1 / 21

Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs)

Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: IEEE802.15.3: Security-Privacy Introduction and Overview Date Submitted: May, 2001 Source: William A. Arbaugh Company: University of Maryland Address:

dalegibson
Download Presentation

Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: IEEE802.15.3: Security-Privacy Introduction and Overview Date Submitted: May, 2001 Source: William A. Arbaugh Company: University of Maryland Address: Voice: +1.301.455-2774, E-Mail: waa@cs.umd.edu Re: [ ] Abstract: Security and Privacy principles Purpose: 1) To inform the IEEE 802.15.3 about fundamental security and privacy issues in wireless personal area networks. Notice: This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that these viewgraphs become(s) the property of IEEE and may be made publicly available by P802.15.

  2. Security/Privacy Introduction and Overview William A. Arbaugh waa@cs.umd.edu

  3. Talk Outline • Introduction • Roadmap • Scenarios • Preliminary threat analysis • Preliminary requirement analysis

  4. Some beginning thoughts • “Security is a process” • “Cryptography is not security” • “To be effective, security must be transparent”

  5. You can never have 100% • Security is all about Risk Management

  6. Similarities to 802.11 but… • WPAN is a much more difficult problem • CPU constraints • Power constraints • Memory constraints • Cost constraints • Infrastructure issues • The end points in 802.11 are hosts.

  7. Security Architecture Elements • Integrity • Source of data, i.e. prevent datagram forgeries • Data content, i.e. prevent data modification • Confidentiality • How long does the data need to remain protected? • Authentication

  8. Trusted Element • What is it? • Most every day transactions have a common trusted element to them. • Establishing a trusted element with each scenario is one of the most difficult aspects of a security architecture for WPAN.

  9. Roadmap • Define scenarios • Develop threat model • Define requirements • Develop architecture • External review

  10. Scenarios • Consumer • Peripherals • Photo frames • Trade show • Exchange info • Exchange proprietary info

  11. Scenarios cont. • Trading floor / Auctions • Bids public, but need non-repudiation • Settlement • Kiosks/commerce

  12. Threat Classes • Class I • Clever outsiders that attempt to take advantage of existing system weaknesses. Access to moderately sophisticated equipment is assumed. • Class II • Knowledgeable insiders with detailed information about various parts of the system, and they may have access to sophisticated equipment.

  13. Threat Classes cont. • Class III • Funded organizations able to assemble specialized teams with access to extremely sophisticated equipment.

  14. Threat and Requirements • The next few slides present a “straw man” for both the threat and security requirements for each scenario. They are designed to be the starting point for discussions.

  15. Consumer Threat Model

  16. Trade Show Threat Model • It would be nice, but establishing a common trust element is too dificult.

  17. Auction Threat Model

  18. Kiosk Threat Model

  19. Requirements • A single solution WILL NOT meet all of the potential requirements. • Choices (all have draw backs) • Engineer to the strongest requirements • Implement a security association mechanism • Provide minimal support (Class I protection) in .15 and meet stronger requirements with upper layers

  20. Now What? • Committee should agree on a set of scenarios representing typical WPAN usage. • Committee agrees on a threat model for each scenario. • Committee agrees on security requirements for each scenarios. • Architecture developed based on the above. • Architecture submitted for external review.

  21. Conclusions • Security is a process and must be viewed holistically with the rest of the system. • Security must be designed into the system from the beginning.

More Related