IETF Logo Mail Archive

Re: [Anima] [6lo] Comments needed for Security Bootstrapping of IEEE 802.15.4 based Internet of Things

Behcet Sarikaya <sarikaya2012@gmail.com> Wed, 25 February 2015 21:25 UTC

Return-Path: <sarikaya2012@gmail.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E04C1A88D1; Wed, 25 Feb 2015 13:25:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kp5A0KPktzKL; Wed, 25 Feb 2015 13:25:40 -0800 (PST)
Received: from mail-la0-x230.google.com (mail-la0-x230.google.com [IPv6:2a00:1450:4010:c03::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 789651A88C3; Wed, 25 Feb 2015 13:25:39 -0800 (PST)
Received: by labgm9 with SMTP id gm9so6904816lab.2; Wed, 25 Feb 2015 13:25:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=BiaR6Ay+yaG7vTNbwsaZnfiXyw8K/IZVa9Ue1Y0jGZs=; b=L5FOb2knDDypjN1eHVJ2DbNfsVgGA/SZT+bZ4+nERHCXbb51TlE4mQtg1vs5EemFhO eIr/qOkiwljy8luflPiGGMr7PDz7ZxJ80dRtJ4VrYq8ie0adUgXYshqzyA9hmvSRRkZk jeSwpYaGHdeMOjWeeqmugAsPSFN+XyLfSpLCpIS9OBTVwf+3hJPObP3Phesb7eS1C8fn IZ5X4y0D62+vttl0SvGKrd3+Ko6S9xDZ7X/G6vpMeFxjnBDaY7vRLRyA3x5YDd4zzjj0 uRtKJYXPmtPzHU2P7IpsTaYtmpkcuPezoBY8qDDWGV/dBTNZacGiTovEVw4KJXfhTJrG Dy3Q==
MIME-Version: 1.0
X-Received: by 10.152.45.74 with SMTP id k10mr4734431lam.108.1424899537781; Wed, 25 Feb 2015 13:25:37 -0800 (PST)
Received: by 10.114.187.13 with HTTP; Wed, 25 Feb 2015 13:25:37 -0800 (PST)
In-Reply-To: <54EB4F24.7030609@gmx.net>
References: <77FA386512F0D748BC7C02C36EB1106D921776@szxeml557-mbs.china.huawei.com> <6426.1422664463@sandelman.ca> <77FA386512F0D748BC7C02C36EB1106D92CC62@szxeml557-mbs.china.huawei.com> <54E7219B.6040006@gridmerge.com> <54E72846.20807@gmx.net> <54E7824A.4040906@gmail.com> <cf14f8df23dc2552f062976775e76549@xs4all.nl> <54E86F9A.8020104@gmx.net> <54E8D442.6020909@gmail.com> <54EB4F24.7030609@gmx.net>
Date: Wed, 25 Feb 2015 15:25:37 -0600
Message-ID: <CAC8QAcfUDw8McE15gkCpDX5Ur+ZKaYx9mCOXNiS+_rCDHE2XTg@mail.gmail.com>
From: Behcet Sarikaya <sarikaya2012@gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/anima/6SvkDedsBB5z1nvqQITgQ6jDX5M>
Cc: consultancy@vanderstok.org, 6tisch-security <6tisch-security@ietf.org>, Michael Richardson <mcr+ietf@sandelman.ca>, "Hedanping (Ana)" <ana.hedanping@huawei.com>, robert.cragie@gridmerge.com, "6lo@ietf.org" <6lo@ietf.org>, "anima@ietf.org" <anima@ietf.org>
Subject: Re: [Anima] [6lo] Comments needed for Security Bootstrapping of IEEE 802.15.4 based Internet of Things
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: sarikaya@ieee.org
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Feb 2015 21:25:42 -0000

On Mon, Feb 23, 2015 at 10:02 AM, Hannes Tschofenig
<hannes.tschofenig@gmx.net> wrote:
> Hi Brian,
>
> On 02/21/2015 07:53 PM, Brian E Carpenter wrote:
>> Hannes,
>>
>> "Bootstrapping" is a colloquialism, of course, but it conveys the idea
>> of having no prior knowledge which is the main point here.
>
> The problem with the term is that it is ill-defined.
>
> In many of the cases it actually does not mean that there is no prior
> knowledge. For the specifications we are talking about here we are
> assuming various information pre-configured, such as certificates, trust
> anchors, and other configuration parameters. That's not exactly my
> understanding of "no prior knowledge".
>
>  Of course
>> it's true (as Peter said) that different situations call for differences
>> in the solution. The initial target for Anima is "professionally managed
>> networks" and for that we tend to assume that devices are pre-registered
>> in some sense; that is a false assumption for homenets and (I assume) IoT.
>> I am pretty sure that IoT approaches will be a false assumption for
>> large international carrier networks.
>>
>> I know nothing about Thread, whatever and whoever it is.
>
> Here is an intro document:
> http://threadgroup.org/Portals/0/documents/events/ThreadIntro.pdf
>


I think we need to clarify here that Thread Group is formed to deal
with home environments.

Enterprise or industrial environments seem to be excluded.

Regards,

Behcet
>
>  If they
>> want to repeat the Bluetooth error of working in secret, there is
>> nothing we can do about it, neither can we sit back and do nothing.
>
> The IEEE, the Bluetooth SIG, and Thread have (as organizations) many
> things in common. Only member companies can influence the specification
> content but, unlike the IEEE, Thread is a fairly new organization and
> hence their specifications have not yet been released since they are
> still work in progress. Both IEEE and Bluetooth SIG release their
> specifications to the general public when they are finalized.
>
> I am not sure I agree that the Bluetooth SIG made huge mistakes since
> otherwise the technology wouldn't be so successful.
>
>> At least draft-pritikin-anima-bootstrapping-keyinfra builds pn
>> IEEE 802.1AR.
>
> To be honest, I am a bit doubtful about the value of the IEEE 802.1AR
> specification.
>
> The specification basically says to use certificates and the PKI (using
> RSA / ECC-based keys) for authenticating devices and defines a MIB for
> configuring various aspects of that infrastructure (using SNMP).
>
> It also lists the fields of a certificate and defines the "device
> identity" in Section 7.2.8 as "This may include the unique device serial
> number assigned by the manufacturer or any other suitable unique DN
> value that the issuer prefers."
>
> I am sure there are some (not described) good reasons why the
> specification exists but it is not as earth-shaking as you might think.
> Particularly, if you plan to use it in ANIMA you might ask yourself how
> many management interfaces you actually need to provision and configure
> credentials on devices. (This actually leads us back to my original mail.)
>
> I have to think about the use of these specifications for Internet of
> Things scenarios I am a bit hesitant to immediately get excited. I
> already have other protocols that provide this functionality and much
> more functionality (such as a software update mechanism) without the use
> of a network management protocol. In general, the specification offers
> too many options.
>
> How does all of this relate to the work you are doing in the ANIMA
> working group? I do not necessarily have any objections against a new
> attempt to solve problems that have already been solved before. There
> may be short-comings with the existing solutions. Of course, that
> assumes that one has ideas about what should be improved about the
> existing solutions.
>
> Ciao
> Hannes
>
>>
>> Regards
>>    Brian
>>
>> On 22/02/2015 00:44, Hannes Tschofenig wrote:
>>> Peter, Brian,
>>>
>>> I would strongly recommend not to use the term bootstrapping. Replacing
>>> it with some other word that explains what you want to do.
>>>
>>> After-all, we are engineers and not marketing guys. I tend to get a bit
>>> nervous when I read terms like "zero-touch" and alike that create the
>>> impression that there is no configuration that needs to be done by
>>> anyone. Of course, that's not the case.
>>>
>>> With all the security drafts in NETCONF (zerotouch) or in ANIMA I get
>>> the impression that we are re-inventing the wheel not only because we
>>> want to work on new stuff but largely because we actually don't
>>> understand the state of the art ourselves anymore. I fear that the
>>> <draft-he-iot-security-bootstrapping-00> document also falls into the
>>> category of not understanding the state-of-the-art. I understand if
>>> someone is not up-to-speed with the most recent efforts in Thread
>>> (because they are only visible to members of that organization) but the
>>> ZigBee-IP work should be known. While ZigBee-IP may be considered dead
>>> by know it also appears to me that any new work in the IETF on
>>> security/routing/etc. for IEEE 802.15.4 will have to compete against
>>> Thread. Thread has seen a dramatic growth rate in terms of membership
>>> and so I doubt that work in the same area has a lot of chances for
>>> success.
>>>
>>> Sorry for the rant but I believe it will help everyone to figure out
>>> that most of the groups are actually developing the same solutions over
>>> and over again.
>>>
>>> Now to the issue of the multi-vendor equipment. Adding new solutions (as
>>> it is done in ANIMA) while other groups and organizations have already
>>> standardized similar technologies (using different terminology) will not
>>> make the interoperability any better. I am sure you know that far too well.
>>>
>>> It would be great to have a conversation (maybe at the next IETF
>>> meeting) how the different environments (home environment, enterprise
>>> environments/industrial environments) are different in terms of
>>> provisioning credentials and configuration information to IoT devices.
>>> Needless to say that there are differences and you can see them when you
>>> look at how existing products work. That does, however, not necessarily
>>> mean that there are no common building blocks.
>>>
>>> Ciao
>>> Hannes
>>>
>>> On 02/21/2015 12:14 PM, peter van der Stok wrote:
>>>> Hi Brian,
>>>>
>>>> Just a small annotation to your default approach comment.
>>>> Bootstrapping is subject to different installation procedures.
>>>> A clear example is the difference between home (plug and play) and the
>>>> building control where bootstrapping is organized from a database.
>>>> In the professional domain the order of things can depend on the
>>>> installer. For example, some may want to bootstrap together with the
>>>> setup of the network, others may want the network to be ready and then
>>>> do the security bootstrap.
>>>>
>>>> Although I agree with your concern expressed as "a default procedure to
>>>> decide on the bootstrap procedure", I think there is room for 2-4
>>>> different security bootstrap procedures.
>>>> These procedures will be chosen as function of the application domain
>>>> and application owner, installer.
>>>>
>>>> Peter
>>>>
>>>>
>>>>
>>>> Brian E Carpenter schreef op 2015-02-20 19:51:
>>>>> Hannes,
>>>>>
>>>>> I agree that we need to compare different approaches. I do have one
>>>>> concern in the anima context that leads me to the conclusion that
>>>>> we *must* pick a preferred solution: if we consider a collection of
>>>>> multivendor equipment in factory condition that we want to bootstrap
>>>>> itself into a secure network when we apply power, I don't see how
>>>>> we can avoid having a single default solution. If not, we get a
>>>>> rather ludicrous situation where we need a single default solution
>>>>> to the problem of choosing which bootstrap solution to use.
>>>>>
>>>>> Regards
>>>>>    Brian
>>>>>
>>>>> On 21/02/2015 01:27, Hannes Tschofenig wrote:
>>>>>> Hi Danping,
>>>>>>
>>>>>> I would also like to note that
>>>>>> [I-D.pritikin-anima-bootstrapping-keyinfra] is only one possible way of
>>>>>> distributing new keys (based on already pre-provisioned certificates). I
>>>>>> would like to understand how it relates to other approaches.
>>>>>> Particularly if you consider an approach "heavy" it would be good to
>>>>>> know what your main concerns are since there is no free lunch with
>>>>>> security and most of the design decisions are trade-offs.
>>>>>>
>>>>>> Ciao
>>>>>> Hannes
>>>>>>
>>>>>> On 02/20/2015 12:59 PM, Robert Cragie wrote:
>>>>>>> [I-D.pritikin-anima-bootstrapping-keyinfra] proposes a zero-touch
>>>>>>> bootstrapping key infrastructure to allow joining device securely and
>>>>>>> automatically bootstraps itself based on 802.1AR certificate.  It can't
>>>>>>> be directly used in 802.15.4 devices due to the high security
>>>>>>> complexity
>>>>>>> and heavy communication overhead.": I disagree with this statement. We
>>>>>>> used this approach in ZigBee IP. I agree some may think the
>>>>>>> communication overhead "heavy" but that doesn't mean it can't be done.
>>>>>>> The associated security complexity is also becoming less onerous as
>>>>>>> crypto accelerators become built into hardware and cores.
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Anima mailing list
>>>>>> Anima@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/anima
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Anima mailing list
>>>>> Anima@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/anima
>>>
>>
>> _______________________________________________
>> Anima mailing list
>> Anima@ietf.org
>> https://www.ietf.org/mailman/listinfo/anima
>>
>
>
> _______________________________________________
> 6lo mailing list
> 6lo@ietf.org
> https://www.ietf.org/mailman/listinfo/6lo
>

v2.23.0 | Report a Bug | By Email