Security

[This page gives an overview of the Fairhair draft specification dated March 2017. While the draft reflects Fairhair’s direction and scope at the timing of writing, the content is subject to change.]

More details about Fairhair's draft specifications can be found in the acompanying White Paper

Security specification

The Fairhair Security Group has developed a requirements document and a draft specification. Both documents consider what is necessary from a systemic point of view to protect the IoT device, the network, and other non-IoT systems.  The goals are similar to those of the resource modeling group. The principle components of the architecture include minimal device system requirements, such as logging, time management, software update management, device identity and cryptographic support; and network access requirements, such as AAA and profile management.

Fairhair security aims to provide seamless onboarding through the ANIMA process (draft-ietf-anima-keyprov-bootstrapping), as well as automated profile management (draft-ietf-opsawg-mud).  To maintain performance, elliptic key cryptography is used in conjunction with AES to provide strong protection.

There are three cornerstones to Fairhair security requirements. First, the network must provide necessary services to facilitate device protection. Also, devices will identify themselves and what they are to the network, so that the network can then be configured to provide appropriate access to devices. Finally, the requirements take into account various states the overall system may be in, including initial installation, initially commissioned, and accessible to the rest of an enterprise.  Multitenancy is also intended to be addressed.