Presentation is loading. Please wait.

Presentation is loading. Please wait.

Report from the “Smart Object Security Workshop 23 rd March 2012, Paris” Presenter: Hannes Tschofenig.

Published byUrsula Scott Modified over 8 years ago

Similar presentations

Presentation on theme: "Report from the “Smart Object Security Workshop 23 rd March 2012, Paris” Presenter: Hannes Tschofenig."— Presentation transcript:

1 Report from the “Smart Object Security Workshop 23 rd March 2012, Paris” Presenter: Hannes Tschofenig

2 Workshop Organizers Hannes Tschofenig Jari Arkko Carsten Bormann Peter Friess Cullen Jennings Antonio Skarmeta Zach Shelby Thomas Heide Clausen (Host)

3 Workshop Info Webpage: http://www.lix.polytechnique.fr/hipercom/Smart ObjectSecurity/ http://www.lix.polytechnique.fr/hipercom/Smart ObjectSecurity/ Papers and slides will be copied to this website after the meeting. Currently, they are temporarily here: – Position papers: http://www.tschofenig.priv.at/sos- papers/PositionPapers.htmhttp://www.tschofenig.priv.at/sos- papers/PositionPapers.htm – Agenda & slides: http://www.tschofenig.priv.at/wp/?p=874

4 Workshop Goals We had a gut feeling that we might have problems with securing smart object networks. Had received input already in the March 2011 Prague IAB Smart Object workshop. Bring together implementation experience, application requirements, and researchers and protocol designers What deployment experience is there? What credential types are most common? What implementation techniques make it possible to use Internet security technology in these devices? What are the challenges?

5 Requirements & Economics Requirements for each application domain differ also driven by the business models and number of devices that need to be provisioned Understanding of threats differs between the different communities: Attacks are not just from neighbor's kids Also, e.g., taking-the-grid-down attacks Installation by regular people

6 Implementation Experiences We think we can use the existing crypto algorithms We probably can use the existing protocols (delta a few minor extensions). Lots of implementation work being done by the participants (e.g., TLS, DTLS, PANA, EAP, HIP) but still more investigations needed. Important aspect: Focus on the system! Look at the code size of the entire system (including provisioning, authorization, config) Focus on what to optimize for various among the different deployments Energy consumption, code size, main memory size, over-the-wire bandwidth

7 Authorization Discussion Many questions were raised, for example: Which device is authorized to talk wo which other device? What is the role of the human? Where is the policy decision point and the policy enforcement point in the network? What is the granularity of the authorization decision? What needs to be standardized? Seems to be the most challenging aspect. Not clear whether there is any IETF standards work needed?

8 Imprinting Discussion There is a limited set of solutions Based on the hardware support of devices: buttons vs. labels vs. LEDs, multicast discovery, online network availability,... Again, the threat assumptions matter and who is supposed to do the credential provisioning. A fun area to design protocols in Detailed discussion about a specific proposal from Cullen Jennings. http://www.tschofenig.priv.at/sos- papers/CullenJennings.pdf http://www.tschofenig.priv.at/sos- papers/CullenJennings.pdf

9 Next Steps Document the implementation experience in the LWIG group. A few already ongoing security standards activities (e.g., TLS raw public keys, JOSE on JSON encryption and signing). Maybe discussions around imprinting protocols in the IETF in the future. There is no single security architecture for smart objects (not even a small number of them).

Download ppt "Report from the “Smart Object Security Workshop 23 rd March 2012, Paris” Presenter: Hannes Tschofenig."

Similar presentations

Windows® Deployment Services

Windows® Deployment Services
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
RSVP Cryptographic Authentication ...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.

RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.
Interconnecting Smart Objects with the Internet Workshop Hannes Tschofenig.

Interconnecting Smart Objects with the Internet Workshop Hannes Tschofenig.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Small(er) Footprint for TLS Implementations Hannes Tschofenig Smart Object Security workshop, March 2012, Paris.

Small(er) Footprint for TLS Implementations Hannes Tschofenig Smart Object Security workshop, March 2012, Paris.
ACE – Design Considerations Corinna Schmitt IETF ACE WG meeting July 23, 2014 1.

ACE – Design Considerations Corinna Schmitt IETF ACE WG meeting July 23,
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Control of Personal Information in a Networked World Rebecca Wright Boaz Barak Jim Aspnes Avi Wigderson Sanjeev Arora David Goodman Joan Feigenbaum ToNC.

Control of Personal Information in a Networked World Rebecca Wright Boaz Barak Jim Aspnes Avi Wigderson Sanjeev Arora David Goodman Joan Feigenbaum ToNC.
OAuth/UMA for ACE 24 th March 2015 draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig.

OAuth/UMA for ACE 24 th March 2015 draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig.
Bootstrapping Key Infrastructures Max Pritikin IETF 91, 10 Nov 2014 Aloha!

Bootstrapping Key Infrastructures Max Pritikin IETF 91, 10 Nov 2014 Aloha!
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
INFO 355Week #61 Systems Analysis II Essentials of design INFO 355 Glenn Booker.

INFO 355Week #61 Systems Analysis II Essentials of design INFO 355 Glenn Booker.
The Problem Definition How to prevent Cullen from p0wning all the lightbulbs in the city?

The Problem Definition How to prevent Cullen from p0wning all the lightbulbs in the city?
Lessons Learned in Smart Grid Cyber Security

Lessons Learned in Smart Grid Cyber Security
AIMS Workshop Heidelberg, 9-11 March 1998 P717 & P805: SIRTE Study for Internet Roaming Throughout Europe Franco Guadagni - Telecom Italia / CSELT

AIMS Workshop Heidelberg, 9-11 March 1998 P717 & P805: SIRTE Study for Internet Roaming Throughout Europe Franco Guadagni - Telecom Italia / CSELT
ACE BOF, IETF-89 London Authentication and Authorization for Constrained Environments (ACE) BOF Wed 09:00-11:30, Balmoral BOF Chairs: Kepeng Li, Hannes.

ACE BOF, IETF-89 London Authentication and Authorization for Constrained Environments (ACE) BOF Wed 09:00-11:30, Balmoral BOF Chairs: Kepeng Li, Hannes.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Smart Object Security Workshop 23 rd March 2012, Paris.

Smart Object Security Workshop 23 rd March 2012, Paris.
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

Similar presentations

Ads by Google