- From: Tibor Pardi <tibor@zovolt.com>
- Date: Mon, 7 Dec 2015 14:31:28 +0000
- To: "Pfaff, Oliver" <oliver.pfaff@siemens.com>, Dave Raggett <dsr@w3.org>, public-wot-ig@w3.org
- Message-ID: <CAMJB5du6MD1ScZxPvSJZbM2E9PowXtCi4UnoJT9+tv3Rq0ixow@mail.gmail.com>
Hi Oliver Thank you for your comments and guidelines. I will incorporate your input in the security readme of W3C web-of-things-framework at https://github.com/w3c/web-of-things-framework/blob/master/security.md. I am designing the system with the aim of being modular so the cryptography modules can be replaced and upgraded when such upgrade is required. I assume we have quite a few years until the currently handful qubits strong quantum computers will be more powerful and can break our ECC asymmetric crypto. Having said that I am experimenting with different quantum computer proof cryptos such as Winternitz one-time signature scheme ( https://eprint.iacr.org/2011/191.pdf ). Now, I am creating a new client application and will be releasing it in the https://github.com/w3c/web-of-things-framework repository. I plan to include this in the Nice F2F Plugfest as per our discussion during the last teleconference. I will contact you to get more information about Plugfest application and its interfaces and to discuss how to incorporate the W3C web-of-things-framework client app in the Nice F2F Plugfest. Regards, Tibor PS: I am trying to resubmit this message again as it seems hasn't got through to the public wot-ig list On Mon, Dec 7, 2015 at 10:56 AM, Pfaff, Oliver <oliver.pfaff@siemens.com> wrote: > Hello Tibor, > > I wanted to get back to some points you raised during your presentation in > the last [IG-SP] call (thanks again!, slides can be found at > https://www.w3.org/WoT/IG/wiki/File:Pardi_-_Web-of-Things_Framework_Security.pdf) > but other tasks kept me busy for some days. Here are my comments now: > > > > *@General direction*: I think you are heading in the right direction with > your focus on i. the authentication of actors and authorization of actions > plus ii. the re-use of existing security standards (where possible) > > Regarding re-use: I believe that existing security standards can cover > (roughly speaking) RFC 7228 classes 2+ and 2, start to have difficulties > with class 1 and do usually not cover class 0 (see e.g. slide#9 in [1]). My > suggestion would be to add an explicit statement on which classes your > project is focusing – re-use is the right mindset for classes 2+ and 2 > > > > *@RSA: *for a key length equivalence of 128 bits, [2] reports a > performance burden of a factor 10 for RSA. [3] has similar numbers for > private key operations but a factor of 2 for public key operations. In any > case, the RSA algorithm has a large market share (among asymmetric > algorithms) in the non-constrained World. One should not expect the RSA > algorithm to sustain that share in the constrained World. From an overall > perspective I’d see or suggest to keep RSA in scope. But this is referring > to a use with less-constrained actors in an IoT/WoT system rather than > suggesting the RSA algorithm as a candidate for each and every component > > > > *@Telehash: *I never looked at actual details and hence will refrain from > specific comments. What I can say in general is: DIY security protocols are > doomed to fail. When you follow the history of TLS than you see that the > backing/endorsement of a security protocol by an organization such as the > IETF presents no guarantee not to find issues in the protocol design. In > any case, I’d prefer security protocols from bodies such as IETF. > > > > *@Quantum-safe crypto*: quantum computing will distract asymmetric > cryptography more that symmetric (see table 1 in [4]). Now the relevance of > asymmetric crypto tends to decrease along the RFC 7228 device classes > 2->1->0 (slide#9 in [1]). With that I not trying to say ‘no effect in OT’ > but the effect on OT might be smaller than for (non-constrained) IT. But > this is no safe harbor: for none of the crypto algorithms that are used in > practice (IT/OT) there is prove of a (non-trivial) lower boundary for > crypto analysis. We only know that known (!) analyses are sufficiently > complex. The obstacle is: a new idea or technique could appear and break > any algorithm. The way forward is a cocktail of means including (but not > limited to) > > - Understand the ‘protection lifecycle’ of the objects in the > system (transient vs. persistent), where possible prefer mechanisms > offering forward-secrecy (e.g. TLS_RSA does not, TLS_(EC)DHE_(EC)DSA do in > case of TLS/DTLS) > > - Prepare for replacing/upgrading crypto algorithms along the > lifecycle of a system. This has a software update dimension (which might be > harder in OT than IT, may even be infeasible in some cases) as well as a > metadata dimension (make sure to have sufficient metadata for cryptographic > objects that last over time) > > - Prepare for an isolation/quarantine of components or > subsystems that cannot be updated > > > > [1] Research Questions for Security in IoT > <https://github.com/t2trg/2015-ietf92/blob/master/slides/21-T2TRG%20Workshop%20-%20Security%20v0.5.pdf> > > [2] RSA vs ECC Comparison for Embedded Systems > <http://www.atmel.com/images/atmel-8951-cryptoauth-rsa-ecc-comparison-embedded-systems-whitepaper.pdf> > > [3] Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs > <https://www.iacr.org/archive/ches2004/31560117/31560117.pdf> > > [4] Quantum Safe Cryptography and Security > <http://www.etsi.org/images/files/ETSIWhitePapers/QuantumSafeWhitepaper.pdf> > [5] Towards Quantum-Safe Cryptography > <https://www.ietf.org/proceedings/90/slides/slides-90-irtfopen-2.pdf> > > [6] Algorithms for Quantum Computation: Discrete Logarithms and Factoring > <http://www.csee.wvu.edu/~xinl/library/papers/comp/shor_focs1994.pdf> > > > > Let me know if you are looking for additional comments or have further > questions > > > > Please also stay tuned with respect to the Nice F2F Plugfest and its > security-enabling. If you could participate that would be a great > opportunity to continue… > > > > Best regards, > > Oliver > > > > > > *Von:* Dave Raggett [mailto:dsr@w3.org] > *Gesendet:* Donnerstag, 26. November 2015 15:33 > *An:* Public Web of Things IG > *Betreff:* [TF-SP] minutes for today's security call > > > > See: http://www.w3.org/2015/11/26-wot-sp-minutes.html > > > > We had presentations from David Rogers about the work of the IoTSF and > their approach to self certification, from Tibor Pardi on the security > framework for the NodeJS Web of Things server project, and from Oliver on > ideas for the January plugfest. The next call is in 2 weeks time. > > > > — > > Dave Raggett <dsr@w3.org> > > > > > > >
Received on Monday, 7 December 2015 14:32:05 UTC