COIN Security
draft-urien-coin-sec-00
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Expired".
|
|
|---|---|---|---|
| Author | Pascal Urien | ||
| Last updated | 2023-03-26 | ||
| RFC stream | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-urien-coin-sec-00
Internet Draft P. Urien
Intended status: Informational Telecom Paris
Expires: September 2023 March 26 2023
COIN Security
draft-urien-coin-sec-00.txt
Abstract
This draft introduces some security issues for COIN systems.
Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 2023
Urien Expires April 2023 [Page 1]
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Simplified BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Simplified BSD License.
Urien Expires September 2023 [page 2]
COIN Security March 2023
Table of Contents
Abstract........................................................... 1
Requirements Language.............................................. 1
Status of this Memo................................................ 1
Copyright Notice................................................... 2
1 Overview......................................................... 4
2 COIN Security.................................................... 4
3 Program Security................................................. 5
9 IANA Considerations.............................................. 5
10 Security Considerations......................................... 5
11 References...................................................... 5
11.1 Normative References....................................... 6
11.2 Informative References..................................... 6
12 Authors' Addresses.............................................. 6
Urien Expires September 2023 [Page 3]
COIN Security March 2023
1 Overview
Computing in the Network (COIN) is a concept [COIN-TERMINOLOGY] that
aims at deploying and using programs, based on computing resources
hosted in Programmable Network Devices (PNDs. Such infrastructures
could be integrated in edge computing or 5G slicing [COIN-USECASES].
A program works with several PNDs exchanging data over secure
communications.
In that context there is a need for security either for intrinsic
COIN needs or for programs running in COIN systems.
2 COIN Security
COIN should rely on fully encrypted communications, what implies
authentication and keying mechanisms based on symmetric or
asymmetric secrets.
Some research items for COIN security are the following:
1) Security Architecture
2) PND security model
3) KMS
4) Authentication Center
+-------+
| PND |
+------------+ +------------+
| | KMS | |
| +---+---+ |
| | |
| +---+---+ |
| | Auth. | |
| +----+ Center+----+ |
| / | KMS | \ |
| / +-------+ \ |
| / \ |
+---+---+ +---+---+
| PND | | PND |
| +-------------------------+ |
| KMS | | KMS |
+-------+ +-------+
PND could include a Key Management System (KMS) in order to provide
these security features.
If COIN services rely on centralized architecture an Authentication
Center (AC) should provide KMS functionalities.
Urien Expires September 2023 [Page 4]
COIN Security March 2023
PND processors can also include a physical entity with isolated (for
example Trusted Execution Environment, TEE) or tamper resistant
computing resources (sometimes refers as integrated secure element
iSE).
A classical approach in cloud computing relies on the deployment of
Hardware Secure Module (HSM) in data centers, typically performing
offload or KMS operations, i.e. computing cryptographic procedures
in a trusted environment.
3 Program Security
Programs could have security requirements. For example the
generation of blockchain transactions implies secure key storage and
trusted signature.
Some research items for program security are the following:
-1) Secure program deployment
-2) Attestation and secure cryptographic provisioning
-3) Level of security & trust
-4) Scalability & Performances
The IoSE [IOSE] draft introduces on-demand secure computing
resources, identified by Uniform Resources Identifier (URI), and
could be a use case for COIN
+-------+ +-------+
| PND | URI | IoSE |
| +-------------+ |
| KMS | | Server|
+-------+ +-------+
\ /
\ /URI
+-------+
| COIN |
| [
| Client|
+-------+
9 IANA Considerations
This draft does not require any action from IANA.
10 Security Considerations
This entire document is about security.
11 References
Urien Expires September 2023 [Page 5]
COIN Security March 2023
11.1 Normative References
[COIN-TERMINOLOGY] draft-irtf-coinrg-coin-terminology-00,
"Terminology for Computing in the Network"
[COIN-USECASES] draft-irtf-coinrg-use-cases-03, "Use Cases for In-
Network Computing"
11.2 Informative References
[IOSE] draft-urien-coinrg-iose-06.txt, "Internet of Secure Elements"
12 Authors' Addresses
Pascal Urien
Telecom Paris
19 place Marguerite Perey
91120 Palaiseau Phone: NA
France Email: Pascal.Urien@telecom-paris.fr
Urien Expires September 2023 [Page 6]