Project
|
IEEE 802.21 Media Independent Handover Services
<http://www.ieee802.org/21/>
|
Title
|
MEDIA INDEPENDENT HANDOVER
|
Date Submitted
|
May, 2005
|
Source(s)
|
802.21 Contribution
|
|
Re:
|
21-05-0xxx-00-0000-802-1al-proposed-secure-id.doc
|
Abstract
|
Proposed Project 802.1al Secure Device Identity
|
Purpose
|
Introduce a Question about Secure Device Identity
|
Notice
|
This document has been prepared to assist the IEEE 802.21 Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein.
|
Release
|
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that IEEE 802.21 may make this contribution public.
|
Patent Policy
|
The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual <http://standards.ieee.org/guides/opman/sect6.html#6.3> and in Understanding Patent Issues During IEEE Standards Development <http://standards.ieee.org/board/pat/guide.html>.
|
List of Contributors
Name
|
Company
|
Address
|
Phone
|
Email
|
David Hunter
|
Vetronix \ ETAS \
Robert Bosch
|
|
|
hunter@timefactor.com
|
Table of Contents
1 Overview 4
1.1 Resources 4
2 Proposed Project 4
2.1 Scope 4
3 802.1al Five Criteria Highlights 5
1Overview
A new project, 8021al, is being proposed in IEEE 802.1. As usual, this proposal for an 802.1 task group is to create normative text for modification of the 802.1 standard.
The purpose of this IEEE 802.21 document is simply to solicit review and comments from the 802.21 Working Group. Do you believe this proposed 802.1 Task Group is taking up material relevant to 802.21? Do you have an opinion on its usefulness to or impact on 802.21? Should 802.21, as a group, express a comment about the formation of 802.1al?
1.1Resources
Copies of the 802.1al PAR and 5 Criteria are on the IEEE 802.21 website:
new-borza-viega-secure-device-identity-par-0405.doc
new-borza-viega-secure-device-identity-five-criteria-0405.doc
2Proposed Project 2.1Scope
13. Scope of Proposed Project:
This standard specifies unique per-device identifiers (DevID) and the management and
cryptographic binding of a device to its identifiers, the relationship between an initially
installed identity and subsequent locally significant identities, and interfaces and methods
for use of DevIDs with existing and new provisioning and authentication protocols.
-
Purpose and Reason
14. Purpose of Proposed Project:
There is presently no standard identifier for IEEE 802 devices that is cryptographically
bound to that device, nor is there a standard mechanism to authenticate a device’s
identity. A verifiable unique device identity allows establishment of the trustworthiness
of devices. This facilitates secure device provisioning.
15. Reason for the Proposed Project:
It is desirable to authenticate entities attached to a network in a secure fashion; e.g., by
mans of the mechanisms defined in IEEE Std 802.1X. A standardized device identity
facilitates interoperable secure device authentication. User organizations have identified
this as a desirable capability to simplify and standardize security management in their
networks. The IETF has identified DevID or an equivalent capability as an enabling
component of a solution to security issues in several of their protocols, e.g. ARP. DevID
is specifically conceived to address this need.
-
Timing
11. …Expected Date of Submission for Initial Sponsor Ballot: 2007-03-31
12. Projected Completion Date for Submittal to RevCom: 2007-12-31
1. Broad Market Potential
A standards project authorized by IEEE 802 shall have a broad market potential. Specifically, it shall have the potential for:
-
Broad sets of applicability.
-
Multiple vendors and numerous users
-
Balanced costs (LAN versus attached stations)
DevID has applicability to every IEEE 802 protocol. All networks go through the process of provisioning devices to the network. It is increasingly desirable to authenticate entities attached to the network in a secure fashion, e.g. 802.1X. DevID is specifically conceived to address this need.
The IETF has identified DevID or an equivalent capability as an enabling component of a solution to security issues in several of their protocols, e.g. ARP.
The LinkSec Task Group has representation from multiple vendors all of whom are interested in providing and using this capability. A standardized device identity facilitates interoperable secure device authentication. User organizations have identified this as a desirable capability to simplify and standardize security management in their networks.
DevID will provide its capabilities at low cost relative to the cost of a Silicon MAC integrated circuit, e.g. storage on the order of 1 KB in its minimal configuration, while providing sufficient trust.
….
5. Economic Feasibility
For a project to be authorized, it shall be able to show economic feasibility (so far as can reasonably be estimated), for its intended applications. At a minimum, the proposed project shall show:
-
Known cost factors, reliable data.
-
Reasonable cost for performance.
-
Consideration of installation costs.
-
Experience with DOCSIS shows that secure device identity may be added to highly cost sensitive devices at minimal additional equipment cost
-
Moreover DevID enabled devices can be incrementally deployed, and thus do not incur large one time capital expenditures before any benefits are realized. Existing devices that do not have DevID capabilities will continue to operate as at present, while DevID enabled devices may be deployed on existing networks while taking advantage of enhanced capabilities as they are deployed in the network.
-
DevID has the potential to be added as a retrofit capability to existing hardware in some contexts.
-
Secure device identity has been shown to play a significant role in reducing operating expenses by providing reliable device tracking, equipment history logs, etc.
Dostları ilə paylaş: |