Presentation is loading. Please wait.

Presentation is loading. Please wait.

6tisch security design team: progress since Toronto

Published byWesley Dickerson Modified over 6 years ago

Similar presentations

Presentation on theme: "6tisch security design team: progress since Toronto"— Presentation transcript:

1 6tisch security design team: progress since Toronto
Some delays getting back into “groove” Three calls: / / Two calls were after draft deadline, but were most productive. Clarified section 3; which will go into 6tisch architecture.

2 6tisch security design team: clarified goals of protocol
be able to take “drop-shipped” device out of box, and have it on network. Specifically, establish trusted 6top/CoAP/DTLS between JCE and new node in which security parameters can be provisioned. Fixed some terminology: “well known beacon key” replaces “join key”, and “unique join key” provides for PSK-based authorization.

3 6tisch security team: issues and resolution
Issue of end to end connectivity between JCE and join node. Considered otions were: Some kind of tunnel (PANA,IPIP,DTLS relay,...) Requires per-join node state on Join Assistant Join existing DODAG Requires routing resources inside LLN for storing DODAG Have special JOIN non-storing DODAG Requires a second DODAG to be available Option to establish 6tisch track for join traffic for all mechanisms

4 6tisch security team: use loose source routing
Non-storing DODAG use source routing. JCE can use loose source routing to reach the joining node, even in a storing DODAG! Moves all memory resource consumption (and therefore attackable resource) by joining node to JCE. Network/battery resources are projected by QoS, provisioned by PCE using 6tisch methods! Eliminates RPL methods from time sequence diagram.

5 6top loose source routed join
Coordination Entity Akin to PCE 6tisch mesh JCE 6LBR Join Assistant (proxy) Joining Node Could be part of 6LBR Or co-located in PCE BEACON (1) Router Solicitation Router Advertisement (2) and (3) May have limited Utility, kept for now Certificate Request (2) Certificate Reply (3) Join Request (4) (NS w/(E)ARO) NS (DAR) (5) ?? (6) OUI field of EARO Contains AR IDevID ?? (7) NS (DAC) (8) DAO DAO Mesh node DAOACK DAOACK NS / Join ACK (9) 6top (CoAP/DTLS) DTLS connection Has client and server Autonomic certificates 5

6 6top loose source routed join (6lsrj?)
Coordination Entity Akin to PCE 6tisch mesh JCE 6LBR Join Assistant (proxy) Joining Node Could be part of 6LBR Or co-located in PCE BEACON (1) Router Solicitation Router Advertisement (2) and (3) May have limited Utility, kept for now Certificate Request (2) Certificate Reply (3) Join Request (4) (NS w/(E)ARO) NS (DAR) (5) ?? (6) OUI field of EARO Contains AR IDevID ?? (7) NS (DAC) (8) NS / Join ACK (9) 6top (CoAP/DTLS) 6top (CoAP/DTLS) DTLS connection Has client and server Autonomic certificates JCE source routes packet Addressed to join node, Via Join Assistant. 6

Download ppt "6tisch security design team: progress since Toronto"

Similar presentations

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.

Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.
Computer Networks21-1 Chapter 21. Network Layer: Address Mapping, Error Reporting, and Multicasting 21.1 Address Mapping 21.2 ICMP 21.3 IGMP 21.4 ICMPv6.

Computer Networks21-1 Chapter 21. Network Layer: Address Mapping, Error Reporting, and Multicasting 21.1 Address Mapping 21.2 ICMP 21.3 IGMP 21.4 ICMPv6.
Doc.: IEEE 802.15-15-0xxx-00-0010 Submission January 2015 N. Sato and K. Fukui (OKI)Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal Area.

Doc.: IEEE xxx Submission January 2015 N. Sato and K. Fukui (OKI)Slide 1 Project: IEEE P Working Group for Wireless Personal Area.
Network Localized Mobility Management using DHCP

Network Localized Mobility Management using DHCP
MOBILITY SUPPORT IN IPv6

MOBILITY SUPPORT IN IPv6
CS682 Session 6 Prof. Katz. Firewalls An intelligent router? Used as a traffic control mechanism Based on information in the Layer 3 and 4 headers Administrator.

CS682 Session 6 Prof. Katz. Firewalls An intelligent router? Used as a traffic control mechanism Based on information in the Layer 3 and 4 headers Administrator.
Mobile IP Polytechnic University Anthony Scalera Heine Nzumafo Duminda Wickramasinghe Edited by: Malathi Veeraraghavan 12/05/01.

Mobile IP Polytechnic University Anthony Scalera Heine Nzumafo Duminda Wickramasinghe Edited by: Malathi Veeraraghavan 12/05/01.
Summary of Certification Process (part 1). IPv6 Client IPv6 packets inside IPv4 packets.

Summary of Certification Process (part 1). IPv6 Client IPv6 packets inside IPv4 packets.
PACKET ANALYSIS WITH WIRESHARK DHCP, DNS, HTTP Chanhyun park.

PACKET ANALYSIS WITH WIRESHARK DHCP, DNS, HTTP Chanhyun park.
1 Sideseadmed (IRT0040) loeng 5/2010 Avo

1 Sideseadmed (IRT0040) loeng 5/2010 Avo
 Protocols used by network systems are not effective to distributed system  Special requirements are needed here.  They are in cases of: Transparency.

 Protocols used by network systems are not effective to distributed system  Special requirements are needed here.  They are in cases of: Transparency.
Chairs: Pascal Thubert Thomas Watteyne Etherpad for minutes: IPv6 over the TSCH mode of IEEE 802.15.4e 10/24/2014.

Chairs: Pascal Thubert Thomas Watteyne Etherpad for minutes: IPv6 over the TSCH mode of IEEE e 10/24/2014.
RPL:IPv6 Routing Protocol for Low Power and Lossy Networks Speaker: Chung-Yi Chao Advisor: Dr. Kai-Wei Ke 2015/10/08 1.

RPL:IPv6 Routing Protocol for Low Power and Lossy Networks Speaker: Chung-Yi Chao Advisor: Dr. Kai-Wei Ke 2015/10/08 1.
ROLL RPL Security IETF 77 status

ROLL RPL Security IETF 77 status
Santhosh Rajathayalan (25764968) Senthil Kumar Sevugan (42762375)

Santhosh Rajathayalan ( ) Senthil Kumar Sevugan ( )
ARP ‘n RARP. The Address Resolution Protocol (ARP) is a request sent out by a computer to find another computer’s MAC address. It already knows the IP.

ARP ‘n RARP. The Address Resolution Protocol (ARP) is a request sent out by a computer to find another computer’s MAC address. It already knows the IP.
DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary.

DHCP Vrushali sonar. Outline DHCP DHCPv6 Comparison Security issues Summary.
6to4 https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html.

6to4
Kevin Harrison LTEC 4550 Assignment 3.  Ethernet Hub  An unsophisticated device that is used for connecting multiple Ethernet devices together.  Typically.

Kevin Harrison LTEC 4550 Assignment 3.  Ethernet Hub  An unsophisticated device that is used for connecting multiple Ethernet devices together.  Typically.

Similar presentations

Ads by Google