Smart Object Security Workshop

Last Friday we had our “Smart Object Security” workshop. (Btw, it was not an IAB sponsored workshop.) I am going to talk at the IETF #83 SAAG meeting about the highlights and Jari will go into the details during the IETF LWIG working group meeting. We have received a number of good position papers. You can find them here:

Below is the agenda with pointers to the slides. The most important one is the summary slide.

Agenda

  • 08:30 – 09:00: Arrival of Participants and Coffee

 

  • 09:00 – 09:30: Opening Remarks

Thomas Clausen, Ecole Polytechnique: Welcome and logistics (15 min)

Hannes Tschofenig, NSN & Jari Arkko, Ericsson: Agenda (5 min)
http://www.tschofenig.priv.at/sos-papers/slides/agenda.pptx

  • 09:30 – 10:30: Requirements and Use Cases

Paul Chilton, NXP: Security challenges in the lighting use case (10 min)
http://www.tschofenig.priv.at/sos-papers/slides/Paul.pptx

Rudolf van der Berg, OECD:  Open interfaces, identifier spaces, and economic challenges (10 min)
http://www.tschofenig.priv.at/sos-papers/slides/Rudolf.pptx

Discussion: What are the core security requirements? What has the industry already deployed, and what are they struggling with? How to design for choice considering economics, and competition for smart object security?

  • 10:30 – 10:40: Break

 

  • 10:40 – 12:30: Implementation experience

Carsten Bormann, Universitaet Bremen: Light-weight COAP & DTLS implementations (10 min)
http://www.tschofenig.priv.at/sos-papers/slides/Carsten.pdf

Hannes Tschofenig, Nokia Siemens Networks: TLS and Raw Public Keys Implementation (5 min)
http://www.tschofenig.priv.at/sos-papers/slides/Hannes.pptx

Mohit Sethi, Ericsson/Aalto:  Public Key Crypto Implementation Experience (5 min)
http://www.tschofenig.priv.at/sos-papers/slides/Jari.pdf

Discussion: What is our experience with implementing some of these protocols? What worked and what didn’t? What advice can be given? Where is further research, standardization, and implementation work needed?

  • 12:30 – 13:30: Lunch Break

 

  • 13:30 – 15:30: Authorization and Role-based Access Control

Richard Barnes, BBN: Beyond COMSEC (10 min)
http://www.tschofenig.priv.at/sos-papers/slides/Richard.pdf

Jan Janak, Columbia University: On Access Control (10 min)
http://www.tschofenig.priv.at/sos-papers/slides/Jan.pdf

Discussion: What is the interaction between business processes (such as installation, change of ownership; including non-business processes such as home admin), the roles we have to manage in the system as a result of that, and the crypto we can do to implement those roles?

  • 15:30 – 16:00: Coffee Break

 

  • 16:00 – 17:30: Provisioning

Johannes Gilger, RTWH Aachen: Secure pairing (10 min)
http://www.tschofenig.priv.at/sos-papers/slides/Johannes.pdf

Cullen Jennings, Cisco: A deployment model (10 min)
http://www.tschofenig.priv.at/sos-papers/slides/Cullen.pdf (joke)
http://www.tschofenig.priv.at/sos-papers/slides/Cullen1.pdf

Discussion: What are practical deployment models, and corresponding protocols?

  • 17:30 – 18:30: Summary

http://www.tschofenig.priv.at/sos-papers/slides/sos-conclusions.ppt
(raw slides as created during the meeting)

Evening: Dinner for those who want (self-organized)

Leave a Reply

Your email address will not be published. Required fields are marked *