Report from the “Smart Object Security Workshop 23 rd March 2012, Paris” Presenter: Hannes Tschofenig.

Slides:



Advertisements
Similar presentations
Windows® Deployment Services
Advertisements

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.
Interconnecting Smart Objects with the Internet Workshop Hannes Tschofenig.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Small(er) Footprint for TLS Implementations Hannes Tschofenig Smart Object Security workshop, March 2012, Paris.
ACE – Design Considerations Corinna Schmitt IETF ACE WG meeting July 23,
Computer Security: Principles and Practice
Control of Personal Information in a Networked World Rebecca Wright Boaz Barak Jim Aspnes Avi Wigderson Sanjeev Arora David Goodman Joan Feigenbaum ToNC.
OAuth/UMA for ACE 24 th March 2015 draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig.
Bootstrapping Key Infrastructures Max Pritikin IETF 91, 10 Nov 2014 Aloha!
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
INFO 355Week #61 Systems Analysis II Essentials of design INFO 355 Glenn Booker.
The Problem Definition How to prevent Cullen from p0wning all the lightbulbs in the city?
Lessons Learned in Smart Grid Cyber Security
AIMS Workshop Heidelberg, 9-11 March 1998 P717 & P805: SIRTE Study for Internet Roaming Throughout Europe Franco Guadagni - Telecom Italia / CSELT
ACE BOF, IETF-89 London Authentication and Authorization for Constrained Environments (ACE) BOF Wed 09:00-11:30, Balmoral BOF Chairs: Kepeng Li, Hannes.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Smart Object Security Workshop 23 rd March 2012, Paris.
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.
IIW 2008b Report November , Mountain View Abbie Barbir Nortel OASIS IDtrust Steering.
SALSA-NetAuth Joint Techs Vancouver, BC July 2005.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
BEHAVE BOF (Behavior Engineering for Hindrance AVoidancE) Cullen Jennings Jiri Kuthan.
Workshop Outputs and Goals Hannes Tschofenig Internet Privacy Workshop, December 2010.
Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.
Secure Credential Manager Claes Nilsson - Sony Ericsson
(Preliminary) Gap Analysis Hannes Tschofenig. Goal of this Presentation The IETF has developed a number of security technologies that are applicable to.
1 DHCP Authentication Discussion INTAREA meeting, 70th IETF Vancouver, Canada Jari Arkko and Ralph Droms.
Internet Architecture Board; Report Back IAB Stack Evolution Programme: interaction with NFV Doc: TBA Source: Bob Briscoe, BT Agenda item: Liaisons For:
T-MPLS Update (abridged) IETF70 December 2007 Stewart Bryant
Distributed Authentication in Wireless Mesh Networks Through Kerberos Tickets draft-moustafa-krb-wg-mesh-nw-00.txt Hassnaa Moustafa
Securing Data in Transit and Storage Sanjay Beri Co-Founder & Senior Director of Product Management Ingrian Networks.
1 Events that Took Place... Exposure to interesting applications and their requirements (buildings, fountains, theatre,...) Discussion about radically.
ECRIT Virtual Interim Meeting 3rd June 2009, 1PM EDT (New York) Marc Linsner Hannes Tschofenig.
GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-ietf-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning Schulzrinne.
Software Deployment and Mobility. Introduction Deployment is the placing of software on the hardware where it is supposed to run. Redeployment / migration.
Automated Certificate Management ACME + Let’s Encrypt Richard
Implementation Challenges with Browser Security IAB Technical Plenary, March 2012, Paris Moderator: Hannes Tschofenig.
March 17, 2003 IETF #56, SAN FRANCISCO1 Compound Authentication Binding Problem (EAP Binding Draft) Jose Puthenkulam Intel Corporation (
Issue #138 CAPWAP WG Meeting IETF 68, Prague. Issue 138 #138: Support and Negotiation of WTP data encryption in the CAPWAP protocol Proposed solution.
“Interconnecting Smart Objects with the Internet” Tutorial Hannes Tschofenig.
Concerns with Network Research Funding S.Floyd & R. Atkinson, Editors Internet Architecture Board draft-iab-research-funding-02.txt.
Implications of Trust Relationships for NSIS Signaling (draft-tschofenig-nsis-casp-midcom.txt) Authors: Hannes Tschofenig Henning Schulzrinne.
Diameter Maintenance and Extensions (dime) IETF 68, March 2007, Prague David Frascone, Hannes Tschofenig.
Transport Layer Security- based Mobile IPv6 Security Framework for MN Node to HA Communication IETF#80 MEXT WG, 1-April-2011 draft-ietf-mext-mip6-tls-00.
Diameter Overload DIME WG IETF 87 July, Starting Point DIAMETER_TOO_BUSY provides little guidance on what a Diameter client should do when it receives.
OAuth WG Blaine Cook, Hannes Tschofenig. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft.
Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats-01.txt Hannes Tschofenig, Henning Schulzrinne, Murugaraj.
W3C Workshop on Languages for Privacy Policy Negotiation and Semantics- Driven Enforcement Report Hannes Tschofenig IETF 67, San Diego, November 2006.
MPTCP – MULTIPATH TCP WG meeting #1 Nov 9 th, 2009 Hiroshima, ietf-76.
Internet Area Meeting 66th IETF Montreal, Canada Jari Arkko and Mark Townsley Mailing list:
MPTCP – MULTIPATH TCP WG meeting Tuesday 23 rd & Friday 26 th March 2010 Anaheim, ietf-77.
TEE: TLS Authentication Using EAP draft-nir-tls-eap-02.txt Yoav Nir Yaron Sheffer (presenter) Hannes Tschofenig Peter Gutmann IETF-70, Vancouver, Dec.
IPFIX Charter Discussion Juergen Quittek 65th IETF meeting, IPFIX session.
1 cellhost-ipv6-52.ppt/ December 13, 2001 / John A. Loughney Minimum IPv6 Functionality for a Cellular Host John Loughney, Pertti Suomela, Juha Wiljakka,
Reducing Unwanted Communications in SIP (RUCUS) BOF Hannes Tschofenig Francois Audet.
Easy 802.1X Onboarding with EAPConfig files and Supplicant Configuration Automatic Discovery (SCAD) Gareth Ayres (Speaker) Stefan.
Submission doc.: IEEE /313r1 March 2016 Guido R. Hiertz, Ericsson et al.Slide 1 The benefits of Opportunistic Wireless Encryption Date:
DICE BOF, IETF-87 Berlin DTLS In Constrained Environments (DICE) BOF Wed 15:10-16:10, Potsdam 3 BOF Chairs: Zach Shelby, Carsten Bormann Responsible AD:
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
SMARTIE Area of Activity: Framework Programme 7Framework Programme 7 ICT Objective 1.4 IoT (Smart Cities) Period:1 st September st August 2016.
Web Authorization Protocol WG Hannes Tschofenig, Derek Atkins.
Consolidated M2M standards boost the industry
IETF101 London Web Authorization Protocol (OAuth)
Glenn Parsons, GTSC-9 Chair, ISACC
The IPv4 Consumption Model
PLUG-N-HARVEST ID: H2020-EU
Agenda IETF 82 Taipei November 14, 2011
Glenn Parsons, GTSC-9 Chair, ISACC
Presentation transcript:

Report from the “Smart Object Security Workshop 23 rd March 2012, Paris” Presenter: Hannes Tschofenig

Workshop Organizers Hannes Tschofenig Jari Arkko Carsten Bormann Peter Friess Cullen Jennings Antonio Skarmeta Zach Shelby Thomas Heide Clausen (Host)

Workshop Info Webpage: ObjectSecurity/ ObjectSecurity/ Papers and slides will be copied to this website after the meeting. Currently, they are temporarily here: – Position papers: papers/PositionPapers.htmhttp:// papers/PositionPapers.htm – Agenda & slides:

Workshop Goals We had a gut feeling that we might have problems with securing smart object networks. Had received input already in the March 2011 Prague IAB Smart Object workshop. Bring together implementation experience, application requirements, and researchers and protocol designers What deployment experience is there? What credential types are most common? What implementation techniques make it possible to use Internet security technology in these devices? What are the challenges?

Requirements & Economics Requirements for each application domain differ also driven by the business models and number of devices that need to be provisioned Understanding of threats differs between the different communities: Attacks are not just from neighbor's kids Also, e.g., taking-the-grid-down attacks Installation by regular people

Implementation Experiences We think we can use the existing crypto algorithms We probably can use the existing protocols (delta a few minor extensions). Lots of implementation work being done by the participants (e.g., TLS, DTLS, PANA, EAP, HIP) but still more investigations needed. Important aspect: Focus on the system! Look at the code size of the entire system (including provisioning, authorization, config) Focus on what to optimize for various among the different deployments Energy consumption, code size, main memory size, over-the-wire bandwidth

Authorization Discussion Many questions were raised, for example: Which device is authorized to talk wo which other device? What is the role of the human? Where is the policy decision point and the policy enforcement point in the network? What is the granularity of the authorization decision? What needs to be standardized? Seems to be the most challenging aspect. Not clear whether there is any IETF standards work needed?

Imprinting Discussion There is a limited set of solutions Based on the hardware support of devices: buttons vs. labels vs. LEDs, multicast discovery, online network availability,... Again, the threat assumptions matter and who is supposed to do the credential provisioning. A fun area to design protocols in Detailed discussion about a specific proposal from Cullen Jennings. papers/CullenJennings.pdf papers/CullenJennings.pdf

Next Steps Document the implementation experience in the LWIG group. A few already ongoing security standards activities (e.g., TLS raw public keys, JOSE on JSON encryption and signing). Maybe discussions around imprinting protocols in the IETF in the future. There is no single security architecture for smart objects (not even a small number of them).