[Iot-onboarding] Using Threshold techniques in onboarding.
Phillip Hallam-Baker <phill@hallambaker.com> Tue, 17 November 2020 00:44 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: iot-onboarding@ietfa.amsl.com
Delivered-To: iot-onboarding@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B51FA3A03FA for <iot-onboarding@ietfa.amsl.com>; Mon, 16 Nov 2020 16:44:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.398
X-Spam-Level:
X-Spam-Status: No, score=-1.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NT6pVknDgnDD for <iot-onboarding@ietfa.amsl.com>; Mon, 16 Nov 2020 16:44:32 -0800 (PST)
Received: from mail-yb1-f175.google.com (mail-yb1-f175.google.com [209.85.219.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94A103A03EF for <iot-onboarding@ietf.org>; Mon, 16 Nov 2020 16:44:32 -0800 (PST)
Received: by mail-yb1-f175.google.com with SMTP id g15so17378874ybq.6 for <iot-onboarding@ietf.org>; Mon, 16 Nov 2020 16:44:32 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=wfZHmvKPUhHnFeCfkDfXzOhX1bkDrTJLDFxjQaUiEvo=; b=W6eDGgCATHPIwE744YYRYP5FBm/Ak796gesDb7IQrsd2JSlCxKpE6mgiYJwH2VFkqP FEXGfdWYXzJS52dnQ8xyVGzdSjBCKeWJwkCxOMR2qZanePpl99aYU+R14UjE53WRGflV 4rWbbJouXDZYJ9dFBww229QUHGnN60TnVBLX7LswupRtCRlqEZiAy4Q0/K5/UIZAksNN An1lpEykOlZnR9Q1VqHNJwggPaEz6IAHXbhOjbNlu31i9HGwxDpeeHDh60yn1RsdBFCI UrkP0cvRKKG9ZWuIwtMOU/Sav2Z4YTlZr0BT/yVeTB7KA/wlVxmWXX9KXZuVyX05sc7F 00xQ==
X-Gm-Message-State: AOAM531zFafq54sfcvn5sMzDWHpq3swcI+tUTB1/pkflEdi7uDcSTuSp 84WBoXiStgVDzZmMRHzEZFFz8RneCvb/iEzOef/lX50BZmiVIQ==
X-Google-Smtp-Source: ABdhPJxHMOpzCs/5w0UIxhu8PaBQHyu48RH83dgUXBi/+hBlEjsBSBJGCvdsWmk0uCKmb6IkHyQ8S/sit7mf3YBmR0U=
X-Received: by 2002:a25:e00b:: with SMTP id x11mr22059762ybg.518.1605573871237; Mon, 16 Nov 2020 16:44:31 -0800 (PST)
MIME-Version: 1.0
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Mon, 16 Nov 2020 19:44:20 -0500
Message-ID: <CAMm+Lwhc3-EkZiVCXwb3nt2QT0fEUha=eMN9EbH7rkJhJ9T1BQ@mail.gmail.com>
To: iot-onboarding@ietf.org
Content-Type: multipart/alternative; boundary="00000000000041830205b442cceb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/iot-onboarding/KQRm2NJfszAVw41SwXycEAgyh4I>
Subject: [Iot-onboarding] Using Threshold techniques in onboarding.
X-BeenThere: iot-onboarding@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of IoT onboarding mechanisms <iot-onboarding.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/iot-onboarding/>
List-Post: <mailto:iot-onboarding@ietf.org>
List-Help: <mailto:iot-onboarding-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/iot-onboarding>, <mailto:iot-onboarding-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2020 00:44:35 -0000
I have running code and a spec for one way to skin this particular cat. The draft is not quite ready but its close: https://tools.ietf.org/id/draft-hallambaker-mesh-architecture-15.html Let's consider what we want to do when we onboard a device: 1) Establish initial communication with the device. 2) Configure the device to operate under control of the owner. Including the ability to connect to the owner's network and authenticate commands from the owner. 3) Establish a trust context that is verifiably independent of the manufacturer and supply chain. 4) Reconfigure the device as necessary including the ability to switch wifi networks, reset device config without needing to repeat onboarding, etc. etc. without the need to climb a ladder at 3am in the morning because the smoke alarm decided to throw away its configuration data on a whim. Onboarding must become a one time operation. No excuses. Onboarding configuration requires user effort which is precious. Configurations MUST survive a hard reset of the device. The only time the configuration should be forgotten is when the owner requires it. TLS configuration was raised in SECDispatch. I believe DANE is the wrong tool for the same reason CAs are the wrong tool: PKIX PKI is really not designed for IoT. In particular, PKIX certificates are bound to DNS names which requires that they expire within a short timeframe. Moving from the WebPKI to DNSSEC doesn't help because DNS names are rented, not owned. The expiry issue aside, enterprises and IETF participants have DNS domains of their own. Consumers do not. And so binding to DNS names... So one approach I have proposed in the past is to use Strong Internet Names. These are simply a fingerprint of a public key that is mapped to a reserved portion of DNS namespace. So lets say that Alice's coffee-pot has a TLS key with the fingerprint MB5S-R4AJ-3FBT-7NHO-T26Z-2E6Y-WFH4. We can use that to establish a domain name that allows us to authenticate the TLS cert without reference to any external trust provider: coffee.mm--MB5S-R4AJ-3FBT-7NHO-T26Z-2E6Y-WFH4 That is not the sort of identifier I want to ever throw in a user's face. But it is perfectly OK for an internal buried in the guts identifier. That is what I started with four years ago... I have moved on a bit since. In principle, we could just issue strong name certificates when a device is manufactured. And that would be perfectly adequate for most user's actual needs. Right up until some manufacturer is found to have kept track of all the keys ever issued and has suffered a breach. This approach is not acceptable for most enterprises and particularly not for HIPPA / SCI type applications. The solution is to take advantage of the fact that all Diffie Hellman Keys, including Elliptic Curve keys support threshold key generation. The device ships with an ECDH {public, private} keypair {x.P, x} When the device is onboarded, the administrator issues a second set of keys {y.P, y} and passes the private value y to the device by means of a secure channel and a certificate for the key {z.P, z} where z=x+y. Only the device has the means to calculate x+y. But the administrator can calculate z.P because z.P = x.P + y.P. Using this approach means that the user is completely insulated from any malice or incompetence on the part of the manufacturer (or subsequent supply chain compromise) provided only that the administration device chooses a strong value of y. Contrawise, the user is protected if the administrative device is faulty unless the device manufacturer defects. Threshold is really, really powerful. You can have exactly as much fault tolerance as you like, all you have to do is to introduce another party to share the key with. So what is the user experience like in practice? Well I have not yet fully considered the enterprise case where we have to consider the distinction between the owner and the user and consider insider threats. But I do have three onboarding scenarios for the user case: 1) Witness value comparison (with optional PIN code) If the device to be onboarded has a keyboard, Alice enters her Mesh callsign (alice@example.com) on the device to be connected. The device spits out a witness value which should appear on the administration device. If the witness values match exactly, everything is correct and the connection request can be accepted. Alternatively, an out of band PIN code may be used as an authentication mechanism. 2) QR code presented on administration device. If the device to be connected has either a camera or some means of accepting a short range communication and a means of placing the device into an onboarding mode, the Mesh callsign and PIC code can be presented in this form allowing the device to connect without the need to enter data. 3) Static QR code printed on the connecting device. The connection can also be made by means of a static QR code printed on the device itself. This must provide some means of bootstrapping a local communication channel between the devices to complete the connection process and provision the initial network configuration. One of the principles of the Mesh is autonomy. Users should be in control of their digital environment. So what I am currently working on is a mechanism to allow users to switch Mesh Service Providers without switching costs.This will allow the mesh callsign to simply become @alice which will be a lifelong name assigned to Alice that never needs to change unless she wants to change it. She can switch her provider (e.g. moves from a Comcast served area to Verizon) but she doesn't need to change her callsign. All her existing devices will adjust automatically.
- [Iot-onboarding] Using Threshold techniques in on… Phillip Hallam-Baker
- Re: [Iot-onboarding] Using Threshold techniques i… Toerless Eckert
- Re: [Iot-onboarding] Using Threshold techniques i… Phillip Hallam-Baker
- [Iot-onboarding] Phil*: "self-enrolling voucher" … Toerless Eckert
- Re: [Iot-onboarding] Phil*: "self-enrolling vouch… Panwei (William)