Presentation is loading. Please wait.

Presentation is loading. Please wait.

Doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal.

Published byBenjamin Barton Modified over 8 years ago

Similar presentations

Presentation on theme: "Doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal."— Presentation transcript:

1 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs)‏ Submission Title: Key Negotiation for IEEE 802.15.6 devices using the Host Identity Protocol (HIP)‏ Date Submitted: 18 November, 2009 Source: Robert Moskowitz (ICSAlabs, an Independent Division of Verizon Business Systems)‏ Address: Detroit, MI USA Voice:[…], FAX: […], E-Mail: robert dot moskowitz at icsalabs dot com Re: Unifying keying across protocol layers Abstract:The document proposes unifying the expensive keying mechanism across the protocol layers using the Host Identity Protocol, RFC 4423. Purpose:Review layered security model, why both Layer 2 & 3 security needed and how HIP can key Layer 2 security and provide Layer 3 security. Notice:This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release:The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15.

2 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 2 Key Negotiation for IEEE 802.15.6 devices using the Host Identity Protocol (HIP)‏ Robert Moskowitz (ICSAlabs, an Independent Division of Verizon Business Systems)‏

3 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 3 What to Secure? As stated by Norm Finn at the start of the 802.1 LinkSec effort: –Layer 2 security addresses the Risks and Liabilities of the Network Owner –Layer 3 security addresses the Risks and Liabilities of the System Owner –Layer 4 security addresses the Risks and Liabilities of the Application Owner –Layer 7 security addresses the Risks and Liabilities of the Data Owner –There is some natural overlap Note that each layer tends to have its own datagram framing requirements, but keying issues MAY be commonized.

4 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 4 A Security Curmudgeon Speaks out MAC security is at best half the problem It boarders on impossible to design a secure system that does not implement system security protocols –Even the smallest sensors are faced with this problem and thus a cost-vs-secure trade off. It is HARD to design a Key Management System –And, in part, why we have so few KMSs.

5 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 5 Key Management Requirements Really Secure –E.G. SigMa compliant webee.technion.ac.il/~hugo/sigma.html Minimal cost –Short exchange, e.g. 4 datagrams –Use ECC –Long-lived state, e.g. survive power cycles Challenge of maintaining CCM counter as well

6 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 6 Key Management Requirements Avoid 3 rd parties –E.G. PKI and AAA (used in 802.1X)‏ Support Access Control Lists (ACLs)‏ –With simple registration, e.g. password based Support Emergency Access –E.G. One time Password based –Restricted data flow E.G. “We detect a heartbeat in the rubble”

7 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 7 A Short Introduction to HIP And what it offers mBAN The Host Identity Protocol (HIP)‏ –Started January 1998 –RFCs: 4423, 5201-5206 Leverages a Public Key “Host Identity” to –Set up a secure communication between 2 hosts True Peer-to-peer model –Decouple the Transport layer from the Internetworking layer –Currently RSA & DSA, ECC being added www.ietf.org/proceedings/09nov/slides/HIPRG-6.ppt

8 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 8 A Short Introduction to HIP And what it offers mBAN Introduces the “Host Identity Tag” (HIT)‏ –A hash of the HI into the IPv6 address space Currently in ORCHID (RFC 4843) format Currently uses SHA-1 –Plans to add other hashes, e.g. GMAC –Applications bind to the HIT and never see routable IPv6 addresses HIP middle layer does the mappings –Redirects ARE a problem Supports true multihoming Supports true mobility Local Scope Identities (LSI) for IPv4 support

9 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 9 A Short Introduction to HIP And what it offers mBAN Uses The Encapsulating Security Payload (ESP) in Transport mode for datagram protection –Any ESP ciphersuite can be used ESP + CCM costs ~26 bytes –The SPI (Security Parameter Index) is the per-packet index to the HIT and IP addresses –All host-paired applications use the same Security Association

10 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 10 A Short Introduction to HIP And what it offers mBAN HIP is **NOT** a replacement for IKE in IPsec –It is similar, but solves different problems –IKEv2 came after HIP and has 'lessons learned' in its design. –Currently only supports ESP in Transport mode Discussions to add AH support for IPv6 If you want a tunnel, run a tunnel within Transport (IPnIP)‏

11 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 11 A Short Introduction to HIP And what it offers mBAN The HIP Base Exchange is 4 packets

12 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 12 A Short Introduction to HIP And what it offers mBAN

13 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 13 A Short Introduction to HIP And what it offers mBAN Limited policy negotiation –e.g. Key lifetime is a local host issue HIP mobility via Rendezvous Server –NOT a HOME agent –Systems register to an RVS –RVS only 'slingshots' I1 HIP API –Applications can query their security posture –Alternative to Layer 4 security

14 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 14 HIP brings to mBAN Key MAC security as well as Internetworking security –Implement a single KMS Applications are IP address ignorant –Mobility –IPv6 datagram compression Local loop does may not need SRC and DST addresses This will take work to work right

15 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 15 HIP work HIP code  Boeing has SCADA experience with their implementation www.openhip.org Ported to ARM, but patches not yet public  Ericsson's NomadicLabs has BSD licensed code hip4inter.net

16 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 16 HIP work HIP code  Helsinki Institute of Information Technologies hipl.infrahip.net Available on N810 –RSA based HIP est. cost of 360mA, no data yet on ECC Ported to Imote2 –www.xbow.com/Products/productdetails.aspx?sid=253

17 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 17 HIP work “Internet of Things”  perso.telecom- paristech.fr/~urien/hiptag/index.html HIP EAP  Password challenge/response within HIP  draft-varjonen-hip-eap-00.txt

18 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 18 HIP References HIP book by Andrei Gurtov –www.amazon.com/Host-Identity-Protocol- HIP-Communications/dp/0470997907 Writings –www.cs.helsinki.fi/u/gurtov/papers/ Host Identity Protocol (HIP): Connectivity, Mobility, Multi-homing, Security, and Privacy over IPv4 and IPv6 networks –www.cs.helsinki.fi/u/gurtov/papers/hip_survey.pdf Performance of Host Identity Protocol on Lightweight Hardware –www.cs.helsinki.fi/u/gurtov/papers/mobiarch.pdf

19 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 19 HIP References More Writings –www.cs.helsinki.fi/u/gurtov/papers/ Analysis of the HIP Base Exchange Protocol –www.cs.helsinki.fi/u/gurtov/papers/analysis_hip.pdf Note many of these recommendations were implemented Usable Security Management with Host Identity Protocol –www.cs.helsinki.fi/u/gurtov/papers/hip_usab.pdf Performance of Host Identity Protocol on Symbian OS –www.cs.helsinki.fi/u/gurtov/papers/symbian_hip.pdf

20 doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 20 Questions?

Download ppt "Doc.: IEEE 802.15-09-0791-01-0006 Submission November 2009 Robert Moskowitz (ICSAlabs/VzB)Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal."

Similar presentations

Doc.: IEEE 802.15-10-0412-06-wng0 Submission June 2010 Robert Moskowitz (ICSAlabs/VzB)Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal.

Doc.: IEEE wng0 Submission June 2010 Robert Moskowitz (ICSAlabs/VzB)Slide 1 Project: IEEE P Working Group for Wireless Personal.
Doc.: IEEE 15-13-0677-02-0009-tg9-proposed-document-changes Submission Nov 2013 Robert Moskowitz, VerizonSlide 1 Project: IEEE P802.15 Working Group for.

Doc.: IEEE tg9-proposed-document-changes Submission Nov 2013 Robert Moskowitz, VerizonSlide 1 Project: IEEE P Working Group for.
Doc.: IEEE 802.15-xxxxx Submission doc. : IEEE 802. 15-13-0011-00-0008 Slide 1 Junbeom Hur and Sungrae Cho, Chung-Ang University Project: IEEE P802.15.

Doc.: IEEE xxxxx Submission doc. : IEEE Slide 1 Junbeom Hur and Sungrae Cho, Chung-Ang University Project: IEEE P
Submission 15-11-0364-00-0hip Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Bootstrapping.

Submission hip Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Bootstrapping.
Doc.: Submission, Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Securing the 802.15.4 Network.

Doc.: Submission, Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Securing the Network.
Doc.: IEEE 15-15-0427-00-007a-Updating-15-7-security Submission May 2015 Robert Moskowitz, HTT ConsultingSlide 1 Project: IEEE P802.15 Working Group for.

Doc.: IEEE a-Updating-15-7-security Submission May 2015 Robert Moskowitz, HTT ConsultingSlide 1 Project: IEEE P Working Group for.
Doc.: IEEE privecsg-14-0026-01-Rnd-Modr-MAC-Addr Submission Jan 2015 Robert Moskowitz, HTT Consulting Slide 1 Project: IEEE 802 EC Privacy Recommendation.

Doc.: IEEE privecsg Rnd-Modr-MAC-Addr Submission Jan 2015 Robert Moskowitz, HTT Consulting Slide 1 Project: IEEE 802 EC Privacy Recommendation.
Doc.: Submission, Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [LB97 PICS Scrub] Date Submitted:

Doc.: Submission, Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [LB97 PICS Scrub] Date Submitted:
Doc.: IEEE 802.15-15-0086-00-004s Submission January 2015 Mineo Takai, Space-Time EngineeringSlide 1 Project: IEEE P802.15 Working Group for Wireless Personal.

Doc.: IEEE s Submission January 2015 Mineo Takai, Space-Time EngineeringSlide 1 Project: IEEE P Working Group for Wireless Personal.
Doc.: IEEE 802.15-xxxxx Submission doc. : IEEE 802.15-15-09-0549-00-0007doc. : IEEE 802. 15-12-0566-00-0008pac Nov 2012 Slide 1 Project: IEEE P802.15 Working.

Doc.: IEEE xxxxx Submission doc. : IEEE doc. : IEEE pac Nov 2012 Slide 1 Project: IEEE P Working.
Doc.: IEEE 802.15-15-12- 0162-00-0009 Submission March 2012 Jani Pellikka, Andrei Gurtov (University of Oulu)Slide 1 Project: IEEE P802.15 Working Group.

Doc.: IEEE Submission March 2012 Jani Pellikka, Andrei Gurtov (University of Oulu)Slide 1 Project: IEEE P Working Group.
Doc.: IEEE 802.15-06/0136r0 Submission March 2006 Abbie Mathew, NewLANS Project: IEEE P802.15 Working Group for Wireless Personal Area Networks Submission.

Doc.: IEEE /0136r0 Submission March 2006 Abbie Mathew, NewLANS Project: IEEE P Working Group for Wireless Personal Area Networks Submission.
Doc.: IEEE15-14-0327-01-0009-Hop-Discuss Submission July 2014 Robert Moskowitz, Verizon Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal.

Doc.: IEEE Hop-Discuss Submission July 2014 Robert Moskowitz, Verizon Slide 1 Project: IEEE P Working Group for Wireless Personal.
Doc.: IEEE15-12-0458-00-0009-Moving-KMP-Forward Submission September 2012 Robert Moskowitz, Verizon Slide 1 Project: IEEE P802.15 Working Group for Wireless.

Doc.: IEEE Moving-KMP-Forward Submission September 2012 Robert Moskowitz, Verizon Slide 1 Project: IEEE P Working Group for Wireless.
Doc.: IEEE 802.15-03/368r0 Submission September 2003 Ranta et al., Discussion on UWB MAC for mobile devices Project: IEEE P802.15 Working Group for Wireless.

Doc.: IEEE /368r0 Submission September 2003 Ranta et al., Discussion on UWB MAC for mobile devices Project: IEEE P Working Group for Wireless.
Doc.: IEEE 802.15-05-0082-00-004b Submission January 2005 Robert Cragie, Jennic Ltd.Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal Area.

Doc.: IEEE b Submission January 2005 Robert Cragie, Jennic Ltd.Slide 1 Project: IEEE P Working Group for Wireless Personal Area.
Doc.: IEEE15-12-0373-01-0009-KMP-Transport-Joint-802.1 Submission July 2012 Robert Moskowitz, Verizon Slide 1 Project: IEEE P802.15 Working Group for Wireless.

Doc.: IEEE KMP-Transport-Joint Submission July 2012 Robert Moskowitz, Verizon Slide 1 Project: IEEE P Working Group for Wireless.
Doc.: IEEE 802.15-12-0573-00-0008 Submission November 2012 Sunggeun Jin (ETRI)Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks.

Doc.: IEEE Submission November 2012 Sunggeun Jin (ETRI)Slide 1 Project: IEEE P Working Group for Wireless Personal Area Networks.
Doc.: IEEE15-12-0231-00-0009-HIP-over-TG9 Submission May 2012 Robert Moskowitz, Verizon Slide 1 Project: IEEE P802.15 Working Group for Wireless Personal.

Doc.: IEEE HIP-over-TG9 Submission May 2012 Robert Moskowitz, Verizon Slide 1 Project: IEEE P Working Group for Wireless Personal.
Doc.: IEEE 802.15- Submission doc. : IEEE 802.15-15-09-0205-00-0007 March 2009 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks.

Doc.: IEEE Submission doc. : IEEE March 2009 Project: IEEE P Working Group for Wireless Personal Area Networks.

Similar presentations

Ads by Google