PAWS WG IETF-84 Device to Database Protocol for White Space July, 2012 Subir Das, John Malyar, Don Joslyn.

Slides:



Advertisements
Similar presentations
1 White Space use cases & requirements Gabor Bajko, Basavaraj Patil, Scott Probasco I-D: draft-probasco-paws-overview-usecases.
Advertisements

PAWS: Use Cases I-D: draft-ietf-paws-problem-stmt-usecases-rqmts Basavaraj Patil, Scott Probasco (Nokia) Juan Carlos Zuniga (Interdigital) IETF 82.
Common Identifiers Providing Globally Unique Identifiers for UUID and Application IDs of keys and other objects.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
SIP issues with S/MIME and CMS Rohan Mahy SIP, SIPPING co-chair.
Nokia Internal Use Only Outline Status of the PAWS protocol document: -06 Review proposed changes for -07 Open Items – Explicit “off” – Ability to encode.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
The Elbert HTTP Server HTTP Authentication, providing security in tough times By: Shawn M. Jones.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Nokia Internal Use Only PAWS Database Discovery Some considerations since the last Berlin meeting IETF 88, Vancouver, Canada.
SIP Security Matt Hsu.
Public Key Distribution and X.509 Wade Trappe. Distribution of Public Keys There are several techniques proposed for the distribution of public keys:
POP3 Post Office Protocol v.3. Intro The Post Office Protocol (POP) is currently the most popular TCP/IP access and retrieval protocol. It implements.
1 White Space requirements Gabor Bajko IETF 82 Taipei I-D: draft-ietf-paws-problem-stmt-usecases-rqmts-01.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
SIP OAuth Rifaat Shekh-Yusef IETF 90, SIPCore WG, Toronto, Canada July 21,
September, 2005What IHE Delivers 1 ITI Security Profiles – ATNA, CT IHE Vendors Webinar 2006 IHE IT Infrastructure Education Robert Horn, Agfa Healthcare.
Page 1 SIP header reduction for supporting delay sensitive applications draft-akhtar-sipping-header-reduction-00.txt draft-akhtar-sipping-3g-static-dictionary-00.txt.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.
Chapter 21 Distributed System Security Copyright © 2008.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
SIP Digest Access Authentication Rifaat Shekh-Yusef IETF 89, SIPCore WG, London March 6, Rifaat Shekh-Yusef - SIP Digest Auth.
PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG
A new challenge – creating a regulatory environment for implementing geo-location databases for White Space Devices (WSD) Andy Gowans Date (26 th January.
Insert Your Name Insert Your Title Insert Date Client Registration Open Issues Update 5/27/2011 Denis Pochuev (original proposal by Alan Frindell)
Doc.: IEEE /0099r0 Submission Sept Slide 1 Geo-location Database Issues of CEPT Date: Authors: Notice: This document has been.
Web Server Design Week 11 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/24/10.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
All Rights Reserved © Alcatel-Lucent 2006, ##### 2G IMS CAVE Based Security Replay Protection Alec Brusilovsky, Zhibi Wang Alcatel-Lucent, July 24, 2007.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
Session Initiation Protocol (SIP) Chapter 5 speaker : Wenping Zhang data :
Doc.: IEEE /0175r2 Submission June 2011 Slide 1 FCC TVWS Terminology Date: Authors: Peter Ecclesine, Cisco.
PAWS Protocol to Access White Space DB IETF 83, Paris Gabor Bajko, Brian Rosen.
IETF 57 PANA WG PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.
Doc.: IEEE /1393r1 Submission November 2011 Slide 1 OFCOM ECC TR 159 TVWS Terminology Date: Authors: Peter Ecclesine, Cisco.
Doc.: IEEE /xxxxr0 July 2011 Padam Kafle, Nokia Submission Simplification of Enablement Procedure for TVWS Authors: Date: July 18, 2011 NameCompanyAddressPhone .
Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.
Doc.: IEEE /0098r0 Submission July 2010 Alex Reznik, et. al. (InterDigital)Slide Security Procedures Notice: This document has been.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Nokia Internal Use Only Outline Status of the PAWS protocol document Open Issues – Review extensibility and IANA registries.
Submission doc.: IEEE /0052r1 March 2016 Sho Furuichi, SonySlide 1 Supplemental document for text proposal on amendment to entity operations Date:
PAWS Database Discovery ( draft-wei-paws-database-discovery-01) IETF 87 Berlin, Germany Presentation: Zhu Lei.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
PAWS Framework draft-lei-paws-framework-datamodel-00
The Secure Sockets Layer (SSL) Protocol
Outline What’s in the document Open Issues Encoding Device Discovery
PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)
SIP Configuration Issues: IETF 57, SIPPING
Cryptography and Network Security
Secure Sockets Layer (SSL)
Spectrum Database Interfaces – Data Structures
White Space Map Notification
Session Initiation Protocol (SIP)
HTTP Protocol.
Protocol ap1.0: Alice says “I am Alice”
Link Setup Flow July 2011 Date: Authors: Name Company
Transport Layer Security (TLS)
3GPP and SIP-AAA requirements
CS5220 Advanced Topics in Web Programming Secure REST API
Web Server Design Week 12 Old Dominion University
Notification of available channel list in TVWS
Web Server Design Week 12 Old Dominion University
Link Setup Flow July 2011 Date: Authors: Name Company
Chapter 8 roadmap 8.1 What is network security?
Presentation transcript:

PAWS WG IETF-84 Device to Database Protocol for White Space July, 2012 Subir Das, John Malyar, Don Joslyn

Protocol Layer | PAWS | | HTTPS | | TCP/IP | | IP |

Protocol Features/Functionalities WSD Initialization WSD Registration Database Query and Response Channel use Notification and Response WSD Validation WSD = White Space Device 3

Mailing List Discussion Points and Issues Purpose of WSD Initialization Purpose of WSD Registration Device Authentication Data Model Lat/Long representation Use of separate ‘geolocation’, ‘civiclocation’ elements Use if ‘vCard’ for ‘deviceowner’ data element Use of ‘iCalendar’ for channel availability time 4

WSD Initialization Assumption WSD Knows the URI of the DB or the discovery service WSD establishes HTTPS connection with the DB Server certificate is authenticated against a well known certificate authority WSD initialization is performed using INT-REQ and INT- RESP messages. The purpose of this step are two folds: To perform the Client authentication using a shared secret ( by using Digest Authentication) ‘Authinformation’ data element is used for this purpose To exchange several authority/domain specific information which are not possible to obtain during DB discovery, e.g., Device type, Serial number, Regulatory id, frequency when Master WSD should query the database, Result code and so on  ‘Capabilityinfo’ and ‘Protocolinfo’ data elements are used for this purpose 5

WSD Registration WSD registration is performed using REG-REQ and REG- RESP messages. The purpose of this step is: Provide the database with operational parameters such as owner and/or operator contact information, location and antenna height parameters and so on ‘Devicelocation’, and ‘Deviceowner’ data elements are used for this purpose This step may be required by some spectrum management authorities Registration can be mandatory upon its initial contact with the database, or when its registered parameters change 6

Device Authentication We believe that device authentication should be done by using a shared secret model instead of a client certificate and we provide the following: The use of Digest Authentication is identical to that for HTTP [RFC2617] and in particular SIP [RFC3261] with the following modifications: The URI and method included in the challenge are empty The realm represents one ‘security realm‘ The device’s serial number is currently mapped to ‘username‘ and the device’s shared secret is mapped to ‘password‘ MD5 is replaced by SHA-1 7

Data Model: Example Draft currently specifies the simple data elements for device location and device owner (light weight and self contained) 8 Device Location: Latitude ; type=float longitude ; type=float Locuncertainty; type==number Locconfidence; type=number HAGL; type=number HAGLuncertainty; type=float Antennatype; type= int Device Owner: Ownername; type=string Address ; type=string Phonenumber; type=alphanumeric ; type=alphanumeric Using the structure as specified in RFC 5491 and RFC 5139 may be fine but we have concerns over future compatibility (e.g., recent open geospatial name space change seehttp://

Use of vCard and ical Our understanding is that PAWS requirements would use less than 20% of the properties defined in vCard and iCal PAWS Requirements related to vCard use are Name; postal address; address ; and phone number; PAWS Requirements related to ical use are Duration; and Time ; Can we simply use the following from iCalendar (RFC 5545)? DTSTART, DTEND / DURATION 9

Message Encoding with JSON: Example AVAIL-CHAN-REQ POST/AVAIL-CHAN-REQ HTTPS/1.1 Host:WSP.example.com:443 Content-Type:application/PAWS+json; charset=utf-8 content length: XX { "Protoversion": "1.0", "messagetype": "AVAIL_CHAN_REQ", "Authority": "US", "Devicetype": "F", "Deviceidentity": "TTT1234", "Deviceserialno": "01AB23CD45EF", "Latttitude": " ", "Longitude": " " "Locuncertainty": "2", "LocConfidence": "95", "HAGL: " 25", "HAGLuncertainty": "1", "Antennatype":"MM", "Geolocationcode":"DEFAULT", "Requesttype":"allchannels", "Authscheme": "DIGEST", "Realm":"PAWS-DDI", "Nonce": "7b52009b64fd0a2a49e6d8a b0554" "Cnonce":"bd307a3ec329e10a2cff8fb da114f8f4", "qop": "auth" "resp": "4dfb972d427b4100c821d53b8bea9b2c33b74a7e", } 10 AVAIL-CHAN-RESP POST/AVAIL-CHAN-RESP HTTPS/ OK Server: Example PAWS Date: Fri, 12 June :24:27 GMT Expires: Fri, 12 June, June 2012, 20:30:00, GMT Cache-control : private Content-Type:application/PAWS+json; charset=utf-8 content length: YY { "Protoversion": "1.0", "Messagetype": "AVAIL_CHAN_RESP", "Authority": "US", "Resultcode": "success", "Authscheme": "DIGEST", "Realm":"PAWS-DDI "Nonce": "7b52009b64fd0a2a49e6d8a b0554"} "qop": "auth", "Channellist": [ { "Channelno": 2, "Minfreq": 54, "Maxfreq": 60 "MaxEIRP": 4000, "Datetime": " T235959Z", "Duration": "1440, mins", "Availability": true.. { "Channelno": 51, "Minfreq": 692, "Maxfreq": 698, "MaxEIRP": 4000, "Datetime": " T120000Z", "Duration": "720, mins ", "Availability": true }

Next Steps/Considerations We have received comments from several folks (Thanks to the reviewers!) such as, ‘Channel number’ should be optional and frequency should be mandatory Device authentication should be optional Device authentication may be performed by using cert where available Regulator specific attributes should be listed or profiled in the Appendix ‘Device owner/operatorinfo’ may be represented using ‘vcard’ ‘Channel/Frequency’ availability may be represented using ‘ical’ Our goal is to discuss further and address them as appropriate in our next version 11

Questions? Feedback? 12

Backup Slides 13

DB Query Database query and response are performed using AVAIL- CHAN-REQ, and AVAIL-CHAN-RESP messages. The purpose of the step is To query the WS database with the required parameters for obtaining WS channel/frequency information ‘Devicelocation’, and ‘Availablechannellist’, data elements are used for this purpose Used channel/frequency notification and response are performed using USE-CHAN-NOTIFY and USE-CHAN- RESP messages. The purpose of this step is, To notify the used channel/frequency information to the database ‘Devicelocation’, and ‘Usedchannellist’ data elements are used for this purpose 14

WSD Validation WSD validation is performed by using DEV-VALID-REQ and DEV-VALID-RESP messages. The purpose of this step is Master WSD verifies the identity of the slave WSDs when required by the spectrum management authority ‘Devicelocation’ and ‘Slavedevicelist’ data elements are used for this purpose 15

Data Model Structure 16 Object Element Attribute Initialization Registration DatabaseQuery Devicevalidation Capabilityinfo Protocolinfo Authenticationinfo Deviceowner Availablechannellist Devicelocation Usedchannellist Slavedevicelist Devicetype Deviceidentity Lattitude/Longitude Max/Min Freq HAGL MaxEIRP

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.