6tisch security design team: progress since Toronto

Slides:



Advertisements
Similar presentations
Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
Advertisements

Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.
Computer Networks21-1 Chapter 21. Network Layer: Address Mapping, Error Reporting, and Multicasting 21.1 Address Mapping 21.2 ICMP 21.3 IGMP 21.4 ICMPv6.
Doc.: IEEE xxx Submission January 2015 N. Sato and K. Fukui (OKI)Slide 1 Project: IEEE P Working Group for Wireless Personal Area.
Network Localized Mobility Management using DHCP
MOBILITY SUPPORT IN IPv6
CS682 Session 6 Prof. Katz. Firewalls An intelligent router? Used as a traffic control mechanism Based on information in the Layer 3 and 4 headers Administrator.
Mobile IP Polytechnic University Anthony Scalera Heine Nzumafo Duminda Wickramasinghe Edited by: Malathi Veeraraghavan 12/05/01.
Summary of Certification Process (part 1). IPv6 Client IPv6 packets inside IPv4 packets.
PACKET ANALYSIS WITH WIRESHARK DHCP, DNS, HTTP Chanhyun park.
1 Sideseadmed (IRT0040) loeng 5/2010 Avo
 Protocols used by network systems are not effective to distributed system  Special requirements are needed here.  They are in cases of: Transparency.
Chairs: Pascal Thubert Thomas Watteyne Etherpad for minutes: IPv6 over the TSCH mode of IEEE e 10/24/2014.
RPL:IPv6 Routing Protocol for Low Power and Lossy Networks Speaker: Chung-Yi Chao Advisor: Dr. Kai-Wei Ke 2015/10/08 1.
ROLL RPL Security IETF 77 status
Santhosh Rajathayalan ( ) Senthil Kumar Sevugan ( )
ARP ‘n RARP. The Address Resolution Protocol (ARP) is a request sent out by a computer to find another computer’s MAC address. It already knows the IP.
DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary.
6to4
Kevin Harrison LTEC 4550 Assignment 3.  Ethernet Hub  An unsophisticated device that is used for connecting multiple Ethernet devices together.  Typically.
Network Devices and Firewalls Lesson 14. It applies to our class…
6TSCH Webex 05/03/2013. Agenda update charter: security paragraph[5min] link / peering management[10min] 6TUS building blocks[10min] Centralized routing.
IPv4 over IP CS Soohong Daniel Park Syam Madanapalli.
Wireless ND Stateful Address Identification and Location draft-thubert-6man-wind-sail pthubert, cisco.com IETF 88, Vancouver.
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
MOBILE IP & IP MICRO-MOBILITY SUPPORT Presented by Maheshwarnath Behary Assisted by Vishwanee Raghoonundun Koti Choudary MSc Computer Networks Middlesex.
1 Charter 2.0 chairs. 2 Description of Working Group The Working Group will focus on enabling IPv6 over the TSCH mode of the.
أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)
Link-Layer Hints for Detecting Network Attachments
History and Implementation of the IEEE 802 Security Architecture
Go to youtube and search “Code.org internet videos”
Lecture 3 By Miss Irum Matloob.
25 September 2015 Webex IPv6 over the TSCH mode of IEEE e
Virtual Local Area Networks or VLANs
Backbone Router PlugFest demo
Mobile Networking (I) CS 395T - Mobile Computing and Wireless Networks
Section 4 – Computer Networks
Zueyong Zhu† and J. William Atwood‡
Automatic Subnet Numbering
Carles Gomez, S. M. Darroudi
Computer Data Security & Privacy
TGaq Service Transaction Protocol for ANDSF Discovery Service
ICMP ICMP – Internet Control Message Protocol
Introduction to Wireless Networking
ROLL RPL Security IETF 77 status
Introduction to Networking
Troubleshooting IP Communications
ADDRESSING Before you can send a message, you must know the destination address. It is extremely important to understand that each computer has several.
Mr C Johnston ICT Teacher
Wireless Mesh Networks
Internet Networking recitation #12
2002 IPv6 技術巡迴研討會 IPv6 Mobility
Mobile ad hoc networking: imperatives and challenges
Chapter 5 TCP Control Flow
How to Secure Routing Header for Segment Routing?
[Networking Fundamentals] [Y. K. Choi]
The University of Adelaide, School of Computer Science
Internet Basics Videos
Bruce Maggs relying on materials from
Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
DHCP: Dynamic Host Configuration Protocol
DTLS Key Establishment for IoT
Session 20 INST 346 Technologies, Infrastructure and Architecture
Lecture 4a Mobile IP 1.
On ESS Mesh Device Discovery
A Firmware Update Architecture for Internet of Things Devices
NFD Tunnel Authentication
Bruce Maggs relying on materials from
TCP Connection Management
Presentation transcript:

6tisch security design team: progress since Toronto Some delays getting back into “groove” Three calls: 2014-10-21/2014-10-28/2014-11-04. Two calls were after draft deadline, but were most productive. Clarified section 3; which will go into 6tisch architecture.

6tisch security design team: clarified goals of protocol be able to take “drop-shipped” device out of box, and have it on network. Specifically, establish trusted 6top/CoAP/DTLS between JCE and new node in which security parameters can be provisioned. Fixed some terminology: “well known beacon key” replaces “join key”, and “unique join key” provides for PSK-based authorization.

6tisch security team: issues and resolution Issue of end to end connectivity between JCE and join node. Considered otions were: Some kind of tunnel (PANA,IPIP,DTLS relay,...) Requires per-join node state on Join Assistant Join existing DODAG Requires routing resources inside LLN for storing DODAG Have special JOIN non-storing DODAG Requires a second DODAG to be available Option to establish 6tisch track for join traffic for all mechanisms

6tisch security team: use loose source routing Non-storing DODAG use source routing. JCE can use loose source routing to reach the joining node, even in a storing DODAG! Moves all memory resource consumption (and therefore attackable resource) by joining node to JCE. Network/battery resources are projected by QoS, provisioned by PCE using 6tisch methods! Eliminates RPL methods from time sequence diagram.

6top loose source routed join Coordination Entity Akin to PCE 6tisch mesh JCE 6LBR Join Assistant (proxy) Joining Node Could be part of 6LBR Or co-located in PCE BEACON (1) Router Solicitation Router Advertisement (2) and (3) May have limited Utility, kept for now Certificate Request (2) Certificate Reply (3) Join Request (4) (NS w/(E)ARO) NS (DAR) (5) ?? (6) OUI field of EARO Contains 802.11AR IDevID ?? (7) NS (DAC) (8) DAO DAO Mesh node DAOACK DAOACK NS / Join ACK (9) 6top (CoAP/DTLS) DTLS connection Has client and server Autonomic certificates 5

6top loose source routed join (6lsrj?) Coordination Entity Akin to PCE 6tisch mesh JCE 6LBR Join Assistant (proxy) Joining Node Could be part of 6LBR Or co-located in PCE BEACON (1) Router Solicitation Router Advertisement (2) and (3) May have limited Utility, kept for now Certificate Request (2) Certificate Reply (3) Join Request (4) (NS w/(E)ARO) NS (DAR) (5) ?? (6) OUI field of EARO Contains 802.11AR IDevID ?? (7) NS (DAC) (8) NS / Join ACK (9) 6top (CoAP/DTLS) 6top (CoAP/DTLS) DTLS connection Has client and server Autonomic certificates JCE source routes packet Addressed to join node, Via Join Assistant. 6

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.