Upgrade to Pro — share decks privately, control downloads, hide ads and more …

IoT/M2M Hot Topics in IETF (CoAP, ACE, DTLS)

IoT/M2M Hot Topics in IETF (CoAP, ACE, DTLS)

「MQTT Meetup Tokyo 2014.08」 2014/8/29 ( http://connpass.com/event/7061/ ) 発表資料 #mqttja

HAYASHI, Tatsuya ( @lef )

January 06, 2015
Tweet

More Decks by HAYASHI, Tatsuya ( @lef )

Other Decks in Technology

Transcript

  1. https://lepidum.co.jp/ Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    IoT/M2M Hot Topics in IETF
    (CoAP, ACE, DTLS)
    株式会社レピダム 林 達也 (@lef )
    HAYASHI, Tatsuya / Lepidum Co. Ltd.
    "MQTT Meetup Tokyo 2014.08"
    (2014/8/29)

    View full-size slide

  2. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    自己紹介・業務領域
    名前

    林 達也
    所属
     Lepidum Co. Ltd.

    President, Founder and Owner
     Internet Society Japan Chapter

    Online Identity Working Group

    Program Committee Member
     OpenID Foundation Japan

    Producer
     Identity Conference ( #idcon )

    Organizer
     Keio University

    Visiting Researcher, Keio Research
    Institute at SFC
    応用・実用研究

    標準化支援

    アイデンティティ、プライバ
    シー

    認証・認可

    ソフトウェア&ネットワークセ
    キュリティ, 脆弱性

    ネットワーク技術

    プログラミング言語処理系

    コンパイラ, インタプリタ, 言語
    設計

    各種コンサルテーション

    View full-size slide

  3. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    なんでここにいるの?

    出遅れたら何故か発表者になった

    Vさんにdisられる役

    どんだけawayなんだよ(という話をします)

    View full-size slide

  4. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    IOT/M2M IN IETF
    IoT/M2M Hot Topics in IETF

    View full-size slide

  5. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    IETF core WG

    View full-size slide

  6. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    IETF core WG

    View full-size slide

  7. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    Copper (Cu) CoAP user-agent for Firefox
    http://people.
    inf.ethz.ch/m
    kovatsc/copp
    er.php

    View full-size slide

  8. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    その他

    View full-size slide

  9. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    CoAP Resource

    View full-size slide

  10. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    CoAP パケット構造
    Ver: Version
    T: Type / Confirmable (0), Non-confirmable (1), Acknowledgement (2), or Reset (3)
    TKL: Token Length
    Code: 後述
    Message ID: Message ID
    Token: "The Token is used to match a response with a request."
    Options: 後述
    Payload: Payload
    0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
    1 1 1 1 1 1 1 1
    Options (if any) ...
    Payload (if any) ...
    Ver T TKL Code Message ID
    Token (if any, TKL bytes) ...

    View full-size slide

  11. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    HTTPとの親和性の一端(1)

    View full-size slide

  12. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    HTTPとの親和性の一端(2)

    View full-size slide

  13. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    CoAP / MQTT / MQTT-SN / REST(HTTP)
    •TCP
    •HTTP-Based
    (Text Oriented)
    •IETF
    REST(HTTP)
    Confidential

    View full-size slide

  14. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    CoAP / MQTT / MQTT-SN / REST(HTTP)
    •TCP
    •Binary Oriented
    •OASIS
    •TCP
    •HTTP-Based
    (Text Oriented)
    •IETF
    REST(HTTP) MQTT
    Confidential

    View full-size slide

  15. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    CoAP / MQTT / MQTT-SN / REST(HTTP)
    •UDP
    •Binary Oriented
    •OASIS
    •TCP
    •Binary Oriented
    •OASIS
    •TCP
    •HTTP-Based
    (Text Oriented)
    •IETF
    REST(HTTP) MQTT
    MQTT-SN
    Confidential

    View full-size slide

  16. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    CoAP / MQTT / MQTT-SN / REST(HTTP)
    •UDP
    •Binary Oriented
    •OASIS
    •UDP
    •HTTP-Based
    •IETF
    •TCP
    •Binary Oriented
    •OASIS
    •TCP
    •HTTP-Based
    (Text Oriented)
    •IETF
    REST(HTTP) MQTT
    MQTT-SN
    CoAP
    Confidential

    View full-size slide

  17. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    Concise Binary Object Representation
    (CBOR)
    "The Concise Binary Object Representation (CBOR) is a data
    format whose design goals include the possibility of
    extremely small code size, fairly small message size, and
    extensibility without the need for version negotiation.
    These design goals make it different from earlier binary
    serializations such as ASN.1 and MessagePack." (rfc7049)

    View full-size slide

  18. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    Concise Binary Object Representation
    (CBOR)

    View full-size slide

  19. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    色々
    あった
    Concise Binary Object Representation
    (CBOR)

    View full-size slide

  20. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    Concise Binary Object Representation
    (CBOR)
     Appendix E. Comparison of Other Binary
    Formats to CBOR's Design Objectives

    ASN.1 DER, BER, and PER

    MessagePack

    BSON

    UBJSON

    MSDTP (RFC0713)

    View full-size slide

  21. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    IETF dice WG

    View full-size slide

  22. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    IETF ACE WG
    IoT/M2M Hot Topics in IETF

    View full-size slide

  23. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    認証, 認可, プライバシー

    ただ通信を暗号化すればいい時代は終わっ

    View full-size slide

  24. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    OAuth2.0
     Web Authorization Protocol

    Webで使われる認可の為のフレームワーク

    RFC6749 "The OAuth 2.0 Authorization Framework"

    RFC6750 "The OAuth 2.0 Authorization Framework:
    Bearer Token Usage"

    現在はトークンのフォーマットや
    周辺エンドポイント等の議論中

    View full-size slide

  25. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
     Webにおける
    次世代の認証技術
     OAuth2.0ベース

    旧来のOpenID 2.0とは
    別物
    OpenID Connect

    View full-size slide

  26. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    Off topic: AuthNとAuthZ
     AutheNtication(認証)とAuthoriZation(認可)は
    別のものです!

    混乱の原因例

    OAuth2.0はOAuthZです!(認可)

    httpauth WGの扱うものはAuthNです(認証)

    View full-size slide

  27. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    IETF ace WG
    • SECエリアのWGに
    なって第1回目を無事迎えた
    • 前回ロンドンではAPPエリアのBoF

    View full-size slide

  28. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    ace Authorization Model
    http://www.ietf.org/proceedings/90/slides/slides-90-ace-1.pdf

    View full-size slide

  29. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    ace Problem Description
    http://www.ietf.org/proceedings/90/slides/slides-90-ace-1.pdf

    View full-size slide

  30. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    ace Use Cases and Design Pattern
    http://www.ietf.org/proceedings/90/slides/slides-90-ace-2.pdf

    View full-size slide

  31. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    ace Use Cases (Container Monitering)
    オフライン時の認可

    View full-size slide

  32. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    ace Use Cases (Home Automation)
    アクセス権のリモート委譲

    View full-size slide

  33. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    ace Use Cases (Building Automation)
    セキュリティー
    ライフサイクル

    View full-size slide

  34. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    ace Use Cases (Smart Metering)
    電力センサーへの
    水・ガスの相乗り

    View full-size slide

  35. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    ace その他
     Design Considerations

    再利用可能なコンポーネントは?

    認可情報の内容/表現方法/検証/入手時期

    鍵とcipher suites

    メッセージを小さく/少なく/省計算コスト

    cryptoは対称 or 非対称?

    コードサイズ、メモリ使用量
     Cross-Domain Support

    C と RS が別のsecurity domainにいる場合の検討

    制限デバイスをサポートする非制限アクター

    View full-size slide

  36. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    ETC IETF IOT/M2M NEW TOPIC
    IoT/M2M Hot Topics in IETF

    View full-size slide

  37. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    IETF core WGでの最近の話題

    View full-size slide

  38. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    HTTP-CoAP mapping proxy
     HTTPクライアントが
    CoAPサーバーに
    リクエストするための
    プロキシ
     media-typeマッピング

    コンテンツ表現形式
    変換

    XML/EXI, JSON/CBOR

    リンク変換

    ディスカバリ結果、
    リソースリンク

    ;rt="temp
    erature-c";if="sensor"

    View full-size slide

  39. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    しかし…

    View full-size slide

  40. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    IETF dice WGでの最近の話題

    View full-size slide

  41. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    jose WG (Javascript Object Signing and
    Encryption)

    View full-size slide

  42. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    Concludion
     CoAPはHTTP / RESTとの親和性がある
     Rough Consensus and Running Code的な
    ゆるふわ感

    領域の違い、使い分けが肝要

    課題はいまは安全性

    認証, 認可, セキュリティー, プライバシー

    Secure by Default, Privacy by Design

    →Wire Format以外も

    View full-size slide

  43. Copyright © 2004-2014 Lepidum Co. Ltd. All rights reserved.
    https://lepidum.co.jp/
    Any Questions? / Please Feedback!
    https://lepidum.co.jp/ @lepidum
    mailto:[email protected] / @lef

    View full-size slide