Presentation is loading. Please wait.

Presentation is loading. Please wait.

Certificate Enrolment STEs Group Name: SEC#18 Source: Phil Hawkes, Qualcomm Inc, Meeting Date: 2015-07-20.

Published byClement Patrick Modified over 8 years ago

Similar presentations

Presentation on theme: "Certificate Enrolment STEs Group Name: SEC#18 Source: Phil Hawkes, Qualcomm Inc, Meeting Date: 2015-07-20."— Presentation transcript:

1 Certificate Enrolment STEs Group Name: SEC#18 Source: Phil Hawkes, Qualcomm Inc, phawkes@qti.qualcomm.comphawkes@qti.qualcomm.com Meeting Date: 2015-07-20 Agenda Item: TS-0003 – Release 2 Small Technical Enhancements

2 oneM2M Enrolment Requirements Rel 1 supports remote security provisioning of symmetric key credentials for the M2M SP’s domain – There is currently little consistence in use of “remote security provisioning”, “enrolment” and “bootstrap” in TS-0001 & TS-0003. This needs to be addressed, but we do not attempt to address this here For Rel 2, we want to extend this to support remote security provisioning of public key credentials = public key certificates for the M2M SP’s domain – This type of process is sometimes called “Certificate Enrolment” and sometimes called “Certificate Management” – Given existing use of the term “enrolment”, it would seem that “Certificate Enrolment” would be appropriate terminology for us (at least for the time being) We can change the terminology later if we like. © 2015 oneM2M Partners SEC-2015-0549R01-Certificate_Enrolment_STEs 2 SER-020The oneM2M System shall enable legitimate M2M Service Providers to provision their own credentials into the M2M Devices/Gateways. Implemented in Rel-1 SER-021The oneM2M System shall be able to remotely and securely provision M2M security credentials in M2M Devices and/or M2M Gateways. Implemented in Rel-1

3 Basic Cert Enrolment Terminology End-Entity (EE): the entity that owns a key pair and for whom a certificate is issued [1] Certification Authority (CA): – the entity that issues certificates. [1] – the trusted third party/Organization responsible for validating the identity of a person or organization & issuing a certificate [2] References 1.“Certificate Management over CMS (CMC)” RFC 5272 2.http://www.techotopia.com/index.php/An_Overview _of_Public_Key_Infrastructures_(PKI)http://www.techotopia.com/index.php/An_Overview _of_Public_Key_Infrastructures_(PKI) © 2015 oneM2M Partners 3

4 Cert Enrolment: Intro What? A protocol for an EE to obtain or update a public key certificate for which the private key is known to the EE, – Also used for configuring CA certificates to EE Why? Enables mutual authentication between the EE and all other entities in that PKI. Which Common Protocols should we consider 1.Certificate Management Protocol (CMP) RFC 4210, RFC 6712 2.Certificate Management over CMS (CMC) RFC 5272 3.Certificate Management over CMS (CMC): Transport Protocols RFC 5273 4.Enrolment over Secure transport (EST) RFC 7030 Uses CMC / HTTPS / TLS. TLS typically used for client authentication 5.Simple Certificate Enrolment Protocol (SCEP) Not a standard. IETF draft-nourse-scep-23 – No standards exist for certificate management/enrolment over UDP © 2015 oneM2M Partners 4

5 Registration Authorities Registration Authority (RA) … – …the component of a PKI which is responsible for accepting requests for digital certificates and authenticating the person or organization [or entity] making the request. … Once the validation process is complete the RA transmits the request to the CA [2] – …an entity that acts as an intermediary between the EE and the CA. Multiple RAs can exist between the end-entity and the Certification Authority. [1] RAs.. [ may] …participate in the protocol by taking PKI Requests, wrapping them in a second layer of PKI Request with additional requirements or statements from the RA and then passing this new expanded PKI Request on to the CA. [1] In a certification request scenario that involves an RA, the CA may allow (or require) that the RA perform the POP protocol with the entity that generated the certification request. [1] – NOTE: Sometimes, a CA integrates an RA, and no distinction is made between CA and this RA Client: an entity that creates a PKI Request… both RAs and EEs can be clients. [1] Server: entities that process PKI Requests and create PKI Responses… both CAs and RAs can be servers. [1] References 1.“Certificate Management over CMS (CMC)” RFC 5272 2.http://www.techotopia.com/index.php/An_Overview_of_Public_Key_Infrastruct ures_(PKI)http://www.techotopia.com/index.php/An_Overview_of_Public_Key_Infrastruct ures_(PKI) © 2015 oneM2M Partners 5

6 Internal to CA organization Example 1 © 2015 oneM2M Partners 6 EE RA CA RA Authentication (o) Modifies PKI request Processes PKI request: Creates certificate, Creates PKI Response, Creates PKI request client server In this example, the CA organization separates the RA functions from the CA (certificate generation) functions PKI Request PKI Response PKI Request PKI Response

7 Internal to CA organization Example 2 © 2015 oneM2M Partners 7 EE CA Processes PKI request: Creates certificate, Creates PKI Response, Creates PKI request client server PKI Request PKI Response RA Authentication (o) Modifies PKI request In this example, the CA organization has no separation of RA functions and CA functions. Externally indistinguishable from Example 1

8 Internal to CA organization Example 3 © 2015 oneM2M Partners 8 EE RA CA RA Authentication (o) Modifies PKI request Processes PKI request: Creates certificate, Creates PKI Response, Creates PKI request Local RA EE Authentication (o) Modifies PKI request client server In this example, Local RA can authenticate EE, but not CA Organization. CA Org trusts Local RA to verify EE PKI Response PKI Request

9 Internal to CA organization © 2015 oneM2M Partners 9 EE CA RA Authentication (o) Modifies PKI request Processes PKI request: Creates certificate, Creates PKI Response, Creates PKI request Local RA EE Authentication (o) Modifies PKI request client server In this example, the CA organization has no separation of RA functions and CA functions. Externally indistinguishable from Example 3 PKI Request PKI Response Example 4

10 Cert Enrolment: Intro continued How do CA, Registration Authority (RA) and EE interact? – Requests EE [  RA x N]  CA. Responses return on same path – RA applies some processing to requests and responses, e.g. signing How does CA/RA know that EE knows private key? Options A.EE generated key pair 1.EE generates the private/public key pair, 2.EE Provides proof-of-possession (POP):by signing req, sending w/ req 3.CA/RA verifies the POP – CA may rely on RA to verify POP (Examples 1,3,4) 4.CA generates the certificate, which is returned to the EE B.CA or RA generated key pair 1.RA Authenticates EE 2.CA/RA generates the private/public key pair, 3.CA generates the certificate 4.CA/RA encrypts private key (using secret/password known to EE) 5.CA/RA sends private key to EE in encrypted form, along with cert © 2015 oneM2M Partners 10

11 oneM2M Certificate Enrolment What? – A CSE/AE = EE Interacting with (opt RAs &) a CA to obtain CA certificates that the M2M SP wants the EE to trust EE certificate w/ chain to one of above CA certs Certificate may contain the CSE-ID or AE-ID Why? – Enables mutual authentication between CSE/AE and all other entities using the M2M SP’s PKI. Which entity would assume role of CA or RA? – M2M Enrolment Function (MEF) – Performs similar role in “symmetric key” enrolment – See later slide titled “Motivation for MEF as EST Server” © 2015 oneM2M Partners 11

12 Transport There may be multiple devices with Middle Node(s) on path between AE/CSE & the infrastructure domain Options for transporting certificate enrolment msgs between AE/CSE & MEF 1.oneM2M reference points Mca+Mcc Advantage: utilize CDMH for efficient delivery Disadvantage: Requires CSE/AE to register first, and at that point in time, mutual authentication of CSE/AE & Registrar might not be possible 2.End-to-end TCP session: Note: TCP packets may pass through multiple gateways (NAT, Firewall, TCP proxy) Advantage: No need for CSE/AE to register first. Simpler. Disadvantage: Can’t benefit from CDMH 12

13 Option 1:oneM2M ref. points 13 AE/CSE Link IP TCP TLS HTTP oneM2M MN CSE Link IP TCP TLS HTTP oneM2M IN CSE Link IP TCP TLS HTTP oneM2M RA/CA Link IP TCP TLS HTTP oneM2M CertEnrol Client CertEnrol Server

14 Option 2: End-to-end TCP 14 AE/CSE Link IP TCP Gateway Link IP TCP Gateway Link IP TCP RA/CA Link IP TCP CertEnrol Client CertEnrol Server

15 Event Frequency & CMDH Benefit Certificate Enrolment is an infrequent event for each AE/CSE– e.g. once every N years The efficiency gains, of using CMDH for infrequent events, will be negligible when considering all the other frequent events over that period of time. Removes advantage of using oneM2M reference points (Option 1) Suggests using option 2: End-to-End TCP 15

16 EST Enrolment over Secure Transport (EST) – Secures enrolment process using TLS (over TCP) – EST Server analogous to Registration Authority RFC 7030 does not address EST Server ↔ CA interface – EST Client can be End-Entity, or An RA passing messages between EE and EST Server EST Requests/Responses use Certificate Management over CMS (CMC) RFC 5272 – EST is a profile for CMC 16

17 EST Protocol Layers 17

18 EST General Client/Server Interaction 1.The client establishes TLS-secured HTTP session with an EST server a.Client authenticates the Server b.Server may authenticate client (if not, then step 2.b is mandatory) 2.The client and server perform a set of EST request/responses interactions a.Specific EST service is requested based on a portion of URI /cacerts, /simpleenroll, /simplereenroll, /fullcmc, /serverkeygen, /csrattrs b.Client/user may provide HTTP Basic/Digest username/ password authentication for proof-of-identity. Required if client not authenticated in Step 1.b c.The client verifies that the server is authorized to serve this client d.The server verifies that the client is authorized to make use of this server and the request that the client has made e.The server acts upon the client request 18

19 EST Authentication Options Certificate TLS Mutual Authentication – RECOMMENDED option in RFC 7030 – Could use TLS authentication defined for Certificate-based Remote Security Provisioning Framework (RSPF) –TS-0003 Clause 8.3.2.2 Certificate-less TLS Mutual Authentication – EST text seems to expect that this would use weak secrets (e.g. Passwords) and recommends using SRP or similar – Could use TLS-PSK with strong secrets, TLS authentication defined for PSK & GBA RSPFs –TS-0003 Clause 8.3.2.1, 8.3.2.3 Server-Only TLS – Server is authenticated via certificate in TLS – Client authenticated using HTTP Basic/Digest Auth with username/ password – Currently, no similar oneM2M RSPF We are considering proposing adding support for this, but we are still evaluating the justification. 19

20 When EST Client is an RA EST allows the EST Client (which we normally consider to be the CSE/AE) to be a Registration Authority (RA) – By including the id-kp-cmcRA [RFC6402] extended key usage extension This could be very helpful... – Examples in following slides …and the functionality is already in EST! 20

21 Example: User device as Subscriber’s RA Subscriber requests RA certificate for her user device (laptop/smartphone/tablet) – Includes the id-kp-cmcRA extended key usage extension – The EST Server (MF) updates its database to authorizes this certificate to request enrolling entities to Subscriber’s subscription User device may assist enrolling Subscriber’s CSE/AEs to M2M SP via MEF 1.Subscriber connects the CSE/AE to the user device using some secure, authenticated channel (e.g. over USB, authenticated Bluetooth). 2.Subscriber triggers the CSE/AE to pass a certificate signing request to the user device 3.The user device verifies the Proof-of-possession presented by the CSE/AE 4.The user device may add some extensions to the certificate signing request, including identifying the Subscriber’s subscription to which the entity is to be added 5.The user device and MEF perform EST MEF determines that user device is authorized to act as RA to add entities to Subscriber’s subscription MEF returns a certificate to the CSE/AE MEF informs that M2M SP, that this CSE/AE is to be added to the 6.The user device returns the certificate to the CSE/AE The user device doesn’t get to know the private key 21

22 Example: User device as M2M SP’s RA M2M SP technician requests RA certificate for user device (laptop/smartphone/tablet) – To be used to assist subscribers in enrolling their devices. – Includes the id-kp-cmcRA extended key usage extension – The EST Server (MF) updates its database to authorizes this certificate to request enrolling entities to ANY of the M2M SP’s subscription User device may assist enrolling ANY Subscriber’s CSE/AEs to M2M SP via MEF 1.Technician connects the CSE/AE to the user device using some secure, authenticated channel (e.g. over USB, authenticated Bluetooth). 2.Technician triggers the CSE/AE to pass a certificate signing request to user device 3.User device verifies the Proof-of-possession presented by CSE/AE 4.User device may add some extensions to the certificate signing request, including identifying the subscription to which the entity is to be added The technician may need to enter the identifier for the appropriate subscription 5.User device and MEF perform EST MEF determines that user device is authorized to act as RA to add entities to any of M2M SP’s subscription MEF returns a certificate to the CSE/AE MEF informs that M2M SP, that this CSE/AE is to be added to the 6.The user device returns the certificate to the CSE/AE The user device doesn’t get to know the private key 22

23 Plan Introduce changes as one (or possibly two)“Small Technical Enhancements” STE 1: Introduce EST for certificate enrolment – Update TLS mutual authentication text for Certificate, GBA and PSK RSPFs in TS-0003 (for symmetric key enrolment) so they can be used w/ EST NOTE: aligns symmetric key & certificate enrolment – Support scenarios where EST Client is an RA (e.g. laptop) (Possible) STE 2: Add username/password client authentication – HTTP Basic/Digest Authentication w/ Username/passwd – Supported for both symmetric key & certificate enrolment – Still evaluating the justification for this. 23

24 Motivation for MEF as EST Server As proposed on previous slide, the plan is to align symmetric key & certificate enrolment MEF could choose to support symmetric key enrolment and/or certificate enrolment! Simpler for oneM2M ecosystem if there is a single entity with multiple options 24

25 Anticipated STE 1 TS-0003 Changes ClauseUpdate/ new Clause titleChangeRelative Work 6.1.3.1UpdateEnrolment PhaseHigh level overview of cert enrolment Low 6.2.6UpdateTrust Enabler Security Functions Support for cert enrolment Low 8.3.1UpdateGeneral Overview to RSPFsoverview certificate enrolment High 8.3.2.1- 8.3.2.3 UpdatePSK, Certificate and GBA RSPF Details support use for certificate enrolment Medium 9.2.2UpdateBootstrap Instruction Configuration Procedure AE-ID/CSE-ID to put in certificate Low 25

26 Anticipated STE 2 TS-0003 Changes ClauseUpdate/ new Clause titleChangeRelative Work 6.1.3.1UpdateEnrolment PhaseInclude Username/Password RSPF Low 8.1.4NewUsername/Password Security Framework Any details useful to include here Medium 8.3.1UpdateGeneral Overview to RSPFs Include Username/Password RSPF Low 8.3.2.4NewUsername/Password RSPF Full specificationHigh 9.2.1UpdateBootstrap Credential Configuration Procedure Adding credential configuration for username/password RSPF Low 10.2.4NewTLS ciphersuite details for Username/Password RSPF Medium 26

27 Anticipated TS-0001 Changes Clause 11 in TS-0001 will also need minor updates to extend “enrolment” concept to include certificate enrolment – Mostly confined to clause 11.2 “M2M Initial Provisioning Procedures” 27

Download ppt "Certificate Enrolment STEs Group Name: SEC#18 Source: Phil Hawkes, Qualcomm Inc, Meeting Date: 2015-07-20."

Similar presentations

RadSec – A better RADIUS protocol

RadSec – A better RADIUS protocol
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Www.opendaylight.org Secure Network Bootstrapping Infrastructure May 15, 2014.

Secure Network Bootstrapping Infrastructure May 15, 2014.
SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: 2014-05-07 Discussion  Source: OBERTHUR Technologies Information  Contact:

SEC Clarification Group Name: WG4 (SEC-2014-xxxx) Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.

Generic AAA model in Grids IRTF - AAAARCH meeting IETF 52 – Dec 14 th Salt Lake City Leon Gommans Advanced Internet Research Group.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Service Layer Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP16 Agenda Item:

Service Layer Session Management Group Name: WG2-ARC Source: IDCC, LGE, ZTE Meeting Date: TP16 Agenda Item:
Facing the Challenges of M2M Security and Privacy

Facing the Challenges of M2M Security and Privacy
Credential Identifiers Group Name: SEC#14.2 Source: Phil Hawkes, Qualcomm Inc, Meeting Date: 2014-12-18.

Credential Identifiers Group Name: SEC#14.2 Source: Phil Hawkes, Qualcomm Inc, Meeting Date:
DNS-centric PKI Sean Turner Russ Housley Tim Polk.

DNS-centric PKI Sean Turner Russ Housley Tim Polk.

Similar presentations

Ads by Google