Discussions on New Work Item of Distributed Authentication

Slides:



Advertisements
Similar presentations
Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.
Advertisements

The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Using the CC2420 with AES Support
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
FIT5037 Advanced Network Security --- Modern Computing and Security --- Lecture 1.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
ASYMMETRIC CIPHERS.
Public Key Model 8. Cryptography part 2.
Andreas Steffen, , 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
Chapter 10: Authentication Guide to Computer Network Security.
An Efficient Identity-based Cryptosystem for
Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:
1 Optimal Mail Certificates in Mail Payment Applications Leon Pintsov Pitney Bowes 2nd CACR Information Security Workshop 31 March 1999.
Ad Hoc Networks Curtis Bolser Miguel Turner Kiel Murray.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 21 Public-Key Cryptography and Message Authentication.
Intrusion Tolerant Software Architectures Bruno Dutertre, Valentin Crettaz, Victoria Stavridou System Design Laboratory, SRI International
Elliptic Curve Cryptography
Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.
SEC #11 WG4 Status & Release 1 Outlook Group Name: Source:,, Meeting Date: Agenda Item:
Identity-Based Signatures for MANET Routing Protocols draft-dearlove-manet-ibs-00 Christopher Dearlove Presented by Ulrich Herberg.
Security of the Internet of Things: perspectives and challenges
Public Key Cryptography. Asymmetric encryption is a form of cryptosystem in which Encryption and decryption are performed using the different keys—one.
 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.
What is in a name? Identity-based cryptography. How public-key crypto works When you use public key cryptography, you can publish a value (public key)
Key management issues in PGP
Presented by Edith Ngai MPhil Term 3 Presentation
Web Applications Security Cryptography 1
Raspberry Pi.
Discussions on New Work Item of Decentralized Authentication
Asymmetric-Key Cryptography
Evaluation Forms for Blockchain- Based System ver. 1.0
Computer Communication & Networks
Possible options of using DDS in oneM2M
Cryptography and Network Security
e-Health Platform End 2 End encryption
Intrusion Tolerance for NEST
Public Key Encryption and Digital Signatures
Peer-to-peer networking
Secure Group Key Distribution in Constrained Environments with IKEv2
Presented by: Dr. Munam Ali Shah
Public-Key Cryptography
January 15th Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Security protocol for Body area networks]
PLUG-N-HARVEST ID: H2020-EU
Security through Encryption
You Lu, Zhiyang Wang, Yu-Ting Yu, Mario Gerla
Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li  University of Pittsburgh, Pittsburgh, PA Hui Ling.
The Application of Elliptic Curves Cryptography in Embedded Systems
Enabling Technology1: Cryptography
Distributed Ledger Technology (DLT) and Blockchain
Chapter 4 Cryptography / Encryption
Secure How do you do it? Need to worry about sniffing, modifying, end-user masquerading, replaying. If sender and receiver have shared secret keys,
Public-Key, Digital Signatures, Management, Security
DISSERTATION ON CRYPTOGRAPHY.
Performance Analysis of authentication and authorization
The Italian Academic Community’s Electronic Voting System
Introduction to Cryptography
SPIRAL: Security Protocols for Cerberus
Cryptography Lecture 23.
Review of Cryptography: Symmetric and Asymmetric Crypto Advanced Network Security Peter Reiher August, 2014.
An EAP Authentication Method Based on Identity-Based Authenticated Key Exchange draft-cakulev-emu-eap-ibake-00 Violeta Cakulev
Fourth ITU Workshop on Network 2030
Lecture 36.
Lecture 36.
Presentation transcript:

Discussions on New Work Item of Distributed Authentication TP-2016-0329 Discussions on New Work Item of Distributed Authentication Group Name: SEC (WG4) Source: Guilin Wang (Huawei) Meeting Date: TP#25, 2016-10-17 Agenda Item: WI-xxxx-Decentralized Authentication

Objectives The concept of Decentralized Authentication The justification of this new work item The feasibility of IBS for IoT devices The scope of this new work item, together with an example protocol which we could design

The Concept of Decentralized Authentication Decentralized Authentication means An IoT entity can use its single authentication credential to authenticate itself to many other entities Therefore, it supports many to many communication better, without the direct involvement of centralized management. Traditional PKI support this, but not flexible and lightweight enough. It does not mean The authentication operation is done collectively by a number of entities, which locate at different sites logically and/or physically. (Once called as Distributed Authentication, SEC-2016-0173)

Justification (I) To provide flexibility and reduce employment costs, various IoT application scenarios may require distributed authentication in which two entities (e.g. devices, applications and network components) can authenticate each other directly and further establish secure channels in a lightweight way without online centralized management. Namely, an entity can use its one single authentication credential to authenticate itself to many other entities. The authentication mechanisms in TS003 require either centralized node involved or traditional PKI, which cannot offer scalable and lightweight decentralized authentication.

Justification (II) Moreover, as distributed authorization has been considered by SEC group in oneM2M, decentralized authentication should be taken into account too. Finally, Work Item WI-0047 is studying DDS to allow multiple M2M Applications interacting with multiple M2M Devices/Gateways, i.e., many-to-many communication (OSR-009), in the framework of oneM2M. The results achieved from this Work Item can be used to support the security in the usage of DDS in oneM2M.

IBS and IBS related RFCs IBS (Identify Based Signatures): Similar to PKI base public key cryptosystems, but a meaningful ID can be used a the public key. Introduced 1984. RFC 5091, 2007: Identity-Based Cryptography Standard (IBCS) #1: Supersingular Curve Implementations of the BF and BB1 Cryptosystems (X. Boyen and L. Martin, Voltage Security). RFC 5408, 2009: Identity-Based Encryption Architecture and Supporting Data Structures (G. Appenzeller, Stanford University, L. Martin, Voltage Security, and M. Schertler, Axway) RFC 6507, 2012: Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption (ECCSI) (M. Groves, CESG) RFC 6539, 2012: IBAKE: Identity-Based Authenticated Key Exchange (V. Cakulev, G. Sundaram, and I. Broustis, Alcatel Lucent) RFC 7859, 2016: Identity-Based Signatures for Mobile Ad Hoc Network (MANET) Routing Protocols (C. Dearlove, BAE Systems)

Feasibility of IBS for IoT: IoT Chips ARM Cortex-M series chips are for IoT devices. Board CPU RAM Cortex-M0(+) Freescale 48MHz 32KB Contex-M3 NXP LPC1768 96MHz Contex-M4 STM32 84MHz 96KB SIM 5-20MHz CPU 0.1 – 6KB Board CPU RAM NBIoT Zigbee ? 32 MHz 8 KB 测试环境(芯片等) 硬件加速(硬件加速能够带来多少性能提升,不同算法通过硬件加速性能提升是否相同,硬件加速带来的成本) 性能数据 NBIoT Zigbee chips are weaker than Cortex M0(+). So, IBS may be challenging for NBIoT now. But, hardware progress is fast.

Feasibility of IBS for IoT: Preliminary Testing Results of IBS Algorithms Algorithm (IEEE-ECC-IBS, RFC 6507), namely signature generation and verification, based on OpenSSL Crypto Libratory, running at single core with following models: Model 1: Desktop with Intel(R) Xeon(R) CPU E5-2690 v2 @ 3.00GHz; Model 2: computer rack with Intel(R) Xeon(R) CPU E3-1230 v3 @ 3.30GHz; Model 3: Google Nexus 6 phone with Krait 450 @ 2.7 GHz. Network transmitting time not included. All algorithms are repeated 3000 times for each setting and the average running time is recorded. Curve Security Strength Corresponding RSA bits Average running time Model 1 Model 2 Model 3 P-256 128bit 3072 2.16ms 1.57ms 9.84ms P-521 256bit 15360 9.95ms 7.91ms 61.5ms Expected Performance for P-256 @ ARM M3 (96M) Chip : 277 ms (signature generation+verification)

Feasibility of IBS for IoT: IBS Performance from Academic Research Time for IBS Signature Generation (128 bit security) in ms: Contex-M0+ (48MHz) Contex-M3 (96MHZ) iPhone 4 (Cortex-A9,1.2GHz) Signature Length (bit) IETF-ECC-IBS@curve 25519 80 40 3.2 768 ISO-ECC-IBS@curve 25519 Offline:30 Online:15 Offline:15 Online:8 Offline:1.2 Online:0.6 ISO-Pairing-IBS@ BN pairing 669 335 26.8 508 Time for IBS Signature Verification (128 bit security) in ms: Contex-M0+ (48MHz) Contex-M3 (96MHZ) iPhone 4 (Cortex-A9,1.2GHz) Signature Length (bit) IETF-ECC-IBS@curve 25519 225 113 9.04 768 ISO-ECC-IBS@curve 25519 224 112 8.96 ISO-Pairing-IBS@ BN pairing 2324 1162 92.96 508 Source 1: High-speed Curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers, Designs, Codes and Cryptography 2015 (Curve 25519). Source 2: Efficient Pairings and ECC for Embedded Systems CHES 2014 (BN pairing).

Feasibility of IBS for IoT: Remarks IBS Schemes: IETF-ECC-IBS: RFC 6507, 2012, used in 3GPP D2D (ProSe, 2014) ISO-ECC-IBS: SO/IEC 29192-4, 2013 ISO-Pairing-IBS: ISO/IEC 14888-3, 2006 Remarks: 126 bit security can be viewed very strong security for most of IoT devices (Recall that 1024 RSA only provides 80 bit security). Performance relies on many factors: chip platform, ECC curves, crypto library, coding etc. For the same security level, the running time for RSA signatures is about double. IETF-ECC-IBS Performance For Curve 25519 @ ARM M3 (96M) Chip : 153 ms (sign. gen. +ver.), which is bout 50% faster than the expected result. Reasons: different curves, coding quality. So, IBS for IoT devices is feasible!

Scope and An Example Protocol An Example Protocol using IBS: To derive PSK flexibly for supporting DDS Based on some IBS, a PSK can be generated from receiver’s ID, sender’s ID, and sender’s private key. This can efficiently solve the problem of PSK distriution in many–to-many communication scenario. Using this PSK, encryption and integrity can be offered using traditional primitives M (plaintext) V (Ciphertext) IDReceiver SKSender Shared PSK SAB Session key K Encryption MIC The receiver can derive PSK SAB and session key K similarly.

Scope and An Example To investigate user cases and related security requirements. For considering the feasibility, to identify suitable primitives and mechanisms, which are expected to be a few asymmetric key based technologies but lightweight enough for IoT use (identity based cryptography, certificateless signatures, etc). To evaluate the value of distributed authentication. To design new distributed authentication mechanisms and protocols that are lightweight for oneM2M architecture. In particular, these protocols shall be considered to be implemented using TLS/DTLS.

Thanks!