This talk is by Pascal Urien, from Telecom ParisTech and Ethertrust. The talk is about keys, ranging from locks to electronic keys. The fisrt question is: are electronic keys a breakthrough application for the Internet of Things? Are people going to trust electronic keys to protect their physical goods?
One of the starting points for this is hotel keys. Today, electronic keys are mostly based on the Mifare system, provided by NXP. What Pascal is proposing is to build on his previous work on IP cards, and to include a TLS card, which allows the key itself (a Java Card with a contactless interface) to manage the provisioning directly with the key server. The advantage is clearly end-to-end security, where we use a standard key server, together with a simple card.
Of course, a Web proxy is required, because the key/card doesn’t have a direct network connection. This is done through a NFC-enabled Android phone. The interesting part is here that the key/card is directly managing thebTLS connection with the server, which means that the content can only be deciphered on the key/card itself.
The next step is to use the phone to open the door. For some reason, Urien did not choose to use card emulation, but peer-to-peer communication. And this time, he has proposed a new IETF draft to propose a TLS layer on Google’s LLCP protocols. Then, it will be possible to get TLS security on P2P connections.
Not sure about this P2P thing, but the idea of end-to-end security using standard protocols is attractive.
No Comments