[Cryptography] ANIMA protocol to "bootstrap a Secure Key Infrastructure"

William Allen Simpson william.allen.simpson at gmail.com
Mon Sep 11 16:29:41 EDT 2017


On 9/11/17 10:55 AM, Neuhaus Stephan (neut) wrote:
> I'm currently working on an R&D project in the area of IoT. One of the
> problems is that the proverbial lightbulb does not know that it's being
> screwed into a legitimate network and the network doesn't know that the
> lightbulb is genuine. This project aims to solve
> this problem using ANIMA
> (https://datatracker.ietf.org/doc/draft-ietf-anima-bootstrapping-keyinfra/)
> .
> 
> Do you know anything about this protocol? I've looked through it and it
> seems to me that the protocol confuses "I believe that Bob is telling me
> the truth" with "I can authenticate Bob", that this gives rise to all
> kinds of security shenanigans, and that at any rate the security
> assumptions or the attacker model are not clearly stated. 

And there are more bad assumptions.  Trust is not transitive.

The only reason this appears to exist is for tracking by manufacturers
after sale.

Funny that they require each device to "know" its serial number, but
somehow it isn't capable of "knowing" a secret.  Or an internal
random number seed that can be updated per use.

In the real world, nobody drop ships a device without power-on test,
which means there's no actual reason for this protocol.  During
testing, the device can generate its own public-key certificate, and it
can be printed on the label at the same time as the serial number.

Also, it has some need for a DNS.  But most IoT devices shouldn't be
visible in the DNS.  And we spent a lot of cycles re-doing DNSsec
so that exterior entities couldn't see internal DNS.  This leaks.

Finally, I keep laughing at the supposed need for light bulbs to
authenticate.  Terrible example.  Light bulb sockets might, as that's
what the controller will want to control, but light bulbs are just
commodity replacement items.


> Also, they call
> what they do "bootstrapping a Secure Key Infrastructure", not "Public Key
> Infrastructure", even though they don't define the term. Is “Secure Key
> Infrastructure” a standard term that has somehow passed me by?
> 
[shrug] Maybe trying to finesse that it's not a "public" key.  Or maybe
that's what they call it in patents.  This is doubly patent encumbered.


> I am skeptical about ANIMA, but it seems to have a lot of industry
> support, among others from the Thread group, which includes non-idiots
> from Google/Alphabet, among others. Am I missing something here?
>One of the co-authors is M. Richardson, a respected long-time member of
this list.  I suspect he had a lot to do with the circumscribing the
applicability and security considerations.

There are an awful lot of cases where it isn't useful.  At least that's
kinda sorta admitted up front.


More information about the cryptography mailing list