AMP IoT Device Provisioning Protocol for Long Range Connectivity

march 2025 n.w
1 / 15
Embed
Share

"Explore the IEEE 802.11-25/0263r0 protocol for provisioning AMP IoT devices, focusing on establishing trusted relationships, authentication, and security measures. Learn about the unique challenges and requirements for long-range backscatter technology. Discover the essential assumptions and constraints for successful device onboarding and provisioning."

  • IoT Devices
  • Long Range Connectivity
  • IEEE 802.11
  • Provisioning Protocol
  • Security Measures
rayaanacharya
jveron Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. March 2025 doc.: IEEE 802.11-25/0263r0 Provisioning Protocol for long range AMP IoT devices Date: 2025-xx-xx Authors: Name Guy-Armand Kamendje Vytas Kezys Affiliations HaiLa Technologies Address Suite 403, 460 Sainte- Catherine St. W. Montreal, QC. Canada Phone email Guy-armand@haila.io vytas@haila.io kamran@haila.io Kamran Nishat pbower@haila.io Patricia Bower nelson@haila.io Nelson Costa Submission Slide 1 Guy-Armand Kamendje (HaiLa Technologies)

  2. March 2025 doc.: IEEE 802.11-25/0263r0 Abstract An AMP IoT device provisioning protocol that can achieve the following is required: Establish a trusted relationship between the AMP IoT device and the infrastructure Compatible with both long range backscatter and active transmission devices Establish authentication (mutual), achieve confidentiality and integrity. Configure the AMP IoT device with a local address which is significantly shorter than the IoT device s secret identity Submission Slide 2 Guy-Armand Kamendje (HaiLa Technologies)

  3. March 2025 doc.: IEEE 802.11-25/0263r0 Background Long range backscatter offer a different set of opportunities to close range backscatter (different use cases : i.e. smart manufacturing/power grid => characteristics and security requirements are different). While onboarding, vetting of AMP devices being added to the network is required. Onboarding should be highly automated End-to-end security protection is required for services involving AMP non- AP STA. Security should be enforced very early during device onboarding . Asymmetric channel with very limited DL Submission Slide 3 Guy-Armand Kamendje (HaiLa Technologies)

  4. January 2025 doc.: IEEE 802.11-25/0263r0 Constraints Minimize the number of downlink messages (from the infrastructure to the AMP non-AP STA. AMP non-AP STA should not blindly trust an infrastructure that claims possession of its public key: additional proof of knowledge of non-AP STA s secret identity is required. Should be AMP non-AP STA s uplink mode of operation agnostic Should not use digital certificates AMP non-AP STA reprovisioning should be possible Submission Slide 4 Guy-Armand Kamendje (HaiLa Technologies)

  5. March 2025 doc.: IEEE 802.11-25/0263r0 Fundamental assumptions 1. The AMP non-AP STA interacts with the Infrastructure through a Gateway 2. The AMP non-AP STA might non posses a MAC address in the 802.11 sense 3. The RX and TX function of the Infrastructure might be collocated on the Gateway 4. An Authentication Server (AS) might be used (Radius) The AS and Gateway might be collocated. 5. When not collocated, AS and Gateway can establish a trusted communication channel between them. The AS uses two distinct keys for communication with the GW and the AMP non-AP STA. 6. When not collocated, AS and Gateway can establish a trusted communication channel between them. 7. The AMP non-AP STA s Serial Number & Public Key record are located on the AS. Proof of ownership of these establishes the non-AP STA trust to the AS. 8. The AMP non-AP STA s Serial Number & Public Key record update mechanism on the AS is out of the context of this proposal 9. The Gateway sends a broadcast message to AMP non-AP STA devices to initiate provisioning 10. Proof of possession of the AMP non-AP STA s Public Key by the Gateway establishes the AMP non-AP STA trust in the Gateway Slide 5 Submission Guy-Armand Kamendje (HaiLa Technologies)

  6. March 2025 doc.: IEEE 802.11-25/0263r0 Proposal: AMP non-AP STA provisioning mechanism and address allocation (bootstrapping) Gateway The AMP is in provisioning mode and stays in this mode until it has received its local address Provisioning is initiated by scanning a QR code using and APP on a smartphone 2 Gateway has trusted connection to AS APP Hash(A_pubk) 1 After manufacturing AMP device, A contains: A_pubk, A_privk, A_SN and AS_pubk AMP device in Provisioning Mode Submission Slide 6 Guy-Armand Kamendje (HaiLa Technologies)

  7. March 2025 doc.: IEEE 802.11-25/0263r0 Proposal: AMP non-AP STA provisioning mechanism and address allocation Submission Slide 7 Guy-Armand Kamendje (HaiLa Technologies)

  8. March 2025 doc.: IEEE 802.11-25/0263r0 Proposal: AMP non-AP STA provisioning mechanism and address allocation (temporal key derivation) A = TAG_SN || AS_pubk PRK = HKDF-Extract(<>, A) Tk1 = HKDF-Expand(PRK,GWID||TK_NONCE||LOCAL_ADDR|| TK1 ,16) Tk2 = HKDF-Expand(PRK,GWID||TK_NONCE||LOCAL_ADDR|| TK2 ,16) Both AS and AMP device can derive the Tks Tks are send by the AS to the GW No need to send the Tks to the AMP device Submission Slide 8 Guy-Armand Kamendje (HaiLa Technologies)

  9. March 2025 doc.: IEEE 802.11-25/0263r0 Proposal: AMP non-AP STA provisioning mechanism and address allocation (session keys derivation) PRK TK1 TK2 Ek1i EK2i Cntr==i Cntr==i Ekxi = HKDF-Expand(TKx, CNTR ,16) GW instructs the tag which Tkx to use Counters start at zero and Re-key command advance the counter The Ekxi keys have a very short lifetime (determined by the GW) Ekxi can be used as a seed for the next PRK Submission Slide 9 Guy-Armand Kamendje (HaiLa Technologies)

  10. March 2025 doc.: IEEE 802.11-25/0263r0 Proposal: AMP non-AP STA provisioning mechanism and address allocation (data protection) Gateway Gateway RES_SENSOR_DATA() Protected by EKi 0x234 REQ_SENSOR_DATA(ABCD) Protected by EKi 0x234 AMP device in Normal Mode AMP device in Normal Mode Submission Slide 10 Guy-Armand Kamendje (HaiLa Technologies)

  11. January 2025 doc.: IEEE 802.11-25/0263r0 Conclusion A provisioning protocol that uses only one DL message from the infrastructure to the AMP IoT device was presented The presented provisioning protocol allows AMP non-AP STA local address allocation The presented provisioning protocol allows mutual authentication between the AMP non-AP STA and the infrastructure. The presented provisioning protocol allows symmetric key establishment Submission Slide 11 Guy-Armand Kamendje (HaiLa Technologies)

  12. March 2025 doc.: IEEE 802.11-25/0263r0 Straw Polls SP1: Do you agree that the AMP non-AP STA could be allocated a local/short address? Submission Slide 12 Guy-Armand Kamendje (HaiLa Technologies)

  13. March 2025 doc.: IEEE 802.11-25/0263r0 Straw Polls SP2: Do you agree that the AMP non-AP STA could be allocated a local/short address with a maximum of 2 downlink transactions? Submission Slide 13 Guy-Armand Kamendje (HaiLa Technologies)

  14. March 2025 doc.: IEEE 802.11-25/0263r0 Straw Polls SP3: Do you agree that the AMP non-AP STA should establish a secured relationship with a Gateway/ Authentication Server. Submission Slide 14 Guy-Armand Kamendje (HaiLa Technologies)

  15. March 2025 doc.: IEEE 802.11-25/0263r0 References Submission Slide 15 Guy-Armand Kamendje (HaiLa Technologies)

Related


Lightweight Cryptography Standard for IoT - November 2023 IEEE Presentation

Lightweight Cryptography Standard for IoT - November 2023 IEEE Presentation

ruan
Roughtime: Securing time for IoT devices

Roughtime: Securing time for IoT devices

jayda
DoS Detection for IoT Networks Using Machine Learning: Study Overview

DoS Detection for IoT Networks Using Machine Learning: Study Overview

aqua
Strengthening Uganda's National M&E System through UEA Evaluation Strategies

Strengthening Uganda's National M&E System through UEA Evaluation Strategies

rowe
Discover the power of IoT with Orangeinfomedia.ca - the leading IoT services com

Discover the power of IoT with Orangeinfomedia.ca - the leading IoT services com

orangeinfomedia
IoT Platforms Design Methodology by Dr. Snehlata Barde - Overview

IoT Platforms Design Methodology by Dr. Snehlata Barde - Overview

joah
Long Range Low Power IoT Applications for Indoor Environments

Long Range Low Power IoT Applications for Indoor Environments

aro_e
IoT Data Analytics Architecture for Real-World Use Cases

IoT Data Analytics Architecture for Real-World Use Cases

ksatt
Security Concerns and Future Challenges of Internet Connected Devices in Budva, Montenegro

Security Concerns and Future Challenges of Internet Connected Devices in Budva, Montenegro

cyru_4
Energy Harvesting Operation Procedures for AMP Devices in WLAN

Energy Harvesting Operation Procedures for AMP Devices in WLAN

tas_fur
Faster 5G-IoT Interworking Solution and Market Outlook

Faster 5G-IoT Interworking Solution and Market Outlook

ado_zec
Internet of Things (IoT) in Vocational Education

Internet of Things (IoT) in Vocational Education

bro_g
Enhanced Long Range WiFi Solutions for IoT and Video Surveillance Applications

Enhanced Long Range WiFi Solutions for IoT and Video Surveillance Applications

jeta771
Revolutionizing Energy Conservation with Cloud Computing and IoT

Revolutionizing Energy Conservation with Cloud Computing and IoT

truslow_c
Scaling Puppet and Foreman for HPC by Trey Dockendorf

Scaling Puppet and Foreman for HPC by Trey Dockendorf

loui_146
Long-Range Low Power IoT Use Cases for Indoor & Outdoor Environments

Long-Range Low Power IoT Use Cases for Indoor & Outdoor Environments

mar_dw
Secure IoT Application Lifecycle Overview

Secure IoT Application Lifecycle Overview

viko563
IoT Value Roadmap and Key Use Cases Across Business Functions

IoT Value Roadmap and Key Use Cases Across Business Functions

ola_b
Overview of IoT Development in Brazil

Overview of IoT Development in Brazil

mbusa
IoT Use Case - Long Range Low Power Operation for Building Energy Management

IoT Use Case - Long Range Low Power Operation for Building Energy Management

rhey374
Unified AMP Terminology Proposal for IEEE 802.11-00/0000r0 Standard

Unified AMP Terminology Proposal for IEEE 802.11-00/0000r0 Standard

haro_134
IoIST Data Analytics Platform for IoT Sensor Data

IoIST Data Analytics Platform for IoT Sensor Data

ria_sta

More Related Content