Re: [Lwip] [IoT-DIR] Iotdir early review of draft-ietf-lwig-crypto-sensors-04
Samita Chakrabarti <samitac.ietf@gmail.com> Tue, 07 November 2017 04:21 UTC
Return-Path: <samitac.ietf@gmail.com>
X-Original-To: lwip@ietfa.amsl.com
Delivered-To: lwip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC66413FAEA; Mon, 6 Nov 2017 20:21:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MXuOkSTF3drV; Mon, 6 Nov 2017 20:21:49 -0800 (PST)
Received: from mail-vk0-x229.google.com (mail-vk0-x229.google.com [IPv6:2607:f8b0:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6455C13FAD8; Mon, 6 Nov 2017 20:21:49 -0800 (PST)
Received: by mail-vk0-x229.google.com with SMTP id x65so7193713vkx.1; Mon, 06 Nov 2017 20:21:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Cq6Ep2/a0iKgYm1K8AbG5goUz3+TJ3KBOs/qSOPTQW8=; b=XvVBi0BMQKfsxqqQ8l7S7zKW30pXhWPkO7QCt6BRWyXeSP/yMD3oKQH81zZEwcUFhy W10cbGu4H7bvphNWBXVaK4c49x/vuYa5lb+7cNDptBL8Mb5AZWr+/VBGx7RE/yyAsdcV 2TxkodntWOdSEQcFJ93SiNCAzunzeYNSby/gdut4GZcNyiccp+nCLPcSvuW650lTYMqi wd4/lBKe3LOCU1d/XGBc9m8xQwvQKG3lwZO6myll6V95GZ5oYLBYqTBc5PFxsutKgGyD yYeVTywuZz3431HR+V/r4CYMjUE7DsIoG4cMFIMYl2W/rSs/ts5Yo8R1UYI5bo67+1Kn ycVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Cq6Ep2/a0iKgYm1K8AbG5goUz3+TJ3KBOs/qSOPTQW8=; b=fQ4da4iRLPAQVW+AIWgQUxkA0F/Xe8YnTWX5bBozSgz19+ZOVctpN9FDTGzyIUoN/w 8tw7U5o/p9Yd9LD2jnBzLJoOBT+p9nxuq+vEHe0vqeGujgqVslm0DL/mS0qR1vtnq4zD +mMRN3IWkxjHR23ZZr5gC+FpZItrAzULUiL0jjdIg9/hocEDdJVkDClyIrSwvVmqdWAo 9m7DJ0zjyutvmGpTpCcErWs1DWvV7zeQMCSNsrj+sZeE5GyVcCJu40VVmRB9a3VJ9UqA mMNen3d2dsn27BCESJCNlnDIguxVoAh8EfQjUZCS4w6m9L38TPhpK+mRDjKAB5cxwjR1 tQxg==
X-Gm-Message-State: AMCzsaUdPpDsdG0jIqXNiVrMSvn7QNSmo9wJuFR/pvwFr7rJZ/llbPmT /oFCNzPMQtzH0zaHrdTZTxWv9W3fBl4efkqkOFo=
X-Google-Smtp-Source: ABhQp+Q4mW2e3wZcL4htUEe4jJ/Ym3fOqdMEmEhjTjhWh/uaPTHNVzyinoXir1Ba1JEoHHYIcrmZe7RgEgKRUy5qlQo=
X-Received: by 10.31.80.195 with SMTP id e186mr13247339vkb.175.1510028508125; Mon, 06 Nov 2017 20:21:48 -0800 (PST)
MIME-Version: 1.0
Received: by 10.31.133.73 with HTTP; Mon, 6 Nov 2017 20:21:47 -0800 (PST)
In-Reply-To: <AM4PR0801MB270650AF0ED72FABD13EA028FA500@AM4PR0801MB2706.eurprd08.prod.outlook.com>
References: <150996104393.8207.2811572203550087788@ietfa.amsl.com> <AM4PR0801MB270650AF0ED72FABD13EA028FA500@AM4PR0801MB2706.eurprd08.prod.outlook.com>
From: Samita Chakrabarti <samitac.ietf@gmail.com>
Date: Mon, 06 Nov 2017 20:21:47 -0800
Message-ID: <CAKmdBpeP9A8VNGB9tCE=wYyBvAMzvZs4vBJq3uS6QoTbVsa4zg@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: "Iot-dir@ietf.org" <Iot-dir@ietf.org>, "lwip@ietf.org" <lwip@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "draft-ietf-lwig-crypto-sensors.all@ietf.org" <draft-ietf-lwig-crypto-sensors.all@ietf.org>
Content-Type: multipart/alternative; boundary="001a114e34b4d3e178055d5ce819"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lwip/SynaGQy8KAzYx5ahqZdfU7kTwtc>
Subject: Re: [Lwip] [IoT-DIR] Iotdir early review of draft-ietf-lwig-crypto-sensors-04
X-BeenThere: lwip@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Lightweight IP stack <lwip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lwip>, <mailto:lwip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lwip/>
List-Post: <mailto:lwip@ietf.org>
List-Help: <mailto:lwip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lwip>, <mailto:lwip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Nov 2017 04:21:52 -0000
Hi Hannes, I have not done comparison with other technologies. But as I mentioned that it exists. I like the fact it can generate unique 'intrinsic-id' based on the physical properties of the chip-set. If IOT-DIR folks like to know more, perhaps I can find out if there is a remote presentation and Q&A session possible from the Intrinsic-id folks sometime in the near future. ( Disclaimer: I have no particular interest other than knowing more about the feasibility of application of that technology) I was thinking that this ID can be used in any mutual authentication protocols ( especially generating the private key). Do you have more information on them or think otherwise ? Regards, -Samita On Mon, Nov 6, 2017 at 1:39 AM, Hannes Tschofenig <Hannes.Tschofenig@arm.com > wrote: > Hi Samita, > > Do you think PUFs are useful authentication technologies for IoT devices? > > Ciao > Hannes > > -----Original Message----- > From: IoT-DIR [mailto:iot-dir-bounces@ietf.org] On Behalf Of Samita > Chakrabarti > Sent: 06 November 2017 10:37 > To: Iot-dir@ietf.org > Cc: lwip@ietf.org; ietf@ietf.org; draft-ietf-lwig-crypto- > sensors.all@ietf.org > Subject: [IoT-DIR] Iotdir early review of draft-ietf-lwig-crypto- > sensors-04 > > Reviewer: Samita Chakrabarti > Review result: Ready with Nits > > I have reviewed draft-ietf-lwig-crypto-sensors-04 document for > IOT-Directorate review. The following are my comments: > > General : The document is easy reading and informative about current and > previous work. It is ready to publish with minor changes based on review > comments. > > Other comments: > Introduction: > It might be useful to discuss/clarify that multi-level security may be > important for IOT devices all the way from 'bootstrapping and management' > to application security. That perhaps can include obtaining IP-addresses > securely, mutual authentication between server and devices , etc. ( see > https://tools.ietf.org/html/draft-ietf-6lo-ap-nd-03) in those cases > where each device has an IP address. > > Section 2: > Regarding problems of provisioning and management of networks for the IOT > devices there may be additional issues – 1) different types of IOT devices > and the lack of standards way to provision them as they might be talking > different RF technologies and running L2 protocols only. 2) The iot nodes > may be moving individually or collectively and change networks; identifying > the movement of the iot nodes or identifying a particular node at any point > of time uniquely requires an intrinsic identification which might be useful > to set during bootstrapping of the node > > Regarding related work – does it consider IETF IOT security work only? > There have been some work and thought process going on regarding blockchain > IOT security in the industry. Perhaps that is out-of-scope of this > document, but I wanted to mention for authors’ considerations. > > Section 5: > Authors of the document may also want to browse a SRAM PUF based > technology which provides unique ID based authentication mechanism. > https://www.intrinsic-id.com/intrinsic-id-joins-wi-sun-alliance/ > > Section 9: > Does the example simulate any particular deployment model or research > experiments ? It might be good to clarify that. Section 10 and 11: Looks > like section 11 is closely related to section 10. Should they be combined > together ? > Else some more text is needed in section 10 on design trade-offs. > > Section 13: > Does this document recommend one layer of security to IOT devices ? There > are different types of IOT devices – some of them are very tiny and some > are more capable. Some definitely benefit for multi-level security than > single layer of security. L2 security is generally recommended for for all > IOT networks. Does data object protection only protect the application > data (payload) or more ? > > Thanks for the initiative in documenting the valuable work in IOT security > implementation and crypto comparison. -Samita > > > _______________________________________________ > IoT-DIR mailing list > IoT-DIR@ietf.org > https://www.ietf.org/mailman/listinfo/iot-dir > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. >
- [Lwip] Iotdir early review of draft-ietf-lwig-cry… Samita Chakrabarti
- Re: [Lwip] [IoT-DIR] Iotdir early review of draft… Hannes Tschofenig
- Re: [Lwip] [IoT-DIR] Iotdir early review of draft… Samita Chakrabarti
- [Lwip] (on PUFs) Re: [IoT-DIR] Iotdir early revie… Rene Struik
- Re: [Lwip] (on PUFs) Re: [IoT-DIR] Iotdir early r… Hannes Tschofenig
- Re: [Lwip] (on PUFs) Re: [IoT-DIR] Iotdir early r… Rene Struik
- Re: [Lwip] Iotdir early review of draft-ietf-lwig… Mohit Sethi