September 2009 doc.: IEEE 802.15-0697-00 November 2009 Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Key Negotiation for IEEE 802.15.6 devices using the Host Identity Protocol (HIP) Date Submitted: 18 November, 2009 Source: Robert Moskowitz (ICSAlabs, an Independent Division of Verizon Business Systems) Address: Detroit, MI USA Voice:[…], FAX: […], E-Mail: robert dot moskowitz at icsalabs dot com Re: Unifying keying across protocol layers Abstract: The document proposes unifying the expensive keying mechanism across the protocol layers using the Host Identity Protocol, RFC 4423. Purpose: Review layered security model, why both Layer 2 & 3 security needed and how HIP can key Layer 2 security and provide Layer 3 security. Notice: This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15. Robert Moskowitz (ICSAlabs/VzB) Michael Bahr (Siemens AG) et al.
September 2009 doc.: IEEE 802.15-0697-00 November 2009 Key Negotiation for IEEE 802.15.6 devices using the Host Identity Protocol (HIP) Robert Moskowitz (ICSAlabs, an Independent Division of Verizon Business Systems) Robert Moskowitz (ICSAlabs/VzB) Michael Bahr (Siemens AG) et al.
September 2009 doc.: IEEE 802.15-0697-00 November 2009 What to Secure? As stated by Norm Finn at the start of the 802.1 LinkSec effort: Layer 2 security addresses the Risks and Liabilities of the Network Owner Layer 3 security addresses the Risks and Liabilities of the System Owner Layer 4 security addresses the Risks and Liabilities of the Application Owner Layer 7 security addresses the Risks and Liabilities of the Data Owner There is some natural overlap Note that each layer tends to have its own datagram framing requirements, but keying issues MAY be commonized. Robert Moskowitz (ICSAlabs/VzB) Michael Bahr (Siemens AG) et al.
A Security Curmudgeon Speaks out September 2009 doc.: IEEE 802.15-0697-00 November 2009 A Security Curmudgeon Speaks out MAC security is at best half the problem It boarders on impossible to design a secure system that does not implement system security protocols Even the smallest sensors are faced with this problem and thus a cost-vs-secure trade off. It is HARD to design a Key Management System And, in part, why we have so few KMSs. Robert Moskowitz (ICSAlabs/VzB) Michael Bahr (Siemens AG) et al.
Key Management Requirements September 2009 doc.: IEEE 802.15-0697-00 November 2009 Key Management Requirements Really Secure E.G. SigMa compliant webee.technion.ac.il/~hugo/sigma.html Minimal cost Short exchange, e.g. 4 datagrams Use ECC Long-lived state, e.g. survive power cycles Challenge of maintaining CCM counter as well Robert Moskowitz (ICSAlabs/VzB) Michael Bahr (Siemens AG) et al.
Key Management Requirements September 2009 doc.: IEEE 802.15-0697-00 November 2009 Key Management Requirements Avoid 3rd parties E.G. PKI and AAA (used in 802.1X) Support Access Control Lists (ACLs) With simple registration, e.g. password based Support Emergency Access E.G. One time Password based Restricted data flow E.G. “We detect a heartbeat in the rubble” Robert Moskowitz (ICSAlabs/VzB) Michael Bahr (Siemens AG) et al.
A Short Introduction to HIP And what it offers mBAN September 2009 doc.: IEEE 802.15-0697-00 November 2009 A Short Introduction to HIP And what it offers mBAN The Host Identity Protocol (HIP) Started January 1998 RFCs: 4423, 5201-5206 Leverages a Public Key “Host Identity” to Set up a secure communication between 2 hosts True Peer-to-peer model Decouple the Transport layer from the Internetworking layer Currently RSA & DSA, ECC being added www.ietf.org/proceedings/09nov/slides/HIPRG-6.ppt Robert Moskowitz (ICSAlabs/VzB) Michael Bahr (Siemens AG) et al.
A Short Introduction to HIP And what it offers mBAN September 2009 doc.: IEEE 802.15-0697-00 November 2009 A Short Introduction to HIP And what it offers mBAN Introduces the “Host Identity Tag” (HIT) A hash of the HI into the IPv6 address space Currently in ORCHID (RFC 4843) format Currently uses SHA-1 Plans to add other hashes, e.g. GMAC Applications bind to the HIT and never see routable IPv6 addresses HIP middle layer does the mappings Redirects ARE a problem Supports true multihoming Supports true mobility Local Scope Identities (LSI) for IPv4 support Robert Moskowitz (ICSAlabs/VzB) Michael Bahr (Siemens AG) et al.
A Short Introduction to HIP And what it offers mBAN September 2009 doc.: IEEE 802.15-0697-00 November 2009 A Short Introduction to HIP And what it offers mBAN Uses The Encapsulating Security Payload (ESP) in Transport mode for datagram protection Any ESP ciphersuite can be used ESP + CCM costs ~26 bytes The SPI (Security Parameter Index) is the per-packet index to the HIT and IP addresses All host-paired applications use the same Security Association Robert Moskowitz (ICSAlabs/VzB) Michael Bahr (Siemens AG) et al.
A Short Introduction to HIP And what it offers mBAN September 2009 doc.: IEEE 802.15-0697-00 November 2009 A Short Introduction to HIP And what it offers mBAN HIP is **NOT** a replacement for IKE in IPsec It is similar, but solves different problems IKEv2 came after HIP and has 'lessons learned' in its design. Currently only supports ESP in Transport mode Discussions to add AH support for IPv6 If you want a tunnel, run a tunnel within Transport (IPnIP) Robert Moskowitz (ICSAlabs/VzB) Michael Bahr (Siemens AG) et al.
A Short Introduction to HIP And what it offers mBAN September 2009 doc.: IEEE 802.15-0697-00 November 2009 A Short Introduction to HIP And what it offers mBAN The HIP Base Exchange is 4 packets Robert Moskowitz (ICSAlabs/VzB) Michael Bahr (Siemens AG) et al.
A Short Introduction to HIP And what it offers mBAN September 2009 doc.: IEEE 802.15-0697-00 November 2009 A Short Introduction to HIP And what it offers mBAN Robert Moskowitz (ICSAlabs/VzB) Michael Bahr (Siemens AG) et al.
A Short Introduction to HIP And what it offers mBAN September 2009 doc.: IEEE 802.15-0697-00 November 2009 A Short Introduction to HIP And what it offers mBAN Limited policy negotiation e.g. Key lifetime is a local host issue HIP mobility via Rendezvous Server NOT a HOME agent Systems register to an RVS RVS only 'slingshots' I1 HIP API Applications can query their security posture Alternative to Layer 4 security Robert Moskowitz (ICSAlabs/VzB) Michael Bahr (Siemens AG) et al.
September 2009 doc.: IEEE 802.15-0697-00 November 2009 HIP brings to mBAN Key MAC security as well as Internetworking security Implement a single KMS Applications are IP address ignorant Mobility IPv6 datagram compression Local loop does may not need SRC and DST addresses This will take work to work right Robert Moskowitz (ICSAlabs/VzB) Michael Bahr (Siemens AG) et al.
September 2009 doc.: IEEE 802.15-0697-00 November 2009 HIP work HIP code Boeing has SCADA experience with their implementation www.openhip.org Ericsson's NomadicLabs has BSD licensed code hip4inter.net Helsinki Institute of Information Technologies hipl.infrahip.net Robert Moskowitz (ICSAlabs/VzB) Michael Bahr (Siemens AG) et al.
HIP work “Internet of Things” HIP EAP September 2009 doc.: IEEE 802.15-0697-00 November 2009 HIP work “Internet of Things” perso.telecom- paristech.fr/~urien/hiptag/index.html HIP EAP Password challenge/response within HIP draft-varjonen-hip-eap-00.txt Robert Moskowitz (ICSAlabs/VzB) Michael Bahr (Siemens AG) et al.
Questions? September 2009 doc.: IEEE 802.15-0697-00 November 2009 Robert Moskowitz (ICSAlabs/VzB) Michael Bahr (Siemens AG) et al.