Re: [leshan-dev] LwM2M bootstrapping purpose

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [leshan-dev] LwM2M bootstrapping purpose

From: Kai <sophokles.kh@xxxxxxxxx>
Date: Thu, 21 Apr 2016 04:23:52 +0000
Delivered-to: leshan-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/leshan-dev>
List-help: <mailto:leshan-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/leshan-dev>, <mailto:leshan-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/leshan-dev>, <mailto:leshan-dev-request@eclipse.org?subject=unsubscribe>

I think having any of the the two sets of credentials (DM & BS) being stolen can result in a large amount of damage being done, depending on your particular use case at hand. Being able to invalidate the credentials from the back end side provides means to protect against misuse of stolen credentials (if you are able to detect the leakage of them). However, the real difference is the effort that needs to spent in order to remedy the situation. DM: quite easy, i.e. can be done from the BS server. BS: may be hard, requires other means of accessing the device (which is not covered by LWM2M).

Kiran Pradeep <kiran.happy@xxxxxxxxx> schrieb am Mi., 20. Apr. 2016, 23:34:

Thanks Pierre-Henri. Every query is covered. I was missing the part on
the ability to rotate bootstrap credentials. I had wrongly assumed
that only, DM credentials could be rotated.

Also, I now assume we can afford to have DM credentials stolen, since
that could easily be rotated. A stolen DM credential will only result
in temporarily leakage/damage of data. But we cannot afford to have BS
credentials stolen as that will lead to permanent leakage/damage to
data and then will need a person to physically set the BS credentials
again. Is that a wrong assumption ?

On 4/20/16, Pierre-Henri Trivier <phtrivier@xxxxxxxxxxxxxxxxxx> wrote:
> There are two sets of credentials :
>
> - the "LwM2M server credentials" (also called "device management", or DM
> credentials)
> - the "LwM2M bootstrap server credentials" (let's call them "bootstrap
> credentials", or BS credentials - no profanity intended).
>
> It is possible to rewrite BS credentials on a device, at bootstrap time,
> so you can rotate both set of credentials.
>
> From my understanding, if BS credentials are stolen for a device, both
> the BS server and DM server should invalidate credentials for this device.
>
> Neither the "real" device nor the masquerading device will be able to
> communicate, until you "physically" set new BS credentials on the "real"
> device.
>
> I would say the situation is akin to getting your primary email password
> stolen ; an attacker can use it to get all your other account's
> passwords (social media, other emails, etc...), or reset them. Not much
> you can do unless contacting other services and get new credentials.
>
> The bottom line is clearly : don't get BS or DM credentials stolen, and
> rotate them ;)
>
> Or am I missing something ?
>
> On 19/04/2016 19:05, Kiran Pradeep wrote:
>> I tried reading post(in medium) by Julien Vermillard on bootstrapping.
>> But I couldn't understand the exact problem it was trying to solve.
>> Julien in comments mentioned about rotating keys which I couldn't
>> understand and so posting here. Kindly guide to appropriate forum in
>> case this list, takes only development related queries only.
>>
>> I understood the point of invalidating LwM2M server credentials so
>> that new keys could be issued if LwM2M server keys are stolen. But
>> what if bootstrap credentials itself are stolen ? Then the rogue
>> entity, could easily ask the bootstrap server for LwM2M credentials
>> and do what ever it feels like. The bootstrap keys is going to have to
>> be fixed for the device lifetime, since they are written in factory
>> itself. What is the point I am missing ?
>>
>> Thanks,
>> Kiran.
>> _______________________________________________
>> leshan-dev mailing list
>> leshan-dev@xxxxxxxxxxx
>> To change your delivery options, retrieve your password, or unsubscribe
>> from this list, visit
>> https://dev.eclipse.org/mailman/listinfo/leshan-dev
>
> --
> Pierre-Henri Trivier
> AirVantage Software Engineer
> phtrivier@xxxxxxxxxxxxxxxxxx
> Tel : +33(0)5 61 00 06 68
> Fax : +33(0)5 61 00 51 46
>
> Sierra Wirelesss
> Lake Park
> ZAC de l'Hers - Allée du Lac
> BP 87216-31672 Labège Cedex
> France
> www.sierrawireless.com
>
> This message and any attachments (the "Message") are confidential and
> intended solely for the addressees.
> Any unauthorized modification, edition, use or dissemination is prohibited.
> Sierra Wireless shall be liable for the Message if altered, changed,
> falsified or edited, diffused without authorization.
>
> _______________________________________________
> leshan-dev mailing list
> leshan-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/leshan-dev
>
_______________________________________________
leshan-dev mailing list
leshan-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/leshan-dev

Follow-Ups:
- Re: [leshan-dev] LwM2M bootstrapping purpose
  - From: Kiran Pradeep

References:
- [leshan-dev] LwM2M bootstrapping purpose
  - From: Kiran Pradeep
- Re: [leshan-dev] LwM2M bootstrapping purpose
  - From: Pierre-Henri Trivier
- Re: [leshan-dev] LwM2M bootstrapping purpose
  - From: Kiran Pradeep

Prev by Date: Re: [leshan-dev] LwM2M bootstrapping purpose
Next by Date: Re: [leshan-dev] LwM2M bootstrapping purpose
Previous by thread: Re: [leshan-dev] LwM2M bootstrapping purpose
Next by thread: Re: [leshan-dev] LwM2M bootstrapping purpose
Index(es):
- Date
- Thread

Breadcrumbs