One document matched: draft-raza-6lowpan-ipsec-01.ps
%!PS-Adobe-3.0
%%BoundingBox: 76 24 574 716
%%Title: Enscript Output
%%For: Shahid Raza
%%Creator: GNU enscript 1.6.4
%%CreationDate: Tue Sep 3 11:27:18 2013
%%Orientation: Portrait
%%Pages: (atend)
%%DocumentMedia: Letter 612 792 0 () ()
%%DocumentNeededResources: (atend)
%%EndComments
%%BeginProlog
%%BeginResource: procset Enscript-Prolog 1.6 4
%
% Procedures.
%
/_S { % save current state
/_s save def
} def
/_R { % restore from saved state
_s restore
} def
/S { % showpage protecting gstate
gsave
showpage
grestore
} bind def
/MF { % fontname newfontname -> - make a new encoded font
/newfontname exch def
/fontname exch def
/fontdict fontname findfont def
/newfont fontdict maxlength dict def
fontdict {
exch
dup /FID eq {
% skip FID pair
pop pop
} {
% copy to the new font dictionary
exch newfont 3 1 roll put
} ifelse
} forall
newfont /FontName newfontname put
% insert only valid encoding vectors
encoding_vector length 256 eq {
newfont /Encoding encoding_vector put
} if
newfontname newfont definefont pop
} def
/MF_PS { % fontname newfontname -> - make a new font preserving its enc
/newfontname exch def
/fontname exch def
/fontdict fontname findfont def
/newfont fontdict maxlength dict def
fontdict {
exch
dup /FID eq {
% skip FID pair
pop pop
} {
% copy to the new font dictionary
exch newfont 3 1 roll put
} ifelse
} forall
newfont /FontName newfontname put
newfontname newfont definefont pop
} def
/SF { % fontname width height -> - set a new font
/height exch def
/width exch def
findfont
[width 0 0 height 0 0] makefont setfont
} def
/SUF { % fontname width height -> - set a new user font
/height exch def
/width exch def
/F-gs-user-font MF
/F-gs-user-font width height SF
} def
/SUF_PS { % fontname width height -> - set a new user font preserving its enc
/height exch def
/width exch def
/F-gs-user-font MF_PS
/F-gs-user-font width height SF
} def
/M {moveto} bind def
/s {show} bind def
/Box { % x y w h -> - define box path
/d_h exch def /d_w exch def /d_y exch def /d_x exch def
d_x d_y moveto
d_w 0 rlineto
0 d_h rlineto
d_w neg 0 rlineto
closepath
} def
/bgs { % x y height blskip gray str -> - show string with bg color
/str exch def
/gray exch def
/blskip exch def
/height exch def
/y exch def
/x exch def
gsave
x y blskip sub str stringwidth pop height Box
gray setgray
fill
grestore
x y M str s
} def
/bgcs { % x y height blskip red green blue str -> - show string with bg color
/str exch def
/blue exch def
/green exch def
/red exch def
/blskip exch def
/height exch def
/y exch def
/x exch def
gsave
x y blskip sub str stringwidth pop height Box
red green blue setrgbcolor
fill
grestore
x y M str s
} def
% Highlight bars.
/highlight_bars { % nlines lineheight output_y_margin gray -> -
gsave
setgray
/ymarg exch def
/lineheight exch def
/nlines exch def
% This 2 is just a magic number to sync highlight lines to text.
0 d_header_y ymarg sub 2 sub translate
/cw d_output_w cols div def
/nrows d_output_h ymarg 2 mul sub lineheight div cvi def
% for each column
0 1 cols 1 sub {
cw mul /xp exch def
% for each rows
0 1 nrows 1 sub {
/rn exch def
rn lineheight mul neg /yp exch def
rn nlines idiv 2 mod 0 eq {
% Draw highlight bar. 4 is just a magic indentation.
xp 4 add yp cw 8 sub lineheight neg Box fill
} if
} for
} for
grestore
} def
% Line highlight bar.
/line_highlight { % x y width height gray -> -
gsave
/gray exch def
Box gray setgray fill
grestore
} def
% Column separator lines.
/column_lines {
gsave
.1 setlinewidth
0 d_footer_h translate
/cw d_output_w cols div def
1 1 cols 1 sub {
cw mul 0 moveto
0 d_output_h rlineto stroke
} for
grestore
} def
% Column borders.
/column_borders {
gsave
.1 setlinewidth
0 d_footer_h moveto
0 d_output_h rlineto
d_output_w 0 rlineto
0 d_output_h neg rlineto
closepath stroke
grestore
} def
% Do the actual underlay drawing
/draw_underlay {
ul_style 0 eq {
ul_str true charpath stroke
} {
ul_str show
} ifelse
} def
% Underlay
/underlay { % - -> -
gsave
0 d_page_h translate
d_page_h neg d_page_w atan rotate
ul_gray setgray
ul_font setfont
/dw d_page_h dup mul d_page_w dup mul add sqrt def
ul_str stringwidth pop dw exch sub 2 div ul_h_ptsize -2 div moveto
draw_underlay
grestore
} def
/user_underlay { % - -> -
gsave
ul_x ul_y translate
ul_angle rotate
ul_gray setgray
ul_font setfont
0 0 ul_h_ptsize 2 div sub moveto
draw_underlay
grestore
} def
% Page prefeed
/page_prefeed { % bool -> -
statusdict /prefeed known {
statusdict exch /prefeed exch put
} {
pop
} ifelse
} def
% Wrapped line markers
/wrapped_line_mark { % x y charwith charheight type -> -
/type exch def
/h exch def
/w exch def
/y exch def
/x exch def
type 2 eq {
% Black boxes (like TeX does)
gsave
0 setlinewidth
x w 4 div add y M
0 h rlineto w 2 div 0 rlineto 0 h neg rlineto
closepath fill
grestore
} {
type 3 eq {
% Small arrows
gsave
.2 setlinewidth
x w 2 div add y h 2 div add M
w 4 div 0 rlineto
x w 4 div add y lineto stroke
x w 4 div add w 8 div add y h 4 div add M
x w 4 div add y lineto
w 4 div h 8 div rlineto stroke
grestore
} {
% do nothing
} ifelse
} ifelse
} def
% EPSF import.
/BeginEPSF {
/b4_Inc_state save def % Save state for cleanup
/dict_count countdictstack def % Count objects on dict stack
/op_count count 1 sub def % Count objects on operand stack
userdict begin
/showpage { } def
0 setgray 0 setlinecap
1 setlinewidth 0 setlinejoin
10 setmiterlimit [ ] 0 setdash newpath
/languagelevel where {
pop languagelevel
1 ne {
false setstrokeadjust false setoverprint
} if
} if
} bind def
/EndEPSF {
count op_count sub { pos } repeat % Clean up stacks
countdictstack dict_count sub { end } repeat
b4_Inc_state restore
} bind def
% Check PostScript language level.
/languagelevel where {
pop /gs_languagelevel languagelevel def
} {
/gs_languagelevel 1 def
} ifelse
%%EndResource
%%BeginResource: procset Enscript-Encoding-88591 1.6 4
/encoding_vector [
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/space /exclam /quotedbl /numbersign
/dollar /percent /ampersand /quoteright
/parenleft /parenright /asterisk /plus
/comma /hyphen /period /slash
/zero /one /two /three
/four /five /six /seven
/eight /nine /colon /semicolon
/less /equal /greater /question
/at /A /B /C
/D /E /F /G
/H /I /J /K
/L /M /N /O
/P /Q /R /S
/T /U /V /W
/X /Y /Z /bracketleft
/backslash /bracketright /asciicircum /underscore
/quoteleft /a /b /c
/d /e /f /g
/h /i /j /k
/l /m /n /o
/p /q /r /s
/t /u /v /w
/x /y /z /braceleft
/bar /braceright /tilde /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/space /exclamdown /cent /sterling
/currency /yen /brokenbar /section
/dieresis /copyright /ordfeminine /guillemotleft
/logicalnot /hyphen /registered /macron
/degree /plusminus /twosuperior /threesuperior
/acute /mu /paragraph /bullet
/cedilla /onesuperior /ordmasculine /guillemotright
/onequarter /onehalf /threequarters /questiondown
/Agrave /Aacute /Acircumflex /Atilde
/Adieresis /Aring /AE /Ccedilla
/Egrave /Eacute /Ecircumflex /Edieresis
/Igrave /Iacute /Icircumflex /Idieresis
/Eth /Ntilde /Ograve /Oacute
/Ocircumflex /Otilde /Odieresis /multiply
/Oslash /Ugrave /Uacute /Ucircumflex
/Udieresis /Yacute /Thorn /germandbls
/agrave /aacute /acircumflex /atilde
/adieresis /aring /ae /ccedilla
/egrave /eacute /ecircumflex /edieresis
/igrave /iacute /icircumflex /idieresis
/eth /ntilde /ograve /oacute
/ocircumflex /otilde /odieresis /divide
/oslash /ugrave /uacute /ucircumflex
/udieresis /yacute /thorn /ydieresis
] def
%%EndResource
%%EndProlog
%%BeginSetup
%%IncludeResource: font Courier-Bold
%%IncludeResource: font Courier
/HFpt_w 10 def
/HFpt_h 10 def
/Courier-Bold /HF-gs-font MF
/HF /HF-gs-font findfont [HFpt_w 0 0 HFpt_h 0 0] makefont def
/Courier /F-gs-font MF
/F-gs-font 10 10 SF
/#copies 1 def
% Pagedevice definitions:
gs_languagelevel 1 gt {
<<
/PageSize [612 792]
>> setpagedevice
} if
/d_page_w 498 def
/d_page_h 692 def
/d_header_x 0 def
/d_header_y 692 def
/d_header_w 498 def
/d_header_h 0 def
/d_footer_x 0 def
/d_footer_y 0 def
/d_footer_w 498 def
/d_footer_h 0 def
/d_output_w 498 def
/d_output_h 692 def
/cols 1 def
%%EndSetup
%%Page: (1) 1
%%BeginPageSetup
_S
76 24 translate
/pagenum 1 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 635 M
(6LoWPAN Working Group S. Raza) s
5 624 M
(Internet-Draft S. Duquennoy) s
5 613 M
(Intended Status: Standard Track SICS, Stockholm) s
5 602 M
( G. Selander) s
5 591 M
( Ericsson, Stockholm) s
5 580 M
(Expires: March 7, 2014 September 3, 2013) s
5 547 M
( Compression of IPsec AH and ESP Headers for Constrained Environments) s
5 536 M
( draft-raza-6lowpan-ipsec-01) s
5 514 M
(Abstract) s
5 492 M
( This document describes the header compression mechanisms for the) s
5 481 M
( IPsec [RFC4301] based on the encoding scheme standardized in) s
5 470 M
( [RFC6282]. The IPsec Authentication Header \(AH\) and Encapsulated) s
5 459 M
( Security Payload \(ESP\) headers are compressed using Next Header) s
5 448 M
( Compression \(NHC\) defined in [RFC6282]. This document does not) s
5 437 M
( invalidate any encoding schemes proposed in 6LoWPAN [RFC6282] but) s
5 426 M
( rather complements it with compressed IPsec using the free bits in) s
5 415 M
( the IPv6 Extension Header encoding.) s
5 382 M
(Status of this Memo) s
5 360 M
( This Internet-Draft is submitted in full conformance with the) s
5 349 M
( provisions of BCP 78 and BCP 79.) s
5 327 M
( Internet-Drafts are working documents of the Internet Engineering) s
5 316 M
( Task Force \(IETF\). Note that other groups may also distribute) s
5 305 M
( working documents as Internet-Drafts. The list of current Internet-) s
5 294 M
( Drafts is at http://datatracker.ietf.org/drafts/current/.) s
5 272 M
( Internet-Drafts are draft documents valid for a maximum of six months) s
5 261 M
( and may be updated, replaced, or obsoleted by other documents at any) s
5 250 M
( time. It is inappropriate to use Internet-Drafts as reference) s
5 239 M
( material or to cite them other than as "work in progress.") s
5 217 M
( This Internet-Draft will expire on March 7, 2014.) s
5 184 M
(Copyright and License Notice) s
5 162 M
( Copyright \(c\) 2013 IETF Trust and the persons identified as the) s
5 151 M
( document authors. All rights reserved.) s
5 129 M
( This document is subject to BCP 78 and the IETF Trust's Legal) s
5 118 M
( Provisions Relating to IETF Documents) s
5 74 M
(Raza Expires March 7, 2014 [Page 1]) s
_R
S
%%Page: (2) 2
%%BeginPageSetup
_S
76 24 translate
/pagenum 2 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 668 M
(INTERNET DRAFT IPsec-for-6LoWPAN September 3, 2013) s
5 635 M
( \(http://trustee.ietf.org/license-info\) in effect on the date of) s
5 624 M
( publication of this document. Please review these documents) s
5 613 M
( carefully, as they describe your rights and restrictions with respect) s
5 602 M
( to this document. Code Components extracted from this document must) s
5 591 M
( include Simplified BSD License text as described in Section 4.e of) s
5 580 M
( the Trust Legal Provisions and are provided without warranty as) s
5 569 M
( described in the Simplified BSD License.) s
5 525 M
(Table of Contents) s
5 503 M
( 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3) s
5 492 M
( 1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3) s
5 481 M
( 2. Linking IPsec Headers Compression with 6LoWPAN . . . . . . . . 3) s
5 470 M
( 3. LOWPAN_NHC for Authentication Header . . . . . . . . . . . . . 4) s
5 459 M
( 4. LOWPAN_NHC for Encapsulated Security Payload \(ESP\) . . . . . . 6) s
5 448 M
( 5. Implementation Considerations . . . . . . . . . . . . . . . . . 8) s
5 437 M
( 6. Security Considerations . . . . . . . . . . . . . . . . . . . . 8) s
5 426 M
( 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 8) s
5 415 M
( 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8) s
5 404 M
( 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9) s
5 393 M
( 9.1. Normative References . . . . . . . . . . . . . . . . . . . 9) s
5 382 M
( 9.2. Informative References . . . . . . . . . . . . . . . . . . 9) s
5 371 M
( Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9) s
5 74 M
(Raza Expires March 7, 2014 [Page 2]) s
_R
S
%%Page: (3) 3
%%BeginPageSetup
_S
76 24 translate
/pagenum 3 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 668 M
(INTERNET DRAFT IPsec-for-6LoWPAN September 3, 2013) s
5 635 M
(1 Introduction) s
5 613 M
( [RFC6282] defines how IPv6 datagrams can be routed over IEEE 802.15.4) s
5 602 M
( [IEEE802.15.4]-based networks. [RFC6282] defines a header compression) s
5 591 M
( schemes that can significantly reduce the size of IP, IP extension,) s
5 580 M
( and UDP headers. This enables the routing of heavy-weight IP traffic) s
5 569 M
( to resource-constrained [IEEE802.15.4]-based wireless network. The) s
5 558 M
( security in [IEEE802.15.4]-based IP network or what is more commonly) s
5 547 M
( known 6LoWPAN networks is particularly important as we connect the) s
5 536 M
( insecure Internet with the vulnerable wireless network. The) s
5 525 M
( standardized and mandatory security solution for IPv6 is IP security) s
5 514 M
( \(IPsec\) [RFC4301]. This means that every IPv6 host on Internet is) s
5 503 M
( able to process IP packets secured with IPsec. IPsec, in transport) s
5 492 M
( mode, can provide end-to-end \(E2E\)secure communication between the) s
5 481 M
( two hosts in the IP network. Thus, it is beneficial to extend 6LoWPAN) s
5 470 M
( so that IPsec communication between an IPv6 device \(e.g. a sensor) s
5 459 M
( node\) in 6LoWPAN and IPv6 nodes on conventional Internet becomes) s
5 448 M
( possible. This document does not cover the tunnel mode of IPsec.) s
5 426 M
( With IPv6 architecture it is possible to protect ICMPv6 messages,) s
5 415 M
( using IPsec. As the RPL Control Message [RFC6550] is an ICMPv6) s
5 404 M
( message, it is therefore possible to protect it with IPsec. However,) s
5 393 M
( all RPL Control Message, except DAO / DAO-ACK messages in non-storing) s
5 382 M
( mode, are exchanged between two neighboring devices and have the) s
5 371 M
( scope of a link. Though IPsec security associations can be created) s
5 360 M
( between two neighboring devices, IEEE 802.15.4 security at the link) s
5 349 M
( layer is more suitable for per-hop protection, and IPsec in transport) s
5 338 M
( mode can be used to protect DAO/DAO-ACK messages in non-storing mode.) s
5 305 M
( It is desirable to complement 6LoWPAN header compression with IPsec) s
5 294 M
( to keep packet sizes reasonable in resource constrained IEEE 802.15.4) s
5 283 M
( [IEEE802.15.4]-based network. There are no header compression) s
5 272 M
( specified for IPsec's AH[RFC4302] and ESP[RFC4303] extension headers.) s
5 261 M
( This draft therefore proposes AH and ESP extension header encoding) s
5 250 M
( schemes.) s
5 228 M
(1.1 Terminology) s
5 206 M
( The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",) s
5 195 M
( "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this) s
5 184 M
( document are to be interpreted as described in RFC 2119 [RFC2119].) s
5 151 M
(2. Linking IPsec Headers Compression with 6LoWPAN) s
5 129 M
( [RFC6282] defines the general format of NHC that can be used to) s
5 118 M
( encode IP extension headers. [RFC6282] already defines an NHC) s
5 74 M
(Raza Expires March 7, 2014 [Page 3]) s
_R
S
%%Page: (4) 4
%%BeginPageSetup
_S
76 24 translate
/pagenum 4 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 668 M
(INTERNET DRAFT IPsec-for-6LoWPAN September 3, 2013) s
5 635 M
( encoding for IPv6 Extension Headers \(NHC_EH\) that can be used to link) s
5 624 M
( uncompressed AH and ESP headers to the 6LoWPAN header compression. In) s
5 613 M
( order to compress the IP extension headers a GHC byte for Extension) s
5 602 M
( Header \(GHC_EH\) [draft-bormann-6lowpan-ghc-05] is proposed which has) s
5 591 M
( the same layout as NHC_EH with different ID bits. NHC_EH and GHC_EH) s
5 580 M
( consist of an octet where three bits \(bits 4, 5 and 6\) are used to) s
5 569 M
( encode the IPv6 Extension Header ID \(EID\). Out of eight possible) s
5 558 M
( values for the EID, six are assigned and the remaining two slots \(101) s
5 547 M
( and 110\) are currently unassigned. As AH and ESP are IP extension) s
5 536 M
( headers it makes sense to use one of these unassigned slots for the) s
5 525 M
( IPsec headers. We propose to use the reserved slot 101 for the IPsec) s
5 514 M
( headers, AH or ESP. The corresponding ID field in the AH or ESP will) s
5 503 M
( distinguish these headers from each other. It is also necessary to) s
5 492 M
( set the NH bit in NHC_EH or GHC_EH to 1 to specify that the next) s
5 481 M
( header \(a header after AH or ESP, e.g. UDP\) is NHC-encoded.) s
5 459 M
(3. LOWPAN_NHC for Authentication Header) s
5 437 M
( 6LoWPAN can be used to compress a significant number of bits in AH.) s
5 426 M
( The next header is decided based on the value of NH bit in the IPv6) s
5 415 M
( Extension Header Encoding in [RFC6282]. This draft proposes to always) s
5 404 M
( elide the length field. The payload length field \(the length of AH) s
5 393 M
( header in 32-bit words units minus "2" [RFC4302]\) in the AH header is) s
5 382 M
( always elided, as it can be inferred from the lower layers: either) s
5 371 M
( from the IEEE 802.15.4 header or the 6LoWPAN header. The size of ICV) s
5 360 M
( can be obtained from the SPI value because the length of the) s
5 349 M
( authenticating data depend on the algorithm used and are fixed for) s
5 338 M
( any input size. The RESERVED field in the AH header is also always) s
5 327 M
( elided. The SPI and SN are compressed using the proposed NHC encoding) s
5 316 M
( for the AH header shown in Figure 1 and are explained below.) s
5 294 M
( 0 1 2 3 4 5 6 7) s
5 283 M
( +---+---+---+---+---+---+---+---+) s
5 272 M
( | 1 | 1 | 0 | 1 | SPI | SN |) s
5 261 M
( +---+---+---+---+---+---+---+---+) s
5 239 M
( Figure 1: Proposed LOWPAN NHC encoding for AH) s
5 217 M
( o The first four bits in the NHC AH represent the NHC ID we define) s
5 206 M
( for AH. These are set to 1101.) s
5 173 M
( o If SPI = 00: the default SPI for the 802.15.4 network is used and) s
5 162 M
( the SPI field is omitted. We set the default SPI value to 1. This) s
5 151 M
( does not mean that all nodes use the same security association) s
5 140 M
( \(SA\), but that every node has a single preferred SA, identified by) s
5 129 M
( SPI 1. If SPI = 01: the least significant 8 bits of the SPI are) s
5 118 M
( carried inline; the remaining 24 bits are elided. If SPI = 10:) s
5 74 M
(Raza Expires March 7, 2014 [Page 4]) s
_R
S
%%Page: (5) 5
%%BeginPageSetup
_S
76 24 translate
/pagenum 5 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 668 M
(INTERNET DRAFT IPsec-for-6LoWPAN September 3, 2013) s
5 635 M
( the least significant 16 bits of the SPI are carried inline; the) s
5 624 M
( remaining 16 bits are elided. If SPI = 11: All 32 bits of the SPI) s
5 613 M
( are carried inline.) s
5 591 M
( o If SN = 00: the least significant 8 bits of sequence number are) s
5 580 M
( carried inline. The remaining bits are elided. If SN = 01: the) s
5 569 M
( least significant 16 bits of the SN are carried inline; the) s
5 558 M
( remaining 16 bits are elided. If SPI = 10: the least significant) s
5 547 M
( 24 bits of the SPI are carried inline; the remaining 8 bits are) s
5 536 M
( elided. If SPI = 11: All 32 bits of the SPI are carried inline.) s
5 514 M
( The sequence number field in the AH header [RFC4302] contains a) s
5 503 M
( value 1 for the first packet sent using a given Security) s
5 492 M
( Association \(SA\), and it is incremented sequentially for the) s
5 481 M
( subsequent packets. Note that by using 8-bit sequence number we do) s
5 470 M
( not limit the size of sequence number to 255, but propose to use 8) s
5 459 M
( bits for the sequence number prior to the transmission of the) s
5 448 M
( 256th packet on an SA. From the 2^8 to 2^\(16-1\) we propose to use) s
5 437 M
( 16-bit sequence number. Follow the same procedure for the 24-bit) s
5 426 M
( sequence number as well. However, the sender and the receiver) s
5 415 M
( sequence number counters must be reset prior to sending 2^32nd) s
5 404 M
( packet as proposed in [RFC4302].) s
5 382 M
( Note that even when used in 6LoWPAN, AH calculates the ICV on the) s
5 371 M
( uncompressed IP header, thus allowing authenticated communication) s
5 360 M
( with Internet hosts. The minimum length of a standard AH, supporting) s
5 349 M
( the mandatory HMAC-SHA1-96[RFC4835], consists of 12 bytes of header) s
5 338 M
( fields plus 12 bytes of ICV. Figure 2 shows a sample NHC compressed) s
5 327 M
( IP/UDP packet secured with AH. Using NHC encoding for the AH we can) s
5 316 M
( reduce the AH header overhead from 24 bytes to 14 bytes: 1 byte of) s
5 305 M
( next header, 1 byte of length, 2 bytes of Reserved field, 4 bytes of) s
5 294 M
( SPI, and 2 bytes of sequence number. However, two additional bytes) s
5 283 M
( are used to define NHC_EH and NHC_AH. Therefore, in the best case,) s
5 272 M
( with AES-XCBC-MAC-96[RFC3566] or HMAC-SHA1-96 ciphers \(when 12 bytes) s
5 261 M
( are used for ICV\), applying NHC encoding for AH saves 8 bytes in each) s
5 250 M
( data packet secured with IPsec AH.) s
5 74 M
(Raza Expires March 7, 2014 [Page 5]) s
_R
S
%%Page: (6) 6
%%BeginPageSetup
_S
76 24 translate
/pagenum 6 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 668 M
(INTERNET DRAFT IPsec-for-6LoWPAN September 3, 2013) s
5 635 M
( | octet 1 | octet 2 | octet 1 | octet 1 |) s
5 624 M
( +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+) s
5 613 M
( | LOWPAN_IPHC | Hop Limit | Source Address|) s
5 602 M
( +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+) s
5 591 M
( | Source Address| Destination Address | LOWPAN_NHC_EH |) s
5 580 M
( +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+) s
5 569 M
( | LOWPAN_NHC_AH | Sequence Number | |) s
5 558 M
( +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +) s
5 547 M
( | |) s
5 536 M
( | Integrity Check Value-ICV \(Variable\) +-+-+-+-+-+-+-+-+) s
5 525 M
( | | LOWPAN_NHC_UDP|) s
5 514 M
( +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+) s
5 503 M
( | Source Port | Dest Port | Checksum | |) s
5 492 M
( +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +) s
5 481 M
( | |) s
5 470 M
( + +) s
5 459 M
( | UDP Payload \(Variable\) |) s
5 448 M
( + +) s
5 437 M
( | |) s
5 426 M
( +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+) s
5 404 M
( Figure 2: A sample NHC compressed IP/UDP packet secured with AH.) s
5 371 M
(4. LOWPAN_NHC for Encapsulated Security Payload \(ESP\)) s
5 349 M
( The encryption in the IPsec ESP includes Payload Data, Padding, Pad) s
5 338 M
( Length and Next Header fields in the ESP. Therefore, we cannot) s
5 327 M
( compress these fields at the 6LoWPAN layer, and these fields are) s
5 316 M
( always carried inline. Also, when using ESP the UDP header and) s
5 305 M
( payload is also encrypted, hence cannot be compressed using NHC) s
5 294 M
( encodings for UDP defined in the [RFC6282]. However, we can compress) s
5 283 M
( the SPI and and sequence number \(SN\) fields in the ESP header. Figure) s
5 272 M
( 3 shows a proposed NHC encodings for the ESP that are explained) s
5 261 M
( below.) s
5 228 M
( 0 1 2 3 4 5 6 7) s
5 217 M
( +---+---+---+---+---+---+---+---+) s
5 206 M
( | 1 | 1 | 1 | 0 | SPI | SN |) s
5 195 M
( +---+---+---+---+---+---+---+---+) s
5 173 M
( Figure 3: Proposed LOWPAN NHC encoding for ESP) s
5 151 M
( o The first four bits in the NHC ESP represent the NHC ID we define) s
5 140 M
( for ESP. These are set to 1110.) s
5 118 M
( o The SPI and SN bits are encoded exactly the same way as in) s
5 74 M
(Raza Expires March 7, 2014 [Page 6]) s
_R
S
%%Page: (7) 7
%%BeginPageSetup
_S
76 24 translate
/pagenum 7 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 668 M
(INTERNET DRAFT IPsec-for-6LoWPAN September 3, 2013) s
5 635 M
( Section 3 for the AH header.) s
5 613 M
( In case of ESP we cannot skip the next header unless the end hosts) s
5 602 M
( are able to execute 6LoWPAN compression/decompression and) s
5 591 M
( encryption/decryption jointly. The nodes in the 6LoWPAN network make) s
5 580 M
( their decision about the next header based on the NH value not the) s
5 569 M
( actual header that is carried inline. In the case of ESP we MUST set) s
5 558 M
( the NH value in the NHC_EH or GHC_EH to zero to indicate that the) s
5 547 M
( full 8 bits of next header field are carried inline.) s
5 514 M
( | octet 1 | octet 2 | octet 1 | octet 1 |) s
5 503 M
( +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+) s
5 492 M
( | LOWPAN_IPHC | Hop Limit | Source Address|) s
5 481 M
( +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+) s
5 470 M
( | Source Address| Destination Address | LOWPAN_NHC_EH |) s
5 459 M
( +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+) s
5 448 M
( | LOWPAN_NHC_ESP| Sequence Number | IV |) s
5 437 M
( +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+) s
5 426 M
( | Initialization Vector \(Variable Size\) | Source Port |) s
5 415 M
( +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+) s
5 404 M
( | Source Port | Destination Port | Length |) s
5 393 M
( +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+) s
5 382 M
( | Length | Checksum | |) s
5 371 M
( +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +) s
5 360 M
( | UDP Payload \(Variable\) |) s
5 349 M
( +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+) s
5 338 M
( | Pad | Pad Length | Next Header |) s
5 327 M
( +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+) s
5 316 M
( | |) s
5 305 M
( + +) s
5 294 M
( | Integrity Check Value \(Variable\) |) s
5 283 M
( + +) s
5 272 M
( | |) s
5 261 M
( +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+) s
5 239 M
( Figure 4: A sample NHC compressed IP/UDP packet secured with ESP.) s
5 217 M
( With perfect block alignment, the minimum ESP overhead without) s
5 206 M
( authentication is 10 bytes [RFC4303]. After optimal compression this) s
5 195 M
( header overhead is reduced to 6 bytes, considering that two bytes are) s
5 184 M
( used for NHC_EH and NHC_ESP. ESP also includes an IV which is equal) s
5 173 M
( to the size of an encryption block; 16 bytes in the case of AES. If) s
5 162 M
( authentication is enabled in the ESP, additional 12 bytes of ICV are) s
5 151 M
( also required. Figure 4 shows an UDP/IP packet secured with) s
5 140 M
( compressed ESP.) s
5 74 M
(Raza Expires March 7, 2014 [Page 7]) s
_R
S
%%Page: (8) 8
%%BeginPageSetup
_S
76 24 translate
/pagenum 8 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 668 M
(INTERNET DRAFT IPsec-for-6LoWPAN September 3, 2013) s
5 635 M
(5. Implementation Considerations) s
5 613 M
( We provide an open source implementation of the proposed compression) s
5 602 M
( scheme in the Contiki operating system. The implementation is) s
5 591 M
( released under BSD license and can be obtained through the) s
5 580 M
( contikiprojects repository at the following URI:) s
5 569 M
( svn://svn.code.sf.net/p/contikiprojects/code/sics.se/ipsec) s
5 547 M
(6. Security Considerations) s
5 525 M
( The compression scheme proposed in this document does not compromise) s
5 514 M
( any of the security provided by IPsec AH and ESP. In particular, the) s
5 503 M
( SN field is compressed in an on-demand fashion, as described in) s
5 492 M
( Section 3. In order to overcome replay attacks, it is recommended) s
5 481 M
( that the communication end-points should re-establish a security) s
5 470 M
( association before the sequence number overflows. However, in) s
5 459 M
( constrained environments, different implementations can decide the) s
5 448 M
( overflow size; 2^8, 2^16, 2^24, or 2^32. This leads to a trade-off) s
5 437 M
( between the overhead incurred by establishing a new security) s
5 426 M
( association and by sending more bits of sequence number. The) s
5 415 M
( Initialization Vector \(IV\) and Integrity Check Value \(ICV\) are also) s
5 404 M
( not compressed to take full advantage of IPsec AH and ESP security.) s
5 382 M
(7. IANA Considerations) s
5 360 M
( [RFC6282] creates a new IANA registry for the LOWPAN_NHC header type) s
5 349 M
( where the two slots, 1110101N and 1110110N, in LOWPAN_NHC for the) s
5 338 M
( IPv6 Extension Header are unassigned. This document requests the) s
5 327 M
( assignment of one of these two unassigned values, 1110101N, to IPsec) s
5 316 M
( AH and ESP. This document also requests the assignment of following) s
5 305 M
( contents:) s
5 283 M
( 1101XXYY: The 6LOWPAN_NHC encoding for the IPsec Authentication) s
5 272 M
( Header.) s
5 250 M
( 1110XXYY: The 6LOWPAN_NHC encoding for the IPsec Encapsulated) s
5 239 M
( Security Payload Header.) s
5 217 M
( Capital letters in bit positions represent class-specific bit) s
5 206 M
( assignments. The letters XX and YY represent SPI and SN) s
5 195 M
( respectively, as defined in Section 3.) s
5 173 M
(8. Acknowledgements) s
5 151 M
( The work is funded by CALIPSO, Connect All IP-based Smart Objects,) s
5 140 M
( funded by the European Commission under FP7 with contract number FP7-) s
5 129 M
( ICT-2011.1.3-288879.) s
5 74 M
(Raza Expires March 7, 2014 [Page 8]) s
_R
S
%%Page: (9) 9
%%BeginPageSetup
_S
76 24 translate
/pagenum 9 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 668 M
(INTERNET DRAFT IPsec-for-6LoWPAN September 3, 2013) s
5 635 M
(9. References) s
5 613 M
(9.1. Normative References) s
5 591 M
( [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate) s
5 580 M
( Requirement Levels", BCP 14, RFC 2119, March 1997.) s
5 558 M
( [RFC4301] Kent, S. and K. Seo, "Security Architecture for the) s
5 547 M
( Internet Protocol", RFC 4301, December 2005.) s
5 525 M
( [RFC4302] Kent, S., "IP Authentication Header", RFC 4302, December) s
5 514 M
( 2005.) s
5 492 M
( [RFC4303] Kent, S., "IP Encapsulating Security Payload \(ESP\)",) s
5 481 M
( RFC 4303, December 2005.) s
5 459 M
( [RFC4303] J. Hui, P. Thubert, "Compression Format for IPv6 Datagrams) s
5 448 M
( over IEEE 802.15.4-Based Networks", RFC 6282, September) s
5 437 M
( 2011) s
5 426 M
(9.2. Informative References) s
5 393 M
( [RFC3566] Frankel, S. and H. Herbert, "The AES-XCBC-MAC-96 Algorithm) s
5 382 M
( and Its Use With IPsec", RFC 3566, September 2003.) s
5 360 M
( [RFC4835] Manral, V., "Cryptographic Algorithm Implementation) s
5 349 M
( Requirements for Encapsulating Security Payload \(ESP\) and) s
5 338 M
( Authentication Header \(AH\)", RFC 4835, April 2007.) s
5 294 M
(Authors' Addresses) s
5 261 M
( Shahid Raza) s
5 250 M
( SICS Swedish ICT AB \(SICS\)) s
5 239 M
( Isafjordsgatan 22, 16440 Kista) s
5 228 M
( SWEDEN) s
5 206 M
( Phone: +46-\(0\)768831797) s
5 195 M
( EMail: shahid@sics.se) s
5 162 M
( Simon Duquennoy) s
5 151 M
( SICS Swedish ICT AB \(SICS\)) s
5 140 M
( Isafjordsgatan 22, 16440 Kista) s
5 129 M
( SWEDEN) s
5 74 M
(Raza Expires March 7, 2014 [Page 9]) s
_R
S
%%Page: (10) 10
%%BeginPageSetup
_S
76 24 translate
/pagenum 10 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
/user_footer_p false def
%%EndPageSetup
5 668 M
(INTERNET DRAFT IPsec-for-6LoWPAN September 3, 2013) s
5 635 M
( Phone: +46-\(0\)702021482) s
5 624 M
( EMail: simonduq@sics.se) s
5 591 M
( Goeran Selander) s
5 580 M
( Ericsson) s
5 569 M
( Farogatan 6, 16480 Kista) s
5 558 M
( SWEDEN) s
5 536 M
( Email: goran.selander@ericsson.com) s
5 74 M
(Raza Expires March 7, 2014 [Page 10]) s
_R
S
%%Trailer
%%Pages: 10
%%DocumentNeededResources: font Courier-Bold Courier
%%EOF
| PAFTECH AB 2003-2026 | 2026-04-23 15:35:16 |