[Docs] [txt|pdf|xml|html] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]
Versions: (draft-richardson-6tisch-enrollment-enhanced-beacon)
00 01 02 03 04 05 06 07 08 09 10 11
12 13 14
6tisch Working Group D. Dujovne
Internet-Draft Universidad Diego Portales
Intended status: Standards Track M. Richardson
Expires: 16 August 2020 Sandelman Software Works
13 February 2020
IEEE 802.15.4 Information Element encapsulation of 6TiSCH Join and
Enrollment Information
draft-ietf-6tisch-enrollment-enhanced-beacon-10
Abstract
In TSCH mode of IEEE STD 802.15.4, opportunities for broadcasts are
limited to specific times and specific channels. Nodes in a TSCH
network typically frequently send Enhanced Beacon (EB) frames to
announce the presence of the network. This document provides a
mechanism by which small details critical for new nodes (pledges) and
long sleeping nodes may be carried within the Enhanced Beacon.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 16 August 2020.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text
Dujovne & Richardson Expires 16 August 2020 [Page 1]
Internet-Draft IE for ICMPv6 February 2020
as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Use of BCP 14 Terminology . . . . . . . . . . . . . . . . 2
1.2. Layer-2 Synchronization . . . . . . . . . . . . . . . . . 2
1.3. Layer-3 synchronization: IPv6 Router Solicitations and
Advertisements . . . . . . . . . . . . . . . . . . . . . 3
2. Protocol Definition . . . . . . . . . . . . . . . . . . . . . 4
3. Security Considerations . . . . . . . . . . . . . . . . . . . 6
4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 7
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
7.1. Normative References . . . . . . . . . . . . . . . . . . 7
7.2. Informative References . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction
[RFC7554] describes the use of the time-slotted channel hopping
(TSCH) mode of [ieee802154]. As further detailed in [RFC8180], an
Enhanced Beacon (EB) is transmitted during a slot designated as a
broadcast slot.
1.1. Use of BCP 14 Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
Other terminology can be found in [I-D.ietf-6tisch-architecture] in
section 2.1.
1.2. Layer-2 Synchronization
As explained in section 6 of [RFC8180], the Enhanced Beacon (EB) has
a number of purposes: synchronization of ASN and Join Metric,
carrying timeslot template identifier, carrying the channel hopping
sequence identifier, and indicating the TSCH SlotFrame.
The EB is used by nodes already part of a TSCH network to announce
its existence. Receiving an EB allows a Joining Node (pledge) to
learn about the network and synchronize to it. The EB may also be
Dujovne & Richardson Expires 16 August 2020 [Page 2]
Internet-Draft IE for ICMPv6 February 2020
used as a means for a node already part of the network to re-
synchronize [RFC7554].
There is a limited number of timeslots designated as a broadcast slot
by each router in the network. Considering 10ms slots and a slot-
frame length of 100, these slots are rare and could result in only 1
slot/s for a broadcast, which needs to be used for the beacon.
Additional broadcasts for Router Advertisements, or Neighbor
Discovery could even more scarce.
1.3. Layer-3 synchronization: IPv6 Router Solicitations and
Advertisements
At layer 3, [RFC4861] defines a mechanism by which nodes learn about
routers by receiving multicast Router Advertisements (RA). If no RA
is heard within a set time, then a Router Solicitation (RS) may be
sent as multicast, to which an RA will be received, usually unicast.
Although [RFC6775] reduces the amount of multicast necessary to do
address resolution via Neighbor Solicitation (NS) messages, it still
requires multicast of either RAs or RS. This is an expensive
operation for two reasons: First, there are few multicast timeslots
for unsolicited RAs; and second, if a pledge node does not hear an
RA, and decides to send a RS, a broadcast aloha slot is consumed with
unencrypted traffic. In this case, a unicast RS may be sent in
response.
This is a particularly acute issue for the join process for the
following reasons:
1. use of a multicast slot by even a non-malicious unauthenticated
node for a Router Solicitation (RS) may overwhelm that time slot.
2. it may require many seconds of on-time before a new pledge hears
a Router Advertisement (RA) that it can use.
3. a new pledge may listen to many Enhanced Beacons (EB) before it
can pick an appropriate network and/or closest Join Assistant to
attach to. If it must listen for a RA as well as find the
Enhanced Beacon (EB), then the process may take a very long time.
This document defines a new IETF IE subtype to provide join and
enrollment information to prospective pledges in a more efficient
way.
Dujovne & Richardson Expires 16 August 2020 [Page 3]
Internet-Draft IE for ICMPv6 February 2020
2. Protocol Definition
[RFC8137] creates a registry for new IETF IE subtypes. This document
allocates a new subtype.
The new IE subtype structure is as follows. As explained in
[RFC8137] the length of the Sub-Type Content can be calculated from
the container, so no length information is necessary.
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TBD-XXX |R|P| res | proxy prio | rank priority |
+-+-+-+-+-+-+-+-+-+-------------+-------------+-----------------+
| pan priority | |
+---------------+ +
| Join Proxy lower-64 |
+ (present if P=1) +
| |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | |
+-+-+-+-+-+-+-+-+ +
| network ID |
+ variable length, up to 16 bytes +
~ ~
+ +
| |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+-+-+-+-+-+-+-+-+
Figure 1: IE subtype structure
R: the Router Advertisement R-flag is set if the sending node will
act as a Router for host-only nodes that need addressing via
unicast Router Solicitation messages.
in most cases, every node sending a beacon will set this flag, and
in a typical mesh, this will be every single node. When this bit
is not set, it indicates that this node may be under provisioned,
or may have no additional slots for additional nodes. This could
make this node more interesting to an attacker.
P: if the Proxy Address P-flag is set, then the lower 64-bits of the
Join Proxy's link-local address follows the network ID. If the
Proxy Address bit is not set, then the Link Layer address of the
Join Proxy is identical to the Layer-2 8-byte address used to
originate this enhanced beacon. In either case, the destination
Dujovne & Richardson Expires 16 August 2020 [Page 4]
Internet-Draft IE for ICMPv6 February 2020
layer-2 address of this beacon may use the layer-2 address which
was used to originate the beacon.
this bit only indicates if another part of the structure is
present, and has little security or privacy impact.
proxy priority (proxy prio): this field indicates the willingness of
the sender to act as join proxy. Lower value indicates greater
willingness to act as a Join Proxy as described in
[I-D.ietf-6tisch-minimal-security]. Values range 0x00 (most
willing) to 0x7e (least willing). A priority of 0x7f indicates
that the announcer should never be considered as a viable
enrollment proxy. Only unenrolled pledges look at this value.
lower values in this field indicate that the transmitter may have
more capacity to handle unencrypted traffic. A higher value may
indicate that the transmitter is low on neighbor cache entries, or
other resources.
rank priority: the rank "priority" is set by the 6LR which sent the
beacon and is an indication of how willing this 6LR is to serve as
an RPL parent within a particular network ID. This is a local
value to be determined in other work. It might be calculated from
RPL rank, and it may include some modifications based upon current
number of children, or number of neighbor cache entries available.
This value MUST be ignored by pledges, it is for enrolled devices
only. Lower values are better.
an attacker can use this value to determine which nodes are
potentially more interesting. Nodes which are less willing to be
parents likely have more traffic, and an attacker could use this
information to determine which nodes would be more interesting to
attack or disrupt.
pan priority: the pan priority is a value set by the DODAG root to
indicate the relative priority of this LLN compared to those with
different PANIDs. This value may be used as part of the
enrollment priority, but typically is used by devices which have
already enrolled, and need to determine which PAN to pick.
Unenrolled pledges MAY consider this value when selecting a PAN to
join. Enrolled devices MAY consider this value when looking for
an eligible parent device.
an attacker can use this value, along with the observed PANID in
the Beacon to determine which PANIDs have more network resources,
and may have more interesting traffic.
Dujovne & Richardson Expires 16 August 2020 [Page 5]
Internet-Draft IE for ICMPv6 February 2020
Join Proxy lower-64: if the P bit is set, then 64 bits (8 bytes) of
address are present. This field provides the suffix of the Link-
Local address of the Join Proxy. The associated prefix is well-
known as fe80::/64.
this field communicates a lower-64 bits that should be used for
this nodes' layer-3 address, if it should not be derived from the
layer-2 address. Communication with the Join Proxy occurs in the
clear, this field avoids the need for an additional service
discovery process for the case where the L3 address is not derived
from the L2 address. An attacker will see both L2 and L3
addresses, so this field provides no new information.
network ID: this is a variable length field, up to 16-bytes in size
that uniquely identifies this network, potentially among many
networks that are operating in the same frequencies in overlapping
physical space. The length of this field can be calculated as
being whatever is left in the Information Element.
In a 6tisch network, where RPL [RFC6550] is used as the mesh
routing protocol, the network ID can be constructed from a SHA256
hash of the prefix (/64) of the network. That is just a
suggestion for a default value. In some LLNs where multiple
PANIDs may lead to the same management device (the JRC), then a
common value that is the same across all PANs MUST be configured.
If the the network ID is derived as suggested, then it will an
opaque, seemingly random value, and will reveal nothing in of
itself. An attacker can match this value across many
transmissions to map the extent of a network beyond what the PANID
might already provide.
3. Security Considerations
All of the contents of this Information Element are sent in the
clear. The containing Enhanced Beacon is not encrypted. This is a
restriction in the cryptographic architecture of the TSCH mechanism.
In order to decrypt or do integrity checking of layer-2 frames in
TSCH, the TSCH Absolute Slot Number (ASN) is needed. The Enhanced
Beacon provides the ASN to new (and long-sleeping) nodes.
The Enhanced Beacon is authenticated at the layer-2 level using
802.15.4 mechanisms using the network-wide keying material. Nodes
which are enrolled will have the network-wide keying material and can
validate the beacon, providing them with a trusted
Pledges which have not yet enrolled are unable to authenticate the
beacons, and will be forced to temporarily take the contents on
Dujovne & Richardson Expires 16 August 2020 [Page 6]
Internet-Draft IE for ICMPv6 February 2020
faith. After enrollment, a newly enrolled node will be able to
return to the beacon and validate it.
In addition to the enrollment and join information described in this
document, the Enhanced Beacon contains a description of the TSCH
schedule to be used by the transmitter of this packet. The schedule
can provide an attacker with a list of channels and frequencies on
which communication will occur. Knowledge of this can help an
attacker to more efficiently jam communications, although there is
future work being considered to make some of the schedule less
visible. Encrypting the schedule does not prevent an attacker from
jamming, but rather increases the energy cost of doing that jamming.
4. Privacy Considerations
The use of a network ID may reveal information about the network.
The use of a SHA256 hash of the DODAGID, rather than using the
DODAGID (which is usually derived from the LLN prefix) directly
provides some privacy for the the addresses used within the network.
The DODAGID is usually the IPv6 address of the root of the RPL mesh.
An interloper with a radio sniffer would be able to use the network
ID to map out the extent of the mesh network.
5. IANA Considerations
Allocate a new number TBD-XXX from Registry IETF IE Sub-type ID, as
defined by [RFC8137]. This entry should be called 6tisch-Join-Info,
and should refer to this document.
6. Acknowledgements
Thomas Watteyne provided extensive editorial comments on the
document. Carles Gomez Montenegro generated a detailed review of the
document at WGLC. Tim Evens provided a number of useful editorial
suggestions.
7. References
7.1. Normative References
[BCP14] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[I-D.ietf-6tisch-minimal-security]
Vucinic, M., Simon, J., Pister, K., and M. Richardson,
"Constrained Join Protocol (CoJP) for 6TiSCH", Work in
Dujovne & Richardson Expires 16 August 2020 [Page 7]
Internet-Draft IE for ICMPv6 February 2020
Progress, Internet-Draft, draft-ietf-6tisch-minimal-
security-15, 10 December 2019, <http://www.ietf.org/
internet-drafts/draft-ietf-6tisch-minimal-security-
15.txt>.
[ieee802154]
IEEE standard for Information Technology, ., "IEEE Std.
802.15.4, Part. 15.4: Wireless Medium Access Control (MAC)
and Physical Layer (PHY) Specifications for Low-Rate
Wireless Personal Area Networks", 2015,
<http://standards.ieee.org/findstds/
standard/802.15.4-2015.html>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC4861] Narten, T., Nordmark, E., Simpson, W., and H. Soliman,
"Neighbor Discovery for IP version 6 (IPv6)", RFC 4861,
DOI 10.17487/RFC4861, September 2007,
<https://www.rfc-editor.org/info/rfc4861>.
[RFC6775] Shelby, Z., Ed., Chakrabarti, S., Nordmark, E., and C.
Bormann, "Neighbor Discovery Optimization for IPv6 over
Low-Power Wireless Personal Area Networks (6LoWPANs)",
RFC 6775, DOI 10.17487/RFC6775, November 2012,
<https://www.rfc-editor.org/info/rfc6775>.
[RFC8137] Kivinen, T. and P. Kinney, "IEEE 802.15.4 Information
Element for the IETF", RFC 8137, DOI 10.17487/RFC8137, May
2017, <https://www.rfc-editor.org/info/rfc8137>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
7.2. Informative References
[I-D.ietf-6tisch-architecture]
Thubert, P., "An Architecture for IPv6 over the TSCH mode
of IEEE 802.15.4", Work in Progress, Internet-Draft,
draft-ietf-6tisch-architecture-28, 29 October 2019,
<http://www.ietf.org/internet-drafts/draft-ietf-6tisch-
architecture-28.txt>.
[RFC6550] Winter, T., Ed., Thubert, P., Ed., Brandt, A., Hui, J.,
Kelsey, R., Levis, P., Pister, K., Struik, R., Vasseur,
Dujovne & Richardson Expires 16 August 2020 [Page 8]
Internet-Draft IE for ICMPv6 February 2020
JP., and R. Alexander, "RPL: IPv6 Routing Protocol for
Low-Power and Lossy Networks", RFC 6550,
DOI 10.17487/RFC6550, March 2012,
<https://www.rfc-editor.org/info/rfc6550>.
[RFC7554] Watteyne, T., Ed., Palattella, M., and L. Grieco, "Using
IEEE 802.15.4e Time-Slotted Channel Hopping (TSCH) in the
Internet of Things (IoT): Problem Statement", RFC 7554,
DOI 10.17487/RFC7554, May 2015,
<https://www.rfc-editor.org/info/rfc7554>.
[RFC8180] Vilajosana, X., Ed., Pister, K., and T. Watteyne, "Minimal
IPv6 over the TSCH Mode of IEEE 802.15.4e (6TiSCH)
Configuration", BCP 210, RFC 8180, DOI 10.17487/RFC8180,
May 2017, <https://www.rfc-editor.org/info/rfc8180>.
Authors' Addresses
Diego Dujovne (editor)
Universidad Diego Portales
Escuela de Informatica y Telecomunicaciones, Av. Ejercito 441
Santiago, Region Metropolitana
Chile
Phone: +56 (2) 676-8121
Email: diego.dujovne@mail.udp.cl
Michael Richardson
Sandelman Software Works
Email: mcr+ietf@sandelman.ca
Dujovne & Richardson Expires 16 August 2020 [Page 9]
Html markup produced by rfcmarkup 1.129d, available from
https://tools.ietf.org/tools/rfcmarkup/