Markdown Version | Session Recording

Session Date/Time: 26 Jul 2023 22:30

iotops

Summary

The IoT Operations (iotops) working group meeting at IETF 117 covered several key topics including an IoT security survey draft, a comparison of COAP security protocols, device schema extensions to the SCIM model, and a draft proposing certificate-less enrollment protocol for constrained IoT devices (Bruskey CLE). Discussions revolved around the direction and improvement of these drafts, soliciting co-authors and reviewers, and addressing security considerations.

Key Discussion Points

• IoT Security Survey Draft:
  • Purpose: To map security requirements from existing standards to IETF and related technologies.
  • Current Status: Covers ALISA baseline and NIST IoT cybersecurity capability core baseline.
  • Need for co-authors and reviewers due to the expected growth of the document.
  • Discussion on whether this document should become an RFC or remain a perpetually updated draft.
• Comparison of COAP Security Protocols:
  • Discussion of the progress of the draft, including addressing comments from IETF 116 and early IUT review.
  • Concerns were raised about terminology, key exchange, and security considerations, with plans to address them.
  • Decision needed on whether to wait for CTLS to be published before moving to working group last call.
• Device Schema Extensions to SCIM:
  • Goal: To abstract onboarding mechanisms and offer a provisioning interface.
  • The communication reverses, and partners who are providing IoT devices into an enterprise environment will call into SCIM and also link to an ALG.
  • Updates to the endpoint application schema were discussed.
  • Open API model provided in the appendix for testing.
• Bruskey CLE (Certificate-Less Enrollment Protocol):
  • Draft proposes an alternative to certificate-based authentication for constrained IoT devices using certificate-less cryptography.
  • Discussion about the claimed improvements in computational efficiency and transmission overhead compared to certificate-based methods.
  • Concerns were raised about the reliance on IBC and its scalability and security considerations.

Decisions and Action Items

• IoT Security Survey Draft:
  • Seek additional co-authors and reviewers.
  • Continue development as a draft for now; revisit RFC status later.
• Comparison of COAP Security Protocols:
  • Sean to address Russ’s comments and submit version 03.
  • Chairs to check with TLS working group about CTLS publication timeline.
  • Working group to decide whether to wait for CTLS publication before last call.
• Device Schema Extensions to SCIM:
  • Elliot to correct language clarity issues.
  • Elliot to correct regex inconsistencies for MAC addresses.
  • Intend to release LSS code for testing.
• Bruskey CLE:
  • Author to address concerns raised about IBC and its security implications, especially scalability and potential vulnerabilities with centralized key generation.
  • Author to clarify comparisons with TLS in later presentations.

Next Steps

• Continue development and refinement of all drafts based on feedback.
• Seek additional co-authors and reviewers for the IoT security survey.
• Address comments and issues raised during the meeting.
• Determine a timeline for progressing the COAP security protocols comparison draft to working group last call.
• IoT Net is potentially being utilized in Prague, but its status is currently unsupported.