Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.

Slides:



Advertisements
Similar presentations
Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
Advertisements

Overview of the SDE Protocol Presented by Ken Alonge Chair,
ECMP for 802.1Qxx Proposal for PAR and 5 Criteria Version 2 16 people from ECMP ad-hoc committee.
Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
PKI Trust Root Concepts ACP Working Group – I April 2009.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Introduction to z/OS Security Lesson 4: There’s more to it than RACF
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Research Seminar on Telecommunications Business IPSEC BUSINESS Henri Ossi.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
802.1x EAP Authentication Protocols
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Payment Card Industry (PCI) Data Security Standard
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
Wireless and Security CSCI 5857: Encoding and Encryption.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Initial Keying for KeySec John Viega, Russ Housley
KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.
Doc.: IEEE 802 ec-12/0006r0 Submission Liaison presentation to SC6 regarding Internet Security Date: 2012-February-13 Authors: IEEE 802 LiaisonSlide 1.
PAR and CSD for P802.1Qxx WG January PAR (1) 1.1 Project Number: P802.1Qxx 1.2 Type of Document: Standard 1.3 Life Cycle: Full Use 2.1 Title:
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
Doc.: IEEE /0498r0 Submission April 2008 Eldad Perahia, Intel CorporationSlide 1 Modifications to the 60GHz PAR & 5 C’s Proposal Date:
Packet Capture and Analysis: An Introduction to Wireshark 1.
CSD for P802.1Qcj WG January Project process requirements Managed objects – Describe the plan for developing a definition of managed objects.
Privecsg Privacy Recommendation PAR Proposal Date: [ ] Authors: NameAffiliationPhone Juan Carlos ZúñigaInterDigital
The FIDO Approach to Privacy Hannes Tschofenig, ARM Limited 1.
Pairing Based Cryptography Standards Terence Spies VP Engineering Voltage Security
1 Recommendations Now that 40 GbE has been adopted as part of the 802.3ba Task Force, there is a need to consider inter-switch links applications at 40.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
1 6/3/2003 IEEE Link Security Study Group, June 2003, Ottawa, Canada Secure Frame Format PAR: 5 Criteria.
Wireless and Mobile Security
Privecsg Privacy Recommendation PAR Proposal Date: [ ] Authors: NameAffiliationPhone Juan Carlos ZúñigaInterDigital
IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Security Problems related to Transition Date Submitted: January.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Privecsg Privacy Recommendation PAR Proposal Date: [ ] Authors: NameAffiliationPhone Juan Carlos ZúñigaInterDigital
PAGE 1 A Firewall Control Protocol (FCON) draft-soliman-firewall-control-00 Hesham Soliman Greg Daley Suresh Krishnan
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
1 IEEE interim, Orlando, Florida, March, 2008new-nfinn-fast-chains-rings-par5c-0308-v1 Fast Recovery for Chains and Rings Proposal for PAR and 5.
August 2, 2005IETF63 EAP WG AAA-Key Derivation with Lower-Layer Parameter Binding (draft-ohba-eap-aaakey-binding-01.txt) Yoshihiro Ohba (Toshiba) Mayumi.
Doc.: IEEE /0098r0 Submission July 2010 Alex Reznik, et. al. (InterDigital)Slide Security Procedures Notice: This document has been.
Doc.: IEEE /322r0 Submission May 2002 Jesse Walker et alSlide 1 The Louie Architecture Nancy Cam Winget, Cisco Bob Moskowitz, TruSecure Greg Chesson,
A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research Eisaku SAKANE, Takeshi.
Privecsg Privacy Recommendation PAR Proposal Date: [ ] Authors: NameAffiliationPhone Juan Carlos ZúñigaInterDigital
IEEE Std Proposed Revision Purpose, Scope & 5 Criteria.
Network Management Overview
IEEE P criteria responses
Data and Applications Security Developments and Directions
Interworking Study Group Justification
Discussions on FILS Authentication
OmniRAN Introduction and Way Forward
THE STEPS TO MANAGE THE GRID
Introduction to z/OS Security Lesson 4: There’s more to it than RACF
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Public Key Infrastructure from the Most Trusted Name in e-Security
Technical Approach Chris Louden Enspier
HIMSS National Conference New Orleans Convention Center
Privacy Recommendation PAR Proposal
OmniRAN Introduction and Way Forward
ETSI Contribution to 3rd Meeting of EC Expert Group on RRS
Update on BRSKI-AE – Support for asynchronous enrollment
Presentation transcript:

Proposal for device identification PAR

Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that identifier –Abstract framework –Concrete protocol over Standards for establishing and maintaining vendor trust

Rationale Many ways to identify individuals No standard ways to identify devices MAC addresses are not sufficient –Multiple per device –Reconfigurable –Not cryptographically bound Device identity is important for completing chains of trust –Window of vulnerability

Uses Network equipment provisioning Authenticated key exchange in other protocols –E.g., 802.1af, 802.1X Inventory management Internal component identification LLDP chassis IDs …

Market Potential Any protocol requiring identification at layer 2 –Any authentication protocols Applicable in bridges, routers, end- stations, … Consistent acquisition procedures across manufacturers Cost should not be a barrier to adoption –Low incremental cost

Compatibility IEEE standard In conformance with – 802 overview and architecture – Existing standards within and Managed objects will be defined consistent with existing policies and practices

Relationship with other standards No standards providing device identity within IEEE 802 No such standards outside of IEEE CableLabs DOCSIS –Not generally applicable (cable modem specific) –CableLabs is intermediary for deployment –CableLabs is not a standards body IETF liaison letter in support of value

PKI overview Device Private key Certificate Public Key Manufacturer Certification Authority Root certificate Key generation capability Key generation capability Sign DevID number Intention is that private key would not be exportable once installed

Technical overview Device Vendor Credentials Identity Device Identity Management capability

Analysis No registration within IEEE required –Vendors can be their own root Trust by reputation –Management vendors can aggregate credentials –Or, IEEE could outsource a PKI, e.g., to Verisign Physical security of devices is a known threat –Some vendors will choose high security –Others will want to support hot-swapping Hardware implementation cost small, not free –Available crypto capability Cheap off the shelf solutions (including software) –128 to 512 bytes of storage

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.