Re: [Ace] Next step for use case document
Likepeng <likepeng@huawei.com> Thu, 09 October 2014 01:02 UTC
Return-Path: <likepeng@huawei.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A47E81A87ED for <ace@ietfa.amsl.com>; Wed, 8 Oct 2014 18:02:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.687
X-Spam-Level:
X-Spam-Status: No, score=-4.687 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.786, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9sM0CwMgNPDW for <ace@ietfa.amsl.com>; Wed, 8 Oct 2014 18:02:05 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 034F01A8820 for <ace@ietf.org>; Wed, 8 Oct 2014 18:02:04 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml406-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BNL24114; Thu, 09 Oct 2014 01:02:03 +0000 (GMT)
Received: from SZXEMA402-HUB.china.huawei.com (10.82.72.34) by lhreml406-hub.china.huawei.com (10.201.5.243) with Microsoft SMTP Server (TLS) id 14.3.158.1; Thu, 9 Oct 2014 02:02:02 +0100
Received: from SZXEMA501-MBS.china.huawei.com ([169.254.2.205]) by SZXEMA402-HUB.china.huawei.com ([10.82.72.34]) with mapi id 14.03.0158.001; Thu, 9 Oct 2014 09:01:56 +0800
From: Likepeng <likepeng@huawei.com>
To: Göran Selander <goran.selander@ericsson.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "ace@ietf.org" <ace@ietf.org>
Thread-Topic: [Ace] Next step for use case document
Thread-Index: AQHP2+Z2zMYxzyxQtE+FAIirW36spZwmBHpQgAAuHICAAMss4A==
Date: Thu, 09 Oct 2014 01:01:55 +0000
Message-ID: <34966E97BE8AD64EAE9D3D6E4DEE36F2581A3B0D@SZXEMA501-MBS.china.huawei.com>
References: <D04EDD20.185CB%goran.selander@ericsson.com> <34966E97BE8AD64EAE9D3D6E4DEE36F2581A37D0@SZXEMA501-MBS.china.huawei.com> <D05AF6C0.18C97%goran.selander@ericsson.com>
In-Reply-To: <D05AF6C0.18C97%goran.selander@ericsson.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.66.167.122]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: http://mailarchive.ietf.org/arch/msg/ace/8-9lZcjwPVAJHuJL2j64wIPivr0
Subject: Re: [Ace] Next step for use case document
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Oct 2014 01:02:10 -0000
> whether you a) want to emphasize what is specific to this > use case or b) want to emphasize what is common between the use cases. > Maybe we could delegate to the use case editors to come with a proposal how > to present this? My personal preference would be a), but let’s the editors to decide. Kepeng (Individual) > -----邮件原件----- > 发件人: Göran Selander [mailto:goran.selander@ericsson.com] > 发送时间: 2014年10月8日 20:42 > 收件人: Likepeng; Hannes Tschofenig; ace@ietf.org > 主题: Re: [Ace] Next step for use case document > > Hi Kepeng, > > On 08/10/14 12:34, "Likepeng" <likepeng@huawei.com> wrote: > > >Hi Goran, > > > >Thanks for the input. > > > >My understanding of the " secure store and forward " use case is mainly > >about "object security", right? > > Yes, object security is certainly one candidate solution. > > > > >We discussed "object security" during IESG evaluation, and I remember > >the conclusion is, this should be in scope: > >http://www.ietf.org/mail-archive/web/ace/current/msg00619.html > > > >> The utility company wants to verify stored and forwarded metering > >>data with respect to authenticity, integrity and replay. > > > >About the authenticity, integrity and replay, they seem to be quite > >general and not specific to "store and forward" use case. > > That is right. This formulation is stressing that they need to be valid also in > "store and forward" use cases. > > > > >Maybe it is better to go to a little bit more detail. > > > >For example, about integrity, we can say, distribution entity (e.g. > >Data Collection unit) may read the data, and must not modify the data. > > I’m agree with what you write that the service operator/distribution entity > must not modify data and may read the data during test or error cases. This is a > consequence of the other security properties, so to me this is just a matter of > presentation style; whether you a) want to emphasise what is specific to this > use case or b) want to emphasise what is common between the use cases. > Maybe we could delegate to the use case editors to come with a proposal how > to present this? > > > > >> The utility company wants to configure utility meters securely: The > >>devices should be able to verify that a configuration request is > >>authorized, authentic, integrity and replay protected. > > > >About configuration, I expect this should be out of scope and should be > >done by out-of-band mechanisms. > > Maybe configuration is not the right word? This is about changing settings in > the smart meter. I understand this as an analogue to the kind of > (re-)commissioning and maintenance activity described in the BLMS use case > (Section 2.4.1 of draft-seitz-ace-usecases-01), again, in the setting that there is > not necessarily direct connectivity to the smart meter. > > Best regards, > Göran > > > > >Kind Regards > >Kepeng > > > >> -----邮件原件----- > >> 发件人: Göran Selander [mailto:goran.selander@ericsson.com] > >> 发送时间: 2014年9月29日 21:08 > >> 收件人: Likepeng; Hannes Tschofenig; ace@ietf.org > >> 主题: Re: [Ace] Next step for use case document > >> > >> Dear WG chairs and all, > >> > >> Please find below some further suggestions for content of the use > >> case document. Apologies for the lengthy mail. > >> > >> I propose that some use case in the draft should highlight the need > >>for a solution that supports secure store and forward. Here are a set > >>of use cases supporting this, the first one is based on interviews > >>with people working with utilities. The others use cases show that > >>this is not an isolated example. (There is no need to include all use > >>cases in the draft.) > >> > >> Utility data collection > >> - - - > >> A utility company is updating its old utility distribution network > >>with advanced meters and new communication systems, known as an > >>Advanced Metering Infrastructure (AMI). AMI refers to a system that > >>measures, collects and analyzes usage, and interacts with metering > >>devices such as electricity meters, gas meters, heat meters, and > >>water meters, through various communication media either on request > >>(on-demand) or on pre-defined schedules. Based on this technology, > >>new services make it possible for consumers to control their utility > >>consumption and reduce costs by supporting new tariff models from > >>utility companies, and more accurate and timely billing. > >> > >> The technical solution is based on levels of data aggregation between > >>³smart meters² located at the consumer premises and the Meter Data > >>Management > >> (MDM) system located at the utility company. Two possible > >>intermediate levels are: > >> > >> - Head-End System (HES) which is hardware and software that receives > >> the stream of meter data and exposes an interface to the MDM. > >> > >> - Data Collection (DC) units located in a local network communicating > >>with a number of smart meters and with a backhaul interface > >>communicating with the HES, e.g. using cellular communication. > >> > >> For reasons of efficiency and cost end-to-end connectivity is not > >>always feasible, so metering data is stored in batches in DC for some > >>time before being forwarded to the HES, and in turn accessed by the > >>MDM. The HES and the DC units may be operated by a third party > >>service operator on behalf of the utility company. One > >>responsibility of the service operator is to make sure that meter > >>readings are performed and delivered to the HES. An example of a > >>Service Level Agreement between the service operator and the utility > >>company is e.g. "at least 95 % of the meters have readings recorded > >>during the last 72 hours². > >> > >> > >> Security properties > >> > >> The utility company wants to verify stored and forwarded metering > >>data with respect to authenticity, integrity and replay. > >> > >> The utility company wants to configure utility meters securely: The > >>devices should be able to verify that a configuration request is > >>authorized, authentic, integrity and replay protected. > >> > >> The utility company wants to be in control of access to plain text > >>metering data. > >> Other parties may be allowed access but at the discretion of the > >>utility company. E.g. the service operator needs access during test > >>or error cases, or for calibrating units on replacement. In > >>particular, it should be possible to confidentiality protect the > >>metering data between smart meter and the utility company's network. > >> > >> (There are also other desirable security properties, the ambition > >>here is not to be exhaustive but to highlight the need for end-to-end > >>authorised access. ) > >> > >> > >> > >> Actually, the drive-by metering use case (section 2.5.1) may require > >>a similar > >> functionality: > >> > >> > >> Drive-by metering data collection > >> - - - > >> The meters communicate with a vehicle-attached base station, which > >>drives by and collects meter readings. The drive-by service could > >>potentially be operated by a third party collecting meter readings on > >>behalf of one or multiple utility companies, and should not have > >>access to plain text meter readings, or not be able to change the > >>readings. Also in this case it may be cost-efficient to upload the > >>readings from the vehicle once the car returns to the 3rd party > >>premises, e.g. over WLAN. This means that the readings need to be > >>stored and later forwarded, and should be protected end-to-end > >>between smart meter and Meter-Data Management system in the > >>respective utility company network analogously to the previous use > >>case. > >> > >> > >> There are other examples where it may be impossible or infeasible to > >>support end-to-end connectivity, e.g. in networks with sleepy > >>devices, in which case a publish-subscribe paradigm may be more > >>natural. Here we pick another application of publish-subscribe: > >> > >> Information Centric Networking (ICN) > >> - - - > >> ICN is a paradigm for data access, changing focus from current > >>host-centric network to an information-centric network. In a > >>host-centric network, the basic idea is to create secure connections > >>to hosts of trusted providers of data. > >> In an information-centric network, on the other hand, it is > >>acceptable that any source (cache) should be equally usable. This > >>requires some mechanism for making each information item trustworthy > >>by itself, which can be achieved for example by signing data. > >> In this case a consumer of an information object could prove its > >>authenticity by verifying the digital signature. Applying ICN to the > >>IoT setting, sensor readings could be protected and stored in > >>arbitrary content nodes, not necessarily only in origin servers; > >>device configuration updates could be protected and stored in > >>proxies, not necessarily only in dedicated configuration servers. > >> > >> Similar security properties apply as in the previous cases. > >> > >> > >> > >> Göran > >> > >> > >> > >> From: Likepeng <likepeng@huawei.com> > >> Date: Wednesday 24 September 2014 09:06 > >> To: "ace@ietf.org" <ace@ietf.org> > >> Subject: [Ace] Next step for use case document > >> > >> > >> >Thanks all for the feedbacks to the use case document: > >> >http://datatracker.ietf.org/doc/draft-seitz-ace-usecases/ > >> > > >> >Hannes and I went through the feedbacks in the mailing list. > >> > > >> > > >> >In summary, we feel that there is no consensus to adopt the current > >> >version of this document. > >> > > >> >Considering that use case document is our charter item, and this is > >> >the only viable candidate, our plan is to ask authors to update the > >> >draft according to the received feedbacks so far and we will > >> >initiate another call-for-adoption for the new version. > >> > > >> >Also, kindly remind you to contribute your texts to the use case > >>document. > >> > > >> >Thanks, > >> > > >> >Kind Regards > >> >Kepeng & Hannes > >
- [Ace] Next step for use case document Likepeng
- Re: [Ace] Next step for use case document Göran Selander
- Re: [Ace] Next step for use case document Likepeng
- Re: [Ace] Next step for use case document Göran Selander
- Re: [Ace] Next step for use case document Likepeng
- [Ace] some suggestions - clarification of ACE sco… Hosnieh Rafiee
- [Ace] Correction: some suggestions - clarificatio… Hosnieh Rafiee
- Re: [Ace] some suggestions - clarification of ACE… Stefanie Gerdes
- Re: [Ace] some suggestions - clarification of ACE… Stefanie Gerdes
- Re: [Ace] some suggestions - clarification of ACE… Hosnieh Rafiee
- Re: [Ace] some suggestions - clarification of ACE… Hannes Tschofenig
- Re: [Ace] some suggestions - clarification of ACE… Hosnieh Rafiee
- Re: [Ace] some suggestions - clarification of ACE… Carsten Bormann
- Re: [Ace] some suggestions - clarification of ACE… Hosnieh Rafiee