Security Issues Group Name SEC WG Source Seongyoon

Security Issues Group Name: SEC WG Source: Seongyoon Kim, LG Electronics, seongyoon. kim@lge. com Meeting Date: 23 July 2014 Agenda Item: TBD

Introduction • This presentation lists two security issues identified. – AE Registration – AE Impersonation • Discuss whether these issues are valid and find & provide solution if it is needed © 2013 one. M 2 M Partners 2

1. AE Impersonation Current Security Association • Pre-Provisioned Symmetric Key Security Association one. M 2 M ID and Keying Material ID(Kpsa. Id or Certificate Name) are associated If Keying Material ID is authenticated, one. M 2 M ID is authenticated © 2013 one. M 2 M Partners 3

1. AE Impersonation Issue • Problem happens when a request is sent AE Kpsa. ID, Kpsa Association (Kpsa. ID, Registrar CSE-ID) Authenticate Kpsa. ID Registrar CSE-ID Authenticated Registrar CSE Credential Configuration Association Security Handshake Kpsa. ID, Kpsa Association (Kpsa. ID, AE-ID(0 x 1234)) Authenticate Kpsa. ID AE-ID Authenticated Request with AE-ID (0 x 1234) • Let’s assume that AE is malicious. Then AE intentionally uses different AEID(0 x 6789) after security association to obtain more access right There is no way to detect & prevent it from Registrar CSE in current Security TS © 2013 one. M 2 M Partners 4

1. AE Impersonation Solution • This solution works at Registrar CSE AE Security Association Receiver CSE (Kpsa. ID, AE-ID) Security Association 1. Request 2. Find AE-ID associated in security association & Whether I’m Registrar(contain for AE-ID)? 3. fr is the same as AE-ID? 4. 1 Impersonation Error 4. 2 Forward the Request Find AE-ID used in SA and check I’m Registrar (0 hop relationship)? Check AE uses his original ID in fr parameter 4. 3 Processing the Request 5. Response • • Since we provide hop by hop Authentication by security association, Registrar CSE uses security association contexts to verify AE-ID of Registree AE If CSE knows that Originator and CSE are in 0 hop relationship, CSE can use this solution regardless that Originator is AE or CSE. © 2013 one. M 2 M Partners 5

2. AE Registration Lack of AE-ID Issue • • AE may not have its AE-ID is provided at AE registration We can’t perform association configuration since entity’s ID is not configured Entity A doesn’t have Id. A. Can’t perform association configuration Due to lack of association configuration, association security handshake doesn’t provide authentication function © 2013 one. M 2 M Partners 6

2. AE Registration Solution (1) • AE is pre-configured with AE Registration ID If Id. A is not preconfigured, AE registration ID is used in association configuration Due to AE Registration ID, Entity A is authenticated in association security handshake © 2013 one. M 2 M Partners 7

2. AE Registration Solution (2) • After Security Association, AE Perform AE Registration request to Registrar CSE AE Registrar CSE Security Association (using AE Registration ID) AE Registration Request (fr: AE Registration ID) Assign AE-ID AE Registration Response (AE-ID) Perform Association configuration Association between Keying material ID(key ID or Certificate name) and AE-ID Association Security Handshake (using AE-ID) © 2013 one. M 2 M Partners If security session expires, performs association security handshake 8

Conclusion • These two issues are quite severe and basic features that security TS needs to cover • Please review the Issues/solutions in details and solutions are provided based on comments from security WG © 2013 one. M 2 M Partners 9