W3C home > Mailing lists > Public > public-wot-ig@w3.org > July 2017

Re: Notes on W3C WoT Security Use Cases

From: Benjamin Francis <bfrancis@mozilla.com>
Date: Fri, 14 Jul 2017 16:24:45 +0100
Message-ID: <CAKQmVV-_R_Xd7zO2eJpPFwUetepWbvi6+ofR6G8tMLHyYrabMw@mail.gmail.com>
To: "Mccool, Michael" <michael.mccool@intel.com>
Cc: Soumya Kanti Datta <Soumya-Kanti.Datta@eurecom.fr>, "Reshetova, Elena" <elena.reshetova@intel.com>, "public-wot-wg@w3.org" <public-wot-wg@w3.org>, "public-wot-ig@w3.org" <public-wot-ig@w3.org>
On 12 July 2017 at 13:40, Mccool, Michael <michael.mccool@intel.com> wrote:

> For instance, there is a difference in security possible between "Local"
> networking (Bluetooth, Zigbee, etc) and "Global" networking (TCP, HTTP,
> etc).   Think of this as another "axis" along which we can characterize the
> problem and scenarios.
>

Definitely, one simple breakdown of the layers of security might be:

   - Network layer encryption (e.g. WPA encryption for WiFi or AES
   encryption for ZigBee)
   - Application layer encryption (e.g. SSL for HTTPS)
   - Authentication (e.g. username & password or API token)
   - Authorization (e.g. OAuth, access control lists etc.)

A particular security challenge for IoT devices is first time setup or
"commissioning". There are many methods for bootstrapping a secure
connection with varying levels of security. Eric Rescorla from Mozilla
wrote a paper
<http://www.lix.polytechnique.fr/hipercom/SmartObjectSecurity/papers/EricRescorla.pdf>
on this topic which describes some of them.

So far we've been using push-button commissioning for ZigBee and Z-Wave
devices which uses a leap-of-faith style method where an initial secret is
exchanged in plain text within a very constrained time period and all
communication after that point is encrypted. A similar mechanism can be
used for WiFi (WPS). In some environments (e.g. a limited range low power
wireless network in the home where a button is pushed on the two devices to
be paired at around the same time) this may be considered acceptable, but
in other environments it may not.

Vulnerabilities have been discovered in many of these pairing mechanisms,
but the vulnerabilities of often due to the implementation of the standard
rather than inherent to the standard itself (e.g. not having an appropriate
back-off algorithm for repeated attempts at entering a pin number).

Ben
Received on Friday, 14 July 2017 15:25:16 UTC

This archive was generated by hypermail 2.3.1 : Friday, 14 July 2017 15:25:16 UTC