On Jun 9, 2009, at 22:21, Richard Kelsey wrote:
I've got one word for you: counterfeiting.
I'm sorry, I don't follow you. What kind of counterfeiting
does the whiteboard detect? I would think that would
require security mechanisms beyond those mentioned in the ND
draft, e.g. certificates of some kind.
This is not about security.
Let's say Vendor E smoke detectors become really popular, and every US
household wants one.
So some black-hat operation in some country starts to build cheap
counterfeits.
These would be commissioned somewhere with all that a Vendor E smoke
detector needs, even a fake EUI-64 with Vendor E's OUI so the network
monitors tell you the device is a Genuine Vendor E smoke detector.
(As we all know from experiences with Vendor C, this is not at all a
movie-plot scenario.)
Unless Vendor E hands out number ranges to its counterfeiters :-), I
don't see how these EUIs would be unique.
Protecting the uniqueness of EUI-64s using tamper-proof device keys
and a certificate sounds interesting... (They wouldn't really be
tamper-proof [1] and so all fake smoke detectors would have one of the
key/certificate/EUI combinations of the fifteen Vendor E smoke
detectors the bad guys bought and opened.)
Oh and all that paranoia aside, manufacturing errors have happened and
do happen.
The Whiteboard does not help much in detecting counterfeiting, but it
does help in detecting IID (and thus EUI-64) collisions.
Gruesse, Carsten
[1] http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-711.pdf
_______________________________________________
6lowpan mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6lowpan
