Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.

Published byLesley Harrington Modified over 8 years ago

Similar presentations

Presentation on theme: "Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that."— Presentation transcript:

1 Proposal for device identification PAR

2 Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that identifier –Abstract framework –Concrete protocol over 802.3 Standards for establishing and maintaining vendor trust

3 Rationale Many ways to identify individuals No standard ways to identify devices MAC addresses are not sufficient –Multiple per device –Reconfigurable –Not cryptographically bound Device identity is important for completing chains of trust –Window of vulnerability

4 Uses Network equipment provisioning Authenticated key exchange in other protocols –E.g., 802.1af, 802.1X Inventory management Internal component identification LLDP chassis IDs …

5 Market Potential Any protocol requiring identification at layer 2 –Any authentication protocols Applicable in bridges, routers, end- stations, … Consistent acquisition procedures across manufacturers Cost should not be a barrier to adoption –Low incremental cost

6 Compatibility IEEE 802.1 standard In conformance with – 802 overview and architecture – Existing standards within 802.1 and 802.3 Managed objects will be defined consistent with existing policies and practices

7 Relationship with other standards No standards providing device identity within IEEE 802 No such standards outside of IEEE CableLabs DOCSIS –Not generally applicable (cable modem specific) –CableLabs is intermediary for deployment –CableLabs is not a standards body IETF liaison letter in support of value

8 PKI overview Device Private key Certificate Public Key Manufacturer Certification Authority Root certificate Key generation capability Key generation capability Sign DevID number Intention is that private key would not be exportable once installed

9 Technical overview Device Vendor Credentials Identity Device Identity Management capability

10 Analysis No registration within IEEE required –Vendors can be their own root Trust by reputation –Management vendors can aggregate credentials –Or, IEEE could outsource a PKI, e.g., to Verisign Physical security of devices is a known threat –Some vendors will choose high security –Others will want to support hot-swapping Hardware implementation cost small, not free –Available crypto capability Cheap off the shelf solutions (including software) –128 to 512 bytes of storage

Download ppt "Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that."

Similar presentations

Doc.: IEEE 802.11-00/087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
Overview of the 802.10 SDE Protocol Presented by Ken Alonge Chair, 802.10.

Overview of the SDE Protocol Presented by Ken Alonge Chair,
ECMP for 802.1Qxx Proposal for PAR and 5 Criteria Version 2 16 people from ECMP ad-hoc committee.

ECMP for 802.1Qxx Proposal for PAR and 5 Criteria Version 2 16 people from ECMP ad-hoc committee.
Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
PKI Trust Root Concepts ACP Working Group – I April 2009.

PKI Trust Root Concepts ACP Working Group – I April 2009.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Introduction to z/OS Security Lesson 4: There’s more to it than RACF

Introduction to z/OS Security Lesson 4: There’s more to it than RACF
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Research Seminar on Telecommunications Business IPSEC BUSINESS Henri Ossi.

Research Seminar on Telecommunications Business IPSEC BUSINESS Henri Ossi.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
EDUCAUSE Fed/Higher ED PKI Coordination Meeting

EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 Security Characteristics of Cryptographic.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Similar presentations

Ads by Google