SIG MESH Profile 2.3.9 Security翻译
2.3.9 Security
All messages are encrypted and authenticated using two types of keys. One key type is for the network layer communication, such that all communication within a mesh network would use the same network key. The other key type is for application data. Separating the keys for networking and applications allows sensitive access messages (e.g., for access control to a building) to be separated from non-sensitive access messages (e.g., for lighting). There are no unencrypted or unauthenticated messages within a mesh network.
所有消息都使用两种类型的密钥进行加密和身份验证。一种密钥类型是网络层通信,这样一个网状网络中的所有通信都将使用相同的网络密钥。另一种密钥类型用于应用程序数据。将网络和应用程序的密钥分开,可以将敏感的访问消息(例如,对建筑物的访问控制)与非敏感的访问消息(例如,用于照明)分开。在网状网络中没有未加密或未经身份验证的消息
2.3.9.1 Application and network security
Encrypting and authenticating messages at the upper transport layer and network layer is designed to secure communications within the mesh network against eavesdroppers and malicious attacks. Each layer maintains distinct keys to allow separation between application and network entities.
在上层传输层和网络层对消息进行加密和认证的目的是保护mesh网络中的通信不受窃听者和恶意攻击的攻击。每一层都维护不同的密钥,以便在应用程序和网络实体之间进行分离。
Splitting application keys from network keys enables secure relay transmission of application messages:Relay nodes can authenticate messages at network level without accessing the application data. For example, a light bulb acting as a Relay node should not be able to unlock doors
将应用程序密钥与网络密钥分离可以实现应用程序消息的安全中继传输:中继节点可以在不访问应用程序数据的情况下对网络级的消息进行身份验证。例如,作为中继节点的灯泡不应该能够打开门
This means that nodes can relay access messages using keys derived from the network key without having to know the application key; therefore they would not have the ability to change or understand the application data. It is expected that network keys would be widely known by many nodes within a network, thereby increasing the density of Relay nodes while protecting the different application areas from each other. This requires separate keys for each application. For example, the sensitive door security application would be separated from the non-sensitive doorbell and lighting application.
这意味着节点可以使用来自网络密钥的密钥来中继访问消息,而不需要知道应用程序密钥;因此,他们将无法更改或理解应用程序数据。预计网络密钥将被网络中的许多节点广泛知道,从而增加中继节点的密度,同时保护不同的应用区域不受彼此影响。这要求每个应用程序有单独的密钥。例如,敏感的门安全应用程序将与不敏感的门铃和照明应用程序分离。
The application key is used directly along with an associated application key identifier that is used in certain contexts to identify the application used. However, the network key is always used through a key derivation function to generate other keys that are used directly.Examples of such keys include encryption and privacy keys. This allows a single network key to be changed and all the associated values that are derived from that key to be quickly derived. As with the application key, the network key is also used to derive a network key identifier (see Section 3.8.6).
应用程序密钥与关联的应用程序密钥标识符一起直接使用,该标识符在某些环境中用于标识所使用的应用程序。然而,网络密钥总是通过密钥派生函数来生成直接使用的其他密钥。此类密钥的示例包括加密密钥和隐私密钥。这允许更改单个网络密钥,并且可以快速派生从该密钥派生的所有关联值。与应用程序密钥一样,网络密钥也用于派生网络密钥标识符(参见第3.8.6节)。
The security model defines three separate keys (the device key (DevKey), the application key (AppKey),and the network key (NetKey)) to secure the messages. When a node is given a key, it is authorized to use that key. A key that is shared between multiple nodes enables any node with that key to transmit and receive messages using that key
安全模型定义了三个独立的密钥(设备密钥(DevKey)、应用密钥(AppKey)和网络密钥(NetKey))来保护消息。当节点获得密钥时,它被授权使用该密钥。在多个节点之间共享的密钥允许任何具有该密钥的节点使用该密钥发送和接收消息
The device key facilitates confidentiality and authentication of key material between a Configuration Client and a single node. The application key facilitates confidentiality and authentication of application data sent between intended nodes. The network key facilitates privacy, confidentiality, and authenticity of network messages. A node may have knowledge of a single device key, multiple application keys, and multiple network keys.
设备密钥有助于在配置客户端和单个节点之间对密钥材料进行机密性和身份验证。应用程序密钥有助于在预期节点之间发送的应用程序数据的机密性和身份验证。网络密钥有助于网络消息的私密性、机密性和真实性。一个节点可能知道单个设备密钥、多个应用程序密钥和多个网络密钥。
A device key is similar to an application key in that it is designed to secure information sent by an application in the upper transport layer. However, a device key is only known by a Configuration Client and the single node. The Configuration Client knows the device keys for all nodes, which allows the Configuration Client to securely distribute keys to a set of nodes by sending these keys secured with the device key for each individual node, allowing a key distribution to be targeted at only those nodes that need to know. Use of a device key is designed to protect against the “trash-can” attack (a technique to retrieve information from a disposed device that can be used to carry out an attack on a network) by allowing the distribution of new network and application keys to selected devices only.
设备密钥类似于应用程序密钥,因为它的设计目的是保护上层传输层中的应用程序发送的信息。但是,设备密钥只能由配置客户机和单个节点知道。配置客户端知道所有节点的设备钥匙,它允许配置客户机通过为每个节点发送由设备密钥保护的密钥,从而安全地将密钥分发给一组节点,从而允许密钥分发只发送到那些需要知道密钥的节点。使用设备密钥是为了防止“垃圾桶”攻击(一种从已处理的设备中检索信息的技术,该技术可用于对网络进行攻击),方法是只允许将新网络和应用程序密钥分发给选定的设备。
An application key can only be used with a single network key. This implies that a network key has one or more application keys associated with it. This association is known as the key binding.
应用程序密钥只能与单个网络密钥一起使用。这意味着一个网络密钥有一个或多个与其关联的应用程序密钥。这种关联称为密钥绑定。
The granularity of access layer security is on a per-model basis. Each server model has a set of application keys bound to it, defining the possible keys that should be used to encrypt and authenticate a message to be processed by the model. This allows multiple entities to operate certain node functions.Up to 251 application keys can be bound to a model. For example, a Light Lightness Server Model has three keys bound to it because the admin, user, and guest can all switch on a light. However, only the admin can configure the lamp, so the Configuration Server Model has only the admin application key bound to it.
访问层安全性的粒度是基于每个模型的。每个服务器模型都有一组绑定到它的应用程序密钥,定义了可能的密钥,这些密钥应该用于加密和验证模型要处理的消息。这允许多个实体操作某些节点函数。最多可以将251个应用程序密钥绑定到一个模型。例如,灯光亮度服务器模型绑定了三个密钥,因为管理员、用户和访客都可以打开灯。但是,只有管理员可以配置灯,因此配置服务器模型只绑定了管理员应用程序密钥。
2.3.9.2 Obfuscation
The network security model utilizes a privacy mechanism called obfuscation that utilizes AES to encrypt the source address, sequence numbers, and other header information using a privacy key. The intent for obfuscation is to make tracking nodes more difficult.
网络安全模型利用一种称为混淆的隐私机制,该机制利用AES使用隐私密钥加密源地址、序列号和其他报头信息。混淆的目的是为了增加跟踪节点的难度。
2.3.9.3 Network and application key identifiers
A node may have multiple network or application keys.
一个节点可能有多个网络或应用程序密钥。
By using a key identifier, it is possible to identify which subset of keys are used to secure the message.For example, instead of checking 20 keys, a node may only need to check two keys that have the same least significant bits of the key identifier. If a message is received with a key identifier that is not known,then the node can immediately discard it.
通过使用密钥标识符,可以区分出用哪个密钥的子集来加密消息。例如,一个节点可能不需要检查20个密钥,而只需要检查两个具有相同的键标识符的最低有效位的密钥。如果接收到的消息带有未知的密钥标识符,则节点可以立即丢弃它。
The key identifier is generated from the network or application key using a key derivation function.
密钥标识符是使用密钥派生函数从网络或应用程序密钥生成的。
This specification defines a separate identifier for the network key and application key. A network key identifier is transmitted in each Network PDU using a 7-bit value, while the application key identifier is transmitted in each Lower Transport PDU using a 6-bit value.
该规范为网络密钥和应用程序密钥定义了单独的标识符。网络密钥标识符使用7位值在每个Network PDU中传输,而应用程序密钥标识符使用6位值在每个Lower Transport PDU中传输。
2.3.9.4 Initialization vector index
A Network PDU contains a 24-bit sequence number that allows an element to transmit 16,777,216 Network PDUs. The sequence number is used in the security nonce to provide uniqueness; therefore the sequence number must not wrap. If an element is transmitting a new message at 2 Hz, then these sequence numbers would be exhausted after 97 days. To enable a mesh network to operate for longer periods of time than the sequence number space allows, an additional 4-octet value called the IV Index is defined that is included in the security nonce. For example, using the same 2 Hz message frequency would measure the lifetime of the network using the IV Index in billions of years.
网络PDU包含一个24位序列号,允许一个元素传输16,777,216个网络PDU。在安全nonce使用顺序数用于提供唯一性;因此序列号不能混乱。如果一个元素以2hz的频率发送新消息,那么这些序列号将在97天后耗尽。为了使网状网络的运行时间比序列号空间所允许的更长,定义了一个额外的4字节值,称为IV索引,该值包含在安全nonce中。例如,使用相同的2hz消息频率将使用IV指数以数十亿年为单位度量网络的寿命。
To enable a gradual transition from one IV Index to the next, each Network PDU includes the least significant bit of the IV Index that was used to transmit the message. A node can also use an IV Update procedure to signal to peer nodes that it is updating the IV Index. This procedure takes a minimum of eight days to transition from the old IV Index to the new IV Index, thereby limiting the frequency that a node can transmit messages to 24 Hz. However, a node should not send more than 100 Network PDUs in any 10 second window, so this would typically take approximately 19 days to exhaust.
为了能够从一个IV索引逐渐过渡到下一个,每个网络PDU包含用于传输消息的IV索引的最低有效位。节点还可以使用IV更新过程向对等节点发出它正在更新IV索引的信号。这个过程至少需要8天的时间从旧的IV索引转换到新的IV索引,从而将一个节点可以传输消息的频率限制在24 Hz。但是,一个节点在任何10秒内发送的网络pdu都不应该超过100个,因此这通常需要大约19天的时间用完。