Re: [TF-SP] minutes for today's security call

Hi Oliver

Thank you for your comments and guidelines.

I will incorporate your input in the security readme of W3C
web-of-things-framework at
https://github.com/w3c/web-of-things-framework/blob/master/security.md.

I am designing the system with the aim of being modular so the cryptography
modules can be replaced and upgraded when such upgrade is required. I
assume we have quite a few years until the currently handful qubits strong
quantum computers will be more powerful and can break our ECC asymmetric
crypto. Having said that I am experimenting with different quantum computer
proof cryptos such as Winternitz one-time signature scheme (
https://eprint.iacr.org/2011/191.pdf ).

Now, I am creating a new client application and will be releasing it in the
https://github.com/w3c/web-of-things-framework repository. I plan to
include this in the Nice F2F Plugfest as per our discussion during the last
teleconference. I will contact you to get more information about Plugfest
application and its interfaces and to discuss how to incorporate the
W3C web-of-things-framework
client app in the Nice F2F Plugfest.

Regards,
Tibor





On Mon, Dec 7, 2015 at 10:56 AM, Pfaff, Oliver <oliver.pfaff@siemens.com>
wrote:

> Hello Tibor,
>
> I wanted to get back to some points you raised during your presentation in
> the last [IG-SP] call (thanks again!, slides can be found at
> https://www.w3.org/WoT/IG/wiki/File:Pardi_-_Web-of-Things_Framework_Security.pdf)
> but other tasks kept me busy for some days. Here are my comments now:
>
>
>
> *@General direction*: I think you are heading in the right direction with
> your focus on i. the authentication of actors and authorization of actions
> plus ii. the re-use of existing security standards (where possible)
>
> Regarding re-use: I believe that existing security standards can cover
> (roughly speaking) RFC 7228 classes 2+ and 2, start to have difficulties
> with class 1 and do usually not cover class 0 (see e.g. slide#9 in [1]). My
> suggestion would be to add an explicit statement on which classes your
> project is focusing – re-use is the right mindset for classes 2+ and 2
>
>
>
> *@RSA: *for a key length equivalence of 128 bits, [2] reports a
> performance burden of a factor 10 for RSA. [3] has similar numbers for
> private key operations but a factor of 2 for public key operations. In any
> case, the RSA algorithm  has a large market share (among asymmetric
> algorithms) in the non-constrained World. One should not expect the RSA
> algorithm to sustain that share in the constrained World. From an overall
> perspective I’d see or suggest to keep RSA in scope. But this is referring
> to a use with less-constrained actors in an IoT/WoT system rather than
> suggesting the RSA algorithm as a candidate for each and every component
>
>
>
> *@Telehash: *I never looked at actual details and hence will refrain from
> specific comments. What I can say in general is: DIY security protocols are
> doomed to fail. When you follow the history of TLS than you see that the
> backing/endorsement of a security protocol by an organization such as the
> IETF presents no guarantee not to find issues in the protocol design. In
> any case, I’d prefer security protocols from bodies such as IETF.
>
>
>
> *@Quantum-safe crypto*: quantum computing will distract asymmetric
> cryptography more that symmetric (see table 1 in [4]). Now the relevance of
> asymmetric crypto tends to decrease along the RFC 7228 device classes
> 2->1->0 (slide#9 in [1]). With that I not trying to say ‘no effect in OT’
> but the effect on OT might be smaller than for (non-constrained) IT. But
> this is no safe harbor: for none of the crypto algorithms that are used in
> practice (IT/OT) there is prove of a (non-trivial) lower boundary for
> crypto analysis. We only know that known (!) analyses are sufficiently
> complex. The obstacle is: a new idea or technique could appear and break
> any algorithm. The way forward is a cocktail of means including (but not
> limited to)
>
> -          Understand the ‘protection lifecycle’ of the objects in the
> system (transient vs. persistent), where possible prefer mechanisms
> offering forward-secrecy (e.g. TLS_RSA does not, TLS_(EC)DHE_(EC)DSA do in
> case of TLS/DTLS)
>
> -          Prepare for replacing/upgrading crypto algorithms along the
> lifecycle of a system. This has a software update dimension (which might be
> harder in OT than IT, may even be infeasible in some cases) as well as a
> metadata dimension (make sure to have sufficient metadata for cryptographic
> objects that last over time)
>
> -          Prepare for an isolation/quarantine of components or
> subsystems that cannot be updated
>
>
>
> [1] Research Questions for Security in IoT
> <https://github.com/t2trg/2015-ietf92/blob/master/slides/21-T2TRG%20Workshop%20-%20Security%20v0.5.pdf>
>
> [2] RSA vs ECC Comparison for Embedded Systems
> <http://www.atmel.com/images/atmel-8951-cryptoauth-rsa-ecc-comparison-embedded-systems-whitepaper.pdf>
>
> [3] Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs
> <https://www.iacr.org/archive/ches2004/31560117/31560117.pdf>
>
> [4] Quantum Safe Cryptography and Security
> <http://www.etsi.org/images/files/ETSIWhitePapers/QuantumSafeWhitepaper.pdf>
> [5] Towards Quantum-Safe Cryptography
> <https://www.ietf.org/proceedings/90/slides/slides-90-irtfopen-2.pdf>
>
> [6] Algorithms for Quantum Computation: Discrete Logarithms and Factoring
> <http://www.csee.wvu.edu/~xinl/library/papers/comp/shor_focs1994.pdf>
>
>
>
> Let me know if you are looking for additional comments or have further
> questions
>
>
>
> Please also stay tuned with respect to the Nice F2F Plugfest and its
> security-enabling. If you could participate that would be a great
> opportunity to continue…
>
>
>
> Best regards,
>
> Oliver
>
>
>
>
>
> *Von:* Dave Raggett [mailto:dsr@w3.org]
> *Gesendet:* Donnerstag, 26. November 2015 15:33
> *An:* Public Web of Things IG
> *Betreff:* [TF-SP] minutes for today's security call
>
>
>
> See: http://www.w3.org/2015/11/26-wot-sp-minutes.html
>
>
>
> We had presentations from David Rogers about the work of the IoTSF and
> their approach to self certification, from Tibor Pardi on the security
> framework for the NodeJS Web of Things server project, and from Oliver on
> ideas for the January plugfest.  The next call is in 2 weeks time.
>
>
>
> —
>
>    Dave Raggett <dsr@w3.org>
>
>
>
>
>
>
>