IETF Logo Mail Archive

Re: [Anima] Scope question [was: autonomic bootstrap: gap analysis]

Laurent Ciavaglia <Laurent.Ciavaglia@alcatel-lucent.com> Tue, 17 June 2014 08:04 UTC

Return-Path: <laurent.ciavaglia@alcatel-lucent.com>
X-Original-To: anima@ietfa.amsl.com
Delivered-To: anima@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A82C1A0304; Tue, 17 Jun 2014 01:04:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XvVtDyemaYht; Tue, 17 Jun 2014 01:04:04 -0700 (PDT)
Received: from ihemail1.lucent.com (ihemail1.lucent.com [135.245.0.33]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E33D1A02F9; Tue, 17 Jun 2014 01:04:04 -0700 (PDT)
Received: from us70tusmtp2.zam.alcatel-lucent.com (h135-5-2-64.lucent.com [135.5.2.64]) by ihemail1.lucent.com (8.13.8/IER-o) with ESMTP id s5H8415Y001101 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 17 Jun 2014 03:04:01 -0500 (CDT)
Received: from US70TWXCHHUB03.zam.alcatel-lucent.com (us70twxchhub03.zam.alcatel-lucent.com [135.5.2.35]) by us70tusmtp2.zam.alcatel-lucent.com (GMO) with ESMTP id s5H841bZ028010 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 17 Jun 2014 04:04:01 -0400
Received: from [135.244.33.51] (135.5.27.16) by US70TWXCHHUB03.zam.alcatel-lucent.com (135.5.2.35) with Microsoft SMTP Server (TLS) id 14.2.247.3; Tue, 17 Jun 2014 04:03:59 -0400
Message-ID: <539FF669.7020001@alcatel-lucent.com>
Date: Tue, 17 Jun 2014 10:03:53 +0200
From: Laurent Ciavaglia <Laurent.Ciavaglia@alcatel-lucent.com>
Organization: Alcatel-Lucent Bell Labs France
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: "Michael Behringer (mbehring)" <mbehring@cisco.com>, "anima@ietf.org" <anima@ietf.org>, 6tisch-security@ietf.org
References: <26717.1402949592@sandelman.ca> <539F771A.3000008@gmail.com> <3AA7118E69D7CD4BA3ECD5716BAF28DF21BB3FF4@xmb-rcd-x14.cisco.com>
In-Reply-To: <3AA7118E69D7CD4BA3ECD5716BAF28DF21BB3FF4@xmb-rcd-x14.cisco.com>
Content-Type: multipart/alternative; boundary="------------070302050706030409050707"
X-Originating-IP: [135.5.27.16]
Archived-At: http://mailarchive.ietf.org/arch/msg/anima/sdafkIicxpmPMP7Kj7hRVFc8W-o
Subject: Re: [Anima] Scope question [was: autonomic bootstrap: gap analysis]
X-BeenThere: anima@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Autonomic Networking Integrated Model and Approach <anima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/anima>, <mailto:anima-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/anima/>
List-Post: <mailto:anima@ietf.org>
List-Help: <mailto:anima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/anima>, <mailto:anima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jun 2014 08:04:09 -0000

Dear Michael, all,

It's nice to see inputs/thoughts from very different domains (IoT) 
coming in!

Connected devices or entities are for sure in the scope of applicability 
for autonomic networking. And if we consider the future 5G networks, the 
number of connected "nodes" will be even more important and will put 
even more pressure on the (operators of the) networking infrastructures 
to cope with e.g. up-to-date/synchronized inventory (just to name one).
In this context, autonomic technologies definitely make sense: to 
address scalability, optimisation/adaptation of the control 
process/functions, coordination/orchestration among autonomic 
nodes/functions, etc).

If we speak IoT/Smart objects, I see a clear and easy first link with 
SmartHome (homenet), and as long as we see a _role_ for the network 
(thus the "_connecte__d_" x), and someone acting as an "operator" (not 
necessarily a classical telco carrier: e.g. who the homenet 
operator(s)?), there is a place for autonomic technologies.

What we can provide (ultimately)  is a (consistent/integrated?) set of 
autonomic/management tools for these very operators applicable in the 
different technological/industrial domains (smart homes, smart cities... 
and of course also "purely" telecommuncations networks). Of course one 
goal would be to not re-specify/develop the core solutions for all the 
different domains. This is very much in line with one of our goals in 
this BoF to identify commonalities that will drive the 
protocol/architecture work.
Autonomic networking will/should develop and provide both the 
procotols/mechanisms and the right (simple, extensible, composable) 
interfaces for operators to use them (in different domains).

As for the point on distribution, I don't know how to phrase it, but it 
is even more than a requirement, it is part of the nature of any 
networked environment: distributed in nature. So we will have to 
"attach" a number of basic/essential (autonomic) functionality to the 
(distributed) "nodes". Secured bootstrap is one. Others well-known ones 
could be (TBD): discovery, information exchange, capability negotiation, 
enforcement, group communications...

Best regards, Laurent.


On 17/06/2014 08:59, Michael Behringer (mbehring) wrote:
>> -----Original Message-----
>> From: Anima [mailto:anima-bounces@ietf.org] On Behalf Of Brian E
>> Carpenter
>> Sent: 17 June 2014 01:01
>> To:anima@ietf.org
>> Cc: 6tisch-security
>> Subject: [Anima] Scope question [was: autonomic bootstrap: gap analysis]
>>
>> Michael's message is very interesting. For present purposes, i.e. getting
>> ready for the UCAN BOF, do we need to add some points to the relevant use
>> case draft (http://tools.ietf.org/html/draft-behringer-autonomic-
>> bootstrap)?
>>
>> More generally - I think the AN protagonists have been thinking of the
>> scope of AN being carrier, enterprise, and home networks.
>> Should we add IoT to the scope? I think it's an important question, because
>> it would put new meanings on "simple" and "available resources". It seems
>> obvious that IoT networks need to be completely autonomic, but is it the
>> *same* autonomic?
> Brian, we have always positioned AN also in the IoT context, and I agree with Sheng, AN can be used everywhere. Especially when it comes to devices that will be deployed and managed in the thousands or even millions, autonomic concepts are a requirement, not a nice to have.
>
> We have positioned draft-pritikin-bootstrapping-keyinfrastructures as a high-level solution in 6tisch. It explains how you CAN bootstrap a network, zero-touch AND secure, and fits perfectly to the 6tisch requirements. The corresponding use case is described in draft-behringer-autonomic-bootstrap.
>
> To me, the bootstrap problem is one of the real solid examples of autonomic behaviour, because to bootstrap a device into a network I MUST have some functionality on the devices, ie, distribution is absolutely mandatory here.
>
> So this is one of the criteria for the use cases: Is distribution a requirement? Because if it is, then this points very clearly to an autonomic solution.
>
> Michael
>
>   
>> Regards
>>     Brian
>>
>> On 17/06/2014 08:13, Michael Richardson wrote:
>>> I recognize that bootstrap is only one of the autonomic mechanisms
>>> that are relevant to this group.  I have much reading on the other
>>> aspects which I hope to get done.
>>>
>>> The 6tisch security design team has been working on a "zero-touch"
>>> mechanism that would permit constrained devices to join a
>> Lowpower/Loss Network (LLN)
>>> in a secure way.   We have considered adapting EAP-TLS (as ZigbeeIP has
>>> done), or turning the WirelessHART (IEC62591) packet flow into
>>> something more IPv6-like.  While there are significant bits of design
>>> space to explore while trying to optimize packet count, size and total
>>> energy risk of the join protocol;  the idea that there should be a set
>>> of authorization tokens From the device vendor which would permit the
>>> network and new nodes to recognize each other has been central to all
>> discussions.
>>> while draft-pritikin-bootstrapping-keyinfrastructures and
>>>        draft-behringer-autonomic-bootstrap-00
>>>
>>> have proposed valid high level concepts, I believe that specification
>>> of the authz token is critical for the IoT space.  A great concern
>>> that is that the LLNs created remain operational for decades at a
>>> time, and that the components can individually and also in aggregate
>>> be both (re-)sold, and/or the service provider operating the network be
>> replaced.
>>> (There are real life examples where a part of a 100 square mile
>>> refinery is actually sold to a competitor; obviously it doesn't get
>>> moved.  On the other side, one has the very real risk that you bought
>>> your sensor network From a "Nortel")
>>>
>>> I was pointed at 802.1AR's device ID mechanism.  Really, 802.1AR is
>>> about an API between a (constrained) device and it's cryptographic
>> hardware
>>> module/TPM.   It profiles a number of IETF PKIX specifications in a useful
>>> way, but there is little there in terms of actual protocol.  When it
>>> comes to what does an *DevID look like, in it's section 7.2.8, saying
>>> that the DN should contain a "serialNumber" attribute:
>>>
>>>     The formatting of this field shall contain a unique X.500
>>>     Distinguished Name (DN). This may include the unique device serial
>> number assigned by the manufacturer
>>>     or any other suitable unique DN value that the issuer prefers.
>>>
>>> What I have observed is that there needs to be a way to clearly
>>> delegate from
>>> Factory(Vendor) to VAR to DISTRIBUTOR to RESELLER to Plant-OWNER to
>>> SERVICE-PROVIDER.    It would significantly reduce the number of
>> certificates
>>> in (non-constrained device) databases for some levels of this
>>> hierarchy if the IDevID were aggregateable in some fashion.  RFC3779
>>> came to mind, which deals with delegation of Autonomous Systems
>>> Numbers (ASN) and IP address ranges from RIRs to LIRs to ISPs and
>> Enterprises.
>>>            RFC3779: X.509 Extensions for IP Addresses and AS
>>> Identifiers
>>>
>>> I created:
>>>      X509.v3 certificate extension for authorization of device ownership
>>>                   draft-richardson-6tisch-idevid-cert-00
>>>
>>> which cribbed together via nroff2xml and a search and replace.
>>>
>>> The Pritikin and Behringer documents seem to assume that the ultimate
>>> goal of the trusted enrollment process is to create a path in which
>>> "EST"= Enrollment over Secure Transport could operate that would
>>> permit a new locally significant certificate to be loaded into the new
>> device.
>>> I agree with that goal.
>>>
>>> There is the question of how that trust circuit is created, and in
>>> discussion it seemed that it involve some kind of leap-of-faith TLS
>>> setup which would be authenticated by the "authz" tokens later on.  I
>>> disagree; I think that with appropriate evaluation of path constraints
>>> that the authentication can occur within the TLS protocol. (Even
>>> easier if done in IKEv2)
>>>
>>> --
>>> Michael Richardson<mcr+IETF@sandelman.ca>, Sandelman Software
>> Works
>>> -= IPv6 IoT consulting =-
>>>
>> _______________________________________________
>> Anima mailing list
>> Anima@ietf.org
>> https://www.ietf.org/mailman/listinfo/anima
> _______________________________________________
> Anima mailing list
> Anima@ietf.org
> https://www.ietf.org/mailman/listinfo/anima
>

-- 

Bien cordialement, Best regards,

*Laurent Ciavaglia*

Research Manager | Project Manager

Network Algorithms, Protocols and Security Group

Bell Labs | Alcatel Lucent

phone: +33 160 402 636

email: laurent.ciavaglia@alcatel-lucent.com 
<mailto:laurent.ciavaglia@alcatel-lucent.com>

linkedin: laurentciavaglia <http://fr.linkedin.com/in/laurentciavaglia/>

address: Route de Villejust | 91620 NOZAY | France

v2.23.0 | Report a Bug | By Email