1 / 20

Secure Key Negotiation Using HIP for WPANs

This submission discusses unifying keying mechanisms across protocol layers in IEEE 802.15.6 devices using the Host Identity Protocol (HIP). It reviews the need for layered security models and the role of HIP in providing security at Layers 2 and 3.

dmunguia
Download Presentation

Secure Key Negotiation Using HIP for WPANs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Robert Moskowitz (ICSAlabs/VzB) Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs)‏ Submission Title: Key Negotiation for IEEE 802.15.6 devices using the Host Identity Protocol (HIP)‏ Date Submitted: 18 November, 2009 Source: Robert Moskowitz (ICSAlabs, an Independent Division of Verizon Business Systems)‏ Address: Detroit, MI USA Voice:[…], FAX: […], E-Mail: robert dot moskowitz at icsalabs dot com Re: Unifying keying across protocol layers Abstract: The document proposes unifying the expensive keying mechanism across the protocol layers using the Host Identity Protocol, RFC 4423. Purpose: Review layered security model, why both Layer 2 & 3 security needed and how HIP can key Layer 2 security and provide Layer 3 security. Notice: This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15.

  2. Robert Moskowitz (ICSAlabs, an Independent Division of Verizon Business Systems)‏ Key Negotiation for IEEE 802.15.6 devices using the Host Identity Protocol (HIP)‏ Robert Moskowitz (ICSAlabs/VzB)

  3. Robert Moskowitz (ICSAlabs/VzB) What to Secure? • As stated by Norm Finn at the start of the 802.1 LinkSec effort: • Layer 2 security addresses the Risks and Liabilities of the Network Owner • Layer 3 security addresses the Risks and Liabilities of the System Owner • Layer 4 security addresses the Risks and Liabilities of the Application Owner • Layer 7 security addresses the Risks and Liabilities of the Data Owner • There is some natural overlap • Note that each layer tends to have its own datagram framing requirements, but keying issues MAY be commonized.

  4. Robert Moskowitz (ICSAlabs/VzB) A Security Curmudgeon Speaks out • MAC security is at best half the problem • It boarders on impossible to design a secure system that does not implement system security protocols • Even the smallest sensors are faced with this problem and thus a cost-vs-secure trade off. • It is HARD to design a Key Management System • And, in part, why we have so few KMSs.

  5. Robert Moskowitz (ICSAlabs/VzB) Key Management Requirements • Really Secure • E.G. SigMa compliant • webee.technion.ac.il/~hugo/sigma.html • Minimal cost • Short exchange, e.g. 4 datagrams • Use ECC • Long-lived state, e.g. survive power cycles • Challenge of maintaining CCM counter as well

  6. Robert Moskowitz (ICSAlabs/VzB) Key Management Requirements • Avoid 3rd parties • E.G. PKI and AAA (used in 802.1X)‏ • Support Access Control Lists (ACLs)‏ • With simple registration, e.g. password based • Support Emergency Access • E.G. One time Password based • Restricted data flow • E.G. “We detect a heartbeat in the rubble”

  7. Robert Moskowitz (ICSAlabs/VzB) A Short Introduction to HIPAnd what it offers mBAN • The Host Identity Protocol (HIP)‏ • Started January 1998 • RFCs: 4423, 5201-5206 • Leverages a Public Key “Host Identity” to • Set up a secure communication between 2 hosts • True Peer-to-peer model • Decouple the Transport layer from the Internetworking layer • Currently RSA & DSA, ECC being added • www.ietf.org/proceedings/09nov/slides/HIPRG-6.ppt

  8. Robert Moskowitz (ICSAlabs/VzB) A Short Introduction to HIPAnd what it offers mBAN • Introduces the “Host Identity Tag” (HIT)‏ • A hash of the HI into the IPv6 address space • Currently in ORCHID (RFC 4843) format • Currently uses SHA-1 • Plans to add other hashes, e.g. GMAC • Applications bind to the HIT and never see routable IPv6 addresses • HIP middle layer does the mappings • Redirects ARE a problem • Supports true multihoming • Supports true mobility • Local Scope Identities (LSI) for IPv4 support

  9. Robert Moskowitz (ICSAlabs/VzB) A Short Introduction to HIPAnd what it offers mBAN • Uses The Encapsulating Security Payload (ESP) in Transport mode for datagram protection • Any ESP ciphersuite can be used • ESP + CCM costs ~26 bytes • The SPI (Security Parameter Index) is the per-packet index to the HIT and IP addresses • All host-paired applications use the same Security Association

  10. Robert Moskowitz (ICSAlabs/VzB) A Short Introduction to HIPAnd what it offers mBAN • HIP is **NOT** a replacement for IKE in IPsec • It is similar, but solves different problems • IKEv2 came after HIP and has 'lessons learned' in its design. • Currently only supports ESP in Transport mode • Discussions to add AH support for IPv6 • If you want a tunnel, run a tunnel within Transport (IPnIP)‏

  11. Robert Moskowitz (ICSAlabs/VzB) A Short Introduction to HIPAnd what it offers mBAN • The HIP Base Exchange is 4 packets

  12. Robert Moskowitz (ICSAlabs/VzB) A Short Introduction to HIPAnd what it offers mBAN

  13. Robert Moskowitz (ICSAlabs/VzB) A Short Introduction to HIPAnd what it offers mBAN • Limited policy negotiation • e.g. Key lifetime is a local host issue • HIP mobility via Rendezvous Server • NOT a HOME agent • Systems register to an RVS • RVS only 'slingshots' I1 • HIP API • Applications can query their security posture • Alternative to Layer 4 security

  14. Robert Moskowitz (ICSAlabs/VzB) HIP brings to mBAN • Key MAC security as well as Internetworking security • Implement a single KMS • Applications are IP address ignorant • Mobility • IPv6 datagram compression • Local loop does may not need SRC and DST addresses • This will take work to work right

  15. Robert Moskowitz (ICSAlabs/VzB) HIP work • HIP code • Boeing has SCADA experience with their implementation • www.openhip.org • Ported to ARM, but patches not yet public • Ericsson's NomadicLabs has BSD licensed code • hip4inter.net

  16. Robert Moskowitz (ICSAlabs/VzB) HIP work • HIP code • Helsinki Institute of Information Technologies • hipl.infrahip.net • Available on N810 • RSA based HIP est. cost of 360mA, no data yet on ECC • Ported to Imote2 • www.xbow.com/Products/productdetails.aspx?sid=253

  17. Robert Moskowitz (ICSAlabs/VzB) HIP work • “Internet of Things” • perso.telecom-paristech.fr/~urien/hiptag/index.html • HIP EAP • Password challenge/response within HIP • draft-varjonen-hip-eap-00.txt

  18. Robert Moskowitz (ICSAlabs/VzB) HIP References • HIP book by Andrei Gurtov • www.amazon.com/Host-Identity-Protocol-HIP-Communications/dp/0470997907 • Writings • www.cs.helsinki.fi/u/gurtov/papers/ • Host Identity Protocol (HIP): Connectivity, Mobility, Multi-homing, Security, and Privacy over IPv4 and IPv6 networks • www.cs.helsinki.fi/u/gurtov/papers/hip_survey.pdf • Performance of Host Identity Protocol on Lightweight Hardware • www.cs.helsinki.fi/u/gurtov/papers/mobiarch.pdf

  19. Robert Moskowitz (ICSAlabs/VzB) HIP References • More Writings • www.cs.helsinki.fi/u/gurtov/papers/ • Analysis of the HIP Base Exchange Protocol • www.cs.helsinki.fi/u/gurtov/papers/analysis_hip.pdf • Note many of these recommendations were implemented • Usable Security Management with Host Identity Protocol • www.cs.helsinki.fi/u/gurtov/papers/hip_usab.pdf • Performance of Host Identity Protocol on Symbian OS • www.cs.helsinki.fi/u/gurtov/papers/symbian_hip.pdf

  20. Robert Moskowitz (ICSAlabs/VzB) Questions?

More Related