6lowpan security considerations



Similar documents
6LoWPAN Technical Overview

6LoWPAN: An Open IoT Networking Protocol

Network System Design Lesson Objectives

International Telecommunication Union. IETF Security Work. Magnus Nyström. Technical Director, RSA Security Presentation made on behalf of the IETF

21.4 Network Address Translation (NAT) NAT concept

Introduction to Security and PIX Firewall

Network Discovery Protocol LLDP and LLDP- MED

Network Discovery Protocol LLDP and LLDP- MED

Charter Text Network Design and Configuration

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

10CS64: COMPUTER NETWORKS - II

Using IPv6 and 6LoWPAN for Home Automation Networks

Introduction to IPv6 and Benefits of IPv6

Connecting IPv6 capable Bluetooth Low Energy sensors with the Internet of Things

Case Study for Layer 3 Authentication and Encryption

Written examination in Computer Networks

Overview. Lecture 16: IP variations: IPv6, multicast, anycast. I think we have a problem. IPv6. IPv6 Key Features

Threats and Security Analysis for Enhanced Secure Neighbor Discovery Protocol (SEND) of IPv6 NDP Security

OSI Seven Layers Model Explained with Examples

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

Internet Protocol Address

CCT vs. CCENT Skill Set Comparison

Ethernet. Ethernet. Network Devices

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

IT 3202 Internet Working (New)

CHAPTER 1 INTRODUCTION

Transport and Network Layer

Enhance Security Mechanism for Securing SCADA Wireless Sensor Network

APPENDIX A STANDARDS AND STANDARDS-SETTING ORGANIZATIONS. A.1 The Importance of Standards

Network Security Part II: Standards

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

Chapter 5. Data Communication And Internet Technology

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

Designing Delay-Tolerant Data Services for the. Network of Things

Chapter 9. IP Secure

IEEE Presentation Submission Template (Rev. 8.3)

Wireless Networks. Welcome to Wireless

Best practices on cellular M2M deployment. Paul Bunnell November 2014

MOC 6435A Designing a Windows Server 2008 Network Infrastructure

Full Digital Contents Distribution to the Home using IPv6

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

An Overview of ZigBee Networks

Mathatma Gandhi University

10/100/1000 Ethernet MAC with Protocol Acceleration MAC-NET Core

Definition. A Historical Example

Protocol Security Where?

Sponsored by the Alliance for Telecommunications Industry Solutions. Generic Guidelines for the use of TCP/IP in Electronic Bonding

Industrial Networks & Databases

IPv6 associated protocols. Piers O Hanlon

Why IPv6 is necessary for new communication scenarios

Cisco Which VPN Solution is Right for You?

What is VLAN Routing?

How To Establish Site-to-Site VPN Connection. using Preshared Key. Applicable Version: onwards. Overview. Scenario. Site A Configuration

IPv6 Based Sensor Home Networking

Thwarting Selective Insider Jamming Attacks in Wireless Network by Delaying Real Time Packet Classification

Workflow Guide. Establish Site-to-Site VPN Connection using RSA Keys. For Customers with Sophos Firewall Document Date: November 2015

Chapter 8 Advanced Configuration

Raritan Valley Community College Academic Course Outline. CISY Advanced Computer Networking

Mobile IP. Bheemarjuna Reddy Tamma IIT Hyderabad. Source: Slides of Charlie Perkins and Geert Heijenk on Mobile IP

AERONAUTICAL COMMUNICATIONS PANEL (ACP) ATN and IP

Security for the Internet Infrastructure

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

Reducing Configuration Complexity with Next Gen IoT Networks

Internet of Things based approach to Agriculture Monitoring

Topic 7 DHCP and NAT. Networking BAsics.

Lab - Using Wireshark to View Network Traffic

IPv6 Advantages. Yanick Pouffary.

VPN. Date: 4/15/2004 By: Heena Patel

Virtual Private Networks

Bit Chat: A Peer-to-Peer Instant Messenger

MPLS VPN Services. PW, VPLS and BGP MPLS/IP VPNs

Computer Networks. Secure Systems

MOBILE VIDEO WITH MOBILE IPv6

VPN Technologies: Definitions and Requirements

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

Course Contents CCNP (CISco certified network professional)

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Networking Test 4 Study Guide

Recommended IP Addressing Methods for EtherNet/IP Devices

Analyzing 6LoWPAN/ZigBeeIP networks with the Perytons Protocol Analyzer May, 2012

Internet Control Protocols Reading: Chapter 3

Internetworking Between ZigBee/ and IPv6/802.3 Network

EITF25 Internet Techniques and Applications L5: Wide Area Networks (WAN) Stefan Höst

Mobile Routing. When a host moves, its point of attachment in the network changes. This is called a handoff.

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Chapter 3 LAN Configuration

Internet Packets. Forwarding Datagrams

TECHNICAL NOTE. GoFree WIFI-1 web interface settings. Revision Comment Author Date 0.0a First release James Zhang 10/09/2012

MERA s competence in security design includes but is not limited to the following areas: Engineering and assessments for security solutions (e.g.

Introduction Chapter 1. Uses of Computer Networks

An On-demand Scheduling Routing Protocol for IPv6 Industrial Wireless Sensor Networks based on Deterministic Scheduling

IEEE 802.1X For Wireless LANs

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet

Chapter 7 Transport-Level Security

Securing IP Networks with Implementation of IPv6

Chapter 2 - The TCP/IP and OSI Networking Models

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

6LoWPAN Tutorial IP on IEEE Low-Power Wireless Networks

INTERNET OF THINGS 1

Cisco Cisco 3845 X X X X X X X X X X X X X X X X X X

Transcription:

6lowpan security considerations Christian Schumacher schumacher@danfoss.com 6lowpan WG 64th IETF 7th of November, 2005

Disposition 6lowpan problem areas and scope Current security considerations IEEE802.15.4 2003 specification Application scenario (6lowpan and the world) 6lowpan and key management Suggestions

6lowpan problem areas and scope General problem areas identified: IP adaptation/packet Formats and interoperability Addressing schemes and address management Network management Routing in dynamically adaptive topologies Security, including set-up and maintenance Application programming interface Discovery (of devices, of services, etc) Implementation considerations Security problem areas identified ( http://6lowpan.tzi.org/securityobjectives ) Authorization Why devices are supposed to talk Key management Setting up network, Life-cycle issues Current scope / charter Problem statement document (with security considerations) Format of IPv6 packets document (with security considerations)

Current security considerations Quotes from draft-6lowpan-problem-01 End-to-end security is needed. Bootstrapping of devices into a secure network 6LoWPAN imposes unique set of challenges IEEE 802.15.4 provides AES link layer security Quotes from draft-6lowpan-format-01 security for such devices (s) may rely quite strongly on the mechanisms defined at the link-layer by IEEE 802.15.4. [IEEE802.15.4] does not, in particular, specify key management

IEEE802.15.4 2003 specification Security issues with IEEE802.15.4 2003 spec Paper by Naveen Sastry and David Wagner indicates that 2003 spec. has many pitfalls. Download Security Considerations for IEEE 802.15.4 Networks from http://www.cs.berkeley.edu/~daw/papers/ IEEE802.15.4b WG This WG aims to clarify ambiguities and pitfalls in original IEEE802.15.4 2003 spec. WG is also specifying new PHY modes, which may make 802.15.4b more attractive. WG is resolving security pitfalls identified by the before mentioned paper. Specification should be available for download July 2006 Main differences between 802.15.4b security and legacy 802.15.4-2003 security (input from Rene Struik, security expert from Certicom) Protection of broadcast and multicast frames possible Easier setup of protection parameters possible Possibility to vary protection per frame, using a single key Consideration of system lifecycle issues Optimization of storage for keying material

Application scenario (6lowpan and the world) IPv4 / IPv6 over Foo (e.g. Ethernet) IPv6 over 802.15.4 P Some Device #2 #1 FFD #2 Some Device #1 FFD #1 (Gateway) #4 Layers in TCP/IP Security for Foo Security for 802.15.4 #2 #3 Application TLS (SSL) * Undefined Transport TLS (SSL) * Undefined Network IPSec / Foo (802.15.4) Link Foo 802.15.4 * Operates between Application and Transport layer

Application scenario (6lowpan and the world) IPv4 / IPv6 over Foo (e.g. Ethernet) IPv6 over 802.15.4 P Some Device #2 #1 FFD #2 Some Device #1 FFD #1 (Gateway) #4 #2 #3 Secure communications between Some Device on Foo and a Device on IEEE802.15.4 is most likely to happen thru a gateway. This gateway will handle TLS / IPSec on the Foo network and a utilize a To-Be-Defined security protocol on the 802.15.4 network. With TLS / IPSec there are protocols for negotiating keys (key-management) on the fly. With 802.15.4 security these protocols are missing. Ad-hoc wireless networks require secure communications on-the-fly!

6lowpan and key management First of all: We need input from security experts! What methods could be used for exchanging keys? Bootstrapping keys Logistical nightmare (trust your manufacturer for book-keeping of keys) Maintenance issues (how to renew keys?) Resellability Unencrypted key exchange, accept moment of vulnerability Will work, but no guarantee of security Careless implementation could lead to easy access to keys Public-key based methods What technology to use (RSA, ECC)

Suggestions Advocate IEEE802.15.4b and amend current security considerations to reflect this decision. Recharter to work on document(s) which focus on key-management Where to get inspiration? SNMP v3 security models ( RFC 3411, RFC 3418 ) SSL on 8-bit processors ( http://www.embedded.com/showarticle.jhtml?articleid=45400043 ) IETF security WGs Security experts input ( e.g. papers on sensor networks by David Wagner, http://www.cs.berkeley.edu/~daw/papers/ )

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information