Download presentation
Presentation is loading. Please wait.
Published byLesley Harrington Modified over 9 years ago
1
Proposal for device identification PAR
2
Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that identifier –Abstract framework –Concrete protocol over 802.3 Standards for establishing and maintaining vendor trust
3
Rationale Many ways to identify individuals No standard ways to identify devices MAC addresses are not sufficient –Multiple per device –Reconfigurable –Not cryptographically bound Device identity is important for completing chains of trust –Window of vulnerability
4
Uses Network equipment provisioning Authenticated key exchange in other protocols –E.g., 802.1af, 802.1X Inventory management Internal component identification LLDP chassis IDs …
5
Market Potential Any protocol requiring identification at layer 2 –Any authentication protocols Applicable in bridges, routers, end- stations, … Consistent acquisition procedures across manufacturers Cost should not be a barrier to adoption –Low incremental cost
6
Compatibility IEEE 802.1 standard In conformance with – 802 overview and architecture – Existing standards within 802.1 and 802.3 Managed objects will be defined consistent with existing policies and practices
7
Relationship with other standards No standards providing device identity within IEEE 802 No such standards outside of IEEE CableLabs DOCSIS –Not generally applicable (cable modem specific) –CableLabs is intermediary for deployment –CableLabs is not a standards body IETF liaison letter in support of value
8
PKI overview Device Private key Certificate Public Key Manufacturer Certification Authority Root certificate Key generation capability Key generation capability Sign DevID number Intention is that private key would not be exportable once installed
9
Technical overview Device Vendor Credentials Identity Device Identity Management capability
10
Analysis No registration within IEEE required –Vendors can be their own root Trust by reputation –Management vendors can aggregate credentials –Or, IEEE could outsource a PKI, e.g., to Verisign Physical security of devices is a known threat –Some vendors will choose high security –Others will want to support hot-swapping Hardware implementation cost small, not free –Available crypto capability Cheap off the shelf solutions (including software) –128 to 512 bytes of storage
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.