1 / 10

Proposal for device identification PAR

This proposal aims to establish a standardized method for unique per-device identifiers and authentication protocols in order to enhance device identity management and establish trust. The proposal includes an abstract framework, concrete protocol over 802.3, and standards for vendor trust. The market potential includes network equipment provisioning, authenticated key exchange in other protocols, inventory management, and internal component identification.

rmorley
Download Presentation

Proposal for device identification PAR

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Proposal for device identification PAR

  2. Scope • Unique per-device identifiers (DevID) • Method or methods for authenticating that device is bound to that identifier • Abstract framework • Concrete protocol over 802.3 • Standards for establishing and maintaining vendor trust

  3. Rationale • Many ways to identify individuals • No standard ways to identify devices • MAC addresses are not sufficient • Multiple per device • Reconfigurable • Not cryptographically bound • Device identity is important for completing chains of trust • Window of vulnerability

  4. Uses • Network equipment provisioning • Authenticated key exchange in other protocols • E.g., 802.1af, 802.1X • Inventory management • Internal component identification • LLDP chassis IDs • …

  5. Market Potential • Any protocol requiring identification at layer 2 • Any authentication protocols • Applicable in bridges, routers, end-stations, … • Consistent acquisition procedures across manufacturers • Cost should not be a barrier to adoption • Low incremental cost

  6. Compatibility • IEEE 802.1 standard • In conformance with • 802 overview and architecture • Existing standards within 802.1 and 802.3 • Managed objects will be defined consistent with existing policies and practices

  7. Relationship with other standards • No standards providing device identity within IEEE 802 • No such standards outside of IEEE • CableLabs DOCSIS • Not generally applicable (cable modem specific) • CableLabs is intermediary for deployment • CableLabs is not a standards body • IETF liaison letter in support of value

  8. PKI overview Manufacturer Device Key generation capability Certification Authority Key generation capability Private key Root certificate Sign Certificate Public Key Intention is that private key would not be exportable once installed DevID number

  9. Technical overview Vendor Credentials Device Device Identity Identity Management capability

  10. Analysis • No registration within IEEE required • Vendors can be their own root • Trust by reputation • Management vendors can aggregate credentials • Or, IEEE could outsource a PKI, e.g., to Verisign • Physical security of devices is a known threat • Some vendors will choose high security • Others will want to support hot-swapping • Hardware implementation cost small, not free • Available crypto capability • Cheap off the shelf solutions (including software) • 128 to 512 bytes of storage

More Related