[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [leshan-dev] LwM2M bootstrapping purpose
|
Thanks Pierre-Henri. Every query is covered. I was missing the part on
the ability to rotate bootstrap credentials. I had wrongly assumed
that only, DM credentials could be rotated.
Also, I now assume we can afford to have DM credentials stolen, since
that could easily be rotated. A stolen DM credential will only result
in temporarily leakage/damage of data. But we cannot afford to have BS
credentials stolen as that will lead to permanent leakage/damage to
data and then will need a person to physically set the BS credentials
again. Is that a wrong assumption ?
On 4/20/16, Pierre-Henri Trivier <phtrivier@xxxxxxxxxxxxxxxxxx> wrote:
> There are two sets of credentials :
>
> - the "LwM2M server credentials" (also called "device management", or DM
> credentials)
> - the "LwM2M bootstrap server credentials" (let's call them "bootstrap
> credentials", or BS credentials - no profanity intended).
>
> It is possible to rewrite BS credentials on a device, at bootstrap time,
> so you can rotate both set of credentials.
>
> From my understanding, if BS credentials are stolen for a device, both
> the BS server and DM server should invalidate credentials for this device.
>
> Neither the "real" device nor the masquerading device will be able to
> communicate, until you "physically" set new BS credentials on the "real"
> device.
>
> I would say the situation is akin to getting your primary email password
> stolen ; an attacker can use it to get all your other account's
> passwords (social media, other emails, etc...), or reset them. Not much
> you can do unless contacting other services and get new credentials.
>
> The bottom line is clearly : don't get BS or DM credentials stolen, and
> rotate them ;)
>
> Or am I missing something ?
>
> On 19/04/2016 19:05, Kiran Pradeep wrote:
>> I tried reading post(in medium) by Julien Vermillard on bootstrapping.
>> But I couldn't understand the exact problem it was trying to solve.
>> Julien in comments mentioned about rotating keys which I couldn't
>> understand and so posting here. Kindly guide to appropriate forum in
>> case this list, takes only development related queries only.
>>
>> I understood the point of invalidating LwM2M server credentials so
>> that new keys could be issued if LwM2M server keys are stolen. But
>> what if bootstrap credentials itself are stolen ? Then the rogue
>> entity, could easily ask the bootstrap server for LwM2M credentials
>> and do what ever it feels like. The bootstrap keys is going to have to
>> be fixed for the device lifetime, since they are written in factory
>> itself. What is the point I am missing ?
>>
>> Thanks,
>> Kiran.
>> _______________________________________________
>> leshan-dev mailing list
>> leshan-dev@xxxxxxxxxxx
>> To change your delivery options, retrieve your password, or unsubscribe
>> from this list, visit
>> https://dev.eclipse.org/mailman/listinfo/leshan-dev
>
> --
> Pierre-Henri Trivier
> AirVantage Software Engineer
> phtrivier@xxxxxxxxxxxxxxxxxx
> Tel : +33(0)5 61 00 06 68
> Fax : +33(0)5 61 00 51 46
>
> Sierra Wirelesss
> Lake Park
> ZAC de l'Hers - Allée du Lac
> BP 87216-31672 Labège Cedex
> France
> www.sierrawireless.com
>
> This message and any attachments (the "Message") are confidential and
> intended solely for the addressees.
> Any unauthorized modification, edition, use or dissemination is prohibited.
> Sierra Wireless shall be liable for the Message if altered, changed,
> falsified or edited, diffused without authorization.
>
> _______________________________________________
> leshan-dev mailing list
> leshan-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/leshan-dev
>
