[wi-sun rlmmwg] Discussion on Security Features in RLMM Profile and Request for Feedback
Ryota Yamada
ryamada at ari.ncl.omron.co.jp
Mon Mar 7 19:20:52 PST 2016
Dear RLMM WG members,
I would like to share current status of discussion on security features
in RLMM Profile.
1. Background
In the process of the ballot for "Wi-SUN Profile for RLMM Revison 1v00",
several feedback showing concern about missing security features in
"Wi-SUN Profile for RLMM Revison 1v00". The details on the feedback are
available on the page 8 of the material used in the Wi-SUN RLMM WG TC on
Feb. 25th JST available from here:
https://dms.wi-sun.org/htcomnet/Handlers/Download.ashx?action=download&file=M2MIG%2F20160225%20RLMM%20WG%20TC%200v00.pptx
2. Summary of discussion by now
(1) From the viewpoint of marketing, as there is a big focus on security
in IoT right now and it could be very bad publicity for Wi-SUN Alliance
if someone criticize a Wi-SUN profile unsecure and hackable, all Wi-SUN
Profiles shall require that security features be implemented and that
the certification program checks them.
(2) There are some applications which may not require security. For
those application, it should be the users' decision whether they use
security features or not.
(3) As requirement for security feature will be different in different
network type, security features to be supported in each network types
should be defined in each recommended usage. From the viewpoint of
product developer, no security feature which is not required by
application should not be required to be implemented to avoid
unnecessary effort.
3. Proposed direction
According to the discussion, following direction is proposed:
- In "Wi-SUN Profile for RLMM Revison 1v01", a new section "3.4
Security" will be added and all security features supported in RLMM
profile will be listed in here. Details on the security feature will be
described in subsections in each profiles. For example, if one security
feature listed in "3.4 Security" is a security feature in MAC layer in
non IP network, the details on that feature will be described in section
"4.4 MAC Part" which is a subsection of "4. Wi-SUN Profile (RLMM over
Non IP).
- Each recommended usage which will correspond to test and
certification specification, at least one of security features listed in
section "3.4 Security" should be selected as mandatory feature to be
implemented. The security feature to be mandatory will be selected in
each network type. It is OK to give option for user to disable the
security feature defined as mandatory, but the feature is required to be
implemented.
4. Candidates for the security features to be supported
Some members provided feedback regarding security features to be
supported. The proposed features are summarized on page 9 of the
material used in the RLMM WG TC on Mar. 3rd JST available from here:
https://dms.wi-sun.org/htcomnet/Handlers/Download.ashx?action=download&file=M2MIG%2F20160303%20RLMM%20WG%20TC%200v00.pptx
5. Request for feedback from members
(1) Regarding the proposed direction described in "3. Proposed
direction" above, if you have any comment, question, objection and/or
suggestion, please let me know.
(2) Regarding candidates for the security features to be supported, if
you have some specific feature in your mind and if it is not listed in
the material shown in "4. Candidates for the security features to be
supported" above, please let me know.
(3) As one of candidate for the security feature to be supported in RLMM
Profile, the security features described in IEEE802.15.4 is proposed as
described in the material shown in "4. Candidates for the security
features to be supported" above. In case we employ this feature, we need
to consider about a mechanism for key exchange. One of the simplest
mechanism which can be supported even by R0 devices is to use key set by
users' hand, in other words, keys will not be updated if users do not
care. Is there any objection to use this mechanism as a mandatory
feature for network type A?
If you have any comment, question and/or suggestion, please provide it.
We are now continuing our discussion in RLMM WG TC and the next TC will
be held from 11:00am on Mar. 10th JST. Feedback thorough e-mail
reflector or e-mail direct to me will also be very welcomed.
Best regards,
Ryota
--
+--------------------------------
| Ryota Yamada <ryamada at ari.ncl.omron.co.jp>
|
| OMRON Corporation
| Technology and Intellectual Property H.Q.
| Planning and CTO Support Division
| Open Innovation Sec.
|
| Tel: +81-774-74-2158 (Ext: 7-232-6558)
More information about the rlmmwg
mailing list