slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) PowerPoint Presentation
Download Presentation
Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs)

Loading in 2 Seconds...

play fullscreen
1 / 16
gil-gallegos

Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) - PowerPoint PPT Presentation

53 Views
Download Presentation
Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs)
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Bootstrapping using HIP] Date Submitted: [11 May, 2011] Source: [Cao Zhen, Liu Dapeng] Company [China Mobile Communications Corporation] Address [28 Xuanwumenxi Ave. Beijing, China] Voice:[+86-66006688], FAX: [+86-10-63601087], E-Mail:[{caozhen,liudapeng}@chinamobile.com] Abstract: [This document discusses the method of using HIP and diet-HIP to bootstrap the IEEE 802.15.4 network ] Purpose: [For information and discussion] Notice: This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15.

  2. <Sept 2010> Bootstrapping WPAN using HIPZhen Cao, Dapeng Liu April 25, 2011

  3. IEEE standards ensure connectivitiy at MAC and Phy layer • IETF standards achieve IP connectivity • IEEE 802.15.4 MAC encodes encryption payload, but no way to initiate the keys • How to initially configure the network? • How nodes authenticate to the network • How nodes get the IP address • … • In one word, how to bootstrap? The Problem

  4. Any process before the network can operate • Link-layer address • MAC layer configuration • Encryption/authentication keys What’s Bootstrapping

  5. Data Confidentiality Data Integrity Keys and key freshness Multi domain support Identities System level requirements

  6. End-to-end bootstrapping • Using HIP to establish the SA between two end points • Using the HIP-established SA to delieve the management objects Bootstrapping using HIP PAN Coordinator Other network Bootstrapping and get the configuration objects

  7. v4/v6 bridge Multi-homing Mobility What’s HIP Transport Layer End-to-end, HITs IP layer IPsec HIP Fragmentation Forwarding Hop-by-hop, IP addresses Link Layer 7

  8. HIP Basic Exchange Responder Initiator I1: HITI, HITR or NULL R1: HITI, [HITR, puzzle, DHR, HIR]sig Control I2: [HITI, HITR, solution, DHI, {HII}]sig R2: [HITI, HITR, authenticator]sig User data messages Data

  9. HIP BEX (Basic Exchange) is heavy weight • Puzzle solutions • SA negotiation • IPsec The problem with HIP

  10. Diet HIP • The HIP DEX, rather than a BEX, exchange is identified by a DEX HIT • I & R HITs included in exchange headers • I R • I1 ::= () ------> • R1 ::= <--- Pn, PKr • I2 ::= Pn, Sn, PKi, ECR(DHk,x|n), MAC(x,(Pn, Sn, PKi, ECR(DHk,x|n))) ------> • I or MI R • R2 ::= <--- ECR(DHk,y|n), MAC(x, (ECR(DHk,y|n))) • I R • <--- Data, MAC(EX(x,y), Data) ------> • Note be end of exchange, parties can ONLY be R and I.

  11. Diet HIP • The HIP DEX, rather than a BEX, exchange is identified by a DEX HIT • I & R HITs included in exchange headers I R D-HIP (Start of Exchange ) D-HIP (Pn, PKr) Pn, Sn, PKi, ECR(DHk,x|n), MAC(x,(Pn, Sn, PKi, ECR(DHk,x|n))) ECR(DHk,y|n), MAC(x, (ECR(DHk,y|n)))

  12. Simple Challenge-Response Protocol • Using one-way hash numbers Extreame Diet HIP R0 I R R1 Start of Bootstrapping - Rn …… Challenge Random Number -k Rn Response with Rn-k Hash k(Rn-k)=Rn ? Indication of Success of Failure

  13. Associate primitive • MLME-ASSOCIATE.request • Encode I1 packet • MLME-ASSOCIATE.indication • Encode R1 packet • MLME-ASSOCIATE.response • Encode I2 packet • MLME-ASSOCIATE.confirm • Encode R2 packet Potential Changes to 802.15.4-2006

  14. Summary • Security bootstrapping using HIP • D-HIP is a direct choice for this bootstrapping • Get the keys for MAC encryption • Authenticate the Coordinator and acquire the address • ED-HIP is more lightweight than D-HIP

  15. RFC4423 RFC5201 draft-sarikaya-core-sbootstrapping-01 15-10-0412-06-wng0-key-negotiation-using-diet-hi Reference

  16. Questions?Thank You!