doc.: ieee 802.15-09-0791-01-0006 submission november 2009 robert moskowitz (icsalabs/vzb)slide 1...

November 2009

Robert Moskowitz (ICSAlabs/VzB)Slide 1

doc.: IEEE 802.15-09-0791-01-0006

Submission

Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs)Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs)

Submission Title: Key Negotiation for IEEE 802.15.6 devices using the Host Identity Protocol (HIP)Date Submitted: 18 November, 2009Source: Robert Moskowitz (ICSAlabs, an Independent Division of Verizon Business Systems)Address: Detroit, MI USAVoice:[…], FAX: […], E-Mail: robert dot moskowitz at icsalabs dot com

Re: Unifying keying across protocol layers

Abstract: The document proposes unifying the expensive keying mechanism across the protocol layers using the Host Identity Protocol, RFC 4423.

Purpose: Review layered security model, why both Layer 2 & 3 security needed and how HIP can key Layer 2 security and provide Layer 3 security.

Notice: This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15.

November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission

Key Negotiation for IEEE 802.15.6 devices using the Host Identity Protocol (HIP)

Robert Moskowitz (ICSAlabs, an Independent Division of Verizon Business Systems)

November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission

What to Secure?

• As stated by Norm Finn at the start of the 802.1 LinkSec effort:

– Layer 2 security addresses the Risks and Liabilities of the Network Owner

– Layer 3 security addresses the Risks and Liabilities of the System Owner

– Layer 4 security addresses the Risks and Liabilities of the Application Owner

– Layer 7 security addresses the Risks and Liabilities of the Data Owner

– There is some natural overlap

• Note that each layer tends to have its own datagram framing requirements, but keying issues MAY be commonized.

November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission

A Security Curmudgeon Speaks out

• MAC security is at best half the problem• It boarders on impossible to design a

secure system that does not implement system security protocols– Even the smallest sensors are faced with this

problem and thus a cost-vs-secure trade off.

• It is HARD to design a Key Management System– And, in part, why we have so few KMSs.

November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission

Key Management Requirements

• Really Secure– E.G. SigMa compliant

• webee.technion.ac.il/~hugo/sigma.html

• Minimal cost– Short exchange, e.g. 4 datagrams– Use ECC– Long-lived state, e.g. survive power cycles

• Challenge of maintaining CCM counter as well

November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission

Key Management Requirements

• Avoid 3rd parties– E.G. PKI and AAA (used in 802.1X)

• Support Access Control Lists (ACLs)– With simple registration, e.g. password

based

• Support Emergency Access– E.G. One time Password based– Restricted data flow

• E.G. “We detect a heartbeat in the rubble”

November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission

A Short Introduction to HIPAnd what it offers mBAN

• The Host Identity Protocol (HIP)– Started January 1998– RFCs: 4423, 5201-5206

• Leverages a Public Key “Host Identity” to– Set up a secure communication between 2

hosts• True Peer-to-peer model

– Decouple the Transport layer from the Internetworking layer

– Currently RSA & DSA, ECC being added• www.ietf.org/proceedings/09nov/slides/HIPRG-6.ppt

November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission


• Introduces the “Host Identity Tag” (HIT)– A hash of the HI into the IPv6 address space

• Currently in ORCHID (RFC 4843) format• Currently uses SHA-1

– Plans to add other hashes, e.g. GMAC

– Applications bind to the HIT and never see routable IPv6 addresses• HIP middle layer does the mappings

– Redirects ARE a problem

• Supports true multihoming• Supports true mobility• Local Scope Identities (LSI) for IPv4 support

November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission


• Uses The Encapsulating Security Payload (ESP) in Transport mode for datagram protection– Any ESP ciphersuite can be used

• ESP + CCM costs ~26 bytes

– The SPI (Security Parameter Index) is the per-packet index to the HIT and IP addresses

– All host-paired applications use the same Security Association

November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission


• HIP is **NOT** a replacement for IKE in IPsec– It is similar, but solves different problems– IKEv2 came after HIP and has 'lessons

learned' in its design.– Currently only supports ESP in Transport

mode• Discussions to add AH support for IPv6• If you want a tunnel, run a tunnel within Transport

(IPnIP)

November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission


• The HIP Base Exchange is 4 packets

November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission


November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission


• Limited policy negotiation– e.g. Key lifetime is a local host issue

• HIP mobility via Rendezvous Server– NOT a HOME agent– Systems register to an RVS– RVS only 'slingshots' I1

• HIP API– Applications can query their security posture– Alternative to Layer 4 security

November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission

HIP brings to mBAN

• Key MAC security as well as Internetworking security– Implement a single KMS

• Applications are IP address ignorant– Mobility– IPv6 datagram compression

• Local loop does may not need SRC and DST addresses

• This will take work to work right

November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission

HIP work

HIP code Boeing has SCADA experience with their

implementation www.openhip.org Ported to ARM, but patches not yet public

Ericsson's NomadicLabs has BSD licensed code

hip4inter.net

November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission

HIP work

HIP code Helsinki Institute of Information

Technologies hipl.infrahip.net Available on N810– RSA based HIP est. cost of 360mA, no data yet on ECC

Ported to Imote2– www.xbow.com/Products/productdetails.aspx?sid=253

November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission

HIP work

“Internet of Things”

perso.telecom-paristech.fr/~urien/hiptag/index.html

HIP EAP Password challenge/response within HIP draft-varjonen-hip-eap-00.txt

November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission

HIP References

• HIP book by Andrei Gurtov– www.amazon.com/Host-Identity-Protocol-

HIP-Communications/dp/0470997907• Writings

– www.cs.helsinki.fi/u/gurtov/papers/• Host Identity Protocol (HIP): Connectivity,

Mobility, Multi-homing, Security, and Privacy over IPv4 and IPv6 networks– www.cs.helsinki.fi/u/gurtov/papers/hip_survey.pdf

• Performance of Host Identity Protocol on Lightweight Hardware– www.cs.helsinki.fi/u/gurtov/papers/mobiarch.pdf

November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission

HIP References

• More Writings– www.cs.helsinki.fi/u/gurtov/papers/

• Analysis of the HIP Base Exchange Protocol– www.cs.helsinki.fi/u/gurtov/papers/analysis_hip.pdf

• Note many of these recommendations were implemented

• Usable Security Management with Host Identity Protocol– www.cs.helsinki.fi/u/gurtov/papers/hip_usab.pdf

• Performance of Host Identity Protocol on Symbian OS– www.cs.helsinki.fi/u/gurtov/papers/symbian_hip.pdf

November 2009


doc.: IEEE 802.15-09-0791-01-0006

Submission

Questions?

doc.: ieee 802.15-09-0791-01-0006 submission november 2009 robert moskowitz (icsalabs/vzb)slide 1...

Documents