May 2007 doc 21 07 0212 00 0000

May 2007 doc. : 21 -07 -0212 -00 -0000 Secure Mobile Architecture SMA Basics for IEEE 802. 21 May 2007 Submission SMA Demo Team Math Slide& 1 Computing Technologies Richard Paine, Boeing

May 2007 doc. : IEEE 802. 21 -07/0212 r 0 IEEE 802. 21 presentation release statements This document has been prepared to assist the IEEE 802. 21 Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE 802. 21. The contributor is familiar with IEEE patent policy, as outlined in Section 6. 3 of the IEEE-SA Standards Board Operations Manual <http: //standards. ieee. org/guides/opman/sect 6. html#6. 3> and in Understanding Patent Issues During IEEE Standards Development http: //standards. ieee. org/board/pat/guide. html> Submission Slide 2 Richard Paine, Boeing

May 2007 Agenda • • doc. : IEEE 802. 21 -07/0212 r 0 Motivation and Problem Statement Review of SMA Components • • Public Key Infrastructure (PKI) Host Identity Protocol (HIP) Network Directory Service (NDS) Location Enabled Network Service (LENS) Submission Slide 3 Richard Paine, Boeing

May 2007 SMA Motivation and Problem Statement doc. : IEEE 802. 21 -07/0212 r 0 • • BCAG Business Segment Need is Total Secure Communications in the Factory (Cellular/WLAN/Fixed Wireless/Cable Replacements/Roam across Subnets) IDS Business Segment Need is Secure Mobile Communications (multi-level security, ad hoc, crosssubnet roaming, discovery) Works with any MAC, has Uniform Method of Security and Handles Layer 2 Mobility Utilizes Cryptographic Identities and Authorization Addresses most major Communications and Security Concerns in Networking Need to Treat IP as an Insecure Transport Layer Secures both Wired and Wireless (as in VOIP calls) Submission Slide 4 Richard Paine, Boeing

May 2007 What is “SMA”? Secure Mobile Architecture doc. : IEEE 802. 21 -07/0212 r 0 Cryptographic identities are associated with each and every packet. Mobility-driven address changes trans -parent to applications & connections. Significantly improves our Enterprise network architecture by providing: • • • Submission Improved flexibility and agility Network-enforced, end-to-end security Centralized access control with delegated authority Reduced operational cost and complexity Uniform internal/external access method Slide 5 Richard Paine, Boeing

May 2007 Agenda • • doc. : IEEE 802. 21 -07/0212 r 0 Motivation and Problem Statement Review of SMA Components • • Public Key Infrastructure (PKI) Host Identity Protocol (HIP) Network Directory Service (NDS) Location Enabled Network Service (LENS) Submission Slide 6 Richard Paine, Boeing

May 2007 SMA Elements doc. : IEEE 802. 21 -07/0212 r 0 PKI Public Key Infrastructure HIP Host Identity Protocol NDS Network Directory Services + LENS Location-Enabled Network Services SMA Secure Mobile Architecture Submission Slide 7 Richard Paine, Boeing

May 2007 SMA Elements: PKI doc. : IEEE 802. 21 -07/0212 r 0 PKI Public Key Infrastructure HIP Host Identity Protocol NDS Network Directory Services + LENS Location-Enabled Network Services SMA Secure Mobile Architecture Submission Slide 8 Richard Paine, Boeing

May 2007 SMA Elements: PKI doc. : IEEE 802. 21 -07/0212 r 0 Temp. Cert Provisioning Process 1 Badge cert SSL/TLS Tunnel RA SLDAP Client 2 Temp cert Boeing PKI 1) Badge used for Client Auth; Temp. Cert request sent to RA 2) RA issues Temp. Cert 3) Client has Temp. Cert available for 8 -16 hours Submission Slide 9 Richard Paine, Boeing

May 2007 SMA Elements: HIP doc. : IEEE 802. 21 -07/0212 r 0 PKI Public Key Infrastructure HIP Host Identity Protocol NDS Network Directory Services + LENS Location-Enabled Network Services SMA Secure Mobile Architecture Submission Slide 10 Richard Paine, Boeing

May 2007 SMA Elements: HIP doc. : IEEE 802. 21 -07/0212 r 0 HIP Overview • Background • • • Original concept developed by Bob Moskowitz Experimental RFCs now in last call in the IETF Boeing heavily involved in RFC development (Tom Henderson) – Linux implementation released as Open Source – Windows implementation soon to be released • • Other major players: Cisco, Ericsson, NEC, Siemens, NTT Do. Co. Mo, universities HIP provides opportunistic pair-wise SA’s Somewhat like IPSec • Client Cert retrieved from LDAP directory • SA based on identity, not IP address • SA established/managed by a IP control channel • SA data flows through ESP-IP packets • Mobility events handled in Slide IP stack via HIP UPDATE packets Submission 11 Richard Paine, Boeing •

May 2007 SMA Elements: HIP doc. : IEEE 802. 21 -07/0212 r 0 HIP-Enabled Secure Communications Responder Initiator Application User Space Kernel Space PF_INET IP Stack IPSec HIP Daemon PF_RAW HIP Handshake PF_KEY HIP Daemon PF_KEY Key Engine PF_RAW Key Engine Application PF_INET IP Stack IPSec ESP Data – Identified by SPI, not IP Address Submission Slide 12 Richard Paine, Boeing

May 2007 SMA Elements: HIP doc. : IEEE 802. 21 -07/0212 r 0 Host Identity (HI) is public/private key pair: IP header Identity defined by holder of private key Public key used by others to authenticate control messages SHA-1 hash of public key forms a “Host Identity Tag (HIT)” - used where 128 bit fields are needed - self-referential (i. e. , HIT can be securely used instead of HI) Submission Slide 13 IPSec (ESP) HIT is implied by the SPI value in IPsec header Encrypted Header and Transport Payload HIP incurs no per-packet overhead Richard Paine, Boeing

May 2007 SMA Elements: NDS doc. : IEEE 802. 21 -07/0212 r 0 PKI Public Key Infrastructure HIP Host Identity Protocol NDS Network Directory Services + LENS Location-Enabled Network Services SMA Secure Mobile Architecture Submission Slide 14 Richard Paine, Boeing

May 2007 SMA Elements: NDS • • doc. : IEEE 802. 21 -07/0212 r 0 Directory Information Flow Support for real-time endpoint mobility & location data Future integration with Boeing DNS and directory (CED, NAMS-ng) infrastructure Policy Decision Daemon Location Server DNS Proxy Middleboxes Virtual Directory Enterprise Client D DD NS NS Security Perimeter SLDAP Client Submission Slide 15 Richard Paine, Boeing

May 2007 SMA Elements: NDS doc. : IEEE 802. 21 -07/0212 r 0 Two-Stage Client Provisioning Enterprise Provisioning Process Generic ISP Provisioning Process Directory SLDAP AAA Server DHCP Server SLDAP RA Access Point 1 Client S TL 802. 11 DNS 2 Client 1) Hard. Cert authentication for Temp. Cert 2) Identity IP Update in Directory Submission Slide 16 Richard Paine, Boeing

May 2007 SMA Elements: LENS doc. : IEEE 802. 21 -07/0212 r 0 PKI Public Key Infrastructure HIP Host Identity Protocol NDS Network Directory Services + LENS Location-Enabled Network Services SMA Secure Mobile Architecture Submission Slide 17 Richard Paine, Boeing

May 2007 SMA Elements: LENS doc. : IEEE 802. 21 -07/0212 r 0 Location Architecture Boeing Intranet Passive Tag Gate Location Computation Server Location Distribution Server & Policy Directory AAA Server Submission Slide 18 Location Requesting Client Richard Paine, Boeing

May 2007 SMA Elements doc. : IEEE 802. 21 -07/0212 r 0 PKI Public Key Infrastructure HIP Host Identity Protocol NDS Network Directory Services + LENS Location-Enabled Network Services SMA Secure Mobile Architecture Submission Slide 19 Richard Paine, Boeing

May 2007 doc. : IEEE 802. 21 -07/0212 r 0 What has Changed between 2004 and 2006 Demos 2004 PKI 2005 PKI Smart Cards Temp Certs Boeing PKI HIP Linux Client (Opensource) HIP Web Server NDS Location-Based Policy Enforcement (Polling LDAP) LENS PKI No Change TCG Recommendations HIP Windows XP Client (Opensource) Endbox Cellular to WLAN Handoffs NDS Submission Mobile Demo Secure SCADA on 777 Crawlers VOIP Handoffs NDS Location-Based Policy Enforcement (Pub-Sub Using IBM MQ Series) Scales to Enterprise LENS Simulated Location Server 2006 No Change LENS Aeroscout Location Server (Blv & 40 -26) Location Events thru Pub-Sub Live Location Updates Slide 20 Network Location Service (NLS) Richard Paine, Boeing

May 2007 Agenda • SMA Technology Transfer • • • doc. : IEEE 802. 21 -07/0212 r 0 Location Secure Layer 2 Mobility Pub-Sub SMA Policy-Based Networking Using Location Endbox Secure Vo. WLAN SMA in the Boeing Enterprise and Battlespace CY’ 07 plans Q&A Submission Slide 21 Richard Paine, Boeing

May 2007 Everett Manufacturing Site doc. : IEEE 802. 21 -07/0212 r 0 WLAN 802. 11 -based RTLS/LENS Pilot Submission Slide 22 Richard Paine, Boeing

May 2007 Everett 40 -26 (TDOA) doc. : IEEE 802. 21 -07/0212 r 0 Time Synchronizers TDOA Location Devices Submission Slide 23 Richard Paine, Boeing

May 2007 RFID Components • Active tags send an identifier string • • • doc. : IEEE 802. 21 -07/0212 r 0 Aero. Scout: Unique 802. 11 MAC address Programmable “chirp” rate Location is computed using a combination of • Signal strength measurements – Both Cisco AP’s and Aero. Scout “Location Receivers” • Time-of-Flight triangulation – Aero. Scout “Location Receivers” only – We expect this capability to be added to Cisco AP’s in a few years Submission Slide 24 Richard Paine, Boeing

May 2007 Everett Location Policy Enforcement doc. : IEEE 802. 21 -07/0212 r 0 N Submission Slide 25 Richard Paine, Boeing

May 2007 C 17 Factory Submission doc. : IEEE 802. 21 -07/0212 r 0 Slide 26 Richard Paine, Boeing

May 2007 F 15/F 18 Factory Submission doc. : IEEE 802. 21 -07/0212 r 0 Slide 27 Richard Paine, Boeing

May 2007 Other Factories to Get NLS • Fredrickson • Auburn • Everett Submission Slide 28 doc. : IEEE 802. 21 -07/0212 r 0 Richard Paine, Boeing

May 2007 Agenda • SMA Technology Transfer • • • doc. : IEEE 802. 21 -07/0212 r 0 Location Secure Layer 2 Mobility Pub-Sub SMA Policy-Based Networking Using Location Endbox Secure Vo. WLAN SMA in the Boeing Enterprise and Battlespace CY’ 07 plans Q&A Submission Slide 29 Richard Paine, Boeing

May 2007 2005 SMA Cellular to WLAN Handoff • doc. : IEEE 802. 21 -07/0212 r 0 Real-time WLAN Cellular mobility demonstration Bellevue 130. 42. 32. 0/24 AP Temp. Cert RA PKI PW Namespace: mct. phantomworks. org … Directory Cisco Switch AAA Server AP AP LPDD X Netscreen IP Address A SMAmobile Submission MSC IP Address B Slide 30 Internet Richard Paine, Boeing

May 2007 2006 SMA Secure VOIP Handoff doc. : IEEE 802. 21 -07/0212 r 0 Router AP Twr Temp. Cert RA DNS Twr LPDD Location Server SA P HI SMAx VOIP SA SA HIP AP Robot Controller LPDD P SA HIP SA Robots DNS HI P HI Submission Temp. Cert RA Location Server sma. X Cellular Smamobile Directory smamobiles HIP SA Slide 31 Navy PKI HIP SA … Directory AP … Twr Wi. MAX Switch Wi. Fi Switch Msg Brkr HIP SA Msg Brkr AAA Server DNS Namespace: mobile. tl. boeing. com Smamobiles VOIP Richard Paine, Boeing

May 2007 SMA Vo. WLAN for Factory. Net doc. : IEEE 802. 21 -07/0212 r 0 Boeing Intranet Router AP Twr Temp. Cert RA DNS Twr LPDD Location Server SA P HI SMAx VOIP SA SA HIP AP LPDD P SA HIP SA Robots DNS HI P HI Submission Temp. Cert RA Location Server sma. X Cellular Smamobile Directory smamobiles HIP SA Slide 32 Internet HI P Navy PKI HIP SA … Directory AP … Twr Wi. MAX Switch Wi. Fi Switch Msg Brkr HIP SA Msg Brkr AAA Server SA Robot Controller DNS Namespace: mobile. tl. boeing. com Smamobiles VOIP Richard Paine, Boeing

May 2007 Agenda • SMA Technology Transfer • • • doc. : IEEE 802. 21 -07/0212 r 0 Location Secure Layer 2 Mobility Pub-Sub SMA Policy-Based Networking Using Location Endbox Secure Vo. WLAN SMA in the Boeing Enterprise and Battlespace CY’ 07 plans Q&A Submission Slide 33 Richard Paine, Boeing

May 2007 2004 SMA Directory Service doc. : IEEE 802. 21 -07/0212 r 0 Status Updates Client • 2004 Client IP Status Updates LDAP DNS Policies Locations Decision Daemon Submission Slide 34 Status Locations Sim LS Richard Paine, Boeing

May 2007 doc. : IEEE 802. 21 -07/0212 r 0 Prototype Pub-Sub Messaging Architecture Connector Message Broker Infrastructure Barcode Scanner Connector DCS Event Consumer Possible Future Enhancement Submission Content Connector Subscription Manager Content Subscriptions Passive Tag DCS SQL RTLS Location Connector Server RDBMS Slide 35 Richard Paine, Boeing

May 2007 Pub-Sub Detail for Factory. Net doc. : IEEE 802. 21 -07/0212 r 0 Initial Query Response HIPD • RTLS Location Connector Server Initial Query Response HIPD Status Updates Connector Policy Decision Locations Daemon Status Connector RFID Server Connector Submission Message Broker Infrastructure First Year: Polling Second Year: Pub-Sub Slide 36 Updates Interest Content Connector Subscription Manager Content Subscriptions Sensor Server LDAP Event Consumer Richard Paine, Boeing

May 2007 Agenda • SMA Technology Transfer • • • doc. : IEEE 802. 21 -07/0212 r 0 Location Secure Layer 2 Mobility Pub-Sub SMA Policy-Based Networking Using Location Endbox Secure Vo. WLAN SMA in the Boeing Enterprise and Battlespace CY’ 07 plans Q&A Submission Slide 37 Richard Paine, Boeing

May 2007 doc. : IEEE 802. 21 -07/0212 r 0 Asset Tracking and Supply Chain Vision E&IT | Mathematics and Computing Technology Boeing Technology | Phantom Works Passive Tag Gate(s) • 866 -957 MHz Passive Tag RFID Systems (Internationally Available frequencies) • RFID RF Containment Device • Tags only have innocuous number unless they are equipped with encryption processor on tag • Wireless Baseline Scans for every installation • Integrity protection Boeing Intranet Location Computation Server • Enterprise RLAN/RFID Management Council • Enterprise RLAN/RFID Technical Council RFID Information Repository Location Distribution Server & Policy Directory AAA Server • • WPA or WPA 2 IEEE 802. 11 or 802. 15. 4 915 MHz Sensors IEEE 802. 11 Active RFID Tags (innocuous number) Encourage new serial cable replacements to those that use WPA Submission Copyright© 2004 Boeing. All rights reserved. Slide 38 Location Requesting Client Richard Paine, Boeing Wireless_Application_Group_(WAG)_Vision_and_Arch_6 -9 - 05. ppt | 43

May 2007 Agenda • SMA Technology Transfer • • • doc. : IEEE 802. 21 -07/0212 r 0 Location Secure Layer 2 Mobility Pub-Sub SMA Policy-Based Networking Using Location Endbox Secure Vo. WLAN SMA in the Boeing Enterprise and Battlespace CY’ 07 plans Q&A Submission Slide 39 Richard Paine, Boeing

May 2007 Endbox (Crawlers) • doc. : IEEE 802. 21 -07/0212 r 0 HIP Endbox • • Uses robust wireless network infrastructure securely Strong one factor authentication using SIM chip SMA End-to-End Security Association over Enterprise WLAN Controller HIP Bridge Submission Slide 40 Richard Paine, Boeing

May 2007 2005 SMA Endbox Demonstration • doc. : IEEE 802. 21 -07/0212 r 0 Real-time SMA Endbox mobility demonstration Bellevue 130. 42. 32. 0/24 Temp. Cert RA AP PKI Boeing Namespace: Mobile. tl. boeing. com … Directory Cisco Switch AAA Server AP AP LPDD SMAmobile Robot Submission Slide 41 HIP SA SMAmobile Robot Controller Richard Paine, Boeing

May 2007 Crawler Connected to WLAN w SMA Submission Slide 42 doc. : IEEE 802. 21 -07/0212 r 0 Richard Paine, Boeing

May 2007 Present Tech Transitions from SMA doc. : IEEE 802. 21 -07/0212 r 0 • Network Location Service (NLS) deployed by Boeing IT • 777 Crawlers – SMA/HIP Endbox (Factory. Net) • HIP Bridge – enables legacy Ethernet equipment to use SMA in the factory (Factory. Net) • Any Controller to Robot mobile secure communications in the factory (Factory. Net) • Secure Handoff Using End-to-End HIP-Enabled Security Association (SA) Submission Slide 43 Richard Paine, Boeing

May 2007 Lessons for 802. 21 doc. : IEEE 802. 21 -07/0212 r 0 • Secure mobile handoff is possible using HIP • Seamless secure mobility is possible • SCADA solutions being deployed • Discussions ongoing about securing governmental utility infrastructure using mobile secure methods Submission Slide 44 Richard Paine, Boeing