . 19
5. Countermeasures . . . . . . . . . . . . . . . . . . . . . . . 19 5. Countermeasures . . . . . . . . . . . . . . . . . . . . . . . 19
5.1. Confidentiality Attack Countermeasures . . . . . . . . . . 20 5.1. Confidentiality Attack Countermeasures . . . . . . . . . . 20
5.1.1. Countering Deliberate Exposure Attacks . . . . . . . . 20 5.1.1. Countering Deliberate Exposure Attacks . . . . . . . . 20
5.1.2. Countering Sniffing Attacks . . . . . . . . . . . . . 20 5.1.2. Countering Sniffing Attacks . . . . . . . . . . . . . 20
5.1.3. Countering Traffic Analysis . . . . . . . . . . . . . 21 5.1.3. Countering Traffic Analysis . . . . . . . . . . . . . 21
5.1.4. Countering Physical Device Compromise . . . . . . . . 22 5.1.4. Countering Physical Device Compromise . . . . . . . . 22
5.1.5. Countering Remote Device Access Attacks . . . . . . . 24 5.1.5. Countering Remote Device Access Attacks . . . . . . . 24
5.2. Integrity Attack Countermeasures . . . . . . . . . . . . . 24 5.2. Integrity Attack Countermeasures . . . . . . . . . . . . . 25
5.2.1. Countering Tampering Attacks . . . . . . . . . . . . . 25 5.2.1. Countering Tampering Attacks . . . . . . . . . . . . . 25
5.2.2. Countering Overclaiming and Misclaiming Attacks . . . 25 5.2.2. Countering Overclaiming and Misclaiming Attacks . . . 25
5.2.3. Countering Identity (including Sybil) Attacks . . . . 25 5.2.3. Countering Identity (including Sybil) Attacks . . . . 26
5.2.4. Countering Routing Information Replay Attacks . . . . 26 5.2.4. Countering Routing Information Replay Attacks . . . . 26
5.2.5. Countering Byzantine Routing Information Attacks . . . 26 5.2.5. Countering Byzantine Routing Information Attacks . . . 26
5.3. Availability Attack Countermeasures . . . . . . . . . . . 27 5.3. Availability Attack Countermeasures . . . . . . . . . . . 27
5.3.1. Countering HELLO Flood Attacks and ACK Spoofing 5.3.1. Countering HELLO Flood Attacks and ACK Spoofing
Attacks . . . . . . . . . . . . . . . . . . . . . . . 27 Attacks . . . . . . . . . . . . . . . . . . . . . . . 28
5.3.2. Countering Overload Attacks . . . . . . . . . . . . . 29 5.3.2. Countering Overload Attacks . . . . . . . . . . . . . 29
5.3.3. Countering Selective Forwarding Attacks . . . . . . . 30 5.3.3. Countering Selective Forwarding Attacks . . . . . . . 30
5.3.4. Countering Sinkhole Attacks . . . . . . . . . . . . . 30 5.3.4. Countering Sinkhole Attacks . . . . . . . . . . . . . 31
5.3.5. Countering Wormhole Attacks . . . . . . . . . . . . . 31 5.3.5. Countering Wormhole Attacks . . . . . . . . . . . . . 31
6. ROLL Security Features . . . . . . . . . . . . . . . . . . . . 32 6. ROLL Security Features . . . . . . . . . . . . . . . . . . . . 32
6.1. Confidentiality Features . . . . . . . . . . . . . . . . . 32 6.1. Confidentiality Features . . . . . . . . . . . . . . . . . 33
6.2. Integrity Features . . . . . . . . . . . . . . . . . . . . 33 6.2. Integrity Features . . . . . . . . . . . . . . . . . . . . 34
6.3. Availability Features . . . . . . . . . . . . . . . . . . 34 6.3. Availability Features . . . . . . . . . . . . . . . . . . 35
6.4. Additional Related Features . . . . . . . . . . . . . . . 35 6.4. Additional Related Features and Key Management . . . . . . 35
6.5. Consideration on Matching Application Domain Needs . . . . 35 6.5. Consideration on Matching Application Domain Needs . . . . 37
6.5.1. Security Architecture . . . . . . . . . . . . . . . . 36 6.5.1. Security Architecture . . . . . . . . . . . . . . . . 37
6.5.2. Mechanisms and Operations . . . . . . . . . . . . . . 38 6.5.2. Mechanisms and Operations . . . . . . . . . . . . . . 40
7. Application of ROLL Security Framework to RPL . . . . . . . . 40 7. Application of ROLL Security Framework to RPL . . . . . . . . 41
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 42 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 43
9. Security Considerations . . . . . . . . . . . . . . . . . . . 42 9. Security Considerations . . . . . . . . . . . . . . . . . . . 43
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 43 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 44
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 43 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 44
11.1. Normative References . . . . . . . . . . . . . . . . . . . 43 11.1. Normative References . . . . . . . . . . . . . . . . . . . 44
11.2. Informative References . . . . . . . . . . . . . . . . . . 44 11.2. Informative References . . . . . . . . . . . . . . . . . . 45
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 46 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 47
1. Introduction 1. Introduction
In recent times, networked electronic devices have found an In recent times, networked electronic devices have found an
increasing number of applications in various fields. Yet, for increasing number of applications in various fields. Yet, for
reasons ranging from operational application to economics, these reasons ranging from operational application to economics, these
wired and wireless devices are often supplied with minimum physical wired and wireless devices are often supplied with minimum physical
resources; the constraints include those on computational resources resources; the constraints include those on computational resources
(RAM, clock speed, storage), communication resources (duty cycle, (RAM, clock speed, storage), communication resources (duty cycle,
packet size, etc.), but also form factors that may rule out user packet size, etc.), but also form factors that may rule out user
skipping to change at page 10, line 21 skipping to change at page 10, line 21
for the functioning of the serving network. Availability will for the functioning of the serving network. Availability will
apply to maintaining efficient and correct operation of routing apply to maintaining efficient and correct operation of routing
and neighbor discovery exchanges (including needed information) and neighbor discovery exchanges (including needed information)
and forwarding services so as not to impair or limit the and forwarding services so as not to impair or limit the
network's central traffic flow function. network's central traffic flow function.
It is recognized that, besides those security issues captured in the It is recognized that, besides those security issues captured in the
CIA model, non-repudiation, that is, the assurance that the CIA model, non-repudiation, that is, the assurance that the
transmission and/or reception of a message cannot later be denied, transmission and/or reception of a message cannot later be denied,
may be a security requirement under certain circumstances. The may be a security requirement under certain circumstances. The
service of non-repudiation implies after-the-fact and thus relies on service of non-repudiation applies after-the-fact and thus relies on
the logging or other capture of on-going message exchanges and the logging or other capture of on-going message exchanges and
signatures. Applied to routing, non-repudiation will involve signatures. Applied to routing, non-repudiation will involve
providing some ability to allow traceability or network management providing some ability to allow traceability or network management
review of participants of the routing process including the ability review of participants of the routing process including the ability
to determine the events and actions leading to a particular routing to determine the events and actions leading to a particular routing
state. As such, non-repudiation of routing may thus be more useful state. As such, non-repudiation of routing may thus be more useful
when interworking with networks of different ownerships. For the LLN when interworking with networks of different ownerships. For the LLN
application domains as described in [RFC5548], [RFC5673], [RFC5826], application domains as described in [RFC5548], [RFC5673], [RFC5826],
and [RFC5867], particularly with regard to routing security, and [RFC5867], particularly with regard to routing security,
proactive measures are much more critical than retrospective proactive measures are much more critical than retrospective
skipping to change at page 11, line 29 skipping to change at page 11, line 29
from old inventory, over the lifetime of the network, also from old inventory, over the lifetime of the network, also
complicate the operations of key management. complicate the operations of key management.
Autonomous operations Autonomous operations
Self-forming and self-organizing are commonly prescribed Self-forming and self-organizing are commonly prescribed
requirements of LLNs. In other words, a routing protocol requirements of LLNs. In other words, a routing protocol
designed for LLNs needs to contain elements of ad hoc designed for LLNs needs to contain elements of ad hoc
networking and in most cases cannot rely on manual networking and in most cases cannot rely on manual
configuration for initialization or local filtering rules. configuration for initialization or local filtering rules.
Network topology/ownership changes, partitioning or merging, as Network topology/ownership changes, partitioning or merging, as
well as node replacement, can all contribute to key management well as node replacement, can all contribute to complicating
issues. the operations of key management.
Highly directional traffic Highly directional traffic
Some types of LLNs see a high percentage of their total traffic Some types of LLNs see a high percentage of their total traffic
traverse between the nodes and the LLN Border Routers (LBRs) traverse between the nodes and the LLN Border Routers (LBRs)
where the LLNs connect to non-LLNs. The special routing status where the LLNs connect to non-LLNs. The special routing status
of and the greater volume of traffic near the LBRs have routing of and the greater volume of traffic near the LBRs have routing
security consequences. In fact, when Point-to-MultiPoint security consequences. In fact, when Point-to-MultiPoint
(P2MP) and MultiPoint-to-Point (MP2P) traffic represents a (P2MP) and MultiPoint-to-Point (MP2P) traffic represents a
majority of the traffic, routing attacks consisting of majority of the traffic, routing attacks consisting of
advertising untruthfully preferred routes may cause serious advertising untruthfully preferred routes may cause serious
skipping to change at page 12, line 35 skipping to change at page 12, line 35
not found in the common circumstance of administered networked not found in the common circumstance of administered networked
routers. The following subsection sets up the security objectives routers. The following subsection sets up the security objectives
for the routing protocol designed by the ROLL WG. for the routing protocol designed by the ROLL WG.
3.4. ROLL Security Objectives 3.4. ROLL Security Objectives
This subsection applies the CIA model to the routing assets and This subsection applies the CIA model to the routing assets and
access points, taking into account the LLN issues, to develop a set access points, taking into account the LLN issues, to develop a set
of ROLL security objectives. of ROLL security objectives.
Since the fundament function of a routing protocol is to build routes Since the fundamental function of a routing protocol is to build
for forwarding packets, it is essential to ensure that routes for forwarding packets, it is essential to ensure that
o routing/topology information is not tampered during transfer and o routing/topology information is not tampered during transfer and
in storage; in storage;
o routing/topology information is not misappropriated; o routing/topology information is not misappropriated;
o routing/topology information is available when needed. o routing/topology information is available when needed.
In conjunction, it is necessary to be assured of In conjunction, it is necessary to be assured of
skipping to change at page 16, line 50 skipping to change at page 16, line 50
o Identity attacks, including Sybil attacks in which a malicious o Identity attacks, including Sybil attacks in which a malicious
node illegitimately assumes multiple identities; node illegitimately assumes multiple identities;
o Routing information replay. o Routing information replay.
4.3. Threats and Attacks on Availability 4.3. Threats and Attacks on Availability
The assessment in Section 3.2 indicates that the process and The assessment in Section 3.2 indicates that the process and
resources assets are exposed to availability threats; attacks of this resources assets are exposed to availability threats; attacks of this
category may exploit directly or indirectly information exchange or category may exploit directly or indirectly information exchange or
forwarding. forwarding (see [RFC4732] for a general discussion).
4.3.1. Routing Exchange Interference or Disruption 4.3.1. Routing Exchange Interference or Disruption
Interference or disruption of routing information exchanges will Interference or disruption of routing information exchanges will
allow unauthorized sources to influence the operation and convergence allow unauthorized sources to influence the operation and convergence
of the routing protocols by impeding the regularity of routing of the routing protocols by impeding the regularity of routing
information exchange. information exchange.
The forms of attack that allow interference or disruption of routing The forms of attack that allow interference or disruption of routing
exchange include exchange include
skipping to change at page 19, line 11 skipping to change at page 19, line 11
threats to the underlying transport network that supports routing is threats to the underlying transport network that supports routing is
considered beyond the scope of the current document. Nonetheless, considered beyond the scope of the current document. Nonetheless,
attacks on the subsystem will affect routing operation and so must be attacks on the subsystem will affect routing operation and so must be
directly addressed within the underlying subsystem and its directly addressed within the underlying subsystem and its
implemented protocol layers. implemented protocol layers.
4.3.4. Node Resource Exhaustion 4.3.4. Node Resource Exhaustion
A potential security threat to routing can arise from attempts to A potential security threat to routing can arise from attempts to
exhaust the node resource asset by initiating exchanges that can lead exhaust the node resource asset by initiating exchanges that can lead
to the undue utilization of exhaustion of processing, memory or to the undue utilization or exhaustion of processing, memory or
energy resources. The establishment and maintenance of routing energy resources. The establishment and maintenance of routing
neighbors opens the routing process to engagement and potential neighbors opens the routing process to engagement and potential
acceptance of multiple neighboring peers. Association information acceptance of multiple neighboring peers. Association information
must be stored for each peer entity and for the wireless network must be stored for each peer entity and for the wireless network
operation provisions made to periodically update and reassess the operation provisions made to periodically update and reassess the
associations. An introduced proliferation of apparent routing peers associations. An introduced proliferation of apparent routing peers
can therefore have a negative impact on node resources. can therefore have a negative impact on node resources.
Node resources may also be unduly consumed by the attackers Node resources may also be unduly consumed by the attackers
attempting uncontrolled topology peering or routing exchanges, attempting uncontrolled topology peering or routing exchanges,
skipping to change at page 20, line 31 skipping to change at page 20, line 31
an unauthorized entity during the exchange. an unauthorized entity during the exchange.
A prerequisite to countering this type of confidentiality attacks A prerequisite to countering this type of confidentiality attacks
associated with the routing/topology exchange is to ensure that the associated with the routing/topology exchange is to ensure that the
communicating nodes are authenticated prior to data encryption communicating nodes are authenticated prior to data encryption
applied in the routing exchange. Authentication ensures that the applied in the routing exchange. Authentication ensures that the
nodes are who they claim to be even though it does not provide an nodes are who they claim to be even though it does not provide an
indication of whether the node has been compromised. indication of whether the node has been compromised.
To prevent deliberate exposure, the process that communicating nodes To prevent deliberate exposure, the process that communicating nodes
use for establishing communication session keys must be symmetric at use for establishing communication session keys must be peer-to-peer,
each node so that neither node can independently weaken the between the routing initiating and responding nodes, so that neither
confidentiality of the exchange without the knowledge of its node can independently weaken the confidentiality of the exchange
communicating peer. A deliberate exposure attack will therefore without the knowledge of its communicating peer. A deliberate
require more overt and independent action on the part of the exposure attack will therefore require more overt and independent
offending node. action on the part of the offending node.
Note that the same measures which apply to securing routing/topology Note that the same measures which apply to securing routing/topology
exchanges between operational nodes must also extend to field tools exchanges between operational nodes must also extend to field tools
and other devices used in a deployed network where such devices can and other devices used in a deployed network where such devices can
be configured to participate in routing exchanges. be configured to participate in routing exchanges.
5.1.2. Countering Sniffing Attacks 5.1.2. Countering Sniffing Attacks
A sniffing attack seeks to breach routing confidentiality through A sniffing attack seeks to breach routing confidentiality through
passive, direct analysis and processing of the information exchanges passive, direct analysis and processing of the information exchanges
skipping to change at page 22, line 22 skipping to change at page 22, line 22
vulnerabilities to those associated with passive analysis. vulnerabilities to those associated with passive analysis.
One way in which passive traffic analysis attacks can be muted is One way in which passive traffic analysis attacks can be muted is
through the support of load balancing that allows traffic to a given through the support of load balancing that allows traffic to a given
destination to be sent along diverse routing paths. Where the destination to be sent along diverse routing paths. Where the
routing protocol supports load balancing along multiple links at each routing protocol supports load balancing along multiple links at each
node, the number of routing permutations in a wide area network node, the number of routing permutations in a wide area network
surges thus increasing the cost of traffic analysis. Network surges thus increasing the cost of traffic analysis. Network
analysis through this passive attack will require a wider array of analysis through this passive attack will require a wider array of
analysis points and additional processing on the part of the analysis points and additional processing on the part of the
attacker. In LLNs, the diverse radio connectivity and dynamic links attacker. Note however that where network traffic is dispersed as a
(including potential frequency hopping), or a complex wiring system countermeasure there may be implications beyond routing with regard
hidden from sight, will help to further mitigate traffic analysis to general traffic confidentiality. Another approach to countering
attacks when load balancing is implemented. passive traffic analysis could be for nodes to maintain constant
amount of traffic to different destinations through the generation of
arbitrary traffic flows; the drawback of course would be the
consequent overhead. In LLNs, the diverse radio connectivity and
dynamic links (including potential frequency hopping), or a complex
wiring system hidden from sight, will help to further mitigate
traffic analysis attacks when load balancing is also implemented.
The only means of fully countering a traffic analysis attack is The only means of fully countering a traffic analysis attack is
through the use of tunneling (encapsulation) where encryption is through the use of tunneling (encapsulation) where encryption is
applied across the entirety of the original packet source/destination applied across the entirety of the original packet source/destination
addresses. With tunneling there is a further requirement that the addresses. With tunneling there is a further requirement that the
encapsulating intermediate nodes apply an additional layer of routing encapsulating intermediate nodes apply an additional layer of routing
so that traffic arrives at the destination through dynamic routes. so that traffic arrives at the destination through dynamic routes.
For some LLNs, memory and processing constraints as well as the For some LLNs, memory and processing constraints as well as the
limitations of the communication channel will preclude both the limitations of the communication channel will preclude both the
additional routing traffic overhead and the node implementation additional routing traffic overhead and the node implementation
skipping to change at page 24, line 16 skipping to change at page 24, line 22
interfaces provided for remote software or firmware upgrades. This interfaces provided for remote software or firmware upgrades. This
may impact both routing information and routing/topology exchange may impact both routing information and routing/topology exchange
security where it leads to unauthorized upgrade or change to the security where it leads to unauthorized upgrade or change to the
routing protocol running on a given node as this type of attack can routing protocol running on a given node as this type of attack can
allow for the execution of compromised or intentionally malicious allow for the execution of compromised or intentionally malicious
routing code on multiple nodes. Countermeasures to this device routing code on multiple nodes. Countermeasures to this device
interface confidentiality attack needs to be addressed in the larger interface confidentiality attack needs to be addressed in the larger
context of node remote access security. This will ensure not only context of node remote access security. This will ensure not only
the authenticity of the provided code (including routing protocol) the authenticity of the provided code (including routing protocol)
but that the process is initiated by an authorized (authenticated) but that the process is initiated by an authorized (authenticated)
entity. entity. For example, digital signing of firmware by an authorized
entity will provide an appropriate countermeasure.
The above identified countermeasures against attacks on routing The above identified countermeasures against attacks on routing
information confidentiality through internal device interface information confidentiality through internal device interface
compromise must be part of the larger LLN system security as they compromise must be part of the larger LLN system security as they
cannot be addressed within the routing protocol itself. Similarly, cannot be addressed within the routing protocol itself. Similarly,
the use of field tools or other devices that allow explicit access to the use of field tools or other devices that allow explicit access to
node information must implement security mechanisms to ensure that node information must implement security mechanisms to ensure that
routing information can be protected against unauthorized access. routing information can be protected against unauthorized access.
These protections will also be external to the routing protocol and These protections will also be external to the routing protocol and
hence not part of ROLL. hence not part of ROLL.
skipping to change at page 24, line 38 skipping to change at page 24, line 45
5.1.5. Countering Remote Device Access Attacks 5.1.5. Countering Remote Device Access Attacks
Where LLN nodes are deployed in the field, measures are introduced to Where LLN nodes are deployed in the field, measures are introduced to
allow for remote retrieval of routing data and for software or field allow for remote retrieval of routing data and for software or field
upgrades. These paths create the potential for a device to be upgrades. These paths create the potential for a device to be
remotely accessed across the network or through a provided field remotely accessed across the network or through a provided field
tool. In the case of network management a node can be directly tool. In the case of network management a node can be directly
requested to provide routing tables and neighbor information. requested to provide routing tables and neighbor information.
To ensure confidentiality of the node routing information against To ensure confidentiality of the node routing information against
attacks through remote access, any device local or remote requesting attacks through remote access, any local or remote device requesting
routing information must be authenticated to ensure authorized routing information must be authenticated to ensure authorized
access. Since remote access is not invoked as part of a routing access. Since remote access is not invoked as part of a routing
protocol security of routing information stored on the node against protocol security of routing information stored on the node against
remote access will not be addressable as part of the routing remote access will not be addressable as part of the routing
protocol. protocol.
5.2. Integrity Attack Countermeasures 5.2. Integrity Attack Countermeasures
Integrity attack countermeasures address routing information Integrity attack countermeasures address routing information
manipulation, as well as node identity and routing information manipulation, as well as node identity and routing information
skipping to change at page 26, line 49 skipping to change at page 27, line 10
countermeasures that operate between the peer routing devices. countermeasures that operate between the peer routing devices.
Consistent with the end-to-end principle of communications, such an Consistent with the end-to-end principle of communications, such an
attack can only be fully addressed through measures operating attack can only be fully addressed through measures operating
directly between the routing entities themselves or by means of directly between the routing entities themselves or by means of
external entities able to access and independently analyze the external entities able to access and independently analyze the
routing information. Verification of the authenticity and liveliness routing information. Verification of the authenticity and liveliness
of the routing principals can therefore only provide a limited of the routing principals can therefore only provide a limited
counter against internal (Byzantine) node attacks. counter against internal (Byzantine) node attacks.
For link state routing protocols where information is flooded with For link state routing protocols where information is flooded with,
areas (OSPF) or levels (ISIS), countermeasures can be directly for example, areas (OSPF [RFC2328]) or levels (ISIS [RFC1142]),
applied by the routing entities through the processing and comparison countermeasures can be directly applied by the routing entities
of link state information received from different peers. By through the processing and comparison of link state information
comparing the link information from multiple sources decisions can be received from different peers. By comparing the link information
made by a routing node or external entity with regard to routing from multiple sources decisions can be made by a routing node or
information validity. external entity with regard to routing information validity.
For distance vector protocols where information is aggregated at each For distance vector protocols where information is aggregated at each
routing node it is not possible for nodes to directly detect routing node it is not possible for nodes to directly detect
Byzantine information manipulation attacks from the routing Byzantine information manipulation attacks from the routing
information exchange. In such cases, the routing protocol must information exchange. In such cases, the routing protocol must
include and support indirect communications exchanges between non- include and support indirect communications exchanges between non-
adjacent routing peers to provide a secondary channel for performing adjacent routing peers to provide a secondary channel for performing
routing information validation. S-RIP [Wan2004] is an example of the routing information validation. S-RIP [Wan2004] is an example of the
implementation of this type of dedicated routing protocol security implementation of this type of dedicated routing protocol security
where the correctness of aggregate distance vector information can where the correctness of aggregate distance vector information can
skipping to change at page 30, line 10 skipping to change at page 30, line 20
impact of an overload attack is to introduce traffic quotas. This impact of an overload attack is to introduce traffic quotas. This
prevents a malicious node from injecting a large amount of traffic prevents a malicious node from injecting a large amount of traffic
into the network, even though it does not prevent said node from into the network, even though it does not prevent said node from
injecting irrelevant traffic at all. Another method is to isolate injecting irrelevant traffic at all. Another method is to isolate
nodes from the network at the network layer once it has been detected nodes from the network at the network layer once it has been detected
that more traffic is injected into the network than allowed by a that more traffic is injected into the network than allowed by a
prior set or dynamically adjusted threshold. Finally, if prior set or dynamically adjusted threshold. Finally, if
communication is sufficiently secured, only trusted nodes can receive communication is sufficiently secured, only trusted nodes can receive
and forward traffic which also lowers the risk of an overload attack. and forward traffic which also lowers the risk of an overload attack.
Receiving nodes that validate signatures and sending nodes that
encrypt messages need to be cautious of cryptographic processing
usage when validating signatures and encrypting messages. Where
feasible, certificates should be validated prior to use of the
associated keys to counter potential resource overloading attacks.
Alternatively, resource management limits can be placed on routing
security processing events (see [RFC5751]).
5.3.3. Countering Selective Forwarding Attacks 5.3.3. Countering Selective Forwarding Attacks
Selective forwarding attacks are another form of DoS attack which Selective forwarding attacks are another form of DoS attack which
impacts the routing path availability. impacts the routing path availability.
An insider malicious node basically blends neatly in with the network An insider malicious node basically blends neatly in with the network
but then may decide to forward and/or manipulate certain packets. If but then may decide to forward and/or manipulate certain packets. If
all packets are dropped, then this attacker is also often referred to all packets are dropped, then this attacker is also often referred to
as a "black hole". Such a form of attack is particularly dangerous as a "black hole". Such a form of attack is particularly dangerous
if coupled with sinkhole attacks since inherently a large amount of if coupled with sinkhole attacks since inherently a large amount of
skipping to change at page 31, line 27 skipping to change at page 31, line 45
o dynamically pick up next hop from set of candidates; o dynamically pick up next hop from set of candidates;
o allow only trusted data to be received and forwarded. o allow only trusted data to be received and forwarded.
Whilst most of these countermeasures have been discussed before, the Whilst most of these countermeasures have been discussed before, the
use of geographical information deserves further attention. use of geographical information deserves further attention.
Essentially, if geographic positions of nodes are available, then the Essentially, if geographic positions of nodes are available, then the
network can assure that data is actually routed towards the intended network can assure that data is actually routed towards the intended
destination and not elsewhere. On the other hand, geographic destination and not elsewhere. On the other hand, geographic
position is a sensitive information that may have security and/or position is a sensitive information that has security and/or privacy
privacy consequences. consequences (see Section 6.1).
5.3.5. Countering Wormhole Attacks 5.3.5. Countering Wormhole Attacks
In wormhole attacks at least two malicious nodes shortcut or divert In wormhole attacks at least two malicious nodes shortcut or divert
the usual routing path by means of a low-latency out-of-band channel. the usual routing path by means of a low-latency out-of-band channel.
This changes the availability of certain routing paths and hence This changes the availability of certain routing paths and hence
constitutes a serious security breach. constitutes a serious security breach.
Essentially, two malicious insider nodes use another, more powerful, Essentially, two malicious insider nodes use another, more powerful,
transmitter to communicate with each other and thereby distort the transmitter to communicate with each other and thereby distort the
would-be-agreed routing path. This distortion could involve would-be-agreed routing path. This distortion could involve
shortcutting and hence paralyzing a large part of the network; it shortcutting and hence paralyzing a large part of the network; it
could also involve tunneling the information to another region of the could also involve tunneling the information to another region of the
network where there are, e.g., more malicious nodes available to aid network where there are, e.g., more malicious nodes available to aid
the intrusion or where messages are replayed, etc. In conjunction the intrusion or where messages are replayed, etc. In conjunction
skipping to change at page 33, line 11 skipping to change at page 33, line 31
With regard to confidentiality, protecting the routing/topology With regard to confidentiality, protecting the routing/topology
information from eavesdropping or unauthorized exposure is not information from eavesdropping or unauthorized exposure is not
directly essential to maintaining the routing function. Breaches of directly essential to maintaining the routing function. Breaches of
confidentiality may lead to other attacks or the focusing of an confidentiality may lead to other attacks or the focusing of an
attacker's resources (see Section 4.1) but does not of itself attacker's resources (see Section 4.1) but does not of itself
directly undermine the operation of the routing function. However, directly undermine the operation of the routing function. However,
to protect against, and improve vulnerability against other more to protect against, and improve vulnerability against other more
direct attacks, routing information confidentiality should be direct attacks, routing information confidentiality should be
protected. Thus, a secured ROLL protocol protected. Thus, a secured ROLL protocol
o SHOULD provide payload encryption; o MUST implement payload encryption;
o SHOULD provide privacy when geographic information is used (see, o MUST provide privacy when geographic information is used (see,
e.g., [RFC3693]); e.g., [RFC3693]);
o MAY provide tunneling; o MAY provide tunneling;
o MAY provide load balancing. o MAY provide load balancing.
Where confidentiality is incorporated into the routing exchanges, Where confidentiality is incorporated into the routing exchanges,
encryption algorithms and key lengths need to be specified in encryption algorithms and key lengths need to be specified in
accordance of the level of protection dictated by the routing accordance of the level of protection dictated by the routing
protocol and the associated application domain transport network. In protocol and the associated application domain transport network. In
skipping to change at page 33, line 37 skipping to change at page 34, line 9
employed, physical, procedural, and logical data access protection employed, physical, procedural, and logical data access protection
considerations may have more significant impact on cryptoperiod considerations may have more significant impact on cryptoperiod
selection than algorithm and key size factors. Nevertheless, in selection than algorithm and key size factors. Nevertheless, in
general, shorter cryptoperiods, during which a single key is applied, general, shorter cryptoperiods, during which a single key is applied,
will enhance security. will enhance security.
Given the mandatory protocol requirement to implement routing node Given the mandatory protocol requirement to implement routing node
authentication as part of routing integrity (see Section 6.2), key authentication as part of routing integrity (see Section 6.2), key
exchanges may be coordinated as part of the integrity verification exchanges may be coordinated as part of the integrity verification
process. This provides an opportunity to increase the frequency of process. This provides an opportunity to increase the frequency of
key exchange and shorten the cryptoperiod as a compliment to the key key exchange and shorten the cryptoperiod as a complement to the key
length and encryption algorithm required for a given application length and encryption algorithm required for a given application
domain. For LLNs, the coordination of confidentiality key management domain. For LLNs, the coordination of confidentiality key management
with the implementation of node device authentication can thus reduce with the implementation of node device authentication can thus reduce
the overhead associated with supporting data confidentiality. A new the overhead associated with supporting data confidentiality. If a
ciphering key may therefore be concurrently generated or updated in new ciphering key is concurrently generated or updated in conjunction
conjunction with the mandatory authentication exchange occurring with with the mandatory authentication exchange occurring with each
each routing peer association. routing peer association, signaling exchange overhead can be reduced.
6.2. Integrity Features 6.2. Integrity Features
The integrity of routing information provides the basis for ensuring The integrity of routing information provides the basis for ensuring
that the function of the routing protocol is achieved and maintained. that the function of the routing protocol is achieved and maintained.
To protect integrity, a secured ROLL protocol To protect integrity, a secured ROLL protocol
o MUST verify message integrity;
o MUST provide and verify message integrity (including integrity of
the encrypted message when confidentiality is applied);
o MUST verify the authenticity and liveliness of both principals of o MUST verify the authenticity and liveliness of both principals of
a connection (independent of the device interface over which the a connection (independent of the device interface over which the
information is received or accessed); information is received or accessed);
o MUST verify message sequence; o MUST verify message sequence;
o SHOULD incorporate protocol-specific parameter validity range o SHOULD incorporate protocol-specific parameter validity range
checks, change increments and message event frequency checks, etc. checks, change increments and message event frequency checks, etc.
as a means of countering intentional or unintentional Byzantine as a means of countering intentional or unintentional Byzantine
threats; threats;
o MAY incorporate external consistency checking and auditing of o MAY incorporate external consistency checking and auditing of
routing information to protect against intentional or routing information to protect against intentional or
unintentional Byzantine-induced network anomalies. unintentional Byzantine-induced network anomalies.
In conjunction with the integrity protection requirements, a secured
ROLL protocol SHOULD log, against the offending node, any security
failure that occurs after a valid integrity check. The record of
such failures (as may result, for example, from incorrect security
policy configuration) can provide the basis for nodes to avoid
initiating routing access to the offender or used for further system
countermeasures in the case of potential insider attacks. All
integrity security failures SHOULD be logged, where feasible, but
cannot be reliably considered as against the offending source(s).
Depending on the nature of the routing protocol, e.g., distance Depending on the nature of the routing protocol, e.g., distance
vector or link state, additional measures may be necessary when the vector or link state, additional measures may be necessary when the
validity of the routing information is of concern. Specifically, validity of the routing information is of concern. In the most basic
verification of routing peer authenticity and liveliness can be used form, verification of routing peer authenticity and liveliness can be
to build a "chain of trust" along the path the routing information used to build a "chain of trust" along the path the routing
flows, such that network-wide information is validated through the information flows, such that network-wide information is validated
concatenation of trust established at each individual routing peer through the concatenation of trust established at each individual
exchange. This is particularly important in the case of distance routing peer exchange. This is particularly important in the case of
vector-based routing protocols, where information is updated at distance vector-based routing protocols, where information is updated
intermediate nodes, In such cases, there are no direct means within at intermediate nodes, In such cases, there are no direct means
routing for a receiver to verify the validity of the routing within routing for a receiver to verify the validity of the routing
information beyond the current exchange; as such, nodes would need to information beyond the current exchange; as such, nodes would need to
be able to communicate and request information from non-adjacent be able to communicate and request information from non-adjacent
peers (see [Wan2004]) to provide information integrity assurances. peers (see [Wan2004]) to provide information integrity assurances.
With link state-based protocols, on the other hand, routing With link state-based protocols, on the other hand, routing
information can be signed at the source thus providing a means for information can be signed at the source thus providing a means for
validating information that originates beyond a routing peer. validating information that originates beyond a routing peer.
Therefore, where necessary, a secured ROLL protocol MAY use security Therefore, where necessary, a secured ROLL protocol MAY use security
auditing mechanisms that are external to routing to verify the auditing mechanisms that are external to routing to verify the
validity of the routing information content exchanged among routing validity of the routing information content exchanged among routing
peers. peers.
skipping to change at page 35, line 16 skipping to change at page 35, line 46
o MAY use multiple paths; o MAY use multiple paths;
o MAY use multiple destinations; o MAY use multiple destinations;
o MAY choose randomly if multiple paths are available; o MAY choose randomly if multiple paths are available;
o MAY set quotas to limit transmit or receive volume; o MAY set quotas to limit transmit or receive volume;
o MAY use geographic insights for flow control. o MAY use geographic insights for flow control.
6.4. Additional Related Features 6.4. Additional Related Features and Key Management
If a LLN employs multicast and/or anycast, it MUST secure these If a LLN employs multicast and/or anycast, it MUST secure these
mechanisms with the services listed in this sections. Furthermore, mechanisms with the services listed in this sections. Furthermore,
the nodes MUST provide adequate physical tamper resistance to ensure the nodes MUST provide adequate physical tamper resistance to ensure
the integrity of stored routing information. the integrity of stored routing information.
The functioning of the security services requires keys and The functioning of the security services requires keys and
credentials. Therefore, even though not directly a ROLL security credentials. Therefore, even though not directly a ROLL security
requirement, a LLN must include a process for key and credential requirement, a LLN MUST have a process for key and credential
distribution; a LLN is encouraged to have procedures for their distribution, as well as secure storage within the associated devices
revocation and replacement. Correspondingly, the routing protocol(s) (including use of trusted platform modules where feasible and
specified by the ROLL Working Group should assume that the system appropriate to the operating environment). A LLN is encouraged to
affords key management mechanisms consistent with the guidelines have automatic procedures for the revocation and replacement of
given in [RFC4107]. Based on that RFC's recommendations, many LLNs, maintained security credentials.
particularly given the intended scale and ad hoc device associations,
will satisfy the requirement for supporting automated key management
in conjunction with the routing protocol operation.
6.5. Consideration on Matching Application Domain Needs Individual routing peer associations and signaling exchanges will
require the generation and use of keys that may be derived from
public key exchanges or obtained through other device configuration
means. Correspondingly, the routing protocol(s) specified by the
ROLL Working Group will assume the provision of key management
mechanisms consistent with the guidelines given in [RFC4107]. Based
on that RFC's recommendations, many LLNs, particularly given the
intended scale and ad hoc device associations, will satisfy the
requirement for supporting automated key management in conjunction
with the routing protocol operation. These automated routing session
keys may be derived from pre-stored security credentials or other
authenticated key management mechanisms.
As routing is one component of a LLN system, the actual strength of The use of a public key infrastructure (PKI), where feasible, can be
the security services afforded to it should be made to conform to used to support authenticated key management and the distribution of
each system's security policy; how a design may address the needs of routing security keying material. Note that where the option for a
the urban, industrial, home automation, and building automation PKI is supported for security of the routing protocol itself, the
application domains is considered as part of the security routing protocol MUST include provisions for public certificates to
architecture in Section 6.5.1. be included or referenced within routing messages to allow a node's
public key to be shared with communicating peers. Even if the
certificate itself is not distributed by the node, there needs to be
a mechanism to inform the receiving node where to find the
certificate and obtain associated validation information; see
[RFC3029] for an example of the kind of localized PKI support that
may be applied in a given LLN environment. Where PKI systems are not
feasible, the key management system must support means for secure
configuration, device authentication, and adherence to secure key
wrapping principles for the secure distribution and update of device
keys.
The development so far takes into account collectively the impacts of LLN routing protocols SHOULD be designed to allow the use of existing
the issues gathered from [RFC5548], [RFC5673], [RFC5826], and and validated key management schemes. As part of the LLN
[RFC5867]. The following two subsections first consider from an optimization, these schemes may be independent of the routing
architectural perspective how the security design of a ROLL protocol protocol and part of the broader LLN system security specifications.
may be made to adapt to the four application domains, and then Where key management is defined separate from the routing protocol
examine mechanism and protocol operations issues. security, LLN application domains can appropriately employ IETF-
standard key management specifications. Established key management
solutions such as IKE [RFC5996] or MIKEY [RFC3830], which supports
several alternative private, public, or Diffie-Hellman key
distribution methods (see [RFC5197]), can thus be adapted for use in
LLNs. Group key management and distribution methods may also be
developed based on the architecture principles defined in MSEC
[RFC4046].
6.5. Consideration on Matching Application Domain Needs
Providing security within an LLN requires considerations that extend
beyond routing security to the broader LLN application domain
security implementation. In other words, as routing is one component
of a LLN system, the actual strength of the implemented security
algorithms for the routing protocol MUST be made to conform to the
system's target level of security. The development so far takes into
account collectively the impacts of the issues gathered from
[RFC5548], [RFC5673], [RFC5826], and [RFC5867]. The following two
subsections first consider from an architectural perspective how the
security design of a ROLL protocol may be made to adapt to the four
application domains, and then examine mechanisms and protocol
operations issues.
6.5.1. Security Architecture 6.5.1. Security Architecture
The first challenge for a ROLL protocol security design is to have an The first challenge for a ROLL protocol security design is to have an
architecture that can adequately address a set of very diversified architecture that can adequately address a set of very diversified
needs. It is mainly a consequence of the fact that there are both needs. It is mainly a consequence of the fact that there are both
common and non-overlapping requirements from the four application common and non-overlapping requirements from the four application
domains, while, conceivably, each individual application will present domains, while, conceivably, each individual application will present
yet its own unique constraints. yet its own unique constraints.
skipping to change at page 36, line 44 skipping to change at page 38, line 15
of the network, security measures implemented as part of the routing of the network, security measures implemented as part of the routing
protocol will be redundant to security measures implemented elsewhere protocol will be redundant to security measures implemented elsewhere
as part of the protocol stack. as part of the protocol stack.
Security mechanisms built into the routing protocol can ensure that Security mechanisms built into the routing protocol can ensure that
all desired countermeasures can be directly addressed by the protocol all desired countermeasures can be directly addressed by the protocol
all the way to the endpoint of the routing exchange. In particular, all the way to the endpoint of the routing exchange. In particular,
routing protocol Byzantine attacks by a compromised node that retains routing protocol Byzantine attacks by a compromised node that retains
valid network security credentials can only be detected at the level valid network security credentials can only be detected at the level
of the information exchanged within the routing protocol. Such of the information exchanged within the routing protocol. Such
attacks aimed the manipulation of the routing information can only be attacks aimed at the manipulation of the routing information can only
fully addressed through measures operating directly between the be fully addressed through measures operating directly between the
routing entities themselves or external entities able to access and routing entities themselves or external entities able to access and
analyze the routing information (see discussion in Section 5.2.5). analyze the routing information (see discussion in Section 5.2.5).
On the other hand, it is more desirable from a LLN device perspective On the other hand, it is more desirable from a LLN device perspective
that the ROLL protocol is integrated into the framework of an overall that the ROLL protocol is integrated into the framework of an overall
system architecture where the security facility may be shared by system architecture where the security facility may be shared by
different applications and/or across layers for efficiency, and where different applications and/or across layers for efficiency, and where
security policy and configurations can be consistently specified. security policy and configurations can be consistently specified.
See, for example, considerations made in RIPng [RFC2080] or the See, for example, considerations made in RIPng [RFC2080] or the
approach presented in [Messerges2003]. approach presented in [Messerges2003].
skipping to change at page 37, line 32 skipping to change at page 39, line 4
required for authenticating network traffic, that security provision required for authenticating network traffic, that security provision
can then meet the requirement needed for authentication of routing can then meet the requirement needed for authentication of routing
exchanges. In addition, in the context of the different LLN exchanges. In addition, in the context of the different LLN
application domains, the level of security specified for routing can application domains, the level of security specified for routing can
and should be consistent with that considered appropriate for and should be consistent with that considered appropriate for
protecting the network within the given environment. protecting the network within the given environment.
A ROLL protocol MUST be made flexible by a design that offers the A ROLL protocol MUST be made flexible by a design that offers the
configuration facility so that the user (network administrator) can configuration facility so that the user (network administrator) can
choose the security settings that match the application's needs. choose the security settings that match the application's needs.
Furthermore, in the case of LLNs that flexibility should extend to
Furthermore, in the case of LLNs that flexibility SHOULD extend to
allowing the routing protocol security requirements to be met by allowing the routing protocol security requirements to be met by
measures applied at different protocol layers, provided the measures applied at different protocol layers, provided the
identified requirements are collectively met. identified requirements are collectively met.
Since Byzantine attacks that can affect the validity of the Since Byzantine attacks that can affect the validity of the
information content exchanged between routing entities can only be information content exchanged between routing entities can only be
directly countered at the routing protocol level, the ROLL protocol directly countered at the routing protocol level, the ROLL protocol
may support mechanisms for verifying routing data validity that MAY support mechanisms for verifying routing data validity that
extends beyond the chain of trust created through device extends beyond the chain of trust created through device
authentication. This protocol-specific security mechanism should be authentication. This protocol-specific security mechanism SHOULD be
made optional within the protocol allowing it to be invoked according made optional within the protocol allowing it to be invoked according
to the given routing protocol and application domain and as selected to the given routing protocol and application domain and as selected
by the system user. All other ROLL security mechanisms needed to by the system user. All other ROLL security mechanisms needed to
meet the above identified routing security requirements should be meet the above identified routing security requirements can be
flexibly implemented within the transport network (at the IP network flexibly implemented within the transport network (at the IP network
layer or higher or lower protocol layers(s)) according to the layer or higher or lower protocol layers(s)) according to the
particular application domain and user network configuration. particular application domain and user network configuration.
Based on device capabilities and the spectrum of operating Based on device capabilities and the spectrum of operating
environments it would be difficult for a single fixed security design environments it would be difficult for a single fixed security design
to be applied to address the diversified needs of the urban, to be applied to address the diversified needs of the urban,
industrial, home, and building ROLL application domains, and industrial, home, and building ROLL application domains, and
foreseeable others, without forcing a very low common denominator set foreseeable others, without forcing a very low common denominator set
of requirements. On the other hand, providing four individual domain of requirements. On the other hand, providing four individual domain
designs that attempt to a priori match each individual domain is also designs that attempt to a priori match each individual domain is also
very likely to provide a suitable answer given the degree of network very likely to provide a suitable answer given the degree of network
variability even within a given domain; furthermore, the type of link variability even within a given domain; furthermore, the type of link
layers in use within each domain also influences the overall layers in use within each domain also influences the overall
security. security.
Instead, the framework implementation approach recommended for Instead, the framework implementation approach recommended for
optional, routing protocol-specific measures that may be applied optional, routing protocol-specific measures that can be applied
separate from or together with flexible transport network mechanisms. separate from or together with flexible transport network mechanisms.
Protocol-specific measures include the specification of valid Protocol-specific measures include the specification of valid
parameter ranges, increments and/or event frequencies that can be parameter ranges, increments and/or event frequencies that can be
verified by individually routing devices. In addition to deliberate verified by individually routing devices. In addition to deliberate
attacks this allows basic protocol sanity checks against attacks this allows basic protocol sanity checks against
unintentional mis-configuration. Transport network mechanisms would unintentional mis-configuration. Transport network mechanisms would
include out-of-band communications that may be defined to allow an include out-of-band communications that may be defined to allow an
external entity to request and process individual device information external entity to request and process individual device information
as a means to deriving an external verification of the derived as a means to deriving an external verification of the derived
network routing to identify the existence of intention or network routing to identify the existence of intention or
skipping to change at page 38, line 47 skipping to change at page 40, line 19
6.5.2. Mechanisms and Operations 6.5.2. Mechanisms and Operations
With an architecture allowing different configurations to meet the With an architecture allowing different configurations to meet the
application domain needs, the task is then to find suitable application domain needs, the task is then to find suitable
mechanisms. For example, one of the main problems of synchronizing mechanisms. For example, one of the main problems of synchronizing
security states of sleepy nodes, as listed in the last subsection, security states of sleepy nodes, as listed in the last subsection,
lies in difficulties in authentication; these nodes may not have lies in difficulties in authentication; these nodes may not have
received in time the most recent update of security material. received in time the most recent update of security material.
Similarly, the issues of minimal manual configuration, prolonged Similarly, the issues of minimal manual configuration, prolonged
rollout and delayed addition of nodes, and network topology changes rollout and delayed addition of nodes, and network topology changes
also complicate security management. In such case the ROLL protocol also complicate security management. In many cases the ROLL protocol
may need to bootstrap the authentication process and allow for may need to bootstrap the authentication process and allow for
flexible expiration scheme of authentication credentials. This flexible expiration scheme of authentication credentials. This
exemplifies the need for the coordination and interoperation between exemplifies the need for the coordination and interoperation between
the requirements of the ROLL routing protocol and that of the system the requirements of the ROLL routing protocol and that of the system
security elements. security elements.
Similarly, the vulnerability brought forth by some special-function Similarly, the vulnerability brought forth by some special-function
nodes, e.g., LBRs requires the assurance, particularly, of the nodes, e.g., LBRs requires the assurance, particularly, of the
availability of communication channels and node resources, or that availability of communication channels and node resources, or that
the neighbor discovery process operates without undermining routing the neighbor discovery process operates without undermining routing
skipping to change at page 43, line 22 skipping to change at page 44, line 22
acknowledge the guidance and input provided by the ROLL Chairs, David acknowledge the guidance and input provided by the ROLL Chairs, David
Culler and JP Vasseur, and the Area Director Adrian Farrel. Culler and JP Vasseur, and the Area Director Adrian Farrel.
11. References 11. References
11.1. Normative References 11.1. Normative References
[I-D.ietf-6man-rpl-option] [I-D.ietf-6man-rpl-option]
Hui, J. and J. Vasseur, "RPL Option for Carrying RPL Hui, J. and J. Vasseur, "RPL Option for Carrying RPL
Information in Data-Plane Datagrams", Information in Data-Plane Datagrams",
draft-ietf-6man-rpl-option-01 (work in progress), draft-ietf-6man-rpl-option-03 (work in progress),
October 2010. March 2011.
[I-D.ietf-6man-rpl-routing-header] [I-D.ietf-6man-rpl-routing-header]
Hui, J., Vasseur, J., Culler, D., and V. Manral, "An IPv6 Hui, J., Vasseur, J., Culler, D., and V. Manral, "An IPv6
Routing Header for Source Routes with RPL", Routing Header for Source Routes with RPL",
draft-ietf-6man-rpl-routing-header-01 (work in progress), draft-ietf-6man-rpl-routing-header-03 (work in progress),
October 2010. March 2011.
[I-D.ietf-roll-rpl] [I-D.ietf-roll-rpl]
Winter, T., Thubert, P., Brandt, A., Clausen, T., Hui, J., Winter, T., Thubert, P., Brandt, A., Clausen, T., Hui, J.,
Kelsey, R., Levis, P., Pister, K., Struik, R., and J. Kelsey, R., Levis, P., Pister, K., Struik, R., and J.
Vasseur, "RPL: IPv6 Routing Protocol for Low power and Vasseur, "RPL: IPv6 Routing Protocol for Low power and
Lossy Networks", draft-ietf-roll-rpl-17 (work in Lossy Networks", draft-ietf-roll-rpl-19 (work in
progress), December 2010. progress), March 2011.
[RFC2080] Malkin, G. and R. Minnear, "RIPng for IPv6", RFC 2080,
January 1997.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998.
[RFC2453] Malkin, G., "RIP Version 2", STD 56, RFC 2453,
November 1998.
[RFC3693] Cuellar, J., Morris, J., Mulligan, D., Peterson, J., and
J. Polk, "Geopriv Requirements", RFC 3693, February 2004.
[RFC4107] Bellovin, S. and R. Housley, "Guidelines for Cryptographic [RFC4107] Bellovin, S. and R. Housley, "Guidelines for Cryptographic
Key Management", BCP 107, RFC 4107, June 2005. Key Management", BCP 107, RFC 4107, June 2005.
[RFC4301] Kent, S. and K. Seo, "Security Architecture for the [RFC4301] Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, December 2005. Internet Protocol", RFC 4301, December 2005.
11.2. Informative References 11.2. Informative References
[FIPS197] "Federal Information Processing Standards Publication 197: [FIPS197] "Federal Information Processing Standards Publication 197:
Advanced Encryption Standard (AES)", US National Institute Advanced Encryption Standard (AES)", US National Institute
skipping to change at page 44, line 28 skipping to change at page 45, line 21
[Huang2003] [Huang2003]
Huang, Q., Cukier, J., Kobayashi, H., Liu, B., and J. Huang, Q., Cukier, J., Kobayashi, H., Liu, B., and J.
Zhang, "Fast Authenticated Key Establishment Protocols for Zhang, "Fast Authenticated Key Establishment Protocols for
Self-Organizing Sensor Networks", in Proceedings of the Self-Organizing Sensor Networks", in Proceedings of the
2nd ACM International Conference on Wireless Sensor 2nd ACM International Conference on Wireless Sensor
Networks and Applications, San Diego, CA, USA, pp. 141- Networks and Applications, San Diego, CA, USA, pp. 141-
150, Sept. 19 2003. 150, Sept. 19 2003.
[I-D.ietf-roll-terminology] [I-D.ietf-roll-terminology]
Vasseur, J., "Terminology in Low power And Lossy Vasseur, J., "Terminology in Low power And Lossy
Networks", draft-ietf-roll-terminology-04 (work in Networks", draft-ietf-roll-terminology-05 (work in
progress), September 2010. progress), March 2011.
[I-D.suhopark-hello-wsn] [I-D.suhopark-hello-wsn]
Park, S., "Routing Security in Sensor Network: HELLO Flood Park, S., "Routing Security in Sensor Network: HELLO Flood
Attack and Defense", draft-suhopark-hello-wsn-00 (work in Attack and Defense", draft-suhopark-hello-wsn-00 (work in
progress), December 2005. progress), December 2005.
[Karlof2003] [Karlof2003]
Karlof, C. and D. Wagner, "Secure routing in wireless Karlof, C. and D. Wagner, "Secure routing in wireless
sensor networks: attacks and countermeasures", Elsevier sensor networks: attacks and countermeasures", Elsevier
AdHoc Networks Journal, Special Issue on Sensor Network AdHoc Networks Journal, Special Issue on Sensor Network
skipping to change at page 45, line 13 skipping to change at page 46, line 5
on Security of Ad Hoc and Sensor Networks, Fairfax, VA, on Security of Ad Hoc and Sensor Networks, Fairfax, VA,
USA, pp. 1-11, Oct. 31 2003. USA, pp. 1-11, Oct. 31 2003.
[Myagmar2005] [Myagmar2005]
Myagmar, S., Lee, AJ., and W. Yurcik, "Threat Modeling as Myagmar, S., Lee, AJ., and W. Yurcik, "Threat Modeling as
a Basis for Security Requirements", in Proceedings of the a Basis for Security Requirements", in Proceedings of the
Symposium on Requirements Engineering for Information Symposium on Requirements Engineering for Information
Security (SREIS'05), Paris, France, pp. 94-102, Aug Security (SREIS'05), Paris, France, pp. 94-102, Aug
29, 2005. 29, 2005.
[RFC1142] Oran, D., "OSI IS-IS Intra-domain Routing Protocol",
RFC 1142, February 1990.
[RFC2080] Malkin, G. and R. Minnear, "RIPng for IPv6", RFC 2080,
January 1997.
[RFC2328] Moy, J., "OSPF Version 2", STD 54, RFC 2328, April 1998.
[RFC2453] Malkin, G., "RIP Version 2", STD 56, RFC 2453,
November 1998.
[RFC3029] Adams, C., Sylvester, P., Zolotarev, M., and R.
Zuccherato, "Internet X.509 Public Key Infrastructure Data
Validation and Certification Server Protocols", RFC 3029,
February 2001.
[RFC3693] Cuellar, J., Morris, J., Mulligan, D., Peterson, J., and
J. Polk, "Geopriv Requirements", RFC 3693, February 2004.
[RFC3830] Arkko, J., Carrara, E., Lindholm, F., Naslund, M., and K.
Norrman, "MIKEY: Multimedia Internet KEYing", RFC 3830,
August 2004.
[RFC4046] Baugher, M., Canetti, R., Dondeti, L., and F. Lindholm,
"Multicast Security (MSEC) Group Key Management
Architecture", RFC 4046, April 2005.
[RFC4593] Barbir, A., Murphy, S., and Y. Yang, "Generic Threats to [RFC4593] Barbir, A., Murphy, S., and Y. Yang, "Generic Threats to
Routing Protocols", RFC 4593, October 2006. Routing Protocols", RFC 4593, October 2006.
[RFC4732] Handley, M., Rescorla, E., and IAB, "Internet Denial-of-
Service Considerations", RFC 4732, December 2006.
[RFC4949] Shirey, R., "Internet Security Glossary, Version 2", [RFC4949] Shirey, R., "Internet Security Glossary, Version 2",
RFC 4949, August 2007. RFC 4949, August 2007.
[RFC5197] Fries, S. and D. Ignjatic, "On the Applicability of
Various Multimedia Internet KEYing (MIKEY) Modes and
Extensions", RFC 5197, June 2008.
[RFC5548] Dohler, M., Watteyne, T., Winter, T., and D. Barthel, [RFC5548] Dohler, M., Watteyne, T., Winter, T., and D. Barthel,
"Routing Requirements for Urban Low-Power and Lossy "Routing Requirements for Urban Low-Power and Lossy
Networks", RFC 5548, May 2009. Networks", RFC 5548, May 2009.
[RFC5673] Pister, K., Thubert, P., Dwars, S., and T. Phinney, [RFC5673] Pister, K., Thubert, P., Dwars, S., and T. Phinney,
"Industrial Routing Requirements in Low-Power and Lossy "Industrial Routing Requirements in Low-Power and Lossy
Networks", RFC 5673, October 2009. Networks", RFC 5673, October 2009.
[RFC5751] Ramsdell, B. and S. Turner, "Secure/Multipurpose Internet
Mail Extensions (S/MIME) Version 3.2 Message
Specification", RFC 5751, January 2010.
[RFC5826] Brandt, A., Buron, J., and G. Porcu, "Home Automation [RFC5826] Brandt, A., Buron, J., and G. Porcu, "Home Automation
Routing Requirements in Low-Power and Lossy Networks", Routing Requirements in Low-Power and Lossy Networks",
RFC 5826, April 2010. RFC 5826, April 2010.
[RFC5867] Martocci, J., De Mil, P., Riou, N., and W. Vermeylen, [RFC5867] Martocci, J., De Mil, P., Riou, N., and W. Vermeylen,
"Building Automation Routing Requirements in Low-Power and "Building Automation Routing Requirements in Low-Power and
Lossy Networks", RFC 5867, June 2010. Lossy Networks", RFC 5867, June 2010.
[RFC5996] Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen,
"Internet Key Exchange Protocol Version 2 (IKEv2)",
RFC 5996, September 2010.
[Wan2004] Wan, T., Kranakis, E., and PC. van Oorschot, "S-RIP: A [Wan2004] Wan, T., Kranakis, E., and PC. van Oorschot, "S-RIP: A
Secure Distance Vector Routing Protocol", in Proceedings Secure Distance Vector Routing Protocol", in Proceedings
of the 2nd International Conference on Applied of the 2nd International Conference on Applied
Cryptography and Network Security, Yellow Mountain, China, Cryptography and Network Security, Yellow Mountain, China,
pp. 103-119, Jun. 8-11 2004. pp. 103-119, Jun. 8-11 2004.
[Wander2005] [Wander2005]
Wander, A., Gura, N., Eberle, H., Gupta, V., and S. Wander, A., Gura, N., Eberle, H., Gupta, V., and S.
Shantz, "Energy analysis of public-key cryptography for Shantz, "Energy analysis of public-key cryptography for
wireless sensor networ", in the Proceedings of the Third wireless sensor networ", in the Proceedings of the Third
 End of changes. 51 change blocks. 
118 lines changed or deleted 218 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/