W3C home > Mailing lists > Public > public-wot-ig@w3.org > July 2017

Re: Notes on W3C WoT Security Use Cases

From: Benjamin Francis <bfrancis@mozilla.com>
Date: Fri, 14 Jul 2017 16:31:36 +0100
Message-ID: <CAKQmVV_7-woDWKPEfwLGVyDNyfkEMwL3rX4eTCVxSq3uv2tXxQ@mail.gmail.com>
To: Dave Raggett <dsr@w3.org>
Cc: "Mccool, Michael" <michael.mccool@intel.com>, Soumya Kanti Datta <Soumya-Kanti.Datta@eurecom.fr>, "Reshetova, Elena" <elena.reshetova@intel.com>, "public-wot-wg@w3.org" <public-wot-wg@w3.org>, "public-wot-ig@w3.org" <public-wot-ig@w3.org>
On 14 July 2017 at 16:13, Dave Raggett <dsr@w3.org> wrote:

> A fallback could be to use local discovery, e.g. mDNS.  I implemented a
> mDNS and DHCP client for the Arduino to configure IP networking and to
> discover the gateway to register the device with.  In addition, note that
> the work on scripting APIs for the WoT WG includes a discovery API.
>

Mozilla's gateway implementation currently uses mDNS for initial discovery
to bootstrap a secure connection. The gateway is plugged into an Ethernet
network and gets an IP address via DHCP which is then broadcast over mDNS
using the local domain gateway.local. This local address can then be used
to access the first time setup web interface of the gateway (at least on
clients which support mDNS, which Android still doesn't. Otherwise the user
has to find the local IP address assigned to the gateway). This insecure
connection is only used to ask the user to choose their secure subdomain,
at which point they are then re-directed to a secure HTTPS connection to
configure their username and password.

You can see how this looks to the end user in the Getting Started Guide
<https://docs.google.com/presentation/d/1urdIH-0vfXYauEW_gshCNyRzAwjcpSx79N_xXWopffI/pub?start=false&loop=false&delayms=3000>
.

We're also exploring other methods of first time setup including using WiFi
(the "Chromecast method"), Bluetooth (e.g. Physical Web Bluetooth beacons
for discovery and WiFi configuration over Bluetooth), or even audio (which
turned out to be very reliable in previous experimental projects).


>
> Of course, you still need to protect against compromised devices on the
> same local network that either spoof devices or log their activity.
>

Yes, this is the main problem I was describing. Maintaining a secure
connection on the same local network when an Internet connection becomes
temporarily unavailable.
Received on Friday, 14 July 2017 15:32:04 UTC

This archive was generated by hypermail 2.3.1 : Friday, 14 July 2017 15:32:04 UTC