Presentation is loading. Please wait.

Presentation is loading. Please wait.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Published byElijah Morgan Modified over 10 years ago

Similar presentations

Presentation on theme: "Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt."— Presentation transcript:

1 Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt R. Alexander T. Tsao IETF-81, ROLL WG Meeting, 7/29/2011

2 2 Outline Motivation Objectives MIKEY Strengths RPL Security AMIKEY Overview –01 draft included specific RPL elements –02 will include additional signaling mechanism Discussed in this presentation Summary IETF-81, ROLL WG Meeting, 7/29/2011

3 Motivation Security Framework for ROLL (Tsao et al) set requirements for routing protocol security –Provided guidance for security features developed as part of Secure RPL –Framework was not a KM specification Current Secure RPL specifies packet level security but relies on external, out-of-band (OOB) Key Management –(Reference: RPL, Sections 3.2.3 and 10.3) –AMIKEY is developed to meet RPL KM requirement and for LLN use more generally IETF-81, ROLL WG Meeting, 7/29/2011 3

4 4 Objective for AMIKEY Support RPL security within an efficient LLN device security model –Addressing system as well as routing security Offer Generic LLN key management (KM) protocol –Short-term, per-session/association keys [RFC4107], or long-term credentials update Extend capability of an established, validated and current IETF KM protocol –MIKEY [RFC3830] base –Standard AKM features already defined and specified –Introduce AES-based default algorithms (as available in many LLN HW platforms) IETF-81, ROLL WG Meeting, 7/29/2011

5 5 Relevant MIKEY Strengths Lightweight, low bandwidth –Binary encoded 1-byte aligned Simple, low-latency, end-to-end security –Key assignment can be completed in as little as ½ roundtrip; 1 roundtrip at most Flexible and extensible with multiple methods defined for establishing security associations –Pre-shared key, public key, Diffie-Hellman Independent from underlying transport network security –Messages embedded in other protocols or sent over TCP or UDP/IP (port 2269) IETF-81, ROLL WG Meeting, 7/29/2011

6 RPL Security 3 modes: Unsecured, pre-installed, authenticated –Pre-installed provides pre-configured credentials –Authenticated allows subsequent key update Code field in HDR designates secured messages Message confidentiality and integrity provided including timeliness –Security header specifies: Algorithm, Key ID and Source, and applied Security Level –No per-routing association/session key generation Key management needed to update long-term key credentials and security policy IETF-81, ROLL WG Meeting, 7/29/2011 6

7 Multi-Layer Key Mgmt Context LLN model for multi-layer key management 7 IETF-81, ROLL WG Meeting, 7/29/2011

8 Key Exchange Signaling Modes Key server (push) initiated IETF-81, ROLL WG Meeting, 7/29/2011 8 Key client (pull) requested

9 9 Pre-shared Key Example Supported key request or initiated key assignment –[Optional] Requestor or Responder messages Header (HDR), Timestamp (T), and Verification (V) message elements IETF-81, ROLL WG Meeting, 7/29/2011

10 10 Public-Key Encryption Example Same low latency exchanges as PSK method –PK signature replaces PSK verification –Certificates used or just ID where certificate can be retrieved based on ID IETF-81, ROLL WG Meeting, 7/29/2011

11 Example Message Sizes Pre-shared Key (PSK) Exchange –Requestor/Responder Message = 32 bytes –Initiator Message = 80 bytes Public-Key Encryption (PKE) Exchange –Requestor Message = 44 bytes Signature = 18 bytes (replaces PSK Verification) –Initiator Message = 118 bytes Additional PKE and SIGN elements –1K bytes size increase if X.509 certificate transported rather than accessed from ID IETF-81, ROLL WG Meeting, 7/29/2011 11

12 AMIKEY Extension New Requestor message defined –Allows device to trigger key assignment from centralized Key Server New transforms and parameters defined –All AES-based given ready availability and implementation within LLN HW platforms New policy payload defined –Generic-LLN Support for LLN protocols security –RPL as well as domain specific (AMI, for ex.) Multimedia crypto-sessions re-purposed to allow simultaneous KM for multiple protocols IETF-81, ROLL WG Meeting, 7/29/2011 12

13 13 RPL Elements Requestor message allows RPL joining nodes to request DODAG key –Both PSK and PKE options Key Index and Key Source ID elements specified –IPv6 and MAC address ID types included Security policy specification and update Existing key-data, timestamp, and algorithm specification used for key control –Including Counters or NTP timestamps IETF-81, ROLL WG Meeting, 7/29/2011

14 Summary Extension to simple, efficient KM protocol –Supports long-term and short-term (session) KM –Allows all-AES algorithm defaults –Supports LLN device implementation efficiency Generic KM protocol offers greater utility to LLNs versus stand-alone RPL key management –Able to meet current and future RPL requirements –Tradeoff of additional effort/overhead to create general LLN KM protocol versus RPL-only Look forward to WG discussion on adopting and completing the specification –RPL companion with wider domain applicability IETF-81, ROLL WG Meeting, 7/29/2011 14

Download ppt "Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt."

Similar presentations

Virtual Trunk Protocol

Virtual Trunk Protocol
Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Security Issues In Mobile IP

Security Issues In Mobile IP
Doc.: IEEE 802.11-00/087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Advanced Computer Networks Fall 2011

Advanced Computer Networks Fall 2011
Authentication Applications

Authentication Applications
1 Authentication Applications Ola Flygt Växjö University, Sweden +46 470 70 86 49.

1 Authentication Applications Ola Flygt Växjö University, Sweden
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.5 Transport Layer Security.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.

Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
CCNA – Network Fundamentals

CCNA – Network Fundamentals
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

Similar presentations

Ads by Google