You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Use this template to submit Use Cases for submission to the 5G Super Blueprint Use Case & Requirements Advisory Group. All input is required unless marked "(optional)"



Use Case Name:Remote Attestation Use Case 1- IoT Device Security and Authentication
Use Case Description:

Leveraging technics of Peraton Labs add Remote Attestation to existing lab infrastructure

This Use Case may be combined with Remote Attestation Use Case 2- IoT Device  Onboarding & Maintenance

Epic

Problem Statement and how is the problem solved:

Problem Statement: How to insure that IoT devices on a network are authentic and have not been tampered with. This is particularly sensitive in remote areas that are not often frequented by people.

Resolution:

User Stories

  • Remote Attestation Protocal (RAP) server is set to periodicaly "inspect" IoT devices by checking by confirming Evidence. Example, remote camera A is passively "inspected" by Remote Attestation server, the server confirms that its evidence (ex; firmware fingerprint) is authentic and permits/allows the camera to stay on the network.
  • Remote Attestation Protocal server is set to periodicaly "inspect" remote cameras by checking its evidence against pre-configured evidence. Remote camera B is passively "inspected" by Remote Attestation server, the server determines that the evidence does not match evidence that has been pre-configured in the RAP server. The server then denies camera B access on the network and sends an alert.
  • [Placeholder] Active alerting. Camera C sends an alert when its evidence has an unexpected change.

Demo Storyline (optional)


Interaction with other open source projects and components

  • SEDIMENT
  • b.
  • c.

Links to existing documentation (Build Guide, Slideware, etc), if available (optional).

https://sediment-lfproject.github.io/

SEDIMENT Project Alignment

Links to existing demo/video, if available (optional).


Links to existing code/repos, if available (optional).

https://github.com/sediment-lfproject/remote-attestation

 

Meeting Notes:

  • AccuKnox provides run time security and determines security policies
    • Characterizes application behavior
    • Workload hardening
    • SEDIMENT would be one application running under the run time security provided by AccuKnox
  • By restricting environment to one application initially (Phase 1), this would reduce the complexity and allow for observations of functionality
  • Phase 2:  including 5G Core and 5G RAN 
  • Rajesh:  need to consider whether changes are required for the API between the
  • Rajesh:  need to look at RA as a service rather than an application.
  • Rajesh: 1) what is the relying service?; 2) what is the IOT device?
  • Rajesh:  need to involve SEDIMENT developers in the discussion.  Not available today.
  • Peraton needs access to the IBM camera demo.  Bring up with IBM and Kaloom on the next 5GSBP call
  • Accuknox needs to install a "tool server" in the lab
  • Gaurav:  how do we a
  • No labels