RE: [PATCH BlueZ 3/3] mesh: Use security low as default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It would be an extremely bad idea to set the default Mesh Security to LOW.

If anything, the default security should be raised to HIGH.

We set it to Medium initially to aid in testability, however, we can show that any mesh that *ever* provisioned even a single node with LOW or MEDIUM security will be permanently compromised.

There is a white paper currently being written in the Mesh Working group which discusses this issue in detail, but the gist of the problem is that it is Extremely Simple to design a Man-in-the-Middle attack which will expose the entire Network Key, the Device Key, and all shared Application keys to any device provisioned with LOW security.

It is not much more difficult to compromise MEDIUM security if the only OOB material is a value between 0-9.

While I believe LOW security does have purpose for manufacturer device testing (to test and validate encryption algorithms) we must be extremely careful that it is never release "In the Wild".

I had honestly intended to change this to HIGH before making the initial push of this code... and leave it up to developers to *temporarily* lower the security level for short term testing on an as-needed basis. Because even MEDIUM is a security compromise we cannot risk for this technology.

I will in fact shortly send a patch to increase the default security level to HIGH.


Please note that this is 100% different from standard point-to-point Bluetooth.  In Point-to-Point relationships, a compromised LTK (Long Term Key) requires a simple re-pairing. In Mesh, every single node in the mesh must be reprovisioned.



> -----Original Message-----
> From: linux-bluetooth-owner@xxxxxxxxxxxxxxx [mailto:linux-bluetooth-
> owner@xxxxxxxxxxxxxxx] On Behalf Of Lukasz Rymanowski
> Sent: Thursday, August 31, 2017 3:13 AM
> To: linux-bluetooth@xxxxxxxxxxxxxxx
> Cc: Łukasz Rymanowski <lukasz.rymanowski@xxxxxxxxxxx>
> Subject: [PATCH BlueZ 3/3] mesh: Use security low as default
> 
> ---
>  mesh/prov.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/mesh/prov.c b/mesh/prov.c
> index 32785dda1..964259cd0 100644
> --- a/mesh/prov.c
> +++ b/mesh/prov.c
> @@ -57,7 +57,7 @@
>  #define MESH_PROV_SEC_LOW	0
> 
>  /* For Deployment, Security levels below HIGH are *not* recomended */
> -#define mesh_gatt_prov_security()	MESH_PROV_SEC_MED
> +#define mesh_gatt_prov_security()	MESH_PROV_SEC_LOW
> 
>  #define PROV_INVITE	0x00
>  #define PROV_CAPS	0x01
> --
> 2.11.0
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo
> info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux