Re: [Lwip] [IoT-DIR] Iotdir early review of draft-ietf-lwig-crypto-sensors-04

Samita Chakrabarti <samitac.ietf@gmail.com> Tue, 07 November 2017 04:21 UTC

Return-Path: <samitac.ietf@gmail.com>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC66413FAEA; Mon, 6 Nov 2017 20:21:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MXuOkSTF3drV; Mon, 6 Nov 2017 20:21:49 -0800 (PST)
Received: from mail-vk0-x229.google.com (mail-vk0-x229.google.com [IPv6:2607:f8b0:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6455C13FAD8; Mon, 6 Nov 2017 20:21:49 -0800 (PST)
Received: by mail-vk0-x229.google.com with SMTP id x65so7193713vkx.1; Mon, 06 Nov 2017 20:21:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Cq6Ep2/a0iKgYm1K8AbG5goUz3+TJ3KBOs/qSOPTQW8=; b=XvVBi0BMQKfsxqqQ8l7S7zKW30pXhWPkO7QCt6BRWyXeSP/yMD3oKQH81zZEwcUFhy W10cbGu4H7bvphNWBXVaK4c49x/vuYa5lb+7cNDptBL8Mb5AZWr+/VBGx7RE/yyAsdcV 2TxkodntWOdSEQcFJ93SiNCAzunzeYNSby/gdut4GZcNyiccp+nCLPcSvuW650lTYMqi wd4/lBKe3LOCU1d/XGBc9m8xQwvQKG3lwZO6myll6V95GZ5oYLBYqTBc5PFxsutKgGyD yYeVTywuZz3431HR+V/r4CYMjUE7DsIoG4cMFIMYl2W/rSs/ts5Yo8R1UYI5bo67+1Kn ycVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Cq6Ep2/a0iKgYm1K8AbG5goUz3+TJ3KBOs/qSOPTQW8=; b=fQ4da4iRLPAQVW+AIWgQUxkA0F/Xe8YnTWX5bBozSgz19+ZOVctpN9FDTGzyIUoN/w 8tw7U5o/p9Yd9LD2jnBzLJoOBT+p9nxuq+vEHe0vqeGujgqVslm0DL/mS0qR1vtnq4zD +mMRN3IWkxjHR23ZZr5gC+FpZItrAzULUiL0jjdIg9/hocEDdJVkDClyIrSwvVmqdWAo 9m7DJ0zjyutvmGpTpCcErWs1DWvV7zeQMCSNsrj+sZeE5GyVcCJu40VVmRB9a3VJ9UqA mMNen3d2dsn27BCESJCNlnDIguxVoAh8EfQjUZCS4w6m9L38TPhpK+mRDjKAB5cxwjR1 tQxg==
X-Gm-Message-State: AMCzsaUdPpDsdG0jIqXNiVrMSvn7QNSmo9wJuFR/pvwFr7rJZ/llbPmT /oFCNzPMQtzH0zaHrdTZTxWv9W3fBl4efkqkOFo=
X-Google-Smtp-Source: ABhQp+Q4mW2e3wZcL4htUEe4jJ/Ym3fOqdMEmEhjTjhWh/uaPTHNVzyinoXir1Ba1JEoHHYIcrmZe7RgEgKRUy5qlQo=
X-Received: by 10.31.80.195 with SMTP id e186mr13247339vkb.175.1510028508125; Mon, 06 Nov 2017 20:21:48 -0800 (PST)
MIME-Version: 1.0
Received: by 10.31.133.73 with HTTP; Mon, 6 Nov 2017 20:21:47 -0800 (PST)
In-Reply-To: <AM4PR0801MB270650AF0ED72FABD13EA028FA500@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <150996104393.8207.2811572203550087788@ietfa.amsl.com> <AM4PR0801MB270650AF0ED72FABD13EA028FA500@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Samita Chakrabarti <samitac.ietf@gmail.com>
Date: Mon, 06 Nov 2017 20:21:47 -0800
Message-ID: <CAKmdBpeP9A8VNGB9tCE=wYyBvAMzvZs4vBJq3uS6QoTbVsa4zg@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: "Iot-dir@ietf.org" <Iot-dir@ietf.org>, "lwip@ietf.org" <lwip@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "draft-ietf-lwig-crypto-sensors.all@ietf.org" <draft-ietf-lwig-crypto-sensors.all@ietf.org>
Content-Type: multipart/alternative; boundary="001a114e34b4d3e178055d5ce819"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/SynaGQy8KAzYx5ahqZdfU7kTwtc>
Subject: Re: [Lwip] [IoT-DIR] Iotdir early review of draft-ietf-lwig-crypto-sensors-04
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Lightweight IP stack <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2017 04:21:52 -0000

Hi Hannes,
I have not done comparison with other technologies. But as I mentioned that
it exists. I like the fact it can generate unique 'intrinsic-id' based on
the physical properties of the chip-set. If IOT-DIR folks like to know
more, perhaps I can find out if there is a remote presentation and Q&A
session possible from the Intrinsic-id folks sometime in the near future. (
Disclaimer: I have no particular interest other than knowing more about the
feasibility  of application of that technology) I was thinking that this ID
can be used in any mutual authentication protocols ( especially generating
the private key). Do you have more information on them or think otherwise ?

Regards,
-Samita

On Mon, Nov 6, 2017 at 1:39 AM, Hannes Tschofenig <Hannes.Tschofenig@arm.com
> wrote:

> Hi Samita,
>
> Do you think PUFs are useful authentication technologies for IoT devices?
>
> Ciao
> Hannes
>
> -----Original Message-----
> From: IoT-DIR [mailto:iot-dir-bounces@ietf.org] On Behalf Of Samita
> Chakrabarti
> Sent: 06 November 2017 10:37
> To: Iot-dir@ietf.org
> Cc: lwip@ietf.org; ietf@ietf.org; draft-ietf-lwig-crypto-
> sensors.all@ietf.org
> Subject: [IoT-DIR] Iotdir early review of draft-ietf-lwig-crypto-
> sensors-04
>
> Reviewer: Samita Chakrabarti
> Review result: Ready with Nits
>
> I have reviewed draft-ietf-lwig-crypto-sensors-04 document for
> IOT-Directorate review. The following are my comments:
>
> General : The document is easy reading and informative about current and
> previous work. It is ready to publish with minor changes based on review
> comments.
>
> Other comments:
> Introduction:
>  It might be useful to discuss/clarify that multi-level security may be
> important for IOT devices  all the way from 'bootstrapping and management'
> to  application security. That perhaps can include obtaining IP-addresses
> securely, mutual authentication between server and devices , etc. ( see
>  https://tools.ietf.org/html/draft-ietf-6lo-ap-nd-03) in those cases
> where each  device has an IP address.
>
> Section 2:
> Regarding problems of provisioning and management of networks for the IOT
> devices there may be additional issues – 1) different types of IOT devices
> and the lack of standards way to provision them as they might be talking
> different RF technologies and running L2 protocols only. 2) The iot nodes
> may be moving individually or collectively and change networks; identifying
> the movement of the iot nodes or identifying a particular node at any point
> of time uniquely requires an intrinsic identification which might be useful
> to set during bootstrapping of the node
>
> Regarding related work – does it consider IETF IOT security work only?
> There have been some work and thought process going on regarding blockchain
> IOT security in the industry. Perhaps that is out-of-scope of this
> document, but I wanted to mention for authors’ considerations.
>
> Section 5:
> Authors of the document may also want to browse a SRAM PUF based
> technology which provides unique ID based authentication mechanism.
> https://www.intrinsic-id.com/intrinsic-id-joins-wi-sun-alliance/
>
> Section 9:
> Does the example simulate any particular deployment model or research
> experiments ? It might be good to clarify that. Section 10 and 11: Looks
> like section 11 is closely related to section 10. Should they be combined
> together ?
> Else some more text is needed in section 10 on design trade-offs.
>
> Section 13:
> Does this document recommend one layer of security to IOT devices ? There
> are different types of IOT devices – some of them are very tiny and some
> are more capable. Some definitely benefit for multi-level security  than
> single layer of security.  L2 security is generally recommended for for all
> IOT networks. Does data object protection only protect the  application
> data (payload)  or more ?
>
> Thanks for the initiative in documenting the valuable work in IOT security
> implementation and crypto comparison. -Samita
>
>
> _______________________________________________
> IoT-DIR mailing list
> IoT-DIR@ietf.org
> https://www.ietf.org/mailman/listinfo/iot-dir
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
>