Re: [Anima] [6lo] Comments needed for Security Bootstrapping of IEEE 802.15.4 based Internet of Things
Behcet Sarikaya <sarikaya2012@gmail.com> Wed, 25 February 2015 21:25 UTC
Return-Path: <sarikaya2012@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E04C1A88D1; Wed, 25 Feb 2015 13:25:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kp5A0KPktzKL; Wed, 25 Feb 2015 13:25:40 -0800 (PST)
Received: from mail-la0-x230.google.com (mail-la0-x230.google.com [IPv6:2a00:1450:4010:c03::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 789651A88C3; Wed, 25 Feb 2015 13:25:39 -0800 (PST)
Received: by labgm9 with SMTP id gm9so6904816lab.2; Wed, 25 Feb 2015 13:25:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=BiaR6Ay+yaG7vTNbwsaZnfiXyw8K/IZVa9Ue1Y0jGZs=; b=L5FOb2knDDypjN1eHVJ2DbNfsVgGA/SZT+bZ4+nERHCXbb51TlE4mQtg1vs5EemFhO eIr/qOkiwljy8luflPiGGMr7PDz7ZxJ80dRtJ4VrYq8ie0adUgXYshqzyA9hmvSRRkZk jeSwpYaGHdeMOjWeeqmugAsPSFN+XyLfSpLCpIS9OBTVwf+3hJPObP3Phesb7eS1C8fn IZ5X4y0D62+vttl0SvGKrd3+Ko6S9xDZ7X/G6vpMeFxjnBDaY7vRLRyA3x5YDd4zzjj0 uRtKJYXPmtPzHU2P7IpsTaYtmpkcuPezoBY8qDDWGV/dBTNZacGiTovEVw4KJXfhTJrG Dy3Q==
MIME-Version: 1.0
X-Received: by 10.152.45.74 with SMTP id k10mr4734431lam.108.1424899537781; Wed, 25 Feb 2015 13:25:37 -0800 (PST)
Received: by 10.114.187.13 with HTTP; Wed, 25 Feb 2015 13:25:37 -0800 (PST)
In-Reply-To: <54EB4F24.7030609@gmx.net>
References: <77FA386512F0D748BC7C02C36EB1106D921776@szxeml557-mbs.china.huawei.com> <6426.1422664463@sandelman.ca> <77FA386512F0D748BC7C02C36EB1106D92CC62@szxeml557-mbs.china.huawei.com> <54E7219B.6040006@gridmerge.com> <54E72846.20807@gmx.net> <54E7824A.4040906@gmail.com> <cf14f8df23dc2552f062976775e76549@xs4all.nl> <54E86F9A.8020104@gmx.net> <54E8D442.6020909@gmail.com> <54EB4F24.7030609@gmx.net>
Date: Wed, 25 Feb 2015 15:25:37 -0600
Message-ID: <CAC8QAcfUDw8McE15gkCpDX5Ur+ZKaYx9mCOXNiS+_rCDHE2XTg@mail.gmail.com>
From: Behcet Sarikaya <sarikaya2012@gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/anima/6SvkDedsBB5z1nvqQITgQ6jDX5M>
Cc: consultancy@vanderstok.org, 6tisch-security <6tisch-security@ietf.org>, Michael Richardson <mcr+ietf@sandelman.ca>, "Hedanping (Ana)" <ana.hedanping@huawei.com>, robert.cragie@gridmerge.com, "6lo@ietf.org" <6lo@ietf.org>, "anima@ietf.org" <anima@ietf.org>
Subject: Re: [Anima] [6lo] Comments needed for Security Bootstrapping of IEEE 802.15.4 based Internet of Things
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: sarikaya@ieee.org
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Feb 2015 21:25:42 -0000
On Mon, Feb 23, 2015 at 10:02 AM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote: > Hi Brian, > > On 02/21/2015 07:53 PM, Brian E Carpenter wrote: >> Hannes, >> >> "Bootstrapping" is a colloquialism, of course, but it conveys the idea >> of having no prior knowledge which is the main point here. > > The problem with the term is that it is ill-defined. > > In many of the cases it actually does not mean that there is no prior > knowledge. For the specifications we are talking about here we are > assuming various information pre-configured, such as certificates, trust > anchors, and other configuration parameters. That's not exactly my > understanding of "no prior knowledge". > > Of course >> it's true (as Peter said) that different situations call for differences >> in the solution. The initial target for Anima is "professionally managed >> networks" and for that we tend to assume that devices are pre-registered >> in some sense; that is a false assumption for homenets and (I assume) IoT. >> I am pretty sure that IoT approaches will be a false assumption for >> large international carrier networks. >> >> I know nothing about Thread, whatever and whoever it is. > > Here is an intro document: > http://threadgroup.org/Portals/0/documents/events/ThreadIntro.pdf > I think we need to clarify here that Thread Group is formed to deal with home environments. Enterprise or industrial environments seem to be excluded. Regards, Behcet > > If they >> want to repeat the Bluetooth error of working in secret, there is >> nothing we can do about it, neither can we sit back and do nothing. > > The IEEE, the Bluetooth SIG, and Thread have (as organizations) many > things in common. Only member companies can influence the specification > content but, unlike the IEEE, Thread is a fairly new organization and > hence their specifications have not yet been released since they are > still work in progress. Both IEEE and Bluetooth SIG release their > specifications to the general public when they are finalized. > > I am not sure I agree that the Bluetooth SIG made huge mistakes since > otherwise the technology wouldn't be so successful. > >> At least draft-pritikin-anima-bootstrapping-keyinfra builds pn >> IEEE 802.1AR. > > To be honest, I am a bit doubtful about the value of the IEEE 802.1AR > specification. > > The specification basically says to use certificates and the PKI (using > RSA / ECC-based keys) for authenticating devices and defines a MIB for > configuring various aspects of that infrastructure (using SNMP). > > It also lists the fields of a certificate and defines the "device > identity" in Section 7.2.8 as "This may include the unique device serial > number assigned by the manufacturer or any other suitable unique DN > value that the issuer prefers." > > I am sure there are some (not described) good reasons why the > specification exists but it is not as earth-shaking as you might think. > Particularly, if you plan to use it in ANIMA you might ask yourself how > many management interfaces you actually need to provision and configure > credentials on devices. (This actually leads us back to my original mail.) > > I have to think about the use of these specifications for Internet of > Things scenarios I am a bit hesitant to immediately get excited. I > already have other protocols that provide this functionality and much > more functionality (such as a software update mechanism) without the use > of a network management protocol. In general, the specification offers > too many options. > > How does all of this relate to the work you are doing in the ANIMA > working group? I do not necessarily have any objections against a new > attempt to solve problems that have already been solved before. There > may be short-comings with the existing solutions. Of course, that > assumes that one has ideas about what should be improved about the > existing solutions. > > Ciao > Hannes > >> >> Regards >> Brian >> >> On 22/02/2015 00:44, Hannes Tschofenig wrote: >>> Peter, Brian, >>> >>> I would strongly recommend not to use the term bootstrapping. Replacing >>> it with some other word that explains what you want to do. >>> >>> After-all, we are engineers and not marketing guys. I tend to get a bit >>> nervous when I read terms like "zero-touch" and alike that create the >>> impression that there is no configuration that needs to be done by >>> anyone. Of course, that's not the case. >>> >>> With all the security drafts in NETCONF (zerotouch) or in ANIMA I get >>> the impression that we are re-inventing the wheel not only because we >>> want to work on new stuff but largely because we actually don't >>> understand the state of the art ourselves anymore. I fear that the >>> <draft-he-iot-security-bootstrapping-00> document also falls into the >>> category of not understanding the state-of-the-art. I understand if >>> someone is not up-to-speed with the most recent efforts in Thread >>> (because they are only visible to members of that organization) but the >>> ZigBee-IP work should be known. While ZigBee-IP may be considered dead >>> by know it also appears to me that any new work in the IETF on >>> security/routing/etc. for IEEE 802.15.4 will have to compete against >>> Thread. Thread has seen a dramatic growth rate in terms of membership >>> and so I doubt that work in the same area has a lot of chances for >>> success. >>> >>> Sorry for the rant but I believe it will help everyone to figure out >>> that most of the groups are actually developing the same solutions over >>> and over again. >>> >>> Now to the issue of the multi-vendor equipment. Adding new solutions (as >>> it is done in ANIMA) while other groups and organizations have already >>> standardized similar technologies (using different terminology) will not >>> make the interoperability any better. I am sure you know that far too well. >>> >>> It would be great to have a conversation (maybe at the next IETF >>> meeting) how the different environments (home environment, enterprise >>> environments/industrial environments) are different in terms of >>> provisioning credentials and configuration information to IoT devices. >>> Needless to say that there are differences and you can see them when you >>> look at how existing products work. That does, however, not necessarily >>> mean that there are no common building blocks. >>> >>> Ciao >>> Hannes >>> >>> On 02/21/2015 12:14 PM, peter van der Stok wrote: >>>> Hi Brian, >>>> >>>> Just a small annotation to your default approach comment. >>>> Bootstrapping is subject to different installation procedures. >>>> A clear example is the difference between home (plug and play) and the >>>> building control where bootstrapping is organized from a database. >>>> In the professional domain the order of things can depend on the >>>> installer. For example, some may want to bootstrap together with the >>>> setup of the network, others may want the network to be ready and then >>>> do the security bootstrap. >>>> >>>> Although I agree with your concern expressed as "a default procedure to >>>> decide on the bootstrap procedure", I think there is room for 2-4 >>>> different security bootstrap procedures. >>>> These procedures will be chosen as function of the application domain >>>> and application owner, installer. >>>> >>>> Peter >>>> >>>> >>>> >>>> Brian E Carpenter schreef op 2015-02-20 19:51: >>>>> Hannes, >>>>> >>>>> I agree that we need to compare different approaches. I do have one >>>>> concern in the anima context that leads me to the conclusion that >>>>> we *must* pick a preferred solution: if we consider a collection of >>>>> multivendor equipment in factory condition that we want to bootstrap >>>>> itself into a secure network when we apply power, I don't see how >>>>> we can avoid having a single default solution. If not, we get a >>>>> rather ludicrous situation where we need a single default solution >>>>> to the problem of choosing which bootstrap solution to use. >>>>> >>>>> Regards >>>>> Brian >>>>> >>>>> On 21/02/2015 01:27, Hannes Tschofenig wrote: >>>>>> Hi Danping, >>>>>> >>>>>> I would also like to note that >>>>>> [I-D.pritikin-anima-bootstrapping-keyinfra] is only one possible way of >>>>>> distributing new keys (based on already pre-provisioned certificates). I >>>>>> would like to understand how it relates to other approaches. >>>>>> Particularly if you consider an approach "heavy" it would be good to >>>>>> know what your main concerns are since there is no free lunch with >>>>>> security and most of the design decisions are trade-offs. >>>>>> >>>>>> Ciao >>>>>> Hannes >>>>>> >>>>>> On 02/20/2015 12:59 PM, Robert Cragie wrote: >>>>>>> [I-D.pritikin-anima-bootstrapping-keyinfra] proposes a zero-touch >>>>>>> bootstrapping key infrastructure to allow joining device securely and >>>>>>> automatically bootstraps itself based on 802.1AR certificate. It can't >>>>>>> be directly used in 802.15.4 devices due to the high security >>>>>>> complexity >>>>>>> and heavy communication overhead.": I disagree with this statement. We >>>>>>> used this approach in ZigBee IP. I agree some may think the >>>>>>> communication overhead "heavy" but that doesn't mean it can't be done. >>>>>>> The associated security complexity is also becoming less onerous as >>>>>>> crypto accelerators become built into hardware and cores. >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Anima mailing list >>>>>> Anima@ietf.org >>>>>> https://www.ietf.org/mailman/listinfo/anima >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Anima mailing list >>>>> Anima@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/anima >>> >> >> _______________________________________________ >> Anima mailing list >> Anima@ietf.org >> https://www.ietf.org/mailman/listinfo/anima >> > > > _______________________________________________ > 6lo mailing list > 6lo@ietf.org > https://www.ietf.org/mailman/listinfo/6lo >
- Re: [Anima] [6lo] Comments needed for Security Bo… Michael Richardson
- Re: [Anima] [6lo] Comments needed for Security Bo… Hedanping (Ana)
- Re: [Anima] [6tisch-security] [6lo] Comments need… Tero Kivinen
- Re: [Anima] [6lo] Comments needed for Security Bo… Hannes Tschofenig
- Re: [Anima] [6lo] Comments needed for Security Bo… Brian E Carpenter
- Re: [Anima] [6lo] Comments needed for Security Bo… Behcet Sarikaya
- Re: [Anima] [6lo] Comments needed for Security Bo… peter van der Stok
- Re: [Anima] [6lo] Comments needed for Security Bo… Hannes Tschofenig
- Re: [Anima] [6lo] Comments needed for Security Bo… Brian E Carpenter
- Re: [Anima] [6lo] Comments needed for Security Bo… Brian E Carpenter
- Re: [Anima] [6lo] Comments needed for Security Bo… peter van der Stok
- Re: [Anima] [6lo] Comments needed for Security Bo… Brian E Carpenter
- Re: [Anima] [6lo] Comments needed for Security Bo… Behcet Sarikaya
- Re: [Anima] [6lo] Comments needed for Security Bo… Kent Watsen
- Re: [Anima] [6lo] Comments needed for Security Bo… Hannes Tschofenig
- Re: [Anima] [6lo] Comments needed for Security Bo… Brian E Carpenter
- Re: [Anima] [6lo] Comments needed for Security Bo… Hedanping (Ana)
- [Anima] Device vs network bootstrapping [Comments… Brian E Carpenter
- Re: [Anima] [6lo] Comments needed for Security Bo… Behcet Sarikaya
- [Anima] Thread [Comments needed for Security Boot… Brian E Carpenter
- Re: [Anima] [6lo] Thread [Comments needed for Sec… Ralph Droms
- Re: [Anima] [6lo] Thread [Comments needed for Sec… Brian E Carpenter
- Re: [Anima] [6lo] Device vs network bootstrapping… Hedanping (Ana)
- Re: [Anima] [6lo] Comments needed for Security Bo… Hedanping (Ana)
- Re: [Anima] [6lo] Comments needed for Security Bo… peter van der Stok
- Re: [Anima] [6lo] Device vs network bootstrapping… Brian E Carpenter
- Re: [Anima] [6lo] Device vs network bootstrapping… Kent Watsen
- Re: [Anima] [6tisch-security] [6lo] Comments need… Thomas Watteyne
- Re: [Anima] [6tisch-security] [6lo] Device vs net… Brian E Carpenter
- Re: [Anima] [6lo] Comments needed for Security Bo… Robert Cragie
- Re: [Anima] [6lo] Comments needed for Security Bo… Paul Duffy
- Re: [Anima] [6tisch-security] [6lo] Device vs net… Kris Pister
- Re: [Anima] Thread [Comments needed for Security … Hannes Tschofenig
- Re: [Anima] [6lo] Thread [Comments needed for Sec… Ralph Droms
- Re: [Anima] Thread [Comments needed for Security … Brian E Carpenter
- [Anima] (Fair) competition in pursuing ideas and … Rene Struik
- Re: [Anima] (Fair) competition in pursuing ideas … Brian E Carpenter
- Re: [Anima] (Fair) competition in pursuing ideas … Sheng Jiang
- Re: [Anima] (Fair) competition in pursuing ideas … Rene Struik
- Re: [Anima] (Fair) competition in pursuing ideas … Sheng Jiang
- Re: [Anima] Thread [Comments needed for Security … Hannes Tschofenig
- Re: [Anima] (Fair) competition in pursuing ideas … Hannes Tschofenig
- Re: [Anima] (Fair) competition in pursuing ideas … Robert Cragie
- Re: [Anima] [6lo] Thread [Comments needed for Sec… Oliver Hahm
- Re: [Anima] [6lo] Thread [Comments needed for Sec… Alper Yegin
- Re: [Anima] [6lo] Thread [Comments needed for Sec… Carsten Bormann