[Lwip] Iotdir early review of draft-ietf-lwig-crypto-sensors-04

Samita Chakrabarti <samitac.ietf@gmail.com> Mon, 06 November 2017 09:37 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Samita Chakrabarti <samitac.ietf@gmail.com>
To: Iot-dir@ietf.org
Cc: lwip@ietf.org, ietf@ietf.org, draft-ietf-lwig-crypto-sensors.all@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <150996104393.8207.2811572203550087788@ietfa.amsl.com>
Date: Mon, 06 Nov 2017 01:37:24 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/ABo-uxAn8uM5-qZ8MOGZAOeDVFI>
Subject: [Lwip] Iotdir early review of draft-ietf-lwig-crypto-sensors-04

Reviewer: Samita Chakrabarti
Review result: Ready with Nits

I have reviewed draft-ietf-lwig-crypto-sensors-04 document for  IOT-Directorate
review. The following are my comments:

General : The document is easy reading and informative about current and
previous work. It is ready to publish with minor changes based on review
comments.

Other comments:
Introduction:
 It might be useful to discuss/clarify that multi-level security may be
 important for IOT devices  all the way from 'bootstrapping and management' to
 application security. That perhaps can include obtaining IP-addresses
 securely, mutual authentication between server and devices , etc. ( see
 https://tools.ietf.org/html/draft-ietf-6lo-ap-nd-03) in those cases where each
 device has an IP address.

Section 2:
Regarding problems of provisioning and management of networks for the IOT
devices there may be additional issues – 1) different types of IOT devices and
the lack of standards way to provision them as they might be talking different
RF technologies and running L2 protocols only. 2) The iot nodes may be moving
individually or collectively and change networks; identifying the movement of
the iot nodes or identifying a particular node at any point of time uniquely
requires an intrinsic identification which might be useful to set during
bootstrapping of the node

Regarding related work – does it consider IETF IOT security work only? There
have been some work and thought process going on regarding blockchain IOT
security in the industry. Perhaps that is out-of-scope of this document, but I
wanted to mention for authors’ considerations.

Section 5:
Authors of the document may also want to browse a SRAM PUF based technology
which provides unique ID based authentication mechanism.
https://www.intrinsic-id.com/intrinsic-id-joins-wi-sun-alliance/

Section 9:
Does the example simulate any particular deployment model or research
experiments ? It might be good to clarify that. Section 10 and 11: Looks like
section 11 is closely related to section 10. Should they be combined together ?
Else some more text is needed in section 10 on design trade-offs.

Section 13:
Does this document recommend one layer of security to IOT devices ? There are
different types of IOT devices – some of them are very tiny and some are more
capable. Some definitely benefit for multi-level security  than single layer of
security.  L2 security is generally recommended for for all IOT networks. Does
data object protection only protect the  application data (payload)  or more ?

Thanks for the initiative in documenting the valuable work in IOT security
implementation and crypto comparison. -Samita

[Lwip] Iotdir early review of draft-ietf-lwig-cry… Samita Chakrabarti
Re: [Lwip] [IoT-DIR] Iotdir early review of draft… Hannes Tschofenig
Re: [Lwip] [IoT-DIR] Iotdir early review of draft… Samita Chakrabarti
[Lwip] (on PUFs) Re: [IoT-DIR] Iotdir early revie… Rene Struik
Re: [Lwip] (on PUFs) Re: [IoT-DIR] Iotdir early r… Hannes Tschofenig
Re: [Lwip] (on PUFs) Re: [IoT-DIR] Iotdir early r… Rene Struik
Re: [Lwip] Iotdir early review of draft-ietf-lwig… Mohit Sethi