AW: [TF-SP] minutes for today's security call from Pfaff, Oliver on 2015-12-07 (public-wot-ig@w3.org from December 2015)

From: Pfaff, Oliver <oliver.pfaff@siemens.com>
Date: Mon, 7 Dec 2015 10:56:10 +0000
To: "tibor@zovolt.com" <tibor@zovolt.com>
CC: "public-wot-ig@w3.org" <public-wot-ig@w3.org>
Message-ID: <B842481327FC5344B501EC1921E8538E013EF5AA@DEFTHW99EL2MSX.ww902.siemens.net>
Hello Tibor,

I wanted to get back to some points you raised during your presentation in the last [IG-SP] call (thanks again!, slides can be found at https://www.w3.org/WoT/IG/wiki/File:Pardi_-_Web-of-Things_Framework_Security.pdf) but other tasks kept me busy for some days. Here are my comments now:



@General direction: I think you are heading in the right direction with your focus on i. the authentication of actors and authorization of actions plus ii. the re-use of existing security standards (where possible)

Regarding re-use: I believe that existing security standards can cover (roughly speaking) RFC 7228 classes 2+ and 2, start to have difficulties with class 1 and do usually not cover class 0 (see e.g. slide#9 in [1]). My suggestion would be to add an explicit statement on which classes your project is focusing – re-use is the right mindset for classes 2+ and 2



@RSA: for a key length equivalence of 128 bits, [2] reports a performance burden of a factor 10 for RSA. [3] has similar numbers for private key operations but a factor of 2 for public key operations. In any case, the RSA algorithm  has a large market share (among asymmetric algorithms) in the non-constrained World. One should not expect the RSA algorithm to sustain that share in the constrained World. From an overall perspective I’d see or suggest to keep RSA in scope. But this is referring to a use with less-constrained actors in an IoT/WoT system rather than suggesting the RSA algorithm as a candidate for each and every component



@Telehash: I never looked at actual details and hence will refrain from specific comments. What I can say in general is: DIY security protocols are doomed to fail. When you follow the history of TLS than you see that the backing/endorsement of a security protocol by an organization such as the IETF presents no guarantee not to find issues in the protocol design. In any case, I’d prefer security protocols from bodies such as IETF.



@Quantum-safe crypto: quantum computing will distract asymmetric cryptography more that symmetric (see table 1 in [4]). Now the relevance of asymmetric crypto tends to decrease along the RFC 7228 device classes 2->1->0 (slide#9 in [1]). With that I not trying to say ‘no effect in OT’ but the effect on OT might be smaller than for (non-constrained) IT. But this is no safe harbor: for none of the crypto algorithms that are used in practice (IT/OT) there is prove of a (non-trivial) lower boundary for crypto analysis. We only know that known (!) analyses are sufficiently complex. The obstacle is: a new idea or technique could appear and break any algorithm. The way forward is a cocktail of means including (but not limited to)

-          Understand the ‘protection lifecycle’ of the objects in the system (transient vs. persistent), where possible prefer mechanisms offering forward-secrecy (e.g. TLS_RSA does not, TLS_(EC)DHE_(EC)DSA do in case of TLS/DTLS)

-          Prepare for replacing/upgrading crypto algorithms along the lifecycle of a system. This has a software update dimension (which might be harder in OT than IT, may even be infeasible in some cases) as well as a metadata dimension (make sure to have sufficient metadata for cryptographic objects that last over time)

-          Prepare for an isolation/quarantine of components or subsystems that cannot be updated



[1] Research Questions for Security in IoT<https://github.com/t2trg/2015-ietf92/blob/master/slides/21-T2TRG%20Workshop%20-%20Security%20v0.5.pdf>

[2] RSA vs ECC Comparison for Embedded Systems<http://www.atmel.com/images/atmel-8951-cryptoauth-rsa-ecc-comparison-embedded-systems-whitepaper.pdf>

[3] Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs<https://www.iacr.org/archive/ches2004/31560117/31560117.pdf>

[4] Quantum Safe Cryptography and Security<http://www.etsi.org/images/files/ETSIWhitePapers/QuantumSafeWhitepaper.pdf>


[5] Towards Quantum-Safe Cryptography<https://www.ietf.org/proceedings/90/slides/slides-90-irtfopen-2.pdf>


[6] Algorithms for Quantum Computation: Discrete Logarithms and Factoring<http://www.csee.wvu.edu/~xinl/library/papers/comp/shor_focs1994.pdf>



Let me know if you are looking for additional comments or have further questions



Please also stay tuned with respect to the Nice F2F Plugfest and its security-enabling. If you could participate that would be a great opportunity to continue…



Best regards,

Oliver





Von: Dave Raggett [mailto:dsr@w3.org]
Gesendet: Donnerstag, 26. November 2015 15:33
An: Public Web of Things IG
Betreff: [TF-SP] minutes for today's security call



See: http://www.w3.org/2015/11/26-wot-sp-minutes.html




We had presentations from David Rogers about the work of the IoTSF and their approach to self certification, from Tibor Pardi on the security framework for the NodeJS Web of Things server project, and from Oliver on ideas for the January plugfest.  The next call is in 2 weeks time.



—

   Dave Raggett <dsr@w3.org<mailto:dsr@w3.org>>
Received on Monday, 7 December 2015 10:56:37 UTC