Re: [Ace] Charter Update

"Hannes Tschofenig" <Hannes.Tschofenig@gmx.net> Tue, 14 January 2014 13:16 UTC

MIME-Version: 1.0
Message-ID: <trinity-f8be05c2-1aee-429d-bb07-74035e5bf64b-1389705378861@3capp-gmx-bs15>
From: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
To: Stefanie Gerdes <gerdes@tzi.de>
Content-Type: text/html; charset="UTF-8"
Date: Tue, 14 Jan 2014 14:16:19 +0100
Importance: normal
Sensitivity: Normal
In-Reply-To: <52D4F6AD.3060101@tzi.de>
References: <52D4F6AD.3060101@tzi.de>
Cc: Bert Greevenbosch <Bert.Greevenbosch@huawei.com>, "\"Göran Selander\"" <goran.selander@ericsson.com>, Ludwig Seitz <ludwig@sics.se>, Likepeng <likepeng@huawei.com>, ace@ietf.org
Subject: Re: [Ace] Charter Update
Precedence: list

Thanks for the update, Stefanie.

One aspect I do not yet find covered in the document is about the assumptions that serve as a starting point, as I tried to explain in this email:

http://www.ietf.org/mail-archive/web/ace/current/msg00043.html" rel="nofollow">http://www.ietf.org/mail-archive/web/ace/current/msg00043.html

#1) You already have a secret pre-provisioned on the device. You want to leverage that existing secret to access new services.

#2) You have no secret pre-provisioned. The approaches here are sometimes referred as imprinting or pairing.

In the response to my mail Carsten said that both cases have to be covered in the scope of the group. I have not heard other folks providing their views but I was wondering whether this topic deserves to get mentioned. Currently, there is no solution draft for #2 (at least not that I can see it).

Another important aspect that got mentioned in discussions and also in the drafts is that there is the desire to have an offline authorization operation. This has quite some implications for the protocol designs and rules out techniques likes AAA or some OAuth extensions. The resource server has to support an authorization mode where any request it receives can be processed locally without having to consult with an identity management server. I was not quite sure whether this is captured in the current text version (one of the paragraphs sounded a bit fuzzy to me).

The text about authentication and authorization is still a bit confusing in the charter and so is the dependency on CoAP.

For authentication there are actually several types of authentication, namely (a) from the device to the identity provider / authorization server and (b) authentication information about the device that is provided by the authorization server/ identity provider to the resource server / relying party. While the authentication of the device to the identity provider is needed authentication of the device to the resource server is not necessary (only key confirmation is).

I actually believe that the charter text could be even more specific. For category #1 solutions I believe we are talking about applying existing solutions to the IoT environment. The only solutions that IMHO fit the requirements so far are Kerberos, OAuth, and (attribute) certificates. Why not to start the entire write-up with the though process some of us went through, namely

a) There are existing federated authentication, authorization and key establishment protocols (Kerberos, OAuth, ...)

b) We want to apply those to the IoT environment but there are problems when meeting the constraint nature of these devices (no UI, no ability for the device to interact with an identity management server in real-time).

c) We want to select a mechanism and profile it so that it can be used in the IoT context.

What do you think?

Ciao
Hannes

Gesendet: Dienstag, 14. Januar 2014 um 08:34 Uhr
Von: "Stefanie Gerdes" <gerdes@tzi.de>
An: ace@ietf.org
Cc: "Bert Greevenbosch" <Bert.Greevenbosch@huawei.com>, "Göran Selander" <goran.selander@ericsson.com>, "Ludwig Seitz" <ludwig@sics.se>, Likepeng <likepeng@huawei.com>
Betreff: [Ace] Charter Update

Hi everyone,

We updated the draft charter according to helpful input from Ludwig
Seitz and Göran Selander. I hope this improves the readability of the
charter and clarifies the scope of ACE.

We also added an item to the task list for documenting the applicability
of various security mechanisms to address for example symmetric vs
public key approaches.

Please feel free to provide further comment.

Best regards,
Steffi

Draft Charter V0.1- Authentication and Authorization for Constrained
Environment (ACE)

The CoAP (Constrained Application Protocol) is a light-weight
application layer protocol, especially suitable for applications such as
smart energy, smart home, building automation, remote patient monitoring
etc. Due to the nature of these applications, including a critical,
unattended infrastructure and usage in the personal sphere, security and
privacy protection are critical components.

There are certain, necessary security functions that constrained
devices cannot readily perform due to resource constraints. In
particular, constrained devices often have no or very limited user
interfaces. While authentication is well understood, at least for
communication security, there are only unsufficient means for
authenticated authorization. Especially cases where pre-provisioned
ACLs scale badly or where more sophisticated identity and access
management is needed are not covered. This includes the case where it
is infeasible for a constrained server to perform the authorization
decision and thus needs access to externally generated authorization
information to be able to enforce the decision. Authentication is
considered in this context as it is needed as a prerequisite to
performing authorization, including the authorization to change the
authorization state.

The ACE WG aims to enable authorized access to resources in constrained
environments, using CoAP and leveraging DTLS security where possible.
Constrained devices will thus be enabled to authenticate operations from
other (constrained or less-constrained) devices, to communicate securely
with them and to verify their individual authorization to access
specific resources. To achieve this, ACE will be able to employ
additional less-constrained devices in order to relieve the constrained
nodes from complex security related tasks (e.g. managing authorization
policies and a large number of keys).

The ACE WG has the following tasks:

Document the use cases and high-level requirements for secured
communication between constrained devices. (This task is pursued as a
means to the other ends, not as an end in itself.)
Flesh out profiles for certificates used for authenticated authorization.
Document the applicability of the various security mechanisms with
respect to resource usage (RAM, message round trips, power consumption
etc.).
Define a mechanism for authenticated and protected transfer of
authorization information suitable for constrained device to constrained
device communication.
Define formats for access tokens and for authorization information
that are suitable for constrained devices.
Define bootstrapping for authorization information using the Resource
Directory (see
http://tools.ietf.org/html/draft-ietf-core-resource-directory" target="_blank" rel="nofollow">http://tools.ietf.org/html/draft-ietf-core-resource-directory).

Existing work:

Use Cases:

http://tools.ietf.org/id/draft-garcia-core-security" target="_blank" rel="nofollow">http://tools.ietf.org/id/draft-garcia-core-security
http://tools.ietf.org/id/draft-greevenbosch-core-authreq" target="_blank" rel="nofollow">http://tools.ietf.org/id/draft-greevenbosch-core-authreq
http://tools.ietf.org/id/draft-seitz-core-sec-usecases" target="_blank" rel="nofollow">http://tools.ietf.org/id/draft-seitz-core-sec-usecases

Solutions:

http://tools.ietf.org/id/draft-gerdes-core-dcaf-authorize" target="_blank" rel="nofollow">http://tools.ietf.org/id/draft-gerdes-core-dcaf-authorize
http://tools.ietf.org/id/draft-kang-core-secure-reconfiguration" target="_blank" rel="nofollow">http://tools.ietf.org/id/draft-kang-core-secure-reconfiguration
http://tools.ietf.org/id/draft-selander-core-access-control" target="_blank" rel="nofollow">http://tools.ietf.org/id/draft-selander-core-access-control
http://tools.ietf.org/id/draft-zhu-core-groupauth" target="_blank" rel="nofollow">http://tools.ietf.org/id/draft-zhu-core-groupauth
http://tools.ietf.org/id/draft-pporamba-dtls-certkey" target="_blank" rel="nofollow">http://tools.ietf.org/id/draft-pporamba-dtls-certkey
http://tools.ietf.org/id/draft-schmitt-two-way-authentication-for-iot" target="_blank" rel="nofollow">http://tools.ietf.org/id/draft-schmitt-two-way-authentication-for-iot
http://tools.ietf.org/id/draft-seitz-core-security-modes" target="_blank" rel="nofollow">http://tools.ietf.org/id/draft-seitz-core-security-modes
http://tools.ietf.org/html/draft-sarikaya-ace-secure-bootstrapping" target="_blank" rel="nofollow">http://tools.ietf.org/html/draft-sarikaya-ace-secure-bootstrapping

_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace" target="_blank" rel="nofollow">https://www.ietf.org/mailman/listinfo/ace

[Ace] Charter Update Stefanie Gerdes
Re: [Ace] Charter Update Göran Selander
Re: [Ace] Charter Update Hannes Tschofenig
Re: [Ace] Charter Update Göran Selander
Re: [Ace] Charter Update Olaf Bergmann
Re: [Ace] Charter Update Likepeng
Re: [Ace] Charter Update Göran Selander
Re: [Ace] Charter Update Olaf Bergmann
Re: [Ace] Charter Update Göran Selander
Re: [Ace] Charter Update Göran Selander
Re: [Ace] Charter Update Olaf Bergmann
Re: [Ace] Charter Update Göran Selander
Re: [Ace] Charter Update Stefanie Gerdes
Re: [Ace] Charter Update Göran Selander