Certificate Enrolment STEs Group Name: SEC#17.2 Source: Phil Hawkes, Qualcomm Inc, Meeting Date: Agenda Item: TS-0003 – Release 2 Small Technical Enhancements
oneM2M Enrolment Requirements Rel 1 supports remote security provisioning of symmetric key credentials for the M2M SP’s domain – We have called this “enrolment” in some places For Rel 2, we want to extend this to support remote security provisioning of public key credentials = public key certificates for the M2M SP’s domain – This type of process is sometimes called “Certificate Enrolment” and sometimes called “Certificate Management” – Given existing use of the term “enrolment”, it would seem that “Certificate Enrolment” would be appropriate terminology for us © 2015 oneM2M Partners 2 SER-020The oneM2M System shall enable legitimate M2M Service Providers to provision their own credentials into the M2M Devices/Gateways. Implemented in Rel-1 SER-021The oneM2M System shall be able to remotely and securely provision M2M security credentials in M2M Devices and/or M2M Gateways. Implemented in Rel-1
Cert Enrolment: Intro (1) What? A protocol for an End-Entity to obtain a public key certificate for which the private key is known to the End-Entity, – and for configuring Certificate Authority (CA) certificates Why? Enables mutual authentication between the end-entity and all other entities in that PKI. Which Common Protocols should we consider 1.Certificate Management Protocol (CMP) RFC 4210, RFC Certificate Management over CMS (CMC) RFC Certificate Management over CMS (CMC): Transport Protocols RFC Enrolment over Secure transport (EST) RFC 7030 Uses CMC 5.Simple Certificate Enrolment Protocol (SCEP) Not a standard. IETF draft-nourse-scep-23 – No standards exist for certificate management/enrolment over UDP © 2015 oneM2M Partners 3
Cert Enrolment: Intro (2) How do CA,RA and End-Entity interact? – Requests EE [ RA x N] CA. Responses return on same path How does CA/RA know that EE knows private key? Options – EE generated key pair EE generates the private/public key pair, EE Provides proof-of-possession by signing req, and sending with req CA/RA verifies the proof-of-possession CA generates the certificate, which is returned to the EE – CA or RA Generated CA/RA generates the private/public key pair, CA generates the certificate CA/RA encrypts private key (using secret/password known to EE) CA/RA sends private key to EE in encrypted form, along with cert © 2015 oneM2M Partners 4
oneM2M Certificate Enrolment What? – A CSE/AE = EE Interacting with an RA or CA to obtain CA certificates trusted by the M2M SP End-Entity certificate containing the CSE-ID or AE-ID Certificate chain from EE cert to one of above CA certs Why? – Enables mutual authentication between CSE/AE and all other entities in M2M SP’s PKI. Which entity would assume role of CA or RA? – M2M Enrolment Function (MEF) – Performs similar role in symmetric key enrolment – See later slide titled “Motivation for MEF as EST Server” © 2015 oneM2M Partners 5
Transport There may be multiple devices with Middle Node(s) on path between AE/CSE & the infrastructure domain Options for transporting certificate enrolment msgs between AE/CSE & MEF 1.oneM2M reference points Mca+Mcc Advantage: utilize CDMH for efficient delivery Disadvantage: Requires CSE/AE to register first, and at that point in time CSE/AE may be unable to authenticate to Registrar! 2.End-to-end TCP session: Note: TCP packets pass through multiple devices containing MNs Advantage: No need for CSE/AE to register first. Simpler. Disadvantage: Can’t utilize CDMH 6
Option 1:oneM2M ref. points 7 AE/CSE Link IP TCP TLS HTTP oneM2M MN CSE Link IP TCP TLS HTTP oneM2M IN CSE Link IP TCP TLS HTTP oneM2M RA/CA Link IP TCP TLS HTTP oneM2M CertEnrol Client CertEnrol Server
Option 2: End-to-end TCP 8 AE/CSE Link IP TCP MN CSE Link IP TCP IN CSE Link IP TCP RA/CA Link IP TCP CertEnrol Client CertEnrol Server
Event Frequency & CMDH Benefit Certificate Enrolment is an infrequent event for each AE/CSE– e.g. once every N years The efficiency gains, of using CMDH for infrequent events, will be negligible when considering all the other frequent events. Removes advantage of using oneM2M reference points (Option 1) Suggests using option 2: End-to-End TCP 9
EST Enrolment over Secure Transport (EST) – Secures enrolment process using TLS (over TCP) – EST Client = End-Entity – EST Server analogous to Registration Authority RFC 7030 does not address EST Server ↔ CA interface EST Requests/Responses use Certificate Management over CMS (CMC) RFC
EST Layers 11
EST General Client/Server Interaction 1.The client establishes TLS-secured HTTP session with an EST server a.Client authenticates the Server b.Server may authenticates client (if not, then step 2.b is mandatory) 2.The client and server perform a set of EST request/responses interactions a.Specific EST service is requested based on a portion of URI /cacerts, /simpleenroll, /simplereenroll, /fullcmc, /serverkeygen, /csrattrs b.Client/user may provide HTTP Basic/Digest username/ password authenticat’n for proof-of-identity. Required if client not authenticated in Step 1.b c.The client verifies that the server is authorized to serve this client d.The server verifies that the client is authorized to make use of this server and the request that the client has made e.The server acts upon the client request 12
EST Authentication Options Certificate TLS Mutual Authentication – RECOMMENDED option in RFC 7030 – Could use TLS authentication defined for Certificate-based Remote Security Provisioning Framework (RSPF) –TS-0003 Clause Certificate-less TLS Mutual Authentication – EST text seems to expect that this would use weak secrets (e.g. Passwords) and recommends using SRP or similar – Could use TLS-PSK with strong secrets, TLS authentication defined for PSK & GBA RSPFs –TS-0003 Clause , Server-Only TLS – Client authenticated using HTTP Basic/Digest Auth with username/ password – For oneM2M, this would be a good way to enrol user devices e.g. smartphones, tablets and laptops – Suggestion: allow as new option for symmetric key enrolment! 13
Plan Introduce changes as two “Small Technical Enhancements” STE 1: Introduce EST for certificate enrolment – Update TLS mutual authentication text for Certificate, GBA and PSK RSPFs in TS-0003 (for symmetric key enrolment) so it can be used EST NOTE: aligns symmetric key & certificate enrolment STE 2: Add username/password client authentication – TLS Server-only authentication of MEF, followed by – HTTP Basic/Digest Authentication w/ Username/passwd – Supported for both symmetric key & certificate enrolment 14
Motivation as MEF for EST Server As proposed on previous slide, the plan is to align symmetric key & certificate enrolment MEF could choose to support symmetric key enrolment and/or certificate enrolment! Simpler for oneM2M ecosystem if there is a single entity with multiple options 15
Anticipated STE 1 TS-0003 Changes ClauseUpdate/ new Clause titleChangeRelative Work UpdateEnrolment PhaseHigh level overview of cert enrolment Low 6.2.6UpdateTrust Enabler Security Functions Support for cert enrolment Low 8.3.1UpdateGeneral Overview to RSPFsoverview certificate enrolment High UpdatePSK, Certificate and GBA RSPF Details support use for certificate enrolment Medium 9.2.2UpdateBootstrap Instruction Configuration Procedure AE-ID/CSE-ID to put in certificate Low 16
Anticipated STE 2 TS-0003 Changes ClauseUpdate/ new Clause titleChangeRelative Work UpdateEnrolment PhaseInclude Username/Password RSPF Low 8.1.4NewUsername/Password Security Framework Any details useful to include here Medium 8.3.1UpdateGeneral Overview to RSPFs Include Username/Password RSPF Low NewUsername/Password RSPF Full specificationHigh 9.2.1UpdateBootstrap Credential Configuration Procedure Adding credential configuration for username/password RSPF Low NewTLS ciphersuite details for Username/Password RSPF Medium 17
Anticipated TS-0001 Changes Clause 11 in TS-0001 will also need minor updates to extend “enrolment” concept to include certificate enrolment – Mostly confined to clause 11.2 “M2M Initial Provisioning Procedures” 18