1 / 9

Report from the “Smart Object Security Workshop 23 rd March 2012, Paris”

Report from the “Smart Object Security Workshop 23 rd March 2012, Paris”. Presenter: Hannes Tschofenig. Workshop Organizers. Hannes Tschofenig Jari Arkko Carsten Bormann Peter Friess Cullen Jennings Antonio Skarmeta Zach Shelby. Thomas Heide Clausen (Host). Workshop Info.

katina
Télécharger la présentation

Report from the “Smart Object Security Workshop 23 rd March 2012, Paris”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Report from the “Smart Object Security Workshop23rd March 2012, Paris” Presenter: Hannes Tschofenig

  2. Workshop Organizers • Hannes Tschofenig • JariArkko • Carsten Bormann • Peter Friess • Cullen Jennings • Antonio Skarmeta • Zach Shelby Thomas Heide Clausen (Host)

  3. Workshop Info • Webpage: http://www.lix.polytechnique.fr/hipercom/SmartObjectSecurity/ • Papers and slides will be copied to this website after the meeting. Currently, they are temporarily here: • Position papers: http://www.tschofenig.priv.at/sos-papers/PositionPapers.htm • Agenda & slides: http://www.tschofenig.priv.at/wp/?p=874

  4. Workshop Goals Wehad a gutfeelingthatwemighthaveproblemswithsecuringsmartobjectnetworks. Hadreceived input already in the March 2011 Prague IAB SmartObject workshop. Bringtogetherimplementationexperience, applicationrequirements, and researchers and protocoldesigners Whatdeploymentexperience is there? Whatcredentialtypesaremost common? Whatimplementationtechniquesmakeitpossible to use Internet securitytechnology in thesedevices? Whatare the challenges?

  5. Requirements for eachapplicationdomaindiffer alsodrivenby the business models and number of devicesthatneed to beprovisioned Understanding of threatsdiffersbetween the differentcommunities: Attacksarenot just fromneighbor'skids Also, e.g., taking-the-grid-downattacks Installationbyregularpeople Requirements& Economics

  6. Wethinkwecanuse the existingcryptoalgorithms Weprobablycanuse the existingprotocols (delta a fewminorextensions). Lots of implementationworkbeingdoneby the participants(e.g., TLS, DTLS, PANA, EAP, HIP) butstillmoreinvestigationsneeded. Importantaspect: Focus on the system! Look at the codesize of the entiresystem (includingprovisioning, authorization, config) Focus on what to optimize for variousamong the differentdeployments Energy consumption, codesize, main memorysize, over-the-wirebandwidth ImplementationExperiences

  7. Manyquestionswereraised, for example: Whichdevice is authorized to talkwowhichotherdevice? What is the role of the human? Where is the policydecisionpoint and the policyenforcementpoint in the network? What is the granularity of the authorizationdecision? Whatneeds to bestandardized? Seems to be the mostchallengingaspect. Notclearwhetherthere is any IETF standardsworkneeded? AuthorizationDiscussion

  8. There is a limited set of solutions Based on the hardware support of devices: buttonsvs. labels vs. LEDs, multicastdiscovery, onlinenetworkavailability, ... Again, the threatassumptionsmatter and who is supposed to do the credentialprovisioning. A funarea to design protocolsin Detaileddiscussionabout a specificproposalfromCullenJennings. http://www.tschofenig.priv.at/sos-papers/CullenJennings.pdf ImprintingDiscussion

  9. Document the implementationexperience in the LWIG group. A fewalreadyongoingsecuritystandardsactivities (e.g., TLS rawpublickeys, JOSE on JSON encryption and signing). Maybediscussionsaroundimprintingprotocols in the IETF in the future. There is no single securityarchitecture for smartobjects (noteven a smallnumber of them). NextSteps

More Related