Smart Object Security Workshop 23 rd March 2012, Paris

Organizers Hannes Tschofenig – Nokia Siemens Networks, IAB member Jari Arkko – Ericsson, IETF Internet Area Director, upcoming IAB member Carsten Bormann – University of Bremen, IETF CoRE and 6LoWPAN WG co-chair Peter Friess – European Commission Cullen Jennings – Cisco, IETF CoRE WG co-chair Antonio Skarmeta – University of Murcia, IoT6 FP7 Project Zach Shelby – Sensinode, Smart Object IETF Specification Author Thomas Heide Clausen – Ecole Polytechnique, our host

Note Well

Info Webpage: artObjectSecurity/ artObjectSecurity/ Papers and slides will be copied to this website after the meeting. Currently, the 35 papers are here: papers/PositionPapers.htm papers/PositionPapers.htm

A few words from Alex "Sandy" Pentland (MIT)Alex "Sandy" Pentland Data shows that great teams: – Communicate frequently. In a typical project team a dozen or so communication exchanges per working hour may turn out to be optimum; but more or less than that and team performance can decline. – Talk and listen in equal measure, equally among members. Lower performing teams have dominant members, teams within teams, and members who talk or listen but don't do both. – Engage in frequent informal communication. The best teams spend about half their time communicating outside of formal meetings or as "asides" during team meetings, and increasing opportunities for informal communication tends to increase team performance. – Explore for ideas and information outside the group. The best teams periodically connect with many different outside sources and bring what they learn back to the team.

Mailing List security-i1b.org security-i1b.org – Used for workshop preparation and discussion of the papers. – Will be deleted at the end of the workshop.

Results of the workshop Conclusions from discussions will be captured in a slide set at the end of the workshop. Notes / Minutes from the day: – Etherpad: Twitter hashtag: #sosw

Pictures & Audio Recording I will take pictures – and try to upload them to the webpage – OK? We will do an audio recording – Turned out to be useful if we missed some discussions. – Audio will not be shared with anyone. – OK?

Agenda 08: :00: Arrival of Participants and Coffee 09: :30: Opening Remarks Thomas Clausen, Ecole Polytechnique: Welcome and logistics (15 min) Hannes Tschofenig, NSN & Jari Arkko, Ericsson: Agenda (5 min) 09: :30: Requirements and Use Cases Paul Chilton, NXP: Security challenges in the lighting use case (10 min) Rudolf van der Berg, OECD: Open interfaces, identifier spaces, and economic challenges (10 min) Discussion: What are the core security requirements? What has the industry already deployed, and what are they struggling with? How to design for choice considering economics, and competition for smart object security? 10: :40: Break

Agenda, cont. 10: :30: Implementation experience Carsten Bormann, Universitaet Bremen: Light-weight COAP & DTLS implementations (10 min) Hannes Tschofenig, Nokia Siemens Networks: TLS and Raw Public Keys Implementation (5 min) Mohit Sethi, Ericsson/Aalto: Public Key Crypto Implementation Experience (5 min) Discussion: What is our experience with implementing some of these protocols? What worked and what didn't? What advice can be given? Where is further research, standardization, and implementation work needed? 12: :30: Lunch Break

Agenda, cont. 13: :30: Authorization and Role-based Access Control Richard Barnes, BBN: Beyond COMSEC (10 min) Jan Janak, Columbia University: On Access Control (10 min) Discussion: What is the interaction between business processes (such as installation, change of ownership; including non-business processes such as home admin), the roles we have to manage in the system as a result of that, and the crypto we can do to implement those roles? 15: :00: Coffee Break

Agenda, cont. 16: :30: Provisioning Johannes Gilger, RTWH Aachen: Secure pairing (10 min) Cullen Jennings, Cisco: A deployment model (10 min) Discussion: What are practical deployment models, and corresponding protocols? 17: :30: Summary Evening: Dinner for those who want (self-organized)