[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [m2m-iwg] M3DA presentation - Security
|
M3DA security addresses another M2M issue: key provisioning. In practice, it's often hard to mass-manufacture devices with individual keys in their firmware. What we see is that more often than not, a whole fleet of devices end up sharing the same authentication key, with the results you can imagine if that key is compromised.
M3DA mitigates that risk with two levels of keys: there's a provisioning key, which is shared by several devices, but is only used to exchange the actual, unique-per-device authentication key (we call them "registration password" and "passsword" respectively). The password provisioning is performed the first time the device connects to the network, possibly in factory during tests; by default, the server will refuse to re-provision a password which has already been provisioned, thus thwarting identity theft attempts.
A full TLS or SSH tunneling solution, with unique keys provisioned during manufacturing, a full PKI to back it, and an effective revocation system, is preferable to M3DA in some cases; but it's hard enough to deploy that in practice, many people simply roll out a lousy shared password scheme, optionally with an illusion of security brought by the (mis)use of a TLS stack. M3DA is much better than the naive solution, without being harder to deploy.
