Re: [Ace] ACE Implementation for Disadvantaged Environments

Sebastian Echeverria <secheverria@sei.cmu.edu> Mon, 28 January 2019 15:07 UTC

Return-Path: <secheverria@sei.cmu.edu>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E7A3124C04 for <ace@ietfa.amsl.com>; Mon, 28 Jan 2019 07:07:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sei.cmu.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id os0Z0A5lqyv5 for <ace@ietfa.amsl.com>; Mon, 28 Jan 2019 07:07:10 -0800 (PST)
Received: from taper.sei.cmu.edu (taper.sei.cmu.edu [147.72.252.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0827124BE5 for <ace@ietf.org>; Mon, 28 Jan 2019 07:07:09 -0800 (PST)
Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by taper.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x0SF76lZ028905; Mon, 28 Jan 2019 10:07:06 -0500
DKIM-Filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu x0SF76lZ028905
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sei.cmu.edu; s=t52kn2igOmwp; t=1548688026; bh=9af1K6PTdkr3VKNurV3T0u8MeXKvlEu064xUfdzHVcU=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=pp+sQrWf8ex/UaQyCLRNg9fNpCtUEYmw7lNa6VCVNFIWzvH+18MqtQUy0q8vrtFe4 5EPnrBUjg/po2iwXohighv56VTAXiTXO4tNWi78Id8VoArNB6HKolWd6aLQnWdvzLH fO0RXcaOvh2B4qO+/7homLFwnE7YO9rf4drx6T9k=
Received: from CASCADE.ad.sei.cmu.edu (cascade.ad.sei.cmu.edu [10.64.28.248]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x0SF60WO040740; Mon, 28 Jan 2019 10:06:26 -0500
Received: from MARATHON.ad.sei.cmu.edu ([10.64.28.250]) by CASCADE.ad.sei.cmu.edu ([10.64.28.248]) with mapi id 14.03.0435.000; Mon, 28 Jan 2019 10:06:17 -0500
From: Sebastian Echeverria <secheverria@sei.cmu.edu>
To: "Hannes.Tschofenig@arm.com" <Hannes.Tschofenig@arm.com>
CC: Grace A Lewis <glewis@sei.cmu.edu>, "ace@ietf.org" <ace@ietf.org>, Dan Klinedinst <djklinedinst@cert.org>
Thread-Topic: ACE Implementation for Disadvantaged Environments
Thread-Index: AQHUs0cwxz8vJeWIVUGFns83Bt0/66XEercQgAA76QCAABjZAA==
Date: Mon, 28 Jan 2019 15:06:17 +0000
Message-ID: <7387610A-D857-49FE-9964-77D54CDDA2F4@sei.cmu.edu>
References: <11C08BF5-0060-459C-99DC-EABEA88DF44B@sei.cmu.edu> <VI1PR0801MB211293C28BD614D6CD8D7254FA960@VI1PR0801MB2112.eurprd08.prod.outlook.com> <0FCF1038-D6C8-4C25-9B4C-E493EB817592@sei.cmu.edu>
In-Reply-To: <0FCF1038-D6C8-4C25-9B4C-E493EB817592@sei.cmu.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.200.90]
Content-Type: multipart/alternative; boundary="_000_7387610AD85749FE996477D54CDDA2F4seicmuedu_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/V7Py9A1mz_CCEb5jwf_T5TQPlmo>
Subject: Re: [Ace] ACE Implementation for Disadvantaged Environments
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Jan 2019 15:07:13 -0000

Hello,

Here is some more information about it:


  *   We used Contiki as the base/OS for the code. More specifically, we forked from the 6lbr project (https://github.com/cetic/6lbr), as that version already had some code for handling DTLS connections and AES encryption in it.
  *   We are using the TI CC2538dk board as our constrained target platform.
  *   The implementation has support for the DTLS profile, using pre-shared keys, as this was enough for our use case.
  *   The implementation handles CWT tokens.
  *   We modified the Erbium CoAP server in 6lbr to be able to simultaneously listen for CoAP and CoAPs connections (using TinyDTLS underneath).
  *   The implementation uses the cn-cbor library for decoding CBOR data.
  *   The implementation supports receiving tokens at the authz-info endpoint, and then giving access to a couple of sample resources based on the claims from the received tokens.
  *   The implementation has some additional optional features related to our disadvantaged network environments, such as bootstrapping of the PSK credentials, and detecting revoked tokens through introspection.
  *   The current binary is around 300 kb, which is good enough for the 512 kb flash on the TI boards, though it may be a bit too large for a class II device. We can probably make it a bit smaller. In terms of RAM, it fits in the 32 KB available on the TI boards.

Best,

---
Sebastian Echeverria
Tactical Technologies Group (TTG)
Software Engineering Institute
Carnegie Mellon University



From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Date: Monday, January 28, 2019 at 5:05 AM
To: Grace Lewis <glewis@sei.cmu.edu>, "ace@ietf.org" <ace@ietf.org>
Subject: RE: ACE Implementation for Disadvantaged Environments

Congrats to the work. Could you say a little bit the (constrained) resource server implementation?

Ciao
Hannes

From: Ace <ace-bounces@ietf.org> On Behalf Of Grace A Lewis
Sent: Mittwoch, 23. Januar 2019 19:12
To: ace@ietf.org
Subject: [Ace] ACE Implementation for Disadvantaged Environments

Hello,

I just wanted to make the group aware of our ACE implementation (SEI-ACE), which includes an implementation for a resource-constrained server.

Details available in this news article: https://www.sei.cmu.edu/news-events/news/article.cfm?assetid=539184

Article includes the link to our Git repo.

Enjoy!

- Grace Lewis

______________________________________________
Grace A. Lewis, Ph.D.
Principal Researcher and TTG Initiative Lead
Carnegie Mellon Software Engineering Institute
Software Solutions Division (SSD)
Tactical Technologies Group (TTG)

4500 Fifth Ave. #5412
Pittsburgh, PA 15213
Phone: (412) 268-5851
http://www.sei.cmu.edu/staff/glewis

“A change in perspective is worth 80 IQ points” --- Alan Kay
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.