Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Slides:



Advertisements
Similar presentations
Virtual Trunk Protocol
Advertisements

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Security Issues In Mobile IP
Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
Encrypting Wireless Data with VPN Techniques
Internet Protocol Security (IP Sec)
Advanced Computer Networks Fall 2011
Authentication Applications
1 Authentication Applications Ola Flygt Växjö University, Sweden
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Cryptography and Network Security Chapter 16
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
CCNA – Network Fundamentals
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Internet Protocol Security (IPSec)
IP Network Basics. For Internal Use Only ▲ Internal Use Only ▲ Course Objectives Grasp the basic knowledge of network Understand network evolution history.
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace.
Wireless and Security CSCI 5857: Encoding and Encryption.
M3UA Patrick Sharp.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
CSCE 715: Network Systems Security
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
 A Web service is a method of communication between two electronic devices over World Wide Web.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
ROLL Working Group Meeting IETF-81, Quebec City July 2011 Online Agenda and Slides at: bin/wg/wg_proceedings.cgi Co-chairs:
ROLL RPL Security IETF 77 status
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
V IRTUAL P RIVATE N ETWORKS K ARTHIK M OHANASUNDARAM W RIGHT S TATE U NIVERSITY.
By Mau, Morgan Arora, Pankaj Desai, Kiran.  Large address space  Briefing on IPsec  IPsec implementation  IPsec operational modes  Authentication.
IPSec  general IP Security mechanisms  provides  authentication  confidentiality  key management  Applications include Secure connectivity over.
August 2, 2005 IETF 63 – Paris, France Media Independent Handover Services and Interoperability Ajay Rajkumar Chair, IEEE WG.
MIKEY, Revisited Lakshminath Dondeti Thanks to: Dragan Ignjatic, Ran Canetti and others.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
Network Layer Security Network Systems Security Mort Anvari.
K. Salah1 Security Protocols in the Internet IPSec.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Cryptography CSS 329 Lecture 13:SSL.
A Security Framework for ROLL draft-tsao-roll-security-framework-00.txt T. Tsao R. Alexander M. Dohler V. Daza A. Lozano.
Emerging Solutions in Network Time Synchronization Security
VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.
IPSec Detailed Description and VPN
UNIT.4 IP Security.
ROLL RPL Security IETF 77 status
Understand Networking Services
Handover Keys Using AAA (draft-vidya-mipshop-handover-keys-aaa-03.txt)
Originally by Yu Yang and Lilly Wang Modified by T. A. Yang
CS4470 Computer Networking Protocols
Presentation transcript:

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt R. Alexander T. Tsao IETF-81, ROLL WG Meeting, 7/29/2011

2 Outline Motivation Objectives MIKEY Strengths RPL Security AMIKEY Overview –01 draft included specific RPL elements –02 will include additional signaling mechanism Discussed in this presentation Summary IETF-81, ROLL WG Meeting, 7/29/2011

Motivation Security Framework for ROLL (Tsao et al) set requirements for routing protocol security –Provided guidance for security features developed as part of Secure RPL –Framework was not a KM specification Current Secure RPL specifies packet level security but relies on external, out-of-band (OOB) Key Management –(Reference: RPL, Sections and 10.3) –AMIKEY is developed to meet RPL KM requirement and for LLN use more generally IETF-81, ROLL WG Meeting, 7/29/2011 3

4 Objective for AMIKEY Support RPL security within an efficient LLN device security model –Addressing system as well as routing security Offer Generic LLN key management (KM) protocol –Short-term, per-session/association keys [RFC4107], or long-term credentials update Extend capability of an established, validated and current IETF KM protocol –MIKEY [RFC3830] base –Standard AKM features already defined and specified –Introduce AES-based default algorithms (as available in many LLN HW platforms) IETF-81, ROLL WG Meeting, 7/29/2011

5 Relevant MIKEY Strengths Lightweight, low bandwidth –Binary encoded 1-byte aligned Simple, low-latency, end-to-end security –Key assignment can be completed in as little as ½ roundtrip; 1 roundtrip at most Flexible and extensible with multiple methods defined for establishing security associations –Pre-shared key, public key, Diffie-Hellman Independent from underlying transport network security –Messages embedded in other protocols or sent over TCP or UDP/IP (port 2269) IETF-81, ROLL WG Meeting, 7/29/2011

RPL Security 3 modes: Unsecured, pre-installed, authenticated –Pre-installed provides pre-configured credentials –Authenticated allows subsequent key update Code field in HDR designates secured messages Message confidentiality and integrity provided including timeliness –Security header specifies: Algorithm, Key ID and Source, and applied Security Level –No per-routing association/session key generation Key management needed to update long-term key credentials and security policy IETF-81, ROLL WG Meeting, 7/29/2011 6

Multi-Layer Key Mgmt Context LLN model for multi-layer key management 7 IETF-81, ROLL WG Meeting, 7/29/2011

Key Exchange Signaling Modes Key server (push) initiated IETF-81, ROLL WG Meeting, 7/29/ Key client (pull) requested

9 Pre-shared Key Example Supported key request or initiated key assignment –[Optional] Requestor or Responder messages Header (HDR), Timestamp (T), and Verification (V) message elements IETF-81, ROLL WG Meeting, 7/29/2011

10 Public-Key Encryption Example Same low latency exchanges as PSK method –PK signature replaces PSK verification –Certificates used or just ID where certificate can be retrieved based on ID IETF-81, ROLL WG Meeting, 7/29/2011

Example Message Sizes Pre-shared Key (PSK) Exchange –Requestor/Responder Message = 32 bytes –Initiator Message = 80 bytes Public-Key Encryption (PKE) Exchange –Requestor Message = 44 bytes Signature = 18 bytes (replaces PSK Verification) –Initiator Message = 118 bytes Additional PKE and SIGN elements –1K bytes size increase if X.509 certificate transported rather than accessed from ID IETF-81, ROLL WG Meeting, 7/29/

AMIKEY Extension New Requestor message defined –Allows device to trigger key assignment from centralized Key Server New transforms and parameters defined –All AES-based given ready availability and implementation within LLN HW platforms New policy payload defined –Generic-LLN Support for LLN protocols security –RPL as well as domain specific (AMI, for ex.) Multimedia crypto-sessions re-purposed to allow simultaneous KM for multiple protocols IETF-81, ROLL WG Meeting, 7/29/

13 RPL Elements Requestor message allows RPL joining nodes to request DODAG key –Both PSK and PKE options Key Index and Key Source ID elements specified –IPv6 and MAC address ID types included Security policy specification and update Existing key-data, timestamp, and algorithm specification used for key control –Including Counters or NTP timestamps IETF-81, ROLL WG Meeting, 7/29/2011

Summary Extension to simple, efficient KM protocol –Supports long-term and short-term (session) KM –Allows all-AES algorithm defaults –Supports LLN device implementation efficiency Generic KM protocol offers greater utility to LLNs versus stand-alone RPL key management –Able to meet current and future RPL requirements –Tradeoff of additional effort/overhead to create general LLN KM protocol versus RPL-only Look forward to WG discussion on adopting and completing the specification –RPL companion with wider domain applicability IETF-81, ROLL WG Meeting, 7/29/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.