1 / 12

Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs)

Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: HIP over TG9 Date Submitted: May 15, 2012 Source: Robert Moskowitz, Verizon Address 1000 Bent Creek Blvd, MechanicsBurg, PA, USA Voice:+1 (248) 968-9809, e-mail: rgm@labs.htt-consult.com

forbes
Télécharger la présentation

Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: HIP over TG9 Date Submitted: May 15, 2012 Source: Robert Moskowitz, Verizon Address 1000 Bent Creek Blvd, MechanicsBurg, PA, USA Voice:+1 (248) 968-9809, e-mail: rgm@labs.htt-consult.com Re: HIP KMP over TG9 Abstract: HIP KMP over TG9 Purpose: To add Key Management capabilities to 15.4 and 15.7 Notice: This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15. Robert Moskowitz, Verizon

  2. Robert Moskowitz Atlanta, GA May 15, 2012 HIP KMP over TG9 Robert Moskowitz, Verizon

  3. Robert Moskowitz, Verizon Abstract • Present the HIP protocol • Both BEX and DEX • Use cases for HIP for 802.15 • Deployment recommendations • Specifics for use over TG9 • Pairwise and Group keys for BEX • Authentication methods • ACLs and RADIUS

  4. Robert Moskowitz, Verizon The HIP protocol • Defined in RFCs • In revision • Plus draft for DEX (Diet Exchange) • Key Management between peers • Exchange of secure identities • 4 packet session key establishment • BEX is SIGMA compliant • Mobility features not needed for TG9

  5. Robert Moskowitz, Verizon The HIP protocol • Secure Identities • HIP is based on the principle that each device has a secure identity which is the public key of an asymmetric key pair. This is called the HI – Host Identity • BEX supports most algorithms • DEX only supports ECDH

  6. Robert Moskowitz, Verizon The HIP protocol • Secure Identities • HIT (Host Identity Tag) is a hash of the HI • Used as an index for SAs • Including authentication • As an IPv6 address for applications • HIT is an ORCHID and a valid IPv6 address • Some work on hierarchical HITs that include domain information

  7. Robert Moskowitz, Verizon The HIP protocol • HIP BEX – Base EXchange Initiator Responder I1: Trigger exchange R1: {Puzzle, D-H(R) HI(R), ESP Transform, HIP Transform }SIG HIP SA I2: {Solution, LSI(I), SPI(I), D-H(I), ESP Transform, HIP Transform, {H(I)}SK }SIG HIP SA R2: {LSI(R), SPI(R), HMAC}SIG IMAC SA IMAC SA

  8. Robert Moskowitz, Verizon The HIP protocol • HIP DEX – Diet EXchange Initiator Responder I1: Trigger exchange R1: {Puzzle, HI(R)} HIP SA I2: {Solution, HI(I),{SKx}DHk }MAC HIP SA R2: {HI(R), {Sky}DHk, {PTK, GTK}SKy}MAC IMAC SA IMAC SA

  9. Robert Moskowitz, Verizon Use Cases for HIP • Use cases • Constrained Sensors • Code space, CPU • DEX uses static ECDH, no ephemeral • Light switches, Temp sensors, door locks • Single KMP for all layers • MAC, IP, DTLS-PSK

  10. Robert Moskowitz, Verizon HIP Deployment Recommendations • Opportunistic • Initial exchange assumed to be in a trusted environment and HITs accepted and populate auth table • HIT displayed on device or packaging • QR code scanned with phone app that loads auth table

  11. Robert Moskowitz, Verizon HIP specifics for TG9 • BEX items • No ESP transform • BEX currently only creates session key • Need to add PTK and GTK support as in DEX • DEX items • No ESP transform

  12. Robert Moskowitz, Verizon HIP specifics for TG9 • Authentication of devices to PAN • ACL • Used in single controller PAN (star) • RADIUS back end • For any PAN architecture • Device HIT and MAC in RADIUS Request • Existing RADIUS function, no change to existing RADIUS servers • MAC MAY be 'null' • X.509 certs supported for BEX only • More for controller auth

More Related