CETA Workshop–November 2011-Key Security Challenges in ...€¦ · Key Security Challenges in...
Transcript of CETA Workshop–November 2011-Key Security Challenges in ...€¦ · Key Security Challenges in...
Key Security Challenges in
Smart Swarm of ThingsSmart Swarm of Things
NIST/CETA Workshop, G ith b (USA) N b 2011Gaithersburg (USA), November 2011
Oscar Garcia-Morchon, Sye Loong Keoh, Sandeep Kumar Philips Research Europe
Aggenda
• Smart Swarm of Thinggs
• Key establishment
• ID-based symmetric-key agreement
• Conclusions
NIST CETA Workshop, November 2011 2
Smart Swarm of Things Smart Swarm of Things
NIST CETA Workshop, November 2011 3
NIST CETA Wo 2011
Smart Swarm of Things (1/2)) g ( “Ubiquitous computing“ (1991, Mark Weiser)( , )
rkshop, November 4
Smart Swarm of Things (2/2))g (
NIST CETA Workshop, November 2011 5
t t
Opperational Reqquirements
Manufactured Installed
Commissioned
O i l
Reconfiguration SW Update
Decommissioned
Removal
Appl Reconfiguration
O i lOperational Operational
time
• Lifecycle of SSoT • SSSSoTT compriises multilti-venddor ThiThings • SSoT is featured by multi-user control • Heterogeneous applications and networks comprise the SSoT
NIST CETA Workshop, November 2011 6
NIST CETA Workshop, November 2011
Securityy Needs
resource exhhausti tion att ttackk
Incremental deployment Privacy protection
End‐to‐End security Mobility support Privacy protection
Group creation Identity and key management
….
Mobility support Privacy protection
Heterogeneous IoT domains Group membership DoS resistance
…
E2E Security?
Attackers launch
E2E Security?
IP ↔ IoT translation
I TIoT DDomaiin ((e.g, bbasedd on CoAP/6LoWPAN or ZigBee)
Group management andd secure F(ID,y); ID=hash(Entity’s Name)multicast
Bootstrapping Operation Distributed vs Centralized ??
Gateway Internet
http://tools.ietf.org/html/draft-garcia-core-security-03 7
Identification and Key Establishment
NIST CETA Workshop, November 2011 8
Goals ((and reasons))
• Suitable for SSoT operation – ffor siimplle usage
• Feasible in constrained devices/networks to guarantee a basic & interoperable solution – to guarantee a basic & interoperable solution
• Mutual identification/authentication – to verify the involved parties to verify the involved parties
• Establish a secure connection – to ensure the secure data exchangge
TTP
B
A NIST CETA Workshop, November 2011 9
SSoT opperation
Configuration entity Configuration entity
Gateway
Internet
SSoT Domain (e.g, based on 6LoWPAN/CoAP or ZigBee)
Node B Node A
NIST CETA Workshop, November 2011 10
At which level? - e.g., in the IP-based SSoT -
(D)TLS
HIP
IPSec
Application level: Security connection bound to a socket
Device level: Security connection bound to a HIT
Interface level: Security connection bound to an IP address
• SSoT should be able to identify “Things”SSoT should be able to identify Things • Conceptually, the device level seems to be the most suitable
NIST CETA Workshop, November 2011 11
TTPTTP
AA
(0)(0)
NIST CETA Workshop, November 2011
KPu,TTP Kpu,TTP
Online KDC PKI
TTPTTP (2) E{KB,KAB}
TTPTTP
(0) Cert (KPu,A) (1)K
B
(1) (2)(0) KA
E{KA,KAB} B
KPu A
(1)KPu,TTP
AA (3) E{KAB,M} A KPu,A KPr,A
IBE ID-based symmetric-key
KPu,TTP
TTPTTP TTPTTP
IBE ID based symmetric key
B
ID KPr,A
B
ID
KMA B
AA E{K,M}
(1) E{KPu,B,K}
B
AA (1) E{KAB,M} 12
A singgle solution to ensure interopperabilityy?
• Online Key Distribution Centery – scalability
• Public-key infrastructure R d / h– Resources needs/message exchange
• Identity-based Crypto – ID can be bound to a Thing identifier, e.g., HIT – But…bad performance
• Existing ID-based symmetric-key Good performance – Good performance,
– But bad scalability
ID‐based scheme for direct lightweight symmetric‐key generation??
NIST CETA Workshop, November 2011 13
ID-based symmetric-key agreement
NIST CETA Workshop, November 2011 14
ID-based syymmetric-key agreement (1/4)) y g (
A
B Fully pairwise schemeFully pairwise scheme • Each pair of Things shares a pairwise key Features • Each Thing stores N-1 keys • In the system N(N-1)/2 keys •• It does not scale It does not scale
NIST CETA Workshop, November 2011 15
NIST CETA Workshop, November 2011
ID-based syymmetric-key agreement (2/4)) y g (
A
B Polynomial scheme (*) Polynomial scheme (*) • TTP owns a symmetric polynomial f(x,y) • Each Thing with identifier ID receives f(ID,y) • Optionally,
• ID = hash (Identification Information) •• ID could be the network address ID could be the network address
Features • Effortless key establishment between any pair of Things • Implicit verification of identification information • But scalability & performance limited by the polynomial degreeBut, scalability & performance limited by the polynomial degree
(*) related to Blom, R.: “An Optimal Class of Symmetric Key Generation Systems,” in proc. of Advances in Cryptology, 335-338, 1984. 16
ID-based syymmetric-key agreement (3/4)) y g (
Node B Node A
(i) Identifier Exchange
(ii) Key generation
(iii) Authentication Handshake
g
(iv) Session Link Key Establishment
(v) LDC Exchange
(vii) Access Request
(*)Network address IP address HIT (vii) Access Request
(ix) Information
HIT …
Secure channel
(ii) Key generation g
(vi) LDC Verification (*)
(viii) Authorization
NIST CETA Workshop, November 2011 (*)LDC = Identification Information
ID-based syymmetric-key agreement (4/4))y g ( • Polynomial schemes
– Nice operational features – But limited scalability
• If we had If we had… an ID-based scheme• an ID based scheme • with the operational features of a polynomial scheme, • but without the t-threshold
– Any pair off Things would be able to • directly generate a pairwise key from their identities (IP, HIT,…) • mutually authenticate to each other • verify configuration parameters
• Attempt to create such a scheme based on “perturbationperturbation-polynomialspolynomials”Attempt to create such a scheme based on – However, it is broken
NIST CETA Workshop, November 2011 18
Conclusions
NIST CETA Workshop, November 2011 19
Conclusions
• SSoT: evolution & revolution
• Identification and key establishment are key in SSoT – at which level? – a singgle solution to ensure interopperabilityy?
• An interesting way: ID-based symmetric-key agreement @ device level
NIST CETA Workshop, November 2011 20
NIST CETA Workshop, November 2011 21