certificate enrolment stes group name: sec#18 source: phil hawkes, qualcomm inc,...

Certificate Enrolment STEs

Group Name: SEC#18Source: Phil Hawkes, Qualcomm Inc, [email protected] Meeting Date: 2015-07-20Agenda Item: TS-0003 – Release 2 Small Technical Enhancements

mailto:[email protected]

oneM2M Enrolment Requirements

• Rel 1 supports remote security provisioning of symmetric key credentials for the M2M SP’s domain– There is currently little consistence in use of “remote security provisioning”,

“enrolment” and “bootstrap” in TS-0001 & TS-0003. This needs to be addressed, but we do not attempt to address this here

• For Rel 2, we want to extend this to support remote security provisioning of public key credentials = public key certificates for the M2M SP’s domain– This type of process is sometimes called “Certificate Enrolment” and sometimes

called “Certificate Management”– Given existing use of the term “enrolment”, it would seem that “Certificate

Enrolment” would be appropriate terminology for us (at least for the time being)• We can change the terminology later if we like.

© 2015 oneM2M PartnersSEC-2015-0549R01-Certificate_Enrolment_STEs

2

SER-020 The oneM2M System shall enable legitimate M2M Service Providers to provision their own credentials into the M2M Devices/Gateways.

Implemented in Rel-1

SER-021 The oneM2M System shall be able to remotely and securely provision M2M security credentials in M2M Devices and/or M2M Gateways.

Implemented in Rel-1

Basic Cert Enrolment Terminology

• End-Entity (EE): the entity that owns a key pair and for whom a certificate is issued [1]

• Certification Authority (CA): – the entity that issues certificates. [1]– the trusted third party/Organization responsible for

validating the identity of a person or organization & issuing a certificate [2]

References• “Certificate Management over CMS (CMC)” RFC 5272• http://www.techotopia.com/index.php/An_Overview_

of_Public_Key_Infrastructures_(PKI) © 2015 oneM2M Partners

<Document number>3

http://www.techotopia.com/index.php/An_Overview_of_Public_Key_Infrastructures_(PKI)


Cert Enrolment: Intro• What? A protocol for an EE to obtain or update a public key

certificate for which the private key is known to the EE, – Also used for configuring CA certificates to EE

• Why? Enables mutual authentication between the EE and all other entities in that PKI.

• Which Common Protocols should we consider1. Certificate Management Protocol (CMP) RFC 4210, RFC 6712 2. Certificate Management over CMS (CMC) RFC 52723. Certificate Management over CMS (CMC): Transport Protocols RFC

52734. Enrolment over Secure transport (EST) RFC 7030

• Uses CMC / HTTPS / TLS. TLS typically used for client authentication5. Simple Certificate Enrolment Protocol (SCEP)

• Not a standard. IETF draft-nourse-scep-23– No standards exist for certificate management/enrolment over UDP

© 2015 oneM2M Partners<Document number>

4

Registration Authorities• Registration Authority (RA) …

– …the component of a PKI which is responsible for accepting requests for digital certificates and authenticating the person or organization [or entity] making the request. … Once the validation process is complete the RA transmits the request to the CA [2]

– …an entity that acts as an intermediary between the EE and the CA. Multiple RAs can exist between the end-entity and the Certification Authority. [1]• RAs .. [ may] …participate in the protocol by taking PKI Requests, wrapping them in a second layer of

PKI Request with additional requirements or statements from the RA and then passing this new expanded PKI Request on to the CA. [1]

• In a certification request scenario that involves an RA, the CA may allow (or require) that the RA perform the POP protocol with the entity that generated the certification request. [1]

– NOTE: Sometimes, a CA integrates an RA, and no distinction is made between CA and this RA• Client: an entity that creates a PKI Request… both RAs and EEs can be clients. [1]• Server: entities that process PKI Requests and create PKI Responses… both CAs

and RAs can be servers. [1]References• “Certificate Management over CMS (CMC)” RFC 5272• http://www.techotopia.com/index.php/An_Overview_of_Public_Key_Infrastructur

es_(PKI)


5



Internal to CA organization

Example 1


6

EE RA CA

RA Authentication(o) Modifies PKI request

Processes PKI request: Creates certificate,

Creates PKI Response,

Creates PKI request

clientclient

client

client server

serverserver

server

In this example, the CA organization separates the RA functions from the CA (certificate generation) functions

PKI Request

PKI Response

PKI Request

PKI Response


Example 2


7

EE CA



Creates PKI request

client

client server

server

PKI Request

PKI Response


In this example, the CA organization has no separation of RA functions and CA functions. Externally indistinguishable from Example 1


Example 3


8

EE RA CA




Creates PKI request

Local RA

EE Authentication

(o) Modifies PKI request

clientclient client

client

client

client server

server

serverserverserver

server

In this example, Local RA can authenticate EE, but not CA Organization. CA Org trusts Local RA to verify EE

PKI Response PKI Response PKI Response

PKI Request

PKI Request

PKI Request



9

EE CA




Creates PKI request

Local RA

EE Authentication

(o) Modifies PKI request

clientclient

client

client server

server

serverserver

In this example, the CA organization has no separation of RA functions and CA functions. Externally indistinguishable from Example 3

PKI Request

PKI Request

PKI ResponsePKI Response

Example 4

Cert Enrolment: Intro continued• How do CA, Registration Authority (RA) and EE interact?

– Requests EE [ RA x N] CA. Responses return on same path– RA applies some processing to requests and responses, e.g. signing

• How does CA/RA know that EE knows private key? OptionsA. EE generated key pair

1. EE generates the private/public key pair,2. EE Provides proof-of-possession (POP):by signing req, sending w/ req3. CA/RA verifies the POP

– CA may rely on RA to verify POP (Examples 1,3,4)4. CA generates the certificate, which is returned to the EE

B. CA or RA generated key pair1. RA Authenticates EE2. CA/RA generates the private/public key pair, 3. CA generates the certificate4. CA/RA encrypts private key (using secret/password known to EE) 5. CA/RA sends private key to EE in encrypted form, along with cert


10

oneM2M Certificate Enrolment• What? – A CSE/AE = EE Interacting with (opt RAs &) a CA to obtain

• CA certificates that the M2M SP wants the EE to trust• EE certificate w/ chain to one of above CA certs• Certificate may contain the CSE-ID or AE-ID

• Why? – Enables mutual authentication between CSE/AE and all

other entities using the M2M SP’s PKI.• Which entity would assume role of CA or RA? – M2M Enrolment Function (MEF) – Performs similar role in “symmetric key” enrolment– See later slide titled “Motivation for MEF as EST Server”


11

Transport• There may be multiple devices with Middle Node(s) on

path between AE/CSE & the infrastructure domain• Options for transporting certificate enrolment msgs

between AE/CSE & MEF1. oneM2M reference points Mca+Mcc

• Advantage: utilize CDMH for efficient delivery• Disadvantage: Requires CSE/AE to register first, and at that point

in time, mutual authentication of CSE/AE & Registrar might not be possible

– End-to-end TCP session: • Note: TCP packets may pass through multiple gateways (NAT,

Firewall, TCP proxy)• Advantage: No need for CSE/AE to register first. Simpler.• Disadvantage: Can’t benefit from CDMH

12

Option 1:oneM2M ref. points

13

AE/CSE

Link

IP

TCP

TLS

HTTP

oneM2M

MN CSE

Link

IP

TCP

TLS

HTTP

oneM2M

IN CSE

Link

IP

TCP

TLS

HTTP

oneM2M

RA/CA

Link

IP

TCP

TLS

HTTP

oneM2M

CertEnrolClient

CertEnrolServer

Option 2: End-to-end TCP

14

AE/CSE

Link

IP

TCP

Gateway

Link

IP

TCP

Gateway

Link

IP

TCP

RA/CA

Link

IP

TCP

CertEnrolClient

CertEnrolServer

Event Frequency & CMDH Benefit• Certificate Enrolment is an infrequent event

for each AE/CSE– e.g. once every N years • The efficiency gains, of using CMDH for

infrequent events, will be negligible when considering all the other frequent events over that period of time.

• Removes advantage of using oneM2M reference points (Option 1)

• Suggests using option 2: End-to-End TCP

15

EST• Enrolment over Secure Transport (EST) – Secures enrolment process using TLS (over TCP)– EST Server analogous to Registration Authority

• RFC 7030 does not address EST Server ↔ CA interface– EST Client can be

• End-Entity, or• An RA passing messages between EE and EST Server

• EST Requests/Responses use Certificate Management over CMS (CMC) RFC 5272– EST is a profile for CMC

16

EST ProtocolLayers

17

EST General Client/Server Interaction1. The client establishes TLS-secured HTTP session with an EST server

a. Client authenticates the Serverb. Server may authenticate client (if not, then step 2.b is mandatory)

2. The client and server perform a set of EST request/responses interactions

a. Specific EST service is requested based on a portion of URI 1. /cacerts, /simpleenroll, /simplereenroll, /fullcmc, /serverkeygen, /csrattrs

– Client/user may provide HTTP Basic/Digest username/ password authentication for proof-of-identity. Required if client not authenticated in Step 1.b

– The client verifies that the server is authorized to serve this client – The server verifies that the client is authorized to make use of this

server and the request that the client has made– The server acts upon the client request

18

EST Authentication Options• Certificate TLS Mutual Authentication

– RECOMMENDED option in RFC 7030– Could use TLS authentication defined for Certificate-based Remote

Security Provisioning Framework (RSPF) –TS-0003 Clause 8.3.2.2• Certificate-less TLS Mutual Authentication

– EST text seems to expect that this would use weak secrets (e.g. Passwords) and recommends using SRP or similar

– Could use TLS-PSK with strong secrets, • TLS authentication defined for PSK & GBA RSPFs –TS-0003 Clause 8.3.2.1, 8.3.2.3

• Server-Only TLS– Server is authenticated via certificate in TLS– Client authenticated using HTTP Basic/Digest Auth with username/

password– Currently, no similar oneM2M RSPF

• We are considering proposing adding support for this, but we are still evaluating the justification.

19

When EST Client is an RA

• EST allows the EST Client (which we normally consider to be the CSE/AE) to be a Registration Authority (RA)– By including the id-kp-cmcRA [RFC6402] extended

key usage extension

• This could be very helpful... – Examples in following slides

• …and the functionality is already in EST!

20

Example: User device as Subscriber’s RA• Subscriber requests RA certificate for her user device

(laptop/smartphone/tablet)– Includes the id-kp-cmcRA extended key usage extension– The EST Server (MF) updates its database to authorizes this certificate to request

enrolling entities to Subscriber’s subscription• User device may assist enrolling Subscriber’s CSE/AEs to M2M SP via MEF

1. Subscriber connects the CSE/AE to the user device using some secure, authenticated channel (e.g. over USB, authenticated Bluetooth).

2. Subscriber triggers the CSE/AE to pass a certificate signing request to the user device3. The user device verifies the Proof-of-possession presented by the CSE/AE4. The user device may add some extensions to the certificate signing request,

including identifying the Subscriber’s subscription to which the entity is to be added5. The user device and MEF perform EST

• MEF determines that user device is authorized to act as RA to add entities to Subscriber’s subscription• MEF returns a certificate to the CSE/AE• MEF informs that M2M SP, that this CSE/AE is to be added to the

6. The user device returns the certificate to the CSE/AE• The user device doesn’t get to know the private key

21

Example: User device as M2M SP’s RA• M2M SP technician requests RA certificate for user device

(laptop/smartphone/tablet)– To be used to assist subscribers in enrolling their devices.– Includes the id-kp-cmcRA extended key usage extension– The EST Server (MF) updates its database to authorizes this certificate to request

enrolling entities to ANY of the M2M SP’s subscription• User device may assist enrolling ANY Subscriber’s CSE/AEs to M2M SP via MEF

1. Technician connects the CSE/AE to the user device using some secure, authenticated channel (e.g. over USB, authenticated Bluetooth).

2. Technician triggers the CSE/AE to pass a certificate signing request to user device3. User device verifies the Proof-of-possession presented by CSE/AE4. User device may add some extensions to the certificate signing request, including

identifying the subscription to which the entity is to be added• The technician may need to enter the identifier for the appropriate subscription

5. User device and MEF perform EST• MEF determines that user device is authorized to act as RA to add entities to any of M2M SP’s

subscription• MEF returns a certificate to the CSE/AE• MEF informs that M2M SP, that this CSE/AE is to be added to the

– The user device returns the certificate to the CSE/AE• The user device doesn’t get to know the private key

22

Plan• Introduce changes as one (or possibly two)“Small

Technical Enhancements”• STE 1: Introduce EST for certificate enrolment– Update TLS mutual authentication text for Certificate, GBA

and PSK RSPFs in TS-0003 (for symmetric key enrolment) so they can be used w/ EST • NOTE: aligns symmetric key & certificate enrolment

– Support scenarios where EST Client is an RA (e.g. laptop)• (Possible) STE 2: Add username/password client

authentication – HTTP Basic/Digest Authentication w/ Username/passwd– Supported for both symmetric key & certificate enrolment– Still evaluating the justification for this.

23

Motivation for MEF as EST Server

• As proposed on previous slide, the plan is to align symmetric key & certificate enrolment

• MEF could choose to support symmetric key enrolment and/or certificate enrolment!

• Simpler for oneM2M ecosystem if there is a single entity with multiple options

24

Anticipated STE 1 TS-0003 ChangesClause Update/

newClause title Change Relative

Work

6.1.3.1 Update Enrolment Phase High level overview of cert enrolment

Low

6.2.6 Update Trust Enabler Security Functions

Support for cert enrolment

Low

8.3.1 Update General Overview to RSPFs overview certificate enrolment

High

8.3.2.1-8.3.2.3

Update PSK, Certificate and GBA RSPF Details

support use for certificate enrolment

Medium

9.2.2 Update Bootstrap Instruction Configuration Procedure

AE-ID/CSE-ID to put in certificate

Low

25

Anticipated STE 2 TS-0003 ChangesClause Update/

newClause title Change Relative

Work

6.1.3.1 Update Enrolment Phase Include Username/Password RSPF

Low

8.1.4 New Username/Password Security Framework

Any details useful to include here

Medium

8.3.1 Update General Overview to RSPFs

Include Username/Password RSPF

Low

8.3.2.4 New Username/Password RSPF

Full specification High

9.2.1 Update Bootstrap Credential Configuration Procedure

Adding credential configuration for username/password RSPF

Low

10.2.4 New TLS ciphersuite details for Username/Password RSPF

Medium

26

Anticipated TS-0001 Changes

• Clause 11 in TS-0001 will also need minor updates to extend “enrolment” concept to include certificate enrolment– Mostly confined to clause 11.2 “M2M Initial

Provisioning Procedures”

27

certificate enrolment stes group name: sec#18 source: phil hawkes, qualcomm inc,...

Documents