Download
1 / 11
110 likes | 173 Views
This submission discusses the importance of secure device identities for Wireless Personal Area Networks (WPANs), covering classes, value cases, trust factors, formats, and applications. Secure identities play a crucial role in establishing trust and authenticity in device interactions.
E N D
Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Secure Device Identities Date Submitted: July 18, 2012 Source: Robert Moskowitz, Verizon Address 1000 Bent Creek Blvd, MechanicsBurg, PA, USA Voice:+1 (248) 968-9809, e-mail: rgm@labs.htt-consult.com Re: Secure Device Identities Abstract: Secure Device Identities Purpose: Discuss device identities for PAC Notice: This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15. Robert Moskowitz, Verizon
Robert Moskowitz San Diego, CA July 18, 2012 Secure Device Identities Robert Moskowitz, Verizon
Robert Moskowitz, Verizon Abstract • Classes of Identities • Textual and Secure • Value case for Secure Identities • Trust in Secure Identities • Formats for Secure Identities • Secure Identities in Authentication and Key Establishment • Application to PAC
Robert Moskowitz, Verizon Classes of Identities • Textual • A string of bits organized in some manner • URN, RFID, IP address • JPEG, MP3, biometric-data • No assertion (spoofable) outside of origin • Secure • A string of bits that can be proved as coming from a source
Robert Moskowitz, Verizon Value Case for Secure Identities • The value for Secure Identities comes for the device's ability to assert its identity and no other device to spoof that identity • A Secure Identity does not require special hardware for proof • Nor does it require a 3rd party for assertion • It is self establishing
Robert Moskowitz, Verizon Trust in Secure Identities • Secure Identities are self-asserting • But who/what is doing the asserting? • You don't know who/what I am but you know you are talking to me. • Types of trust assertion • Geo-location • 3rd party proofs • Side channel • But you don't always need such proofs
Robert Moskowitz, Verizon Format for Secure Identities • Secure Identities today are asymmetric cryptographically based • The public key is the identity and operation using the private key provides the proof • Differing representation for various asymmetric cryptography makes public keys as poor identities • Simple hash the public key into an agreed, common, format
Robert Moskowitz, Verizon Format for Secure Identities • Thus the HASH of the public key IS the secure Identity!
Robert Moskowitz, Verizon Secure Identities in Authentication and Key Establishment • A peer that has a Secure Identity proof can directly request authentication of said identity from a trusted Authentication Service • E.G. RADIUS req/resp of hash • Asymmetric crypto protocols exist for key establishment • Some very lightweight • E.G. HIP DEX
Robert Moskowitz, Verizon Secure Identities in PAC • Manufacturer installed key pair • Hash in QR code with device • A side channel for 'discovery' • ECDH for very light weight • HIP DEX • ECDSA where object signing needed • HIP BEX or IKEv2
Robert Moskowitz, Verizon Open Discussion
