Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

From: "Tom Schmidt" <tom@tschmidt

advertisement 
From: &quot;Tom Schmidt&quot; &lt;tom@tschmidt.com&gt;
To: &quot;WG1 Active Members&quot; &lt;wg1active@telemetra.com&gt;,
&quot;Ron Ambrosio&quot; &lt;rfa@us.ibm.com&gt;,
&quot;Stephen Pattenden&quot; &lt;telemetra@telemetra.com&gt;,
&quot;Peter Colebrook&quot; &lt;peter.colebrook@dial.pipex.com&gt;,
&quot;Timothy Schoechle&quot; &lt;timothy.schoechle@Colorado.EDU&gt;,
&quot;Simon Garrett&quot; &lt;simon.garrett@iee.org&gt;,
&quot;Kenneth P Wacks&quot; &lt;kenn@alum.mit.edu&gt;,
&quot;Walter von Pattay&quot; &lt;walter.pattay@mchp.siemens.de&gt;,
&quot;Virginia Williams&quot; &lt;vwilliams@eia.org&gt;,
&quot;Frank Farance&quot; &lt;frank@farance.com&gt;,
&quot;Norimasa Minami&quot; &lt;norimasa@ctmo.mei.co.jp&gt;
Cc: &lt;shintani@drl.mei.co.jp&gt;,
&lt;ieda@ansl.ntt.co.jp&gt;,
&quot;Kazuyuki YAMAMOTO&quot; &lt;kyamamot@icrl.mew.co.jp&gt;,
&quot;JEMA?u?q&quot; &lt;Masazumi_Sasako@jema-net.or.jp&gt;
Subject: Comments on ECHONET security Contributions from Japan
Date: Fri, 30 Aug 2002 17:20:41 -0400
First I would like to congratulate our Japanese friends on tackling the difficult problem of securing
lightweight command and control devices.
Developing security protocols is a complex and difficult task. SC27 is probably in a better position
to peer review this document. I will limit my comments to what I see are system level issues and
leave the cryptographers to perform detailed analysis.
Private key vs Public Crypto
---------------------------The authors point out that public key crypto is computationally intensive. While this is true
implementing a shared private key system results in a very fragile implementation. If the shared
secret is compromised the entire network is vulnerable.
Key management is difficult to administer since all nodes must be privy to the same secret. Because
the shared secret is difficult to change it tends to remain in use for long periods of time. This places
high demands on the cryptographic implementation and requires hardened hardware.
Choice of Symmetric Cipher
-------------------------The document specifics DES as the cipher. DES has been superceded by the Advanced Encryption
Standard (Rijndael) as the preferred symmetric cipher. Current AES implementations use a 128?bit
key.
Here is a link http://csrc.nist.gov/encryption/aes/rijndael/
AES is a robust cipher that is computationally efficient. While the time value of ECHONET data is
low the use of a shared secret places high demands on the cipher. If the attacker is able to crack
individual messages they are in a position to learn the common secret. Once in possession of the key
they have complete access to the network.
Key classes
----------It appears that ECHONET implements three classes of key: Manufacture key, Service provider key,
and user key.
Equipping ECHONET devices with an embedded key from the manufacture is risky. It requires the
network trust each device vendor. Since the vendor key will be common for a large number of
devices it makes a tempting target for attack. Once compromised an attacker will have free reign at
any network that uses the vendor$B!G(Bs device.
I was confused about the maker key index (MIX and SIX) it appears to be a three-byte field, that is
registered, and a single byte that selects 1 of a possible 256 keys, but I$B!G(Bm not sure.
Device Authentication
--------------------There does not appear to be anyway to authenticate the identity of the device itself. This may result
in forged or malicious devices masquerading as devices from a trusted manufacture.
Setting the user and service provider key
----------------------------------------This task requires the key be encrypted with the serial key of the device. I assume the serial key
must be manually entered by the user and is not electronically readable and is globally unique. If not
it would be an easy task for an attacker to bypass the initial imprinting operation and add a Trojan
device. This is especially dangerous if general-purpose devices are allowed access to ECHONET.
Shared key update
----------------The spec talks about changing the key, and makes provision to accommodate devices that are
currently off line.
Using the current common key to protect distribution of the new key is dangerous. If the attacker
has successfully compromised the system the value of the current key is known and offers no
protection of the new key. Ideally the system needs to limit damage if one or more devices are
compromised.
It is not clear how a device knows it has an outdated key, I assume because Authentication fails?
Does ordinary transmission cease while the new key is being disseminated over the network? If not
each node must attempt to use both old and new key.
It appears that each time a new node powers up a new common key is created and distributed. This
makes the key update process a prime candidate for a denial of service attack. All the attacker need
do is continually ask for key updates to bring down the network.
/Regards
Tom Schmidt
Schmidt Consulting
Ph: 603.673.2463
Fax:928.223.4815
mailto:tom@tschmidt.com
http://www.tschmidt.com
Related documents
Name: : : _____ Secret Codes Encryption is used by spies, secret
Name: : : _____ Secret Codes Encryption is used by spies, secret
SampleHWSubmission
SampleHWSubmission
Secret Codes
Secret Codes
Homework due 12/22
Homework due 12/22
abstract
abstract
Binary Addition and Ceaser Shifts
Binary Addition and Ceaser Shifts
MCA (R+LE) 4th semester (Sessional (Minor I) Examination, April
MCA (R+LE) 4th semester (Sessional (Minor I) Examination, April
cs772MidtermFall15
cs772MidtermFall15
Name A Beautiful Mind Use your mathematical genius to decode
Name A Beautiful Mind Use your mathematical genius to decode
midterm answer key
midterm answer key
Proposal
Proposal
1 introduction
1 introduction
Download
advertisement