Re: [Anima] [Iot-onboarding] EXTERNAL: Re: OPC and BRSKI

[Owen Friel (ofriel)]

-Original Message-
From: Iot-onboarding  On Behalf Of Toerless 
Eckert
Sent: 12 August 2019 19:50
To: Jack Visoky 
Cc: Michael Richardson ; Randy Armstrong (OPC) 
; anima@ietf.org; iot-onboard...@ietf.org
Subject: Re: [Iot-onboarding] [Anima] EXTERNAL: Re: OPC and BRSKI

Agreeing to what Michael and you said, but also wanted to point out that TLS as 
defined by IETF is on a trajectory which may or may not be desirable for e.g.: 
industrial automation (where OPC is used) or other regulated/ critical 
environments.

For example the total elimination of any non-encryption option in the
TLS1.3 profile and the removal of the ability for passive observers to see the 
certificates exchanged impeeds severely on the ability to do passive 
diagnostics.

I at least think there are good reasons to also have a strong and independent 
reviewed authentication scheme without encryption that can well be diagnosed by 
passive observers.

Aspects like these are easily fixed IMHO by creating different profiles of TLS. 
Whether or not one could get such profiles through the TLS WG in the IETF is of 
course a different question given what seems to be a highly contentuous nature 
of the topic.

There also seems to be a desire of areas of industrial automation to avoid the 
overhead of a perceived to be redundant network layer. This was a thing back in 
the days of OSI where TP4 was often run in factories without CLNS, and given 
how IP hasn't really improved on simplified, automated address management vs. 
L2 switched ethernet, this still seems to be a thing. Aka: Someone would need 
to define TLS on top of just ethernet instead of IP/IPv6. And there may be 
other similar L2 "transport" technologies where its not clear if simple 
ethernet mappings would suffice (bluetooth, wifi,...).

Last but not least, QUIC is on a path to replace TLS and that too puts a dent 
into the belief that TLS as it stands would be a long term stable most-widely 
used protocol.

[ofriel] Its more accurate to say that QUIC is going to replace TCP. QUIC will 
be secured using TLS: https://tools.ietf.org/html/draft-ietf-quic-tls-22


Finally: There is something said to not simply trust a design like TLS which 
you do not really understand just because  its widely used, and thus hopefully 
well reviewed, but rather make sure you have a design based on solid 
understanding of the cryptographic principles employed and a well defined 
review/control process of implementations.  Incidents like with OpenSSL show 
how badly reviewed even the most widely deployed crypto mechanisms can be.

Cheers
Toerless



On Sun, Aug 11, 2019 at 09:31:22PM +, Jack Visoky wrote:
> > but there are significant benefits to not maintaining your own protocols, 
> > and significant benefits to getting the extensive review that TLS gets.
> 
> I could not agree more with this statement.
> 
> Thanks,
> 
> --Jack
> 
> 
> -Original Message-
> From: Michael Richardson 
> Sent: Saturday, August 10, 2019 5:16 PM
> To: Jack Visoky ; Randy Armstrong (OPC) 
> ; iot-onboard...@ietf.org; 
> anima@ietf.org
> Subject: Re: EXTERNAL: Re: [Anima] [Iot-onboarding] OPC and BRSKI
> 
> 
> Jack Visoky  wrote:
> > I am also involved with OPC-UA and would like to provide my/my
> > company's perspective.  One of the major drivers of this engagement
> > with the ANIMA group was a contentious point around whether or not TLS
> > and EST are required for support of BRSKI.  Some of us had taken the
> > position that these technologies are an integral part of BRSKI and
> > shouldn't be replaced with OPC specific methods, especially given the
> > benefit of using highly adopted security technologies, as well as the
> > tight coupling of BRSKI to these.  So, I think the idea that OPC should
> > just use these technologies is very much a viable answer.
> 
> If the device is powered or has enough battery to do 802.11, then it probably 
> has enough power and code space to do TLS (particularly mbedtls from ARM).
> If it's on a very low duty cycle on battery, and/or it does 802.15.4, 
> then the question is still open.  The IETF may start work on a 
> 802.15.4 specific AKE, (see l...@ietf.org).  We believe we need these 
> for 6tisch (TSCH mode of 802.15.4 for deterministic industrial 
> networks)
> 
> It appears that the OPC UA methods provide enough security to do BRSKI, but 
> there are significant benefits to not maintaining your own protocols, and 
> significant benefits to getting the extensive review that TLS gets.
> 
> > Also, I would strongly push back on any claims that low end OPC devices
> > cannot support TLS.  Other industrial protocols have already added TLS
> > support and are shipping products, including those with TLS client
> > functionality.  TLS is no more heavy-weight than existing, OPC-specific
> > security mechanisms.
> 
> The OPC-specific mechanism appears to avoid a DH operation and therefore 
> lacks PFS.  I unde

Re: [Anima] [Iot-onboarding] EXTERNAL: Re: OPC and BRSKI

[Michael Richardson]

Randy Armstrong (OPC)  wrote:
> 1) As it stands today BRSKI is pull model only and the push model is
> out of scope but I don't see why that has to be the case once you allow
> for different protocols between the Device and the Registrar. With our
> proposed OPC mapping we would define a Registrar that supports both
> models. Is this of any interest to the IETF or would it be an OPC only
> thing?

There are a number of reasons to think a push model is also workable.
I'm unclear if OPC needs to onboard devices into a wireless network or if
everything is wired.  This matters because the new device has to announce
its presence to the Registrar for push to work.

For instance, you could take a look at:
  https://tools.ietf.org/html/draft-richardson-6tisch-dtsecurity-secure-join-01

which is an old version of the constrained-BRSKI mechanism.
Section 3, (3.2) explains how the Registrar would reach out to the
Pledge using the 6tisch 6p protocol (when it ran over IPv6).

> 2) Perhaps the most value from BRSKI comes not from the MASA per se but
> the voucher format (i.e. a digitally signed document with a standard
> format). We could meet a lot of our requirements if we had a voucher
> which has a list of nonce-less or bearer vouchers shipped to a
> particular location for use by a particular end user. We could create
> workflows where the manufacturer/distributor has to create this
> document when devices are delivered. The document could be delivered
> via the MASA or via some other B2B exchange or even on a USB
> stick. However it is delivered it can then be read by the Registrar and
> use it to build a whitelist of Devices allowed on the network.

RFC 8572 -- Secure Zero Touch Provisioning (SZTP)
may suit you better. It also uses RFC8366 vouchers.

> I am also thinking that this voucher would be a good application for
> block chain where instead of a bearer voucher we define a mechanism
> where the owner the device could append a "block" to the original
> voucher which authorizes the transfer to new owner.

We considered distributed ledgers for the audit log.
In all distributed ledgers, you have to ask:
  1) are there mutually distrusting parties?
  2) what do they need to agree upon?
  3) what is the incentive for a third party to validate the chain?

What you have described above, however, is just a certificate chain.
No Block Required.
  
https://mailarchive.ietf.org/arch/msg/6tisch-security/2kObJLkLlhuI-HU9s5yqfRm0n00

Describes an early notion of how vouchers work, and notice how it delegates
at each step.  Subsequent sales just extend the chain.  We didn't go this
way because:
  1) it mandates sales channel integration, and we think that this will be
 rare at the beginning.
  2) any party in the chain can issue a new sale certificate, effectively
 stealing the device from the current owner.

--
Michael Richardson , Sandelman Software Works
 -= IPv6 IoT consulting =-


signature.asc
Description: PGP signature
___
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima