Network Working Group P. Porambage Internet-Draft University of Oulou Intended status: Standards Track C. Schmitt Expires: August 18, 2014 University of Zurich A. Gurtov Aalto University S. Gerdes Universitaet Bremen TZI February 14, 2014 X.509 Public Key Infrastructure Certificates for the Constrained Application Protocol (CoAP) Abstract The Constrained Application Protocol (CoAP) is a web transfer protocol designed for resource limited nodes in constrained networks. For securing the protocol, CoAP defines a binding to Datagram Transport Layer Security (DTLS) with four security modes. One of them is the Certificate mode where the device has an asymmetric key pair with an X.509 certificate. However, the intrinsic properties of x.509 certificates impede the application on the resource constrained nodes. This draft describes the necessary adjustments and derives a modified profile for X.509 certificates to cope with the resource limitations of low-power low-performing devices Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on August 18, 2014. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the Porambage, et al. X.509 for CoAP [Page 1] Internet-Draft X.509 for CoAP February 2014 document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Document Structure . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Design Requirements . . . . . . . . . . . . . . . . . . . . . . 4 4. Overview of the approach . . . . . . . . . . . . . . . . . . . 4 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 6. Acknowledgement . . . . . . . . . . . . . . . . . . . . . . . . 5 7. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . . 5 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 8.1. Norminative References . . . . . . . . . . . . . . . . . . 5 8.2. Informative References . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 6 Porambage, et al. X.509 for CoAP [Page 2] Internet-Draft X.509 for CoAP February 2014 1. Introduction The Constrained Application Protocol (CoAP) [I-D.ietf-core-coap] is proposed as a lightweight alternative for HTTP protocol, in order to support web services while realizing the REST architecture on top of the most constrained nodes and networks. CoAP is designed for the special requirements of this constrained environments, especially considering energy, building automation and other machine-to-machine (M2M) applications. CoAP defines a binding to Datagram Transport Layer Security (DTLS) [RFC6347] and specifies four security modes: NoSec, PreSharedKey, RawPublicKey and Certificate. In the Certificate Mode, the device has an X.509 certificate [RFC5280], which binds the public key of the device to its Authority name and is signed by a common trust root. Complex asymmetric algorithms like RSA use a lot of resources such as processing power and memory. Devices may have to dedicate the major portion of these resources on security algorithms instead of spending them on the application they are intended for. Therefore, it is necessary to adapt a low cost solution for the DTLS Certificate mode in CoAP. Mismatches of X.509 certificates in their original formats; According to [RFC5280] the content of X.509 certificates is mainly composed of three parts: TBSCertificate, Signature Algorithm and Signature Value. We would like to focus on the internal configurations and attributes of TBSCertificate component. The standard X.509 certificates use RSA public key algorithm and keys as the public key infrastructure. According to the definitions of Classes of devices as given in [I-D.ietf-lwig-terms] class 0 and 1 are the most constrained devices. These low performing devices are not capable of handling RSA PKI algorithms due to their limited memory capacities and processing capabilities. 1.1. Document Structure Section 2 mentions conventions used in this draft. Afterwards the assumed design requirements are briefly mentioned in Section 3. Section 4 describes the proposed approach using X.509 public key infrastructure (PKI) certificates for CoAP,followed by security considerations. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this Porambage, et al. X.509 for CoAP [Page 3] Internet-Draft X.509 for CoAP February 2014 document are to be interpreted as described in [RFC2119]. 3. Design Requirements The key design goal is to profile the content and operations of X.509 certificates in such a way to balance the resource constraints of the devices along with the security requirements. Therefore, we emphasize the following design requirements: Low memory consumption; Less complexity of mathematical operations for authentication and authorization processes; Support interoperability among different vendor devices. Alternatively, we focus on profiling X.509 certificates according to the specifications of CoAP enabled devices. 4. Overview of the approach It is obvious that the utilization of X.509 certificates with RSA public key algorithm would not be a lightweight solution. We can adjust the size and the complexity of the certificate by changing the attributes in TBSCertificate part in the original certificates. Elliptic Curve Cryptography (ECC) algorithms would be suitable candidate for PKI replacement in X.509 certificates. Alternatively this could be reusable for digital signature in the certificates too. For instance the algorithm in Elliptic Curve Qu-Vanstone Implicit Certificate Scheme (ECQV) would be a feasible solution for this[1]. 5. Security Considerations The following security goals are addressed by the key idea presented in this draft similar to proposed considerations in [I-D.draft-schmitt-two-way-authentication-for-iot]: Authenticity Recipients of a message can identify their communication partners and can detect if the sender information has been forged. Integrity Communication partners can detect changes to a message during transmission. Porambage, et al. X.509 for CoAP [Page 4] Internet-Draft X.509 for CoAP February 2014 Confidentiality Attackers cannot gain knowledge about the content of a secured message. 6. Acknowledgement This work has been supported by Tekes under Massive Scale Machine-to- Machine Service (MAMMotH) project and Academy of Finland project SEMOHealth. The ongoing work is supported partially by the SmartenIT [2] and the FLAMINGO [3] projects, funded by the EU FP7 Program under Contract No. FP7-2012-ICT-317846 and No. FP7-2012-ICT-318488, respectively. 7. Formal Syntax CoAP - Constrained Application Protocol DTLS - Datagram Transport Layer Security ECC - Elliptic Curve Cryptography ECQV - Elliptic Curve Qu-Vanstone Implicit Certificate Scheme IETF - Internet Engineering Task Force M2M - Machine-to-Machine PKI - Public Key Infrastructure 8. References 8.1. Norminative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC6347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer Security Version 1.2", RFC 6347, January 2012. [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List Porambage, et al. X.509 for CoAP [Page 5] Internet-Draft X.509 for CoAP February 2014 (CRL) Profile", RFC 5280, May 2008. [I-D.ietf-core-coap] Shelby, Z., Hartke, K., and C. Bormann, "Constrained Application Protocol (CoAP), http://www.ietf.org/ internet-drafts/draft-ietf-core-coap-18.txt", draft-ietf-core-coap-18 (work in progress), March 2013. [I-D.ietf-lwig-terms] Bormann, C. and M. Ersue, "Terminology for Constrained Node Networks, http://www.ietf.org/internet-drafts/ draft-ietf-lwig-terms-00.txt", draft-bormann-lwig-terms-00 (work in progress), November 2012. [I-D.draft-schmitt-two-way-authentication-for-iot] Schmitt, C. and B. Stiller, "DTLS-based Security with two- way Authentication for IoT, http://www.ietf.org/id/ draft-schmitt-two-way-authentication-for-iot-02.txt", draft-schmitt-two-way-authentication-for-iot-02 (work in progress), February 2014. 8.2. Informative References [1] "Elliptic Curve Qu-Vanstone Implicit Certificate Scheme (ECQV), v0.97, http://www.secg.org/download/aid-785/sec4-0.97.pdf", SEC 4, March 2011. [2] SmartenIT Consortium, "Socially-aware Management of New Overlay Application Traffic combined with Energy Efficiency in the Internet (SmartenIT), http://www.smartenit.eu/", 20103. [3] Flamingo Consortium, "FLAMINGO - Management of the Future Internet, http://www.fp7-flamingo.eu/", 2013. Authors' Addresses Pawani Porambage University of Oulou P.O. Box 4500 Oulu 90014 Finland Email: pporamba@ee.oulu.fi Porambage, et al. X.509 for CoAP [Page 6] Internet-Draft X.509 for CoAP February 2014 Corinna Schmitt Univerity of Zurich Department for Informatics Communication Systems Group Binzmuehlestrasse 14 Zurich 8050 Switzerland Email: schmitt@ifi.uzh.ch Andrei Gurtov Aalto University Otakaari 1 Espoo 02150 Finland Email: gurtov@hiit.fi Stefanie Gerdes Universitaet Bremen TZI Postfach 330440 Bremen 28359 Germany Email: gerdes@tzi.org Porambage, et al. X.509 for CoAP [Page 7]