Presentation is loading. Please wait.

Presentation is loading. Please wait.

Discussions on New Work Item of Distributed Authentication

Published byMeryl Owen Modified over 6 years ago

Similar presentations

Presentation on theme: "Discussions on New Work Item of Distributed Authentication"— Presentation transcript:

1 Discussions on New Work Item of Distributed Authentication
TP Discussions on New Work Item of Distributed Authentication Group Name: SEC (WG4) Source: Guilin Wang (Huawei) Meeting Date: TP#25, Agenda Item: WI-xxxx-Decentralized Authentication

2 Objectives The concept of Decentralized Authentication
The justification of this new work item The feasibility of IBS for IoT devices The scope of this new work item, together with an example protocol which we could design

3 The Concept of Decentralized Authentication
Decentralized Authentication means An IoT entity can use its single authentication credential to authenticate itself to many other entities Therefore, it supports many to many communication better, without the direct involvement of centralized management. Traditional PKI support this, but not flexible and lightweight enough. It does not mean The authentication operation is done collectively by a number of entities, which locate at different sites logically and/or physically. (Once called as Distributed Authentication, SEC )

4 Justification (I) To provide flexibility and reduce employment costs, various IoT application scenarios may require distributed authentication in which two entities (e.g. devices, applications and network components) can authenticate each other directly and further establish secure channels in a lightweight way without online centralized management. Namely, an entity can use its one single authentication credential to authenticate itself to many other entities. The authentication mechanisms in TS003 require either centralized node involved or traditional PKI, which cannot offer scalable and lightweight decentralized authentication.

5 Justification (II) Moreover, as distributed authorization has been considered by SEC group in oneM2M, decentralized authentication should be taken into account too. Finally, Work Item WI-0047 is studying DDS to allow multiple M2M Applications interacting with multiple M2M Devices/Gateways, i.e., many-to-many communication (OSR-009), in the framework of oneM2M. The results achieved from this Work Item can be used to support the security in the usage of DDS in oneM2M.

6 IBS and IBS related RFCs
IBS (Identify Based Signatures): Similar to PKI base public key cryptosystems, but a meaningful ID can be used a the public key. Introduced 1984. RFC 5091, 2007: Identity-Based Cryptography Standard (IBCS) #1: Supersingular Curve Implementations of the BF and BB1 Cryptosystems (X. Boyen and L. Martin, Voltage Security). RFC 5408, 2009: Identity-Based Encryption Architecture and Supporting Data Structures (G. Appenzeller, Stanford University, L. Martin, Voltage Security, and M. Schertler, Axway) RFC 6507, 2012: Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption (ECCSI) (M. Groves, CESG) RFC 6539, 2012: IBAKE: Identity-Based Authenticated Key Exchange (V. Cakulev, G. Sundaram, and I. Broustis, Alcatel Lucent) RFC 7859, 2016: Identity-Based Signatures for Mobile Ad Hoc Network (MANET) Routing Protocols (C. Dearlove, BAE Systems)

7 Feasibility of IBS for IoT: IoT Chips
ARM Cortex-M series chips are for IoT devices. Board CPU RAM Cortex-M0(+) Freescale 48MHz 32KB Contex-M3 NXP LPC1768 96MHz Contex-M4 STM32 84MHz 96KB SIM 5-20MHz CPU 0.1 – 6KB Board CPU RAM NBIoT Zigbee ? 32 MHz 8 KB 测试环境(芯片等) 硬件加速(硬件加速能够带来多少性能提升,不同算法通过硬件加速性能提升是否相同,硬件加速带来的成本) 性能数据 NBIoT Zigbee chips are weaker than Cortex M0(+). So, IBS may be challenging for NBIoT now. But, hardware progress is fast.

8 Feasibility of IBS for IoT: Preliminary Testing Results of IBS Algorithms
Algorithm (IEEE-ECC-IBS, RFC 6507), namely signature generation and verification, based on OpenSSL Crypto Libratory, running at single core with following models: Model 1: Desktop with Intel(R) Xeon(R) CPU E GHz; Model 2: computer rack with Intel(R) Xeon(R) CPU E GHz; Model 3: Google Nexus 6 phone with Krait 2.7 GHz. Network transmitting time not included. All algorithms are repeated 3000 times for each setting and the average running time is recorded. Curve Security Strength Corresponding RSA bits Average running time Model 1 Model 2 Model 3 P-256 128bit 3072 2.16ms 1.57ms 9.84ms P-521 256bit 15360 9.95ms 7.91ms 61.5ms Expected Performance for ARM M3 (96M) Chip : 277 ms (signature generation+verification)

9 Feasibility of IBS for IoT: IBS Performance from Academic Research
Time for IBS Signature Generation (128 bit security) in ms: Contex-M0+ (48MHz) Contex-M3 (96MHZ) iPhone 4 (Cortex-A9,1.2GHz) Signature Length (bit) 80 40 3.2 768 Offline:30 Online:15 Offline:15 Online:8 Offline:1.2 Online:0.6 BN pairing 669 335 26.8 508 Time for IBS Signature Verification (128 bit security) in ms: Contex-M0+ (48MHz) Contex-M3 (96MHZ) iPhone 4 (Cortex-A9,1.2GHz) Signature Length (bit) 225 113 9.04 768 224 112 8.96 BN pairing 2324 1162 92.96 508 Source 1: High-speed Curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers, Designs, Codes and Cryptography 2015 (Curve 25519). Source 2: Efficient Pairings and ECC for Embedded Systems CHES 2014 (BN pairing).

10 Feasibility of IBS for IoT: Remarks
IBS Schemes: IETF-ECC-IBS: RFC 6507, 2012, used in 3GPP D2D (ProSe, 2014) ISO-ECC-IBS: SO/IEC , 2013 ISO-Pairing-IBS: ISO/IEC , 2006 Remarks: 126 bit security can be viewed very strong security for most of IoT devices (Recall that 1024 RSA only provides 80 bit security). Performance relies on many factors: chip platform, ECC curves, crypto library, coding etc. For the same security level, the running time for RSA signatures is about double. IETF-ECC-IBS Performance For Curve ARM M3 (96M) Chip : 153 ms (sign. gen. +ver.), which is bout 50% faster than the expected result. Reasons: different curves, coding quality. So, IBS for IoT devices is feasible!

11 Scope and An Example Protocol
An Example Protocol using IBS: To derive PSK flexibly for supporting DDS Based on some IBS, a PSK can be generated from receiver’s ID, sender’s ID, and sender’s private key. This can efficiently solve the problem of PSK distriution in many–to-many communication scenario. Using this PSK, encryption and integrity can be offered using traditional primitives M (plaintext) V (Ciphertext) IDReceiver SKSender Shared PSK SAB Session key K Encryption MIC The receiver can derive PSK SAB and session key K similarly.

12 Scope and An Example To investigate user cases and related security requirements. For considering the feasibility, to identify suitable primitives and mechanisms, which are expected to be a few asymmetric key based technologies but lightweight enough for IoT use (identity based cryptography, certificateless signatures, etc). To evaluate the value of distributed authentication. To design new distributed authentication mechanisms and protocols that are lightweight for oneM2M architecture. In particular, these protocols shall be considered to be implemented using TLS/DTLS.

13 Thanks!

Download ppt "Discussions on New Work Item of Distributed Authentication"

Similar presentations

Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.

Research & Development Workshop on e-Voting and e-Government in the UK - February 27, 2006 Votinbox - a voting system based on smart cards Sébastien Canard.
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.

The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Using the CC2420 with AES Support

Using the CC2420 with AES Support
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
FIT5037 Advanced Network Security --- Modern Computing and Security --- Lecture 1.

FIT5037 Advanced Network Security --- Modern Computing and Security --- Lecture 1.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
Public Key Model 8. Cryptography part 2.

Public Key Model 8. Cryptography part 2.
Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

Andreas Steffen, , 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
An Efficient Identity-based Cryptosystem for

An Efficient Identity-based Cryptosystem for
Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:

Mechanism to support establishment of charging policies Group Name: WG2-ARC Source: InterDigital Meeting Date: TP8 Agenda Item:
1 Optimal Mail Certificates in Mail Payment Applications Leon Pintsov Pitney Bowes 2nd CACR Information Security Workshop 31 March 1999.

1 Optimal Mail Certificates in Mail Payment Applications Leon Pintsov Pitney Bowes 2nd CACR Information Security Workshop 31 March 1999.
Ad Hoc Networks Curtis Bolser Miguel Turner Kiel Murray.

Ad Hoc Networks Curtis Bolser Miguel Turner Kiel Murray.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Similar presentations

Ads by Google