Template version: 1.2 page 1 2.3 RBSTG: Bridging Security Editorial Cleanup Sec WG CR 2685 Legal Disclaimer THIS IS A DRAFT SPECIFICATION DOCUMENT ONLY AND HAS NOT BEEN ADOPTED BY THE OPEN CONNECTIVITY FOUNDATION. THIS DRAFT DOCUMENT MAY NOT BE RELIED UPON FOR ANY PURPOSE OTHER THAN REVIEW OF THE CURRENT STATE OF THE DEVELOPMENT OF THIS DRAFT DOCUMENT. THE OPEN CONNECTIVITY FOUNDATION AND ITS MEMBERS RESERVE THE RIGHT WITHOUT NOTICE TO YOU TO CHANGE ANY OR ALL PORTIONS HEREOF, DELETE PORTIONS HEREOF, MAKE ADDITIONS HERETO, DISCARD THIS DRAFT DOCUMENT IN ITS ENTIRETY OR OTHERWISE MODIFY THIS DRAFT DOCUMENT AT ANY TIME. YOU SHOULD NOT AND MAY NOT RELY UPON THIS DRAFT DOCUMENT IN ANY WAY, INCLUDING BUT NOT LIMITED TO THE DEVELOPMENT OF ANY PRODUCTS OR SERVICES. IMPLEMENTATION OF THIS DRAFT DOCUMENT IS DONE AT YOUR OWN RISK AMEND AND IT IS NOT SUBJECT TO ANY LICENSING GRANTS OR COMMITMENTS UNDER THE OPEN CONNECTIVITY FOUNDATION INTELLECTUAL PROPERTY RIGHTS POLICY OR OTHERWISE. IN CONSIDERATION OF THE OPEN CONNECTIVITY FOUNDATION GRANTING YOU ACCESS TO THIS DRAFT DOCUMENT, YOU DO HEREBY WAIVE ANY AND ALL CLAIMS ASSOCIATED HEREWITH INCLUDING BUT NOT LIMITED TO THOSE CLAIMS DISCUSSED BELOW, AS WELL AS CLAIMS OF DETRIMENTAL RELIANCE. The logo is a trademark of Open Connectivity Foundation, Inc. in the United States or other countries. *Other names and brands may be claimed as the property of others. Copyright 2018 Open Connectivity Foundation, Inc. All rights reserved. Copying or other form of reproduction and/or distribution of these works are strictly prohibited.
Template version: 1.2 page 2 **** Section 2 Normative References **** Z-Wave Plus Device Type Specification https://www.silabs.com/documents/login/miscellaneous/sds11847-z-wave-plus-device-type- Specification.pdf Z-Wave Plus Role Type Specification https://www.silabs.com/documents/login/miscellaneous/sds14224-z-wave-plus-v2-device-type- Specification.pdf Zigbee 053474, Zigbee Specification, August 2015 http://www.zigbee.org/zigbee-for-developers/zigbee-3-0/ ****** Section 3.1 Terms and Definitions ****** 3.1.y Bridge Note 1 to entry: The details are defined in Bridging Specification. 3.1.X Bridging Platform Note 1 to entry: The details are defined in Bridging Specification ****** Section 3.2 Acronyms and Abbreviations ******
Template version: 1.2 page 3 Symbol Description AC Access Control ACE Access Control Entry ACL Access Control List AES Advanced Encryption Standard. See NIST FIPS 197, "Advanced Encryption Standard (AES)" AMS Access Management Service CMS Credential Management Service CRUDN CREATE, RETREIVE, UPDATE, DELETE, NOTIFY CSR Certificate Signing Request CVC Code Verification Certificate ECC Elliptic Curve Cryptography ECDSA Elliptic Curve Digital Signature Algorithm EKU Extended Key Usage EPC Embedded Platform Credential EPK Embedded Public Key DOTS Device Ownership Transfer Service DPKP Dynamic Public Key Pair ID Identity/Identifier JSON JavaScript Object Notation. See Core Specification. JWE JSON Web Encryption. See IETF RFC 7516, "JSON Web Encryption (JWE)" JWS JSON Web Signature. See IETF RFC 7515, "JSON Web Signature (JWS)" KDF Key Derivation Function MAC Message Authentication Code MITM Man-in-the-Middle NVRAM Non-Volatile Random-Access Memory OC Owner Credential OCSP Online Certificate Status OBT Onboarding Tool Open Connectivity Foundation. See Core Specification. OID Object Identifier OOB Out Of Band OTM Owner Transfer Method OWASP Open Web Application Security Project. See https://www.owasp.org/ PE Policy Engine PIN Personal Identification Number PPSK PIN-authenticated pre-shared key PRF Pseudo Random Function PSI Persistent Storage Interface PSK Pre Shared Key RAML RESTful API Modeling Language. See Core Specification. RBAC Role Based Access Control RM Resource Manager RNG Random Number Generator SACL Signed Access Control List SBAC Subject Based Access Control SEE Secure Execution Environment SRM Secure Resource Manager SVR Security Resource SW Software
Template version: 1.2 page 4 UAID Unique Authenticable Identifier URI Uniform Resource Identifier. See Core Specification. VOD Device. See Bridging Specification Table 1 Acronyms and abbreviations ****** Section Z (introduced in CR 2595) ****** Z.1 Bridging Security Z.1.1 Universal Requirements for Bridging to another Ecosystem The Bridge shall go through ownership transfer as any other onboardee would. The software of an Bridge shall be field updatable. (This requirement need not be tested but can be certified via a vendor declaration.) Each VOD shall be onboarded by an OBT. Each Device should be provisioned as appropriate in the. In other words, VODs and Devices are treated the same way as physical Devices. They are entities that have to be provisioned in their network. Each VOD shall implement the behaviour required by the Core Specification and the Security Specification. Each VOD shall perform authentication, access control, and encryption according to the security settings it received from the OBT. Each Device shall implement the security requirements of the. In addition, in order to be considered secure from an perspective, the Bridge Platform shall use appropriate ecosystem-specific security options for communication between the Devices instantiated by the Bridge and Devices. This security shall include mutual authentication, and encryption and integrity protection of messages in the bridged ecosystem. A VOD may authenticate itself to the DOTS using the Manufacturer Certificate Based OTM (see section 7.3.6) with the Manufacturer Certificate and corresponding private key of the Bridge which instantiated that VOD. A VOD may authenticate itself to the Cloud (see Section 10.4.1) using the Manufacturer Certificate and corresponding private key of the Bridge which instantiated that VOD.
Template version: 1.2 page 5 Z.1.2 Additional Security Requirements specific to s Z.1.2.1 Additional Security Requirements specific to the AllJoyn For AllJoyn translator, an OBT shall be able to block the communication of all Devices with all Devices that don t communicate securely with the Bridge, by using the Bridge Device s oic.r.securemode Resource specified in the Bridging Specification. Z.1.2.2 Additional Security Requirements specific to the Bluetooth LE An Bridge shall block the communication of all Devices with all Devices that Z.1.2.3 Additional Security Requirements specific to the onem2m s The Bridge shall implement onem2m application access control as specified in the onem2m Security Specification. An Bridge shall block the communication of all Devices with all Devices that Z.1.2.4 Additional Security Requirements specific to the U+ An Bridge shall block the communication of all Devices with all Devices that Z.1.2.5 Additional Security Requirements specific to the Z-Wave An Bridge shall block the communication of all Devices with all Devices that Z.1.2.6 Additional Security Requirements specific to the Zigbee An Bridge shall block the communication of all Devices with all Devices that
Template version: 1.2 page 6 ****** Change to Annex AAA.2 (BLE) ****** Figure 1 shows how communications in both ecosystems of -BLE Bridge Platform are secured by their own security. -BLE Bridge Platform BLE Bridging Function BLE GATT BLE BLE GATT Secured by Security (e.g. CoAP over DTLS) Secured by BLE GAP security mode (e.g. mode 1 level 3) Figure 1 Security in -BLE Bridge ****** Change to Annex AAA.5 (Z-Wave) ****** Figure 3 presents how and Z-Wave communicate based upon their own security. g in -Z-Wave rid Bridge nplatform B Za v e c tio n -W F u Z-Wave Z-Wave Z-Wave Secured by Security Secured by Z-Wave Security Class (S2 Unauthenticated or higher) Figure 2 Security between and Z-Wave
Template version: 1.2 page 7 ****** Change to Annex AAA.6 (Zigbee) ****** Figure 3 shows how communications in both ecosystems of -Zigbee Bridge Platform are secured by their own security. -Zigbee ebridge Platform n b Z ig c tio n g F u 3g in.0 rid B Zigbee 3.0 Zigbee 3.0 Zigbee 3.0 Secured by Security Secured by Zigbee 3.0 Security (nwksecuritylevel>0x04) Figure 3 Security for and Zigbee 3.0