Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

SEC-2014-0307

advertisement 
INPUT CONTRIBUTION
Group Name:*
SEC#11
Title:*
Annex X.2.2 High Level Requirements for Bootstrap Instruction
Configuration
Source:*
Qualcomm Inc. (TIA)
Contact:
Phil Hawkes, Qualcomm , phawkes@qti.qualcomm.com
Wolfgang Granzow, Qualcomm, wgranzow@qti.qualcomm.com
Josef Blanz, Qualcomm, jblanz@qti.qualcomm.com
Date:*
2014-06-02
Abstract:*
This contribution provides text for Annex X.2.2 containing High Level
Requirements for Bootstrap Instruction Configuration
Agenda Item:*
Work item(s):
SEC WI-0007
Document(s)
Security TS (TS-0003)
Impacted*
Intended purpose of
Decision
document:*
Discussion
Information
Other <specify>
Decision requested or
recommendation:*
Incorporate text into Security TS-0003.
1
2
3
4
5
6
7
8
9
10
oneM2M Notice
The document to which this cover statement is attached is submitted to oneM2M. Participation
in, or attendance at, any activity of oneM2M, constitutes acceptance of and agreement to be
bound by terms of the Working Procedures and the Partnership Agreement, including the
Intellectual Property Rights (IPR) Principles Governing oneM2M Work found in Annex 1 of the
Partnership Agreement.
11
12
13
© OneM2MPartners
Page 1 of 6
14
15
------start of change 1-----X.2.2 High Level Requirements for Bootstrap Instruction Configuration
17
X.2.2.1 High Level Requirements for Bootstrap Instruction Configuration of
Enrolee
18
In the Bootstrap Instruction Configuration, it is necessary to configure the Enrolee with
16
19
20
21
(if not already configured) the CSE-ID/AE-ID for the Enrolee (Enrolee-ID). This is the identity by which the
Enrolee shall be identified by the MAF to other Security Association end-points in subsequent Association
Security Handshakes. This identity is also used for routing messages.
22
23
The MAF-ID of the target M2M Authentication Function with which a Master Credential is to be established.
This identity is used for routing messages to the M2M Authentication Function.
24
25
26
(In the Certificate-Based Security Bootstrap Framework), and if not previously configured) the identity of the
M2M Enrolment Function (MEF URI); and the Certificate Name and Root of Trust of the M2M Enrolment
Function - the Enrolee will use these to verify the certificate of the M2M Enrolment Function.
27
28
29
30
Regarding Confidentiality: Bootstrap Instruction Configuration does not include exchanging or generating any secret
cryptographic information (such as a symmetric key or private key) used in the subsequent handshakes. This is a
deliberate design decision to reduce the risk of compromising the confidentiality of messages exchanged in a Bootstrap
Instruction Configuration.
31
32
33
34
35
If confidentiality of the configured information is compromised by an adversary, then that adversary determines that the
Enrolee is being bootstrapped with the M2M Authentication Function. This provides a small advantage over
information that might be obtained through traffic analysis. In many scenarios, the loss of confidentiality poses a low
risk, and encryption is a low priority. It is unclear if there could be scenarios where the loss of confidentiality poses a
higher risk – in such scenarios (if any) appropriate mitigations (e.g. encryption) should be considered.
36
37
38
39
40
41
Regarding Integrity and Authenticity: Bootstrap Instruction Configuration can include communicating to the Enrolee
the identities of the Enrolee and M2M Authentication Function, and (in the Certificate-Based Security Bootstrap
Framework) the identity of the facilitating M2M Enrolment Function along with the Certificate Name and Root of Trust
of the M2M Enrolment Function. If the authenticity or integrity of this exchange is compromised by an adversary, then
the adversary can configure the Enrolee to bootstrap with an entity other than the intended M2M Authentication
Function: for example, the Enrolee could be convinced to bootstrap with a malicious entity.
42
43
44
In the absence of a revocation mechanism, a Master Credential can have very long lifetime which would result in high
impact if the Enrolee to bootstrap with an M2M Authentication Function other than the intended M2M Authentication
Function.
45
Further considerations for the individual Security Bootstrap Frameworks follow:
46
47
48
49
50
51
52
53
In the case of the Pre-Provisioned Symmetric Enrolment Key Security Bootstrap Framework, the M2M Enrolment
Function would distribute keys only to those M2M Authentication Functions dictated by the Enrolee’s Security
Bootstrap Settings in the M2M Enrolment Function. In this case, the impact of the attack is linked to the threat
of compromise to the Security Bootstrap Settings in the M2M Enrolment Function, which is considered further
in Clause X.2.2.3 “High Level Requirements for Bootstrap Instruction Configuration of M2M Enrolment
Function”. It seems wise to err on the side of caution, and assign integrity protection and authentication to
medium or high priority. It seems wise to err on the side of caution, and assign integrity protection and
authentication of the Enrolee’s configuration to medium or high priority.
54
55
56
57
58
59
In the case of GBA-Based Security Bootstrap Framework, the BSF would distribute keys only those entities
dictated by the Underlying Network Service Subscriber’s GBA User Security Settings. In this case, the impact
of the attack is linked to the threat of compromise to the GBA User Security Settings, addressed in Clause
X.2.2.4 “High Level Requirements for Updating GBA User Security Settings”. It seems wise to err on the side
of caution, and assign integrity protection and authentication of the Enrolee’s configuration to medium or high
priority.
60
61
62
In the case of the Certificate-Based Security Bootstrap Framework, the following must be considered. The identity
of the M2M Enrolment Function (along with the Certificate Name and Root of Trust of the M2M Enrolment
Function) is provided to the Enrolee either (a) as part of the Bootstrap Credential Configuration Phase (the
© OneM2MPartners
Page 2 of 6
63
64
details of which are not specified by oneM2M), or (b) during the Bootstrap Instruction Configuration phase
when providing the identity of the target M2M Authentication Function.
65
66
67
68
69
70
oIn case (a), the M2M Enrolment Function would distribute keys only to those M2M Authentication
Function dictated by the Enrolee’s Security Bootstrap Settings in the M2M Enrolment Function. In
this case, the impact of the attack is linked to the threat of compromise to the Security Bootstrap
Settings in the M2M Enrolment Function, which is considered further in Clause 8.4.1.3.1 “Security
Bootstrap Settings”. It seems wise to err on the side of caution, and assign integrity protection and
authentication of the Enrolee’s configuration to medium or high priority.
71
72
73
74
75
oIn case (b), if the integrity or authenticity is compromised, then the adversary can tell the Enrolee to use
a malicious M2M Enrolment Function chosen by the adversary, and the malicious M2M Enrolment
Function can bootstrap the Enrolee with multiple M2M Authentication Functions of the adversary’s
choosing. In this case, compromise of integrity and/or authenticity of the Enrolee’s configuration
presents a high to very high risk, and appropriate mitigations are a high to very high priority.
76
77
Regarding Authorization: Bootstrap Instruction Configuration impacts the behaviour of the Enrolee. Consequently,
the ability to
78
1.Configure the information to the Enrolee in the Bootstrap Instruction Configuration phase;
79
80
2.Obtain acknowledgement of all configurations of information the Enrolee in the Bootstrap Instruction
Configuration phase;
81
3.Obtain acknowledgement of when a Master Credential is established in the Enrolee;
82
4.Revoke a Master Credential established in the Enrolee
83
should be limited to entities with authority to manage the behaviour of the Enrolee.
84
85
Summary: The priority for encryption should be considered on a case by case basis – it is expected to be a low priority.
The priority for integrity protection and authentication depends on the Security Bootstrap Framework in use:
86
87
The priority is medium-to-high for the GBA-Based Framework and the Pre-Provisioned Symmetric Enrolment
Key framework;
88
In the case of the Certificate-Based framework, the priority is
89
90
oMedium to high if the M2M Enrolment Function details (identity, Certificate Name and Root of Trust)
are provided to the Enrolee in the Bootstrap Credential Configuration Phase, and
91
92
oHigh to very high if the M2M Enrolment Function details are provided to the Enrolee in the Bootstrap
Instruction Configuration Phase.
93
94
The authorization to perform this configuration should be granted only to those entities with authority to manage the
behaviour of the Enrolee.
95
96
X.2.2.2 High Level Requirements for Bootstrap Instruction Configuration of
MAF
97
In the Bootstrap Instruction Configuration, it is necessary to configure the MAF with
98
99
100
(if not already configured) the CSE-ID/AE-ID for the Enrolee (Enrolee-ID) to be bootstrapped to the MAF. This is
the identity by which the Enrolee shall be identified by the MAF to other Security Association end-points in
subsequent Association Security Handshakes. This identity is also used for routing messages.
101
102
103
104
Regarding Confidentiality: Bootstrap Instruction Configuration does not include exchanging or generating any secret
cryptographic information (such as a symmetric key or private key) used in the subsequent handshakes. This is a
deliberate design decision to reduce the risk of compromising the confidentiality of a messages exchanged in Bootstrap
Instruction Configuration.
105
106
107
If confidentiality of the configured information is compromised by an adversary, then that adversary determines an
identity of an Enrolee that is to be bootstrapped with the M2M Authentication Function. This provides a small
advantage over information that might be obtained through traffic analysis.
© OneM2MPartners
Page 3 of 6
108
109
110
111
112
113
114
115
Compromising this confidentiality for a single Enrolee may have a range of impacts, ranging from low impact to high
impact. However, configuration of the M2M Authentication Function for all Enrolees (being bootstrapped to that M2M
Authentication Function) will be communicated across multiple instances of this interface. The cumulative impact of
compromising the confidentiality of all these communications is likely to have high impact. Consequently, in many
cases the loss of confidentiality presents a high risk and appropriate mitigations (e.g. encryption) are a high priority. In
some cases, where the M2M Authentication Function is used only in cases where compromising this confidentiality for
a single Enrolee has low impact, then the loss of confidentiality may present a lower risk, and mitigations ar a lower
priority.
116
117
118
119
120
Regarding Integrity and Authenticity: Bootstrap Instruction Configuration includes communicating to the M2M
Authentication Function the identities of the Enrolee. If the authenticity or integrity of this exchange is compromised by
an adversary, then the adversary can configure the M2M Authentication Function to allow bootstrapping with entities
other than the intended Enrolee: for example, the M2M Authentication Function could be convinced to bootstrap with a
malicious entity rather than a trustworthy Enrolee.
121
122
123
124
An M2M Authentication Function can revoke a Master Credential that is established with an entity other than the
intended Enrolee. Consequently, the M2M Authentication Function can limit impact once it has detected that the entity
with which it has bootstrapped is not the intended Enrolee. high impact if the M2M Authentication Function bootstrap
with an M2M Authentication Function other than the intended M2M Authentication Function.
125
Further considerations for the individual Security Bootstrap Frameworks follow:
126
127
128
129
130
131
132
133
In the case of the Pre-Provisioned Symmetric Enrolment Key Security Bootstrap Framework, the M2M Enrolment
Function would distribute keys only to those M2M Authentication Functions dictated by the Enrolee’s Security
Bootstrap Settings in the M2M Enrolment Function. In this case, the impact of the attack is linked to the threat
of compromise to the Security Bootstrap Settings in the M2M Enrolment Function, which is considered further
in Clause X.2.2.3 “High Level Requirements for Bootstrap Instruction Configuration of M2M Enrolment
Function”. It seems wise to err on the side of caution, and assign integrity protection and authentication to
medium or high priority. It seems wise to err on the side of caution, and assign integrity protection and
authentication of the Enrolee’s configuration to medium or high priority.
134
135
136
137
138
139
In the case of GBA-Based Security Bootstrap Framework, the BSF would distribute keys only those entities
dictated by the Underlying Network Service Subscriber’s GBA User Security Settings. In this case, the impact
of the attack is linked to the threat of compromise to the GBA User Security Settings, addressed in Clause
X.2.2.4 “High Level Requirements for Updating GBA User Security Settings”. It seems wise to err on the side
of caution, and assign integrity protection and authentication of the Enrolee’s configuration to medium or high
priority.
140
141
142
143
144
In the case of the Certificate-Based Security Bootstrap Framework, the following must be considered. The identity
of the M2M Enrolment Function (along with the Certificate Name and Root of Trust of the M2M Enrolment
Function) is provided to the Enrolee either (a) as part of the Bootstrap Credential Configuration Phase (the
details of which are not specified by oneM2M), or (b) during the Bootstrap Instruction Configuration phase
when providing the identity of the target M2M Authentication Function.
145
146
147
148
149
150
oIn case (a), the M2M Enrolment Function would distribute keys only to those M2M Authentication
Function dictated by the Enrolee’s Security Bootstrap Settings in the M2M Enrolment Function. In
this case, the impact of the attack is linked to the threat of compromise to the Security Bootstrap
Settings in the M2M Enrolment Function, which is considered further in Clause 8.4.1.3.1 “Security
Bootstrap Settings”. It seems wise to err on the side of caution, and assign integrity protection and
authentication of the Enrolee’s configuration to medium or high priority.
151
152
153
154
155
oIn case (b), if the integrity or authenticity is compromised, then the adversary can tell the Enrolee to use
a malicious M2M Enrolment Function chosen by the adversary, and the malicious M2M Enrolment
Function can bootstrap the Enrolee with multiple M2M Authentication Functions of the adversary’s
choosing. In this case, compromise of integrity and/or authenticity of the Enrolee’s configuration
presents a high to very high risk, and appropriate mitigations are a high to very high priority.
156
157
Summary: The priority for encryption should be considered on a case by case basis – it is expected to be a low priority.
The priority for integrity protection and authentication depends on the Security Bootstrap Framework in use:
158
159
The priority is medium-to-high for the GBA-Based Framework and the Pre-Provisioned Symmetric Enrolment
Key framework;
160
In the case of the Certificate-Based framework, the priority is
© OneM2MPartners
Page 4 of 6
161
162
oMedium to high if the M2M Enrolment Function details (identity, Certificate Name and Root of Trust)
are provided to the Enrolee in the Bootstrap Credential Configuration Phase, and
163
164
oHigh to very high if the M2M Enrolment Function details are provided to the Enrolee in the Bootstrap
Instruction Configuration Phase.
166
X.2.2.3 High Level Requirements for Bootstrap Instruction Configuration of
MEF
167
168
169
170
171
172
An M2M Enrolment Function has a Security Bootstrap Settings for each Enrolee on whose behalf the M2M Enrolment
Function is authorized to facilitate bootstrapping. The Security Bootstrap Settings identify M2M Authentication
Functions that the M2M Enrolment Function is authorized to provide with Master Credentials for the associated
Enrolee. The Security Bootstrap Settings may provide other metadata such as a CSE-ID/AE-ID for the Enrolee. The
Security Bootstrap Settings are authorizations executed on behalf of the Enrolee, and are there to protect that Enrolee –
not the M2M Authentication Function. IS THIS TRUE? IS IT TRUE OF GBA?
173
174
175
The Security Bootstrap Settings may need to be updated to add and remove M2M Authentication Functions. This
specification does not describe the interface to the M2M Enrolment Function for updating the Security Bootstrap
Settings, but provides requirements for this interface.
176
177
178
179
Regarding Confidentiality: The process of updating the Security Bootstrap Settings does not include exchanging or
generating any secret cryptographic information (such as a symmetric key or private key) used in the subsequent
handshakes. This is a deliberate design decision to reduce the risk of compromising the confidentiality of messages
updating Security Bootstrap Settings.
180
181
182
183
If confidentiality of the configured information is compromised by an adversary, then that adversary determines that the
M2M Enrolment function has been authorized to establish a Master Credential Km between the Enrolee and M2M
Authentication Function. This provides a small advantage over information that might be obtained through traffic
analysis of communication between entity the Enrolee and M2M Authentication Function.
184
185
186
187
188
Compromising the confidentiality of a single update may have a range of impacts, ranging from low impact to high
impact. However, the Security Bootstrap Setting updates for all Enrollees utilizing the M2M Enrolment Function will
be communicated across multiple instances of this interface. The cumulative impact of compromising the
confidentiality of all these updates is likely to have high impact. Consequently, the loss of confidentiality presents a
high risk, and appropriate mitigations are a high priority.
189
190
191
192
193
194
Regarding Integrity and Authenticity: Updating Security Bootstrap Settings include communicating the identities of
Enrolee and corresponding M2M Authentication Functions to whom the M2M Authentication Function is authorized to
provide a Master Credential for the Enrolee. If the authenticity or integrity of this communication is compromised by an
adversary, then the adversary can update the Security Bootstrap Settings to authorize the M2M Enrolment Function to
provide Master Credential Km to an M2M Authentication Function other than the intended M2M Authentication
Function: in particular, facilitating a Security Bootstrap between an Enrolee and a malicious entity.
195
196
Using similar arguments to that for confidentiality above, compromising the integrity and/or authenticity presents a high
risk, and appropriate mitigations are required.
197
198
199
Regarding Authorization: The process of updating the Security Bootstrap Settings of an Enrolee will have a large
impact on the behaviour of the Enrolee. Consequently, the ability to update the Security Bootstrap Settings of an
Enrolee should be limited to those entities with authority to manage the behaviour of that Enrolee.
200
201
202
Summary: Encryption, integrity protection and authentication are a high priority. The authorization to update the
Security Bootstrap Settings of a Enrolee should be granted only to those entities with authority to manage the behaviour
of that Enrolee.
203
204
X.2.2.4 High Level Requirements for Bootstrap Instruction Configuration of
UNSP Authentication Servers
205
206
207
208
209
210
In the context of Bootstrap Instruction Configuration, a GBA User Security Settings identifies M2M Authentication
Functions (corresponding to Network Application Functions) that GBA Bootstrapping Server Functions are authorized
to provide with Ks_(ext/int)_NAF. The GBA User Security Settings play an analogous role to the Security Bootstrap
Settings in an M2M Enrolment Function (see clause X.2.2.3 “High Level Requirements for Updating Security
Bootstrap Settings in the MEF”), and have identical security requirements in the context of Bootstrap Instruction
Configuration.
165
© OneM2MPartners
Page 5 of 6
211
212
The interface for updating GBA User Security Settings is addressed in GBA specifications 3GPP 33.220 [13] and
related specifications.
213
214
------end of change 1------
© OneM2MPartners
Page 6 of 6
Related documents
Monthly Report (2012 December) of the “Large
Monthly Report (2012 December) of the “Large
The Size Problem of Kernel Based Bootstrap Tests when
The Size Problem of Kernel Based Bootstrap Tests when
Teezle - TMCnet
Teezle - TMCnet
Insurance - M2M Evolution
Insurance - M2M Evolution
Proposed Revision to RESOLUTION GSC
Proposed Revision to RESOLUTION GSC
GridPocket SAS
GridPocket SAS
Measurement of Work, Power and Energy
Measurement of Work, Power and Energy
Machine to Machine Communications in Cellular Networks
Machine to Machine Communications in Cellular Networks
NWave - TMCnet
NWave - TMCnet
05.BeginnerBootstrapGrid - ics-software
05.BeginnerBootstrapGrid - ics-software
Download
advertisement