Overview of E2E Security CRs Group Name: SEC WG Source: Qualcomm Inc., Phil Hawkes, Wolfgang Granzow Meeting Date: SEC#22.4, 2016-05-04 Agenda Item: End-to-End Security and Group Authentication
Background Qualcomm has four open CRs related to End-to-End Security SEC-2016-0065R04-CR_TS-0003_R2_Updates_to_MAF_Text SEC-2016-0071R02-CR_TS-0003_Certificate_Enrolment SEC-2016-0091-CR_TS-0003_R2_Certificate_Enrolment_procedure_call_flow SEC-2016-0092-CR_TS-0003_Usage-constrained_key_derivation_from_Ke These changes solve a large set of problems Difficult to provide separate CRs for each problem, since there are interdependencies 91 and 92 are text separated from 71R01. For other solutions that could not be presented in separate CRs, the text is highlighted to simplify discussion on whether to include the text or not. All related to credential provisioning/distribution, mostly E2E Security related, and Better support for certificates (cert enrolment, cert authn w/ MAF) This presentation gives an overview of those changes Summary Slide followed by deeper dive into the individual problems and solutions. Presentation does not fully describe solutions – see CRs to understand solutions
Summary Table Problem Solution Summary Contribution (SEC-2016-00…) Certificate Enrolment [SEC-2015-0549R02] Integration into RSPFs 71R02 Certificate enrolment-specific steps 91 SAEF, ESPrim and ESData should use same technologies with MEF SAEF, ESPrim or ESData use single extended versions of MEF procedures Limiting scope of usage of a symmetric keys established using MEF Security Usage Identifiers (SUIDs) defined for security features – used to limit scope Key derivation algorithm (stage 3 detail) 92 SAEF, ESPrim and ESData should use same technologies with MAF SAEF, ESPrim or ESData use single extended versions of MAF procedures 65R04 Limiting scope of usage of a symmetric keys established using MAF No way for MAF to select KmId for remotely provisioning symmetric key Added MAF KmId Retrieval procedure MAF auth’n could use client + server certs Extend MAF handshake (DTLS/TLS) to allow 65R04, 71R02 light blue highlighting If Enrolee B is enrolled with MEF, fast re-authenticate to retrieve symmetric key Allow use of a symmetric Enrolment Re-Authentication Key (Ker) generated during RSPF or provisioned certificate. 71R02 dark blue highlighting Triggering remote mgmt in remote provisioning RSPF can configure URI for remote mgmt 71R02 grey highlighting
Key distribution/provisioning for E2E (1) MAF, MAF-SAEF, MEF & RSPFs were specified for key distribution/provisioning when we only had SAEFs for securing communication Now we also have ESPrim and ESData IDCC added clause 8.6 “Remote Security Frameworks for End-to-End Security” defining TEF providing key distribution/provisioning for ESPrim & ESData As mentioned earlier, more like MAF & operational-phase key distribution There would be advantages to having same key distribution/provisioning technologies for all of SAEF, ESPrim, ESData In particular, the overall system becomes less complex
Key distribution/provisioning for E2E (2) [0071] MEF/RSPF Impact : Add text saying provisioned credentials may be also used for ESPrim and ESData Added support for Usage-Constrained Symmetric Keys, where usage may be MAF, SAEF, ESPrim, ESData … [0065]MAF Impact : Extracted MAF-specific details from clause 8.2.2.3 on MAF-Based SAEF and put them in new clause 8.x not specific to SAEFs Added exchanges (within DTLS/TLS) Between Source End-Point and MAF (MAF Key Registration) Between Target End-Point and MAF (MAF Key Retrieval) Added support for source-generated keys (as in clause 8.6.3) Addition to existing support for “Bootstrapped” keys exported from TLS Added support for limiting scope of keys to SAEF, ESPrim, ESData,…
Limiting Scope of Symmetric Keys Best practice: limit scope within which symmetric key is used The safest mechanism is incorporating, into the key derivation, some identifier or label defining the scope Impact Security Usage Identifiers (SUIDs) limits scope to A specific security feature (SAEF, ESPrim, ESData, others?) Specific option of security feature, where applicable e.g. ESData can use a symmetric key for Encryption Only or Signature Only [0071] RSPF Impact Symmetric Keys derivation incorporates SUID [0092] Stage 3 details of key derivation for RSPFs [0065] MAF Impact Source End-Point provides MAF with SUID limiting scope of distributed credential Target End-Point provides SUID to MAF when requesting credential Currently, derivation of Bootstrapped Kc does not include SUID, but it could easily be changed to include SUID Generation of source-generated Kc is out of scope.
Certificate Enrolment Purpose Provisioning Enrolee certificate on behalf of M2M SP or M2M Trust Enabler MEF would be appropriate function to facilitate this. Could be part of RSPF Suggested SEC-2015-0549R02. Change implemented [0071] and [0091] RSPF Impact [0071] Previously, RSPF consisted of a TLS handshake providing mutual authentication of Enrolee and MEF Added “Enrolment exchange” between Enrolee and MEF Includes instruction from MEF to Enrolee triggering Certificate Enrolment via an identified URI Updates Overview (8.3.1.2), details in clause 8.3.2.1 (referenced in 8.3.2.2) Certificate Enrolment procedure call flow (Stage 2 only) [0091] Stage 3: Propose using Enrolment over Secure Transport (EST) [RFC7030], relying on mutual authentication in RSPF’s existing TLS handshake Issue: EST is currently defined only for HTTP/TLS. Release 2 will only support certificate enrolment over HTTP/TLS. This will be addressed in stage 3 details
MAF KmId Retrieval procedure Purpose Used when remotely provisioning a symmetric key for MAF. Triggers the MAF to retrieve Km from MAF, assign KmId provide KmId to Enrolee Impact MAF Changes [0065] Referenced in SAEF text (8.2.1 overview, 8.2.2.3 MAF SAEF) Description in MAF Security Framework details (clause 8.x) RSPF Changes [0071] Referenced in RSPF text (8.3.1.2, 8.3.2.1)
Enrolment Re-authentication Purpose Enrolee B may need to retrieve, from MEF, a usage-limited symmetric key provisioned to Enrolee. Makes sense to allow Enrolee B to use a credential established with MEF when Enrolee B enrolled Enrolled Certificate or Symmetric Enrolment Re-Authentication Key (Ker) RSPF Impact [0071] 8.3.1.2 and 8.3.2.1 Generation of symmetric Enrolment Re-Authentication Key (Ker) and Enrolment Re-Authentication Key Identifier (KerId) Allowing Enrolee B to use enrolled certificate or Ker+KerId for mutual authentication with MAF Relevant Highlighted using dark blue background
Cert Authentication w/ MAF Purpose MAF Handshake (TLS/DTLS) currently only supports symmetric keys Certificate-based TLS might be preferable in some deployments Advantage: no need for MAF to store secrets for every end-point Impact MAF Changes [0065] Details specific to using certificates 8.x.2 MAF Credential Configuration 8.x.4 MAF Handshake. RSPF Changes [0071] 8.3.1.1 (Intro) Mentions that certs can be used for auth’n w/ MAF 8.3.1.2 (Overview flow), 8.3.2.1 (Details in PPSK RSPF) If MEF instructs Enrolee to use a MAF, then MEF indicates to Enrolee whether to use symmetric key or certificate for authentication with MAF Relevant Highlighted using light blue background
Triggering Remote Management Purpose Enables the MEF to instruct/configure the Enrolee to perform remote management after the remote security provisioning is completed RSPF Impact [0071] As part of Enrolment Exchange, MEF may provide the base URI of a remote management server with which the Enrolee shall initiate contact for remote management Relevant Highlighted using grey background