Practical Considerations and Implementation Experiences in Securing Smart Object Networks
RFC 8387
Internet Engineering Task Force (IETF) M. Sethi
Request for Comments: 8387 J. Arkko
Category: Informational A. Keranen
ISSN: 2070-1721 Ericsson
H. Back
Nokia
May 2018
Practical Considerations and Implementation Experiences in
Securing Smart Object Networks
Abstract
This memo describes challenges associated with securing resource-
constrained smart object devices. The memo describes a possible
deployment model where resource-constrained devices sign message
objects, discusses the availability of cryptographic libraries for
resource-constrained devices, and presents some preliminary
experiences with those libraries for message signing on resource-
constrained devices. Lastly, the memo discusses trade-offs involving
different types of security approaches.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are candidates for any level of Internet
Standard; see Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8387.
Sethi, et al. Informational [Page 1]
RFC 8387 Smart Object Security Experiences May 2018
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Related Work . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Challenges . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Proposed Deployment Model . . . . . . . . . . . . . . . . . . 6
4.1. Provisioning . . . . . . . . . . . . . . . . . . . . . . 6
4.2. Protocol Architecture . . . . . . . . . . . . . . . . . . 9
5. Code Availability . . . . . . . . . . . . . . . . . . . . . . 10
6. Implementation Experiences . . . . . . . . . . . . . . . . . 12
7. Example Application . . . . . . . . . . . . . . . . . . . . . 18
8. Design Trade-Offs . . . . . . . . . . . . . . . . . . . . . . 21
8.1. Feasibility . . . . . . . . . . . . . . . . . . . . . . . 21
8.2. Freshness . . . . . . . . . . . . . . . . . . . . . . . . 22
8.3. Layering . . . . . . . . . . . . . . . . . . . . . . . . 24
8.4. Symmetric vs. Asymmetric Crypto . . . . . . . . . . . . . 26
9. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
10. Security Considerations . . . . . . . . . . . . . . . . . . . 27
11. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27
12. Informative References . . . . . . . . . . . . . . . . . . . 27
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 33
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 33
Sethi, et al. Informational [Page 2]
RFC 8387 Smart Object Security Experiences May 2018
1. Introduction
This memo describes challenges associated with securing smart object
devices in constrained implementations and environments. In
Section 3, we specifically discuss three challenges: the
implementation difficulties encountered on resource-constrained
platforms, the problem of provisioning keys, and making the choice of
implementing security at the appropriate layer.
Section 4 discusses a potential deployment model for constrained
environments. The model requires a minimal amount of configuration,
and we believe it is a natural fit with the typical communication
practices in smart object networking environments.
Show full document text