Last Friday we had our “Smart Object Security” workshop. (Btw, it was not an IAB sponsored workshop.) I am going to talk at the IETF #83 SAAG meeting about the highlights and Jari will go into the details during the IETF LWIG working group meeting. We have received a number of good position papers. You can find them here:
Below is the agenda with pointers to the slides. The most important one is the summary slide.
Agenda
- 08:30 – 09:00: Arrival of Participants and Coffee
- 09:00 – 09:30: Opening Remarks
Thomas Clausen, Ecole Polytechnique: Welcome and logistics (15 min)
Hannes Tschofenig, NSN & Jari Arkko, Ericsson: Agenda (5 min)
http://www.tschofenig.priv.at/sos-papers/slides/agenda.pptx
- 09:30 – 10:30: Requirements and Use Cases
Paul Chilton, NXP: Security challenges in the lighting use case (10 min)
http://www.tschofenig.priv.at/sos-papers/slides/Paul.pptx
Rudolf van der Berg, OECD: Open interfaces, identifier spaces, and economic challenges (10 min)
http://www.tschofenig.priv.at/sos-papers/slides/Rudolf.pptx
Discussion: What are the core security requirements? What has the industry already deployed, and what are they struggling with? How to design for choice considering economics, and competition for smart object security?
- 10:30 – 10:40: Break
- 10:40 – 12:30: Implementation experience
Carsten Bormann, Universitaet Bremen: Light-weight COAP & DTLS implementations (10 min)
http://www.tschofenig.priv.at/sos-papers/slides/Carsten.pdf
Hannes Tschofenig, Nokia Siemens Networks: TLS and Raw Public Keys Implementation (5 min)
http://www.tschofenig.priv.at/sos-papers/slides/Hannes.pptx
Mohit Sethi, Ericsson/Aalto: Public Key Crypto Implementation Experience (5 min)
http://www.tschofenig.priv.at/sos-papers/slides/Jari.pdf
Discussion: What is our experience with implementing some of these protocols? What worked and what didn’t? What advice can be given? Where is further research, standardization, and implementation work needed?
- 12:30 – 13:30: Lunch Break
- 13:30 – 15:30: Authorization and Role-based Access Control
Richard Barnes, BBN: Beyond COMSEC (10 min)
http://www.tschofenig.priv.at/sos-papers/slides/Richard.pdf
Jan Janak, Columbia University: On Access Control (10 min)
http://www.tschofenig.priv.at/sos-papers/slides/Jan.pdf
Discussion: What is the interaction between business processes (such as installation, change of ownership; including non-business processes such as home admin), the roles we have to manage in the system as a result of that, and the crypto we can do to implement those roles?
- 15:30 – 16:00: Coffee Break
- 16:00 – 17:30: Provisioning
Johannes Gilger, RTWH Aachen: Secure pairing (10 min)
http://www.tschofenig.priv.at/sos-papers/slides/Johannes.pdf
Cullen Jennings, Cisco: A deployment model (10 min)
http://www.tschofenig.priv.at/sos-papers/slides/Cullen.pdf (joke)
http://www.tschofenig.priv.at/sos-papers/slides/Cullen1.pdf
Discussion: What are practical deployment models, and corresponding protocols?
- 17:30 – 18:30: Summary
http://www.tschofenig.priv.at/sos-papers/slides/sos-conclusions.ppt
(raw slides as created during the meeting)
Evening: Dinner for those who want (self-organized)