2. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 1Submission Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Security Suite Comparative Characteristics Date Submitted: 10 March, 2002 Source: Bob Huang Company: Sony Electronics Address: One Sony Drive TA3-12, Park Ridge, NJ 07656 Voice: 201-358-4409, FAX: 201-9306397, E-Mail: robert.huang@am.sony.com Re: P802.15.3 Security Suite Abstract:This presentation identifies and discusses some differences in the proposed security suites. The information on the suites was drawn from contributions presented at the Schaumburg ad hoc meeting (February ’02) and related at that meeting discussions. The specific contributions were 02106-08, 02111- 12 and 02114r2. Also considered were the meeting minutes (02122), the Security Sub-committee Status Report (02121) and some personal notes of mine. This contribution provides a practical perspective on the differences in the security suite proposals. Purpose:For information and guidance to 802.15.3 prior to the Security Suite selection. Notice:This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release:The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15.

3. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 2Submission 802.15 TG3 Security Suite Comparative Characteristics A Perspective

4. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 3Submission (My) Baseline Thoughts The cryptographic algorithms proposed are hard to break – offer high security Greater attention should be paid to the strength of the protocol It will be difficult to thoroughly evaluate the protocol(s) in a short time It is best to evaluate the fit of the security suites against the applications: ‘Where the rubber meets the road’

5. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 4Submission Presentation Outline (My) Baseline Thoughts Approach to Evaluation What are the Major Differences? Look at the Trust Models Look at Security Topology Summary & Conclusions

6. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 5Submission (My) Baseline Thoughts (cont.) The MAC (draft) standard –Must have a mandatory security suite –May have an optional security suite –Message structure (public key object) to allow The standards text to accommodate divergent architectures as mandatory and optional Either architecture to be mandatory or optional –Based on the assertion that the security manager implementation was ‘basically free’, the security manager will be included in devices in the distributed system –Agreed to at ad hoc in Schaumburg (Feb ’02)

7. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 6Submission Approach to Evaluation Focus on differences How well do the differences support the applications? How do the differences impact the user? How do the differences impact the manufacturer? First: Identify and understand the differences

8. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 7Submission What are the Major Differences? Basic premeses for this comparison: Not considering differences in cryptographic algorithms or protocols All approaches have flexibility in implementation to allow ‘changing’ the fundamental characteristics –Therefore, must compare ‘native mode*’ Most used/natural mode Most efficient mode * Assumption: operation outside of the ‘native mode’ will cost more

9. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 8Submission What are the Major Differences? Fundamental differences Trust model: –Digital certificates (fixed model or infrastructure based) –Consumer/user trust model Security topology –Centralized (with PNC) –Distributed

10. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 9Submission Framework for Considering Trust Models When is the first trust decision made? Interoperability When activated Control/flexibility Typical use model Next: Consider trust models against this framework

11. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 10Submission Trust model: Fixed model digital certificates Imbedded at manufacture (royalty fee applies) –Example given at Schaumburg ad hoc: $0.05 each Interoperability: Manufacturers must act in unison Activated at manufacture (fixed trust) Control/flexibility –Fixed by definition, therefore no flexibility after deployment –What to accept any device that can authenticate (not restricted to a particular device) –Consumer can not control (who is in the network) Typical use: DVB, 5C

12. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 11Submission Trust model: Infrastructure model digital certificates Imbedded at manufacture (royalty) Interoperability: typically closed system Activated/deactivated ‘On-line’ –Implies communications infrastructure –Allows tracking of device use Infrastructure model allows strong central control –Single controlling party: a service provider not the consumer, not the manufacture Typical use: Cable system

13. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 12Submission Trust model: Consumer/user Interoperability: –Dependent on P802.15.3, not on implementation or industry agreements –Immediate interoperability Activated by user/consumer –At startup –At addition of new devices Control/flexibility –Consumer has control control Typical use: modeled on user controlled wired security

14. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 13Submission Trust models: Conclusions Digital certificate trust: fixed or infrastructure based –Some additional cost at manufacture –Control By infrastructure No consumer control in typical model (native mode*) Consumer/user trust –Similar to physical wired security: consumer controlled * Assumption: operation outside of the ‘native mode’ will cost more Which model applies to 802.15.3 applications? your

15. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 14Submission What are the Major Differences? Fundamental differences Trust model: –Digital certificates (fixed model or infrastructure based) –Consumer/user trust model Security topology –Centralized (on PNC) –Distributed

16. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 15Submission Security Topology Security manager implementation is –More complex (costly) than simple device security –More responsibility than simple device Different security topologies –Centralized (with PNC) –Distributed (each device is security manager)

17. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 16Submission Centralized Security Topology Security manager located with PNC –Complexity centralized in one powerful device (the PNC) –Simple to activate by user –Some critical tasks performed infrequently (n times), therefore process power may be ‘borrowed’ from other PNC activities Authentication? Key provisioning/re-provisioning Provides unified network wide security Allows additional (individual) link security to be applied

18. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 17Submission Distributed Security Topology Security manager (capability) located in every device Piconet is divided into logical security networks Each device decides who it will connect to Less exposure than centralized security manager –Compartmentalized: Not higher security, more complex Each device has security manager complexity –Memory, processing power Critical tasks performed multiple times – up to n x n times (n x n relationships) –Authentication –Key provisioning/re-provisioning How?

19. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 18Submission Security Topology Conclusions Centralized topology –Less complex/lower cost –Easy to use (less user action) –Fewer authentications (better use of radio resources) Distributed topology –Each device makes trust decision –Compartmentalizes security

20. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 19Submission Security Topology Number of sequential authentications for 5 devices: Distributed = SM: Security Manager 0 1 2 3 Display & SM Camcorder & SM DVD Player & SM 0 1 2 3 Display Camcorder DVD Player Centralized = PNC & SM Receiver 4 DTR PNC & SM Receiver 4 DTR & SM 413 5 8 Each authentication consumes channel time, takes CPU cycles and adds delay.

21. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 20Submission Security Topology How does the security topology overlay the MAC control structure? Distributed = SM: Security Manager Centralized = PNC & SM DTR 0 1 2 3 DisplayCamcorder DVD Player Receiver 4 0 1 2 3 Display & SM Camcorder & SM DVD Player & SM PNC & SM Receiver 4 DTR & SM 413 5 8

22. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 21Submission What are the Major Differences? Fundamental differences Trust model: –Digital certificates (fixed model or infrastructure based) –Consumer/user trust model Security topology –Centralized (on PNC) –Distributed

23. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 22Submission Conclusion on Major Differences Framework success: 1.Different approaches have different advantages 2.If the first big application of 802.15.3 fails, it will be harder for the second application to succeed. 3.Therefore consider the first applications that will make 802.15.3 a success. 4.Later consider the second applications that will make 802.15.3 a success. 5.Choose an appropriate security suite for overall success. Go with your longest and your strongest ! Closing note

24. 10 March 2002 doc.: IEEE 802.15-02/126r0 Bob Huang, Sony ElectronicsSlide 23Submission Conclusion on Major Differences? Framework success: 1.Different approaches have different advantages 2.If the first big application of 802.15.3 fails, it will be harder for the second application to succeed. 3.Therefore consider the first applications that will make 802.15.3 a success. 4.Later consider the second applications that will make 802.15.3 a success. 5.Choose an appropriate security suite for overall success. Go with your longest and your strongest ! Closing note