Defined-Trust Transport (DeftT) Protocol for Limited Domains

Kathleen Nichols
Pollere LLC
Van Jacobson
UCLA
Randy King
Operant Networks Inc.

Abstract

The Defined-trust Transport (DeftT) is designed to provide secure, default-deny networking for closed communities with dynamic membership and a collection-based construct that is efficient on broadcast media. Such closed communities, also known as limited domains [LDCCR], are frequently used in Operational Technology (OT) networking, in particular, in Critical Infrastructure uses. DeftT is designed to express and enforce application- and deployment-specific integrity, authentication, access control and behavior constraints directly in its protocol modules. It enables secure and completely self-contained (e.g., no external identity servers or certificate authorities) overlay networks where credentialed members can join and leave at any time. Security is not optional. To participate, members are preconfigured only with their individual cryptographically secured identities and the domain's secured communication rules. The rules are used to independently authenticate other members' identities as well as their role- and attribute-specific communications.

DeftT is an integrated trust management, multiparty transport that synchronizes collections of secured information across all members of its domain. DeftT uses a many-to-many synchronization primitive rather than source-destination send-and-acknowledgement. Packets are not routable and information only leaves its originating subnet if it is both explicitly permitted in the secured rules and there is a member element (a relay) provided to move validated information containers across subnets. DeftT is part of a Defined-trust Communications approach with an open-source example implementation available. Combined with IPv6 multicast and modern hardware-based methods for securing keys and code, it can provide a foundation for secure and efficient communications in limited domains, particularaly in Critical Infrastructure domains.

Table of Contents

1. Introduction

Decades of success in providing IP connectivity over any physical media ("IP over everything") has commoditized IP-based communications, making IP an attractive option for applications that previously required proprietary or analog connectivity, e.g., Internet of Things (IoT), Industrial Control Systems (ICS) and Operational Technologies (OT) applications such as building automation, embedded systems, transportation control, connecting controls and sensors in nuclear power plants [DIGN] and carbon capture monitoring [IIOT]. The growing use of Distributed Energy Resources (DER) (e.g., residential solar, wind farms) has created interest in low cost commodity networked devices with added features for security, robustness and low-power operation [MODOT][OPR][CIDS]. While use of an IP network layer can be a major advance for OT, the features of Internet transports that have enabled robust global connectivity can be problematic for secure communications within the Critical Infrastructure.

Current IP transports create optionally secured one-to-one sessions between communicating endpoints identified by IP addresses used in packet headers to traverse routers. Synchronization of data across a domain is carried out through multiple two-party transport sessions. Where IP addresses are augmented with additional identities, they must either be validated via external servers or all necessary identities must be be preconfigured in each member during enrollment. The use of external third party servers to obtain identity-based atributes creates an unacceptable vulnerability for many OT networks, particularly in Critical Infrastructure. Further, use of third party certificate authorities (CAs) is often antithetical to OT security needs. Any use of a CA (remote or local) results in a single point of failure that greatly reduces system reliability.

A significant class of OT networks are under a single administrative authority and carry out a primary function of coordination and control. This constitues a single network domain using the widely accepted definition of: "The set of entities or infrastructure under common administrative control" in [RFC8366]. Further, these domains have a membership that is both securely enrolled and dynamic. The members of the domain have specific capabilities and permitted communications that can be explicitly specified. The concept of a limted domain is additionally constrained to refer to a region where network and end system requirements, behaviors, and semantics are applied only within a single domain where membership is assumed to be cryptographically secured [LDCCR][RFC8799]. Here limited is used according to its definition of "restricted" or "characterized by enforceable limitations." (https://www.merriam-webster.com/dictionary/limited) The region of applicability could be a physical locality, e.g., within the same building, campus or immediate proximity, or could be distributed across geographies, as an overlay on the Internet or as a network parallel to the Internet.

DeftT serves the communication needs of a closed community with common objectives. Foremost among those needs is the ability to enforce community-specific policy constraints ("who can say what to which"). ABAC (Attribute-Based Access Control) [NIST] provides a model sufficient to express and enforce these constraints but a fundamental architectural choice remains to either:

  1. Start with Internet-based communication protocols then "harden them" by layering an ABAC framework on top, or

  2. Start with an ABAC framework that verifiably enforces the policy constraints then augment it with the minimum necessary communication primitives needed to function in a community's deployment environment.

For Internet applications and communications, approach (a) is common and generally reasonable. However, for limited domains, approach (a) imports all the (otherwise unneeded) Internet abstraction maintenance machinery of DHCP, DNS, CAs (certificate authorities), PDP/PIPs (Policy Decision Points/Policy Information Points), routing, address plans, etc. When communication is expressed in terms of the common Internet abstractions (e.g., a TLS connection between two IP endpoints), there needs to be a translation layer to map between these abstractions and the domain's entities, requirements and objectives. This machinery is configuration intensive and recent history has demonstrated that it constitutes prime attack surface. As DeftT is specifically aimed at network domains with closed membership desiring default-deny communications, it can exploit those characteristics and avoid the security minefield that more general protocols must navigate. The PIP function is embeded in certificate signing chains, enabling DeftT to be self-authenticating and self-distributing. A limited domain where all network communications are via DeftT is denoted a trust domain.

DeftT is a user-space transport protocol (like QUIC [RFC9000]) that sits between an application and a system-provided transport, e.g., UDP or UDP multicast (Figure 1). DeftT exchanges messages with the application and exchanges its own Protocol Data Units (PDUs) with the system transport. It is a multiparty transport that synchronizes collections of secured information across all enrolled members of a domain using broadcast when available. This keeps domain communications synchronized without the need to construct multiple two-party transport sessions, either between members or with a server or broker. DeftT uses secure, dynamic membership where the credentials of secured identity and the set of rules governing communications and identity are the only information needed by a member. Current Internet transports require packet headers that tell receivers (including routers) how they should be handled. DeftT's PDUs only have meaning in the context of their specific trust domain. DeftT has been created as a self-contained ABAC framework where the PEP and PDP are integrated in the transport.

defttlayer Application DeftT UDPmulticast TCP/UDP/… IPv4/6 (unicast) IPv6 link local multicast self-configuring configured as identity attributes
Figure 1: DeftT in an IP stack

Each DeftT has an integrated trust management module that uses the domain rule set to validate other members' identities and capabilities, to validate received communications both structurally and cryptographically, and to construct compliant outbound communications. This means that new members can be created and join a trust domain at any time without the use of external servers, e.g. certificate authorities (CAs), identity servers, Manufacturer Usage Description (MUD) [NMUD] or other Data Model servers. DeftT's use and enforcement of its secure, dynamic membership is detailed in subsequent sections of this document.

Defined-trust communication employs a single, domain-wide, trust root certificate (trust anchor). Identities are certificate chains, terminating at the domain trust anchor (Section 4 and Section 5.2.1.4), rather than a single certificate signed by a trust anchor. The chains contain all the attributes and/or any role the identity is granted. An identity conveys membership in a specific trust domain that is using a particular set of rules and a particular trust anchor. DeftT certificates (see Section 5.2.1.4 and Section 7.2) can be easily generated and signed by local administrative authorities so there is no reason to aggregate a plethora of unrelated claims into one cert (avoiding the Aggregation problem [W509]). This simplifies trust management and avoids the well-known CA federation and delegation issues and other weaknesses of the X.509 architecture (summarized at [W509], original references include [RSK][NVR]).

In many limited domains, particularly OT, valid messages conform to rigid standards on syntax and semantics [IEC61850][ISO9506MMS][ONE][MATR][OSCAL][NMUD][ST][ZCL] that can be combined with site-specific requirements on identities and capabilities to create a system's communication rules. A domain's rule set specifies the format of the certificates of identity chains and the format of all permitted communications including the attributes required by identities that sign them. These rules can be employed to secure publications in a trust management system such as [DLOG] where each publisher is responsible for supplying all of the "who/what/where/when" information needed for each subscriber to prove the publication complies with system policies.

Each member gets the domain's rule set distributed in binary form in a certificate (a communication schema, see Section 1.2 and Section 6.1) signed by the same trust anchor at the root of the identity chain. This compact and secured schema specifies the requirements for the domain. Figure 2 illustrates how the elements of DeftT interact; subsequent sections describe the elements and interactions in more detail.

trustElements trustElements Device-specific code Communication Schema Shim Subscribe Publish Publication Validator Publication Builder Network Schema Compiler Site Policy Standard Conformance Requirements: On-Device App
Figure 2: Trust management elements of DeftT

1.1. Multiparty transport

Our target OT networks have communications that are local, multiparty, and use application-specific identifiers ("topics") for rendezvous. This fits the generic publish/subscribe communications model ("pub/sub") widely used in IoT. As table 1 in [PRAG] shows, nine of the eleven most widely used IoT protocols use a topic-based pub/sub transport. For example MQTT, an open standard developed in 1999 to monitor oil pipelines over satellite [MQTT][MHST], is now likely the most widely used application communication protocol in IoT (https://mqtt.org/use-cases/).

Pub/sub protocols communicate through the same topic; end hosts need no specific knowledge of one another. These protocols have typically been implemented as an application layer protocol over two-party transports like TCP which require in-advance configuration of peer addresses and credentials at each endpoint and thus incur the communications overhead of host-based protocols. The usual approach is to configure the end hosts to communicate with a broker or server. Microsoft Azure, Amazon AWS, Google Cloud, and Cloudflare all offer hosted MQTT brokers for collecting and connecting sensor and control data in addition to providing local pub/sub in buildings, factories and homes. The communication model of pub/sub bears little resemblance to its common implementations.

Consider a smart lighting example that uses a topic-based pub/sub application layer protocol in a wireless broadcast subnet (see Figure 3). Each switch is set up to do triple-duty: one click of its on/off paddle controls some particular light(s), two clicks control all the lights in the room, and three clicks control all available lights (five kitchen plus the four den ceiling). Thus a switch button push may require a message to as many as nine light devices. On a broadcast transmission medium (e.g., WiFi, ethernet) each packet sent by the switch is heard by all nine devices. IPv6 link-level multicast provides a network layer that can take advantage of this but current IP transport protocols cannot. Instead, each light switch needs to establish nine bilateral transport associations in order to send the published message for all lights to turn on. Communicating devices must be configured with each other's IP address and enrolled identity so, for n devices, both the configuration burden and traffic scale as O(n2). For example, when an "all" event is triggered, every light's radio will receive nine messages but discard the eight determined to be "not mine." If a device sleeps, is out-of-range, or has partial connectivity, additional application-level mechanisms would be required to accommodate it. Implementing multiparty communications over two-party transport sessions changes the configuration burden and traffic scaling from the native media's O(n) to O(n2).

iotDeftt iotDeftt kitchen ceiling kitchen ceiling kitchen all subscriptions den ceiling den ceiling den all subscriptions kitchen counter kitchen counter kitchen all subscriptions den switch den ceiling den all 1: 2: 3: clicks pub topic kitchen switch kitchen counter kitchen all 1: 2: 3: clicks pub topic
Figure 3: Smart lighting use of Pub/Sub

MQTT and other broker-based pub/sub approaches mitigate this by adding a broker (Figure 4). Each entity makes a single TCP transport connection with the broker and tells the broker it wants to subscribe to specific topics. Then the kitchen switch uses its single transport session to publish commands to topic kitchen/counter, topic kitchen or all. The kitchen counter light uses its broker session to subscribe to those same three topics. The kitchen ceiling lights subscribe to topics kitchen ceiling, kitchen and all while den ceiling lights subscribe to topics den ceiling, den and all. Use of a broker reduces the configuration burden from O(n2) to O(n): 18 transport sessions to 11 for this simple example and for realistic deployments the reduction is often greater. There are other advantages: besides their own IP addresses and identities, devices only need to be configured with those of the broker and the broker can store messages for temporarily unavailable devices. This approach is popular because the pub/sub application layer protocol provides an easy-to-use API and the broker reduces configuration burden while maintaining secure, reliable delivery and providing short-term in-network storage of messages. Still the broker implementation doubles the per-device configuration burden by adding an entity that exists only to implement transport and traffic still scales as O(n2). Specifically, any switch publishing to all lights results in ten (unicast) message transfers over the wifi network. Further, the broker introduces a single point of failure into a network that is richly connected physically and provides a high-value security target.

iotMQTT iotMQTT MQTT broker kitchen ceiling den ceiling kitchen counter den switch den ceiling den all 1: 2: 3: clicks pub topic kitchen switch kitchen counter kitchen all 1: 2: 3: clicks pub topic ←sub : den ceiling, den, all ←sub : kitchen ceiling, kitchen, all ←sub : kitchen counter,             kitchen, all
Figure 4: Brokers improve efficiency at the cost of a single point of failure

Clearly, a transport protocol capable of exploiting a physical network's broadcast capabilities would better suit this communications paradigm. (Since unicast is just multicast restricted to peer sets of size 2, a multicast transport handles all unicast use cases but the converse is not true.) Our solution moves the communications model from message exchange to the coordination of shared objectives. In the distributed systems literature, communication associated with coordinating shared objectives has long been modeled as distributed set reconciliation [WegmanC81][Demers87]. In this approach, each domain of discourse is a named set, e.g., myhouse.iot. Each event or action, e.g., a switch button press, is added as a new element to the instance of myhouse.iot at its point of origin then the reconciliation process ensures that every instance of myhouse.iot has this element. In 2000, [MINSKY03] developed a broadcast-capable set reconciliation algorithm whose communication cost equaled the set instance differences (which is optimal) but its polynomial computational cost impeded adoption. In 2011, [DIFF] used Invertible Bloom Lookup Tables (IBLTs) [IBLT][MPSR] to create a simple distributed set reconciliation algorithm providing optimal in both communication and computational cost.

DeftT exploits these advances, encoding the event/actions as publications in a distributed named set called a collection (see Section 5.4). DeftT PDUs have two types: one to carry the publications and one to carry the state information used to keep its collections synchronized. The approach makes it easy to take advantage of IPv6's self-configuring link-local multicast to avoid all manual configuration and external dependencies. This permits Using DeftT, the network implementation can match the pub/sub communication model of Figure 3 where each device has a single, auto-configured transport that makes use of the broadcast radio medium without need for a broker or multiple transport associations. Each button push (in the form of a publication) is broadcast exactly once to be added to the distributed collection. (See Section 5.5 to see how members fill in missing elements.)

1.2. Multiparty security

OT devices usually have specific, highly proscribed roles and strict constraints on what they can "say" and to what they listen and respond. When pub/sub is implemented using bilateral session-based transports, the opacity of encrypted two-party sessions can make it impossible to enforce or audit these communication policy constraints. Multiple publications with independent topics and purposes are combined under a single session key, providing privacy by encrypting the sessions between endpoints. Credentials of Internet endpoints (e.g., a website) are usually attested by a third party certificate authority (CA) and bound to a DNS name. Endpoint credentials may also be bound to a device by obtaining the (local) domain's root certificate (e.g., via BRSKI [RFC8995]) then using a TLS connection to obtain the end-entity certificate. Each secure transport association requires the exchange of these credentials which allows for secure exchange of a nonce symmetric key.

For example, in Figure 4 each transport session is a separate security association where each device validates the broker's credential and the broker has to validate each device's. Secured transport associations are between two enrolled devices (protecting against outsider and some MITM attacks) but once the transport session has been established, there are no constraints whatsoever on what devices can say. This approach does not protect against the insider attacks that currently plague OT, e.g., [CHPT] description of a lightbulb taking over a network. The basic function of a light switch requires that it be allowed to tell a light to turn on or off. It almost certainly shouldn't be allowed to tell the light to overwrite its firmware (fwupd), even though "on/off" and "fwupd" are both standard capabilities of most smart light APIs. In a TLS session, the transport handles "fwupd" publications the same way as "on/off" publications. DeftT prevents such attacks using trust management that operates per-publication, using rules that enable the "fwupd" from the light switch to be rejected.

Securing each publication rather than the session it arrives on deals with a wider spectrum of threats while avoiding quadratic session state and traffic burden. Combining per-publication trust decisions with many-to-many communications over broadcast infrastructure requires per-publication signing rather than session-based signing. Subsequent sections describe how DeftT handles this (e.g., Section 5.6 and Section 6.2.3).

Instead of vulnerable third-party CAs [W509], DeftT trust domains employ a local root of trust and locally created certificates. Communication rules are expressed in a declarative language that is validated for consistency and completeness then converted to a compact runtime form which is authorized and secured via signing with the system trust root. The resulting communication schema is distributed as a certificate that can be validated using on-device trusted enclaves [TPM][HSE][ATZ] as part of the device enrollment process. See Section 7 and Section 9. More on how DeftT addresses past and current threats is in Section 2 and Section 9.

1.3. Defined-trust communications domains

A Defined-trust communications limited domain (or simply, trust domain) is a limited domain where communications are via DeftT (Figure 5) and all members are configured with the same trust anchor and schema (or some subset of the domain schema) as well as an individual schema-conformant DeftT identity cert chain that terminates at the trust anchor and the private key corresponding to the identity chain's leaf cert. The particular rules for any deployment are application-specific (e.g., Is it home IoT or a nuclear power plant?) and site-specific (specific form of credential and idiosyncrasies in rules) which DeftT accommodates by being invoked with a set of rules (schema) particular to a deployment. We anticipate that efforts to create common data models (e.g., [ONE]) for specific sectors will lead to easier and more forms-based configuration of DeftT deployments.

Trust domains are self-contained communication domains layered on IP via multicast UDP or unicast protocols (e.g., TCP and UDP) and do not directly interact with IP routing protocols. DeftT deploys on IP networks without interfering with conventional IP protocols. In contrast with current IETF protocols, DeftT is intended for closed communities with common objectives.

A trust domain is perimeterless and may operate over one or more subnets, sharing physical media with non-members. Domain members use DeftT to publish and subscribe using internal modules of Publication Builders and Validators as shown in Figure 2. Publications become the elements of a set, or named collection, that is synchronized across each subnet of a trust domain that is using the same schema (or schema subset). DeftT uses a distributed set reconciliation protocol on each collection and each subnet independently. A set reconciliation protocol operates in a sync zone which is defined on a single subnet where members use the same communication schema or communication schema subset. Every DeftT maintains at least two collections: msgs for publications constructed from application messages and cert where members publish the certificates of their signing chains (see joining-a-trust-domain).

trustdomain trustdomain M M M M M M M subnet set reconciliation /msgs collection /cert collection subscribe publish Trust Domain
Figure 5: Trust domain

1.4. Trust domains can span subnets

Trust domains use relays to extend over the sync zones of physically remote subnets, subnets using different media and/or groups of members using distinct subsets of the domain schema (see Section 5.7). Relays have a DeftT in each sync zone and pass publications between them as long as the publications are valid at both the receiving and sending DeftTs. Relay identities have a relay capability (an attribute with a special meaning within DeftT) in their identity chain that enables specialized certificate and publication movement while prohibiting them from obtaining publication encryption/decryption keys. The set reconciliation protocol ensures that items only transit a sync zone once; an item must be specifically requested in order to be transmitted (see Section 5.5). Since set reconciliation does not accept duplicates, relays are powerful elements in creating efficient configuration-free meshes.

relayedtrustdomain relayedtrustdomain Relay M M M M M M M M M M M M M M M M M M Relay Trust Domain subnet 1 subnet 2 subnet 3 subnet 4
Figure 6: Relayed trust domain

There are four subnets in Figure 6, represented as different shapes. The subnets could be using different media (e.g. bluetooth, wifi, ethernet), different overlapping portions of the domain's communication schema (subschemas) or be physically remote. A relay has a DeftT in two or more subnets of the domain, e.g. one relay has DeftTs in subnets 1, 3, and 4 and the other has DeftTs in subnets 2, 3, and 4. Conceptually, relay DeftTs maintain a collection in their subnet, e.g. subnet1, on behalf of the members in its other subnets, e.g., subnets 3 and 4. The shaded triangles (subnet 4) are for DeftTs in a sync zone between the two relays, as for a unicast link between them. Relay internals copy publications to the other DeftTs but only after validating them using the (sub)schema in use on the destination DeftT. For more on relays, see Section 5.7 and Section 8.

2. Design rationale

DeftT's publication, PDU and serialization formats were strongly influenced by the LangSec [LANGSEC] observation that most security issues are due to improper input handling. For example, [LangSecErr] (section II) found that this class of errors accounted for 75% of the 47 OpenSSL security vulnerabilities reported in the 18 months following 2015-1-1. Also, as of 2023-7-5, all 25 of the protobuf CVEs listed in the NIST National Vulnerability Database are of this class.

[LangSecErr] suggests these vulnerabilities could have been avoided by designing the protocol following three rules:

The acceptable input to a program should be:

  1. well-defined (i.e., via a grammar)
  2. as simple as possible (on the Chomsky scale of syntactic complexity)
  3. fully validated before use (no "shotgun parsing")

2.1. Making DeftT "well-defined"

A DeftT domain's "acceptable inputs" are specified in a rule set using a declarative language (Section 6.1) and then compiled by an LALR parser into a compact binary schema that avoids any need for runtime parsing. The compiler will fail to construct a schema if the domain communication rules are ambiguous, incomplete or inconsistent. Given the schema, DeftT can construct or validate any conformant domain input in constant time at runtime.

After successful compilation the schema is authorized, authenticated and integrity protected by cryptographic signing using the domain's trust anchor. This signed schema is supplied to every member as part of their identity bundle (Section 7.2) and the SHA-256 thumbprint (see Section 5.2.1.4) of the schema is the first component of every PDU's topic name. This ensures not only that the rules are well defined but also that all publishers and subscribers are playing by the same rules.

2.2. Making DeftT "as simple as possible"

All DeftT Information is represented using TLV (Type, Length, Value) tuples for the reasons noted by Dan Berstein [netstrings][tnetstrings]:

  • Unlike delimitter-based approaches like XML or JSON, TLVs are resistant to buffer overflow and false pairing attacks.
  • TLVs are self-describing and trivial to parse or validate.
  • They can be used recursively -- containers can contain other containers.
  • TLVs are fast, cache friendly and not resource intensive.
  • TLVs make no assumptions about contents and can store binary data without escaping or encoding.
  • TLVs are transport agnostic.

Attackers regard the 'seams' between protocol layers as prime attack surface since a lower layer can pass up partial information that it later finds to be inconsistent or invalid (an anti-pattern known as shotgun parsing [LangSecErr]). DeftT deliberately reuses a small set of formatting conventions to construct its TLV containers in contrast to the Internet convention of constructing PDUs in separate layers with rules chosen by different committees. For example, DeftT PDUs, publications and certificates have essentially the same format (Section 5.2) so they can all be structurally validated (e.g., the contents of a container are the type expected in the order expected and exactly fill their container) by one simple, generic, recursive descent validation pass over each arriving PDU performed at the point where it arrives.

As described in Section 1.2, DeftT validates every publication and PDU both cryptographically and syntactically using the domain's communication schema to enforce who-can-say-what-to-which-where-when. DeftT does both serialization and validation using rules bound at runtime (Figure 2) not compile time. It can do this at rates competitive with protobufs by taking advantage of the "definiteness" of local-domain communication:

  • Since the same rules are used both to produce and validate publications/PDUs, encoding order is fixed and known in advance. Thus every top-level object can be validated by a single sequential pass through it.

  • Every party to the communication is guaranteed to be using the same rules so there are no options and no negotiation thus no combinatorial explosion of variants to check.

  • Communication rules can be extended and amended at any time and the resultant binary schema published to members with no changes to their code. Thus the current ruleset should always be the minimum necessary to support existing applications and policies, not an open-ended behemoth needed to support any possible future.

3. Operational considerations

Multiparty communications are enabled through use of a named collection abstraction. DeftT employs a distributed set reconciliation communications model, flexible pub/sub APIs, chain-of-trust identities, and secured rules that define the local context and communication constraints of a deployment in a declarative language. The collections hold publications with lifetimes appropriate to their use. For example, publications that carry application messages are normally ephemeral, like a UDP or TCP packet, while certificate publications have longer lifetimes, on the order of hours or even months. Set reconciliation provides reliable communications (see Section 5.4). Collections are synchronized; members compare their local versions of the collection state and update the collection with publications they have that others are missing. On a broadcast subnet updates are sent to multiple members at once. On a unicast subnet (e.g., a TCP connection) updates are sent to the other member of the subnet.

The resulting system is efficient, secure and scalable: communication, signing and validation costs are constant per-publication, independent of the richness and complexity of the deployment's constraints or the number of communicating entites deployed.

3.1. Environment

Due to physical deployment constraints and the high cost of wiring, many OT networks preferentially use radio as their communication medium. Use of wires is impossible in many installations (untethered Things, adding connected devices to home and infrastructure networks, vehicular uses, etc.). Wiring costs far exceed the cost of current System-on-Chip Wi-Fi IoT devices and the cost differential is increasing [WSEN][COST]. For example, the popular ESP32 is a 32bit/320KB SRAM RISC with 60 analog and digital I/O channels plus complete 802.11b/g/n and bluetooth radios on a 5mm die that consumes 70uW in normal operation. It currently costs $0.13 in small quantities while the estimated cost of pulling cable to retrofit nuclear power plants is presently $2000/ft [NPPI].

DeftT is intended for the kinds of devices available today and into the future. The minimum expected capability is that of an ESP32. Experience thus far on a number of platforms has not shown DeftT to be unduly burdensome. Section 5.8 reports measurement results for time to process application messages as well as memory burden.

3.2. Communication schemas express domain rules

A trust domain's rule set specifies the format of allowable publications and certificates and their signing requirements. These are expressed in the VerSec declarative language (see Section 6), and converted into a binary schema. The schema is used to both construct and validate publications, guaranteeing that all parts of the system always conform to and enforce the same rules, even as those rules evolve to meet new threats (more in Section 6.1). DeftT embeds the trust management mechanisms directly in the publish and subscribe data paths (see Figure 2).

The brief introduction here may be useful in understanding the framework of DeftT. Rules can be quite simple if they specify only membership without attributes or roles and can be complex if there are many types of members and publications. A simplified communication schema using attributes contained in identity names is shown in Figure 7 for the example of Section 1.1 and Figure 3. The notation "<=" should be read as "is signed by" and the "& {}" notation indicates particular constraints. Figure 7's member identities are simple two-level signing chains, where the domain trust anchor signs the identities. Switches and lights are given different attributes in their identities via the "type" field ("switch" or "light") The switch publications that contain the command field to turn on or off ("turnOn" or "turnOff") require signing by a switch identity. Light identities are limited to signing publications that indicate their on or off status. When a light constructs a publication, the "room" and "loc" fields will be set to the "_myroom" and "_myloc" attributes from its identity cert by the Publication Builder Figure 2. When the Publication Validator validates a light publication, "room" and "loc" must equal the signer's "_myroom" and "_myloc" fields and the "arg" must equal either "on" or "off". These rules specify that all certificates have three final components, the first of which is always "KEY"; the other two follow requirements within the trust engine (DeftT's approach is detailed in Section 5.2).

_domain: "myLights"              // trust domain name
domainCert: _domain/_certSuffix  // domain trust anchor

// publication format
#lsPub: _domain/room/loc/arg/_ts & {_ts: timestamp()}

// what switches and lights can say
rooms:  "kitchen"|"den"
switch: #lsPub & {room: rooms|"all", arg: "turnOn"|"turnOff"} <= switchCert
light:  #lsPub & {room: _myroom, loc: _myloc, arg: "on"|"off"} <= lightCert

// device certificate formats
deviceCert: _domain/_type/_myroom/_myloc/_certSuffix <= domainCert
switchCert: deviceCert & {_type: "switch"}
lightCert:  deviceCert & {_type: "light"}

// fields added to all cert names by cert builder
_certSuffix: "KEY"/_/_
Figure 7: Example communication schema for Figure 3's lighting system

An administrator who wants to deploy these rules can use the utilities provided at [DCT].) The administrator of the "myLights" domain writes these rules in a text file, compiles them into a binary output that becomes the content of a schema cert. The administrator next makes the twelve certificates this trust domain requires: a trust anchor, kitchen and den switch identity certificates, four kitchen ceiling light identity certificates, one kitchen counter light identity certificate, and four den ceiling light identity certificates. The trust anchor private key is used to sign all of these and each device is preconfigured with the trust anchor cert, the schema cert, and its own device identity chain (along with the device cert private key).

This approach extends LangSec's "be definite in what you accept" principle by using the authenticated common rules of the schema for belt-and-suspenders enforcement at both publication and subscription functions of the transport. If an application asks the Publication Builder module to publish something and the schema shows it lacks credentials, an error is thrown and nothing is published. Independently, the Publication Validator ignores publications that:

  • don't have a locally validated, complete signing chain for the credential that signed it
  • the schema shows its signing chain isn't appropriate for this publication
  • have a publication signature that doesn't validate

Since an application's subscriptions determine which publications it wants, only certificates from chains that can sign publications matching the subscriptions need to be validated or retained. Thus a device's communication state burden and computation costs are a function of how many different things are allowed to talk to it but not how many things it talks to or the total number of devices in the system. In particular, event driven, publish-only devices like sensors will spend no time or space on validation. Unlike most "secure" systems, adding additional constraints to schemas to reduce attack surface results in devices doing less work.

3.3. Identity, signing keys, and configuration

DeftT members start with a pre-existing identity obtained out-of-band. DeftT enrollment consists of configuring a device with identity bundles that contain the trust anchor certificate, the communication schema, and an identity certificate chain. (There are many existing and evolving bootstrap and enrollment protocols and methodologies that can be can be used to configure identities.) The private key corresponding to the leaf certificate of the member's identity should be securely configured (i.e., not exposed to any third party) while the security of the identity bundle can be deployment-specific (i.e., the public certificates it contains may optionally be protected from third parties).

Private identity keys are not used for signing DeftT packets, only to sign the public signing certificate that becomes the leaf certificate of a signing chain. The signing key pairs used for signing publications are made locally at each entity on whatever rotation schedule chosen for the application. The identity key can remain within protected hardware like a TPM for signing while the signing key is used in the communications path as a tradeoff between the possibility of more exposure vs the need for speed. (More on certificates and identities in DeftT in Section 5.6 and Section 7.)

3.4. Joining a trust domain

There is no need for members to have apriori knowledge of one another. Using the schema together with a shared trust anchor, a member can validate every other member's identity at runtime. DeftT makes use of both its synchronized collections and its integrated trust management engine to securely join a particular trust domain.

For each collection, members communicate about their local version of the collection state and send additions to the collection the other members are missing. Each trust domain has a certificate collection where members publish the certificates of their signing chains. DeftT's certificate collection allows new members to join and communicate with no specific knowledge of other members, thus obviating labor intensive and error-prone device-to-device association configuration.

A new DeftT joins a trust domain using its certificate distributor module. Figure 8 shows a state diagram of the joining process. The joining member creates its first signing pair, constructs a certificate holding the public signing key, and signs it with the member's private identity key. The joining member adds its signing chain to its local copy of the cert collection and starts the process of joining the trust domain by publishing its cert collection state and subscribing to the domain certificate collection. The local collection state is compared to the received collection state and any certs that are not already in that received state will be sent on the network to be added to the domain collection. Note that a new member will always need to add its identity and signing certs, but other certificates of the chain may already have been added to the collection by previously joining members. A DeftT does not consider itself joined (or "connected to the domain") until it receives a collection state from the network that contains all of its certs, indicating that at least one other member will be able to receive its signed packets. Whether fully joined or not, the cert distributor receives all certs published on the network, adding them to its local collection when an entire validated signing chain is received and updating its local collection state.

certSD Make a new signing key -make a key pair for signing -securely store its secret signing key -make public key cert & sign with secret idenity key Start process of joining Trust Domain subscribe to Domain's cert collection and receive its state publish my signing cert chain certs added to local copy of cert collection compare local collection state to Domain state send any certs not already in Domain collection Trust Domain joined participate in key and application collections ProcessCert if completes a signing chain trust engine validates using schema add valid chain to local cert collection else hold valid cert until chain complete out-of-band configuration: -schema in cert form signed by Domain TA -identity cert chain terminates at Domain TA -secret identity key (corresponding to leaf cert) stored securely receive a cert from network receive a collection state with my signing chain receive a cert from network
Figure 8: DeftT certificate distributor enables joining trust domain

3.5. IP networking considerations

Conventional IP services are discovered via well-known IP ports that are registered with IANA [RFC6335]. DeftT is not a service, so it doesn't require a port allocation; no UDP or TCP port assignment is required. Instead, DeftT does peer discovery using shared security information, preferentially using IPv6 link-local multicast [RFC4291]. In particular, each DeftT is a member of a trust domain and communicates within a single sync zone where all members use the same schema cert, which is signed by the common trust anchor (see Section 1.3).

The SHA256 "thumbprint" Section 4 of the schema cert is used as a compact, unique identifier for the domain and portions of this identifier are used to generate addresses in accordance with the Dynamic Ports of [RFC6335] to determine both the IPv6 link-local multicast address and UDP destination port (see Section 3.5).

3.5.1. Using IPv6 Multicast

The first 8 bytes of the schema cert thumbprint are used as the first component in all DeftT PDUs (see Section 5.2.1.1) and the lower 14 bytes are used for DeftT's link-local IPv6 addresses.

IPv6 mutlicast addresses have format [RFC4292]:

 8|  4  |  4  |  112   |
--+-----+-----+--------+
FF|flags|scope|group ID|
--+-----+-----+--------+

and DeftT sets these as:

FF|01|02|<lower 112 bits of schema cert thumbprint>

where flags=01 indicates a dynamically assigned address and scope=02 indicates link-local scope. The UDP dest port is set using the upper byte of the id to pick a random value in the [RFC6335] Dynamic Ports range 49152-65535. As UDP multicast requires different ports for send and receive, this use doesn't conflict at all with the normal use of this range for emphemeral client source ports.

3.5.2. Using IPv6 Unicast ("point-to-point")

Unicast protocols require more configuration than multicast, partly because they're inherently asymetric so each end has to know in advance whether to "listen" or "connect", partly because there are firewall and NAT implications, and partly due to DeftT wanting good peer authentication and privacy. Since unicast is between particular DeftT peers, the protocol, role, address and port information goes into the identity chains (Section 7.2) of those peers as an attribute. This allows them to connect, zero-RTT mutually authenticate, and establish a TLS-1.3-like EC Diffie-Hellman secure tunnel as needed.

3.6. Performance considerations

The well-known issues with 802.11 multicast [RFC9119] can make DeftT less efficient than it should be. Target OT deployments primarily use smaller packet sizes and DeftT's set reconciliation provides robust delivery that currently mitigates these concerns. ALong with the critical network infrastructure applications of neighbor discovery, address resolution, DHCP, etc., DeftT use may become another force for improved multicast on 802.11,

Cryptographic signing takes most of the application-to-network time in DeftT. Though not prohibitively costly (e.g., under 20 microseconds on a Mac Studio), increased use of signing in transports may incentivize creation of more efficient signing algorithms.

Note that DeftT incurs some memory overhead that may not be immediately apparent. It keeps a copy of the current identity information for all members that can produce publications to which it can subscribe (as per schema). This requires ~300 bytes per certificate. Collections hold publications for their lifetime plus a skew time in order to prevent replay attacks. Although certificate lifetimes should be on the order of hours to years, publications that carry application messages should have lifetimes ~1 to 2 seconds.

3.7. Comparison to other approaches

IETF standards track protocols have focused on the IoT portion of OT, with particular attention to "constrained devices." The center piece is the application layer client-server COAP [RFC7252] with various extensions and related protocols (e.g., OSCORE [RFC8613] and ACE [RFC9200]). As Internet compatible protocols, COAP/OSCORE/ACE use 1) cleartext options in their headers and 2) trusted third parties or resource servers, both of which can be exploited. OSCORE adds object security to COAP specifically to get around the vulnerability of using only DTLS/TLS with proxies. OSCORE uses pre-shared keys, acquired out-of-band or via a key establishment protocol, to encrypt/sign COAP messages which are carried as payload in a COAP message with the OSCORE option. Its Security Context is between two endpoints and specific to sender ID and recipient ID where sender IDs may be established out-of-band.

A DeftT PDU uses a hash of its compiled rules cert to identify its trust domain (Section 4) and uses no header options. In the Internet, PDU headers tell nodes how the packet should be handled; in a DeftT trust domain, the trust domain identifier indicates the packet is part of the domain whose rules will be enforced by any receiver. These are very different architectures both for communicating and for securing communications and are expected to serve different roles although the application spaces may overlap.

Out-of-band configuration techniques developed for COAP and OSCORE should be adaptable for configuration of DeftT trust domain members.

3.8. Current status

The development philosophy for DeftT is to start from solving useful problems with a well-defined scope and extend from there. An open-source Defined-trust Communications Toolkit [DCT] with an example uses of DeftT is maintained by Pollere. [DCT] currently has examples of using DeftT to implement secure brokerless message-based pub/sub using multicast UDP/IPv6 and unicast {UDP/TCP}/IPv6 and includes extending a trust domain via a unicast connection or between two broadcast network segments.

Massive build out of the renewable energy sector is driving connectivity needs for both monitoring and control. Operant Networks is currently deploying DeftT in a mix of open-source and proprietary software tailored for commercial deployment in support of distributed energy resources (DER). Current small scale use cases have performed well and expanded usage is underway. Pollere is also working on home IoT uses. As the needs of our use cases expand, the Defined-trust communications framework will evolve with increased efficiencies. DeftT's code is open source, as befits any communications protocol, but even more critical for one attempting to offer security. DCT itself makes use of the open source cryptographic library libsodium [SOD] and the project is open to feedback on potential security issues as well as hearing from potential collaborators.

4. Terms

5. DeftT and Defined-trust Communications

DeftT synchronizes and secures communications between its enrolled members. DeftT's multiparty synchronized collections of named, schema-conformant publications contrast with the bilateral session of TCP or QUIC where a source and a destination coordinate with one another to transport undifferentiated streams of information. At any specific time, the DeftTs in a trust domain may hold different subsets of a collection (e.g., immediately after entities add elements to the collection) but the synchronization protocol ensures all converge to the complete set of elements within a few round-trip-times following the changes.

Applications use DeftT to add to and access from a collection of publications. DeftT enforces "who can say what to which" as well as providing required integrity, authenticity and confidentiality. Transparently to applications, a DeftT both constructs and validates all publications against its schema's formal, validated rules. The compiled binary communication schema is distributed as a trust-root-signed certificate and that certificate's thumbprint (see Section 5.2.1.4 and Section 4) uniquely identifies each trust domain. Each DeftT is configured with the trust anchor used in the domain, the schema cert, and its own credentials for membership in the domain. DeftTs must be in the same domain to communicate. Identity credentials comprise a unique private identity key along with a public certificate chain rooted at the domain's trust anchor. Identity chain certificate specifications are in the schema and some of these certs contain the attributes granted to the identity. Thus, attributes are stored in the identity not on an external server.

As illustrated in Figure 8, each member publishes its credentials to the certificate collection in order to join the domain. DeftT validates credentials as a certificate chain against the schema and does not accept publications without a fully validated signer. This unique approach enables fully distributed policy enforcement without a secured-perimeter physical network and/or extensive per-device configuration. DeftT can share an IP network with non-DeftT traffic as well as DeftT traffic of a different domain. Privacy via AEAD (Authenticated Encryption with Associated Data) is automatically handled within DeftT if selected in the schema (see Section 5.6.2).

transportBD0v2 transportBD0v2 Application system- p r ovided transport DeftT information to convey information of inte r est local adds to collection others’ adds to collection state of collection
Figure 9: DeftT's interaction in a network stack

Figure 9 shows the data flow in and out of a DeftT. DeftT uses its schema to package application information into named information objects, or publications, that are added to its local copy of the collection. Publications are carried in collection addition (cAdd) PDUs that are used along with collection state (cState) PDUs to communicate about and synchronize collections. cStates report the state of the local collection; cAdds carry publications to other members that need them. PDUs are passed to (and received from) the system transport (e.g., UDP multicast).

5.1. Inside DeftT

DeftT is organized in functional library modules that interact to prepare application-level information for transport and to extract application-level information from packets, see Figure 10. Extensions and alternate module implementations are possible but the functionality and interfaces must be preserved. Internals of DeftT are completely opaque to an application. The schema determines which optional modules are used (e.g., Figure 11).

A DeftT participates in two required collections and may participate in others if required by the schema-designated cryptographic methods (see #distributors). One of the required collections, msgs, contains publications constructed from application messages. The other required collection, cert, contains the trust domain's identity chain certificates. Specific cryptographic methods may require group key distribution in descriptively named collection keys.

DeftTmodules DeftTmodules syncps : set synchronization pub/sub protocol syncps : set synchronization pub/sub protocol schemaLib : run-time use of schema cert, identity certs and cert store shim : application- specifics: up calls, timing, lifetimes, API, QoS, seg/reas DeftT face : manage PDU transport via multicast UDP, unicast UDP or TCP distributors : handle all aspects of distributing certs and group keys sigmgrs : sign or validate PDUs and publications cState & cAdd packets cState & cAdd PDUs cState & cAdd PDUs publications certs, keys application calls and callbacks
Figure 10: Run-time library modules

A shim serves as the translator between application semantics and the publications whose formats are defined by the schema. The syncps module implements the set reconciliation protocol used by DeftT (see Section 5.4). syncps creates the cState and cAdd PDUs that are passed to the face module and unpacks the PDUs received.

The signing/validation modules (signature managers) are used for both publications and cAdds. Figure 11 shows VerSec validator specifications for the two required collections, msgs and cert. The "#pduValidator" specifies AEAD, which requires a symmetric key. The AEAD sigmgr is an example of a sigmgr that requires a distributor module (see #(group-key-distributors)) with its own collection (keys/pdus). The key distributor is automatically instantiated at run-time. The PDUs carrying msgs publications will be encrypted with a periodically regenerated shared key where only the minimal information of trust domain identifier and collection type is exposed. If signed cleartext PDUs are desired, the only change required is to change the pubValidator line of the schema from "EdDSA" to "AEAD". More detail on each module can be found in code files and documents at [DCT]

#msgsValidator: "EdDSA"
#certValidator: "EdDSA"
#pduValidator:  "AEAD"  //for cAdds
Figure 11: Schema portion specifying the sigmgr to be used for signing and validation

Following good security practice, DeftT's publications are constructed and signed early in their creation, and are validated (or discarded) early in the reception process. The schemaLib module provides certificate store access throughout DeftT along with access to distributors of group keys, publication building and structural validation, and other functions of the trust management engine.

5.2. DeftT formats

All DeftT Information is represented using TLV (Type, Length, Value) tuples. Types can either be containers (they contain a concatenated sequence of TLVs) or leaves (they contain a single non-TLV value with well-defined semantics and serialization). All TLVs have a boolean 'valid()' method that returns 'true' if and only if their content satisfies all the constraints associated with the TLV's type. For container types this means, at minimum, that the sum of all the enclosed TLV Lengths and header sizes exactly equals the Length of the container and that the valid() method of each of the enclosed TLVs returns true. Most container types have additional constraints on the type, ordering and value of the enclosed TLVs that are described below.

5.2.1. Top level container TLVs

As shown in Figure 10 there are two kinds of top level containers: PDUs which are exchanged with the system-provided network transport and carry pubs, the other top level container, which are the elements of the set synchronization protocol. PDUS and pubs have similar structure and share most of their code but are designed to be unambiguously distinguishable. As indicated in Figure 9 and Figure 10, syncps uses a pub/sub model for both its shim facing and network facing interfaces. Thus the first TLV in any top level container is a Name container comprising the topic name used to mediate the pub/sub rendezvous. The other TLVs in the top level container depend on the kind of container.

There are two kinds of PDU containers: cState and cAdd and two kinds of of publications, publications and certs. All four are described in the following section.

5.2.1.1. cState PDUs

A cState PDU (TLV type 5) announces the items a member holds in a specific collection of a specific trust domain subnet. It must contain the following three TLVs and they must be in this order:

  1. Name TLV containing exactly three type Generic (aka, byte array or binary blob) components:

    C1:
    Sync zone id consisting of the first 8 bytes of the SHA-256 thumbprint of the communication schema cert in use for this domain (may be the same as the trust domain id).
    C2:
    Collection name
    C3:
    Run-length compressed IBLT of the items in the publisher's instance of the collection (see Section 5.4 for more information on IBLTs).
  2. Nonce (TLV type 10, leaf) whose value must be 4 random bytes chosen by the publisher at the time the cState is built. Duplicate cStates can arise from multiple members announcing the same Name because they hold the same items or because the network doesn't handle multicast well and lets PDUs loop. The nonce allows these two cases to be distinguished so looping cStates can be dropped.

  3. Lifetime (TLV type 12, leaf) whose value is the lifetime (measured in milliseconds since this PDU's arrival) serialized as an unsigned big-endian integer with all leading zero bytes suppressed. A member receiving the cState and capable of publishing into the collection can hold onto the cState for this lifetime. If the member has an item to publish before the end of the cState's lifetime, the publication can be sent immediately in a responding cAdd.

For example, the initial PDU sent by the home IoT "gate controller" sample app (in examples/hmIot of [DCT]) will be a cState in the cert collection and looks like:

5 (cState) size 128:
| 7 (Name) size 116:
| | 8 (Generic) size 8:  55d5 7f99 7d8d ba91
| | 8 (Generic) size 4:  cert
| | 8 (Generic) size 98:  8201 dd76 eb0f 46ed  89a8 8101 dd76 eb0f  46..
| |                       beb5 9922 fdd6 7401  cbbe 5bc1 5b57 1c63  84..
| |                       79aa ca17 8501 cbbe  5bc1 5b57 1c63 8801  ce..
| |                       92f8
| 10 (Nonce) size 4:  8b9f 8134
| 12 (Lifetime) size 2:  4789

Note that the format inspections of this section are produced by using the dctwatch tool from [DCT] with the -f option.

5.2.1.2. cAdd PDUs

Note: cAdds, publications and Certificates all share the same Data (TLV type 6) container format but are distinguished by its Metainfo TLV. They all contain the same five TLVs in the same order but each has different constraints on the value of those TLVs.

A cAdd PDU (TLV type 6) supplies one or more pubs in response to some cState. It must contain the following five TLVs and they must be in this order:

  1. Name TLV derived from the cState's Name: the first two components, sync zone id and collection name, are the same but the IBLT component is replaced by a csID (TLV type 35, leaf) whose value must be the 32 bit big-endian Murmurhash of the cState's entire Name TLV. (This is done because "Repeat the question and append the answer" is the common strategy for matching responses to requests in multicast protocols but an IBLT can be hundreds of bytes which would drastically reduce the cAdd's payload space so "the question" is replaced with a compact hash proxy.)

  2. Metainfo (TLV type 20) saying the PDU's ContentType is cAdd (42), i.e., contains one or more pubs and nothing else so it must be 'structurally validated' on arrival.

  3. Content container (TLV type 21) which must contain one or more complete, valid pubs. The pubs must NOT already be in the cState's IBLT. I.e., the pubs must be newly created on the cAdd publisher or in the 'need' set when the difference between the publisher's IBLT and the cState's IBLT is 'peeled' (see [DIFF] and the DeftT example implementation's handleCState code for details).

  4. SigInfo container (TLV type 22) which must contain a SigType (TLV 27, leaf) containing a valid keyed or unkeyed signature type from the types listed in Section 5.2.2. If and only if the signature type is keyed (i.e., validation requires the public key cert of a public/private keypair), the SigInfo must contain KeyLocator (TLV 28) containing a KeyDigest (TLV 29, leaf) of length 32 bytes containing the thumbprint of the cert needed for validation. The SigType must match the type of the PDU signature validator associated with the collection.

  5. SigValue (TLV type 23, leaf) containing the result of signing the cAdd PDU with using the algorithm and key, if any, specified by the SigInfo. The Length of the TLV must match the length used by the signature type as per Section 5.2.2. The PDU signature validator must successfully validate the signature.

For example, the following is the frontdoor's cAdd responding to the cState, shown above, for the cert collection. The cert collection is synced by the certificate distributor which can't use any signature types that depend on keys since it's responsible for obtaining the certificates containing the keys that would be needed to validate a PDU's signature. Thus, it is the only collection allowed to use an unkeyed [RFC7693] BLAKE2 MAC to integrity check its PDUs (this is why Figure 11 does not specify a separate validator for cert PDUs). Since the content is self-authenticating public key certs, this doesn't cause security issues.

6 (Data) size 561:
| 7 (Name) size 22:
| | 8 (Generic) size 8:  55d5 7f99 7d8d ba91
| | 8 (Generic) size 4:  cert
| | 35 (csID) size 4:  f6d7 3d84
| 20 (MetaInfo) size 3:
| | 24 (ContentType) size 1:  42 (CAdd)
| 21 (Content) size 489:
         ... (489 bytes of Content elided)
| 22 (SigInfo) size 3:
| | 27 (SigType) size 1:  9 (RFC7693)
| 23 (SigValue) size 32:  af8e 1412 e659 103f  5237 f1e1 0e7b 0af8  9c..

Except for this collection, PDU and publication signature types are specified in the schema. PDUs typically use AEAD with a locally elected cover key distributor to protect the content privacy. Publications typically use EdDSA to provide provenance and ABAC attributes via the signing chain or a combined AEAD and EdDSA signature type (AEADSGN) to constrain content disclosure to some limited group. All encrypted content must remain encrypted, in motion or at rest, from point of origin to point(s) of use. The syncps subscribe upcall may decrypt a piece of content for ephemeral use but the callee must NOT retain the plaintext form.

5.2.1.3. Publications

As noted above, a publication must be in a Data TLV containing the same five TLVs in the same order as cAdds and Certificates. Publications are distinguished by having a Metainfo ContentType of Blob (0). A publication (TLV type 6) must contain the following five TLVs and they must be in this order:

  1. Name TLV which must contain at least three components and the first component's length must be non-zero. The schema specifies the format of the Name including number and type of components, allowed values, allowed signers, etc. Implementations must construct and sign pubs so that they are consistent with the schema. (The example implementation's applications show that this can be done automatically with minimal application involvement, e.g., see the phone app in the office control example.) Implementations must fully validate publications both cryptographically and against the schema before adding them to the collection. Implementations must NOT add a publication to a collection that already contains it.

  2. Metainfo (TLV type 20) saying the publication's ContentType is Blob (0), i.e., contains arbitrary bytes that can't be 'structurally' validated (but are always cryptographically validated for integrity and authorization by the signature check)..

  3. Content container (TLV type 21) containing Length bytes. Length may be zero.

  4. SigInfo container (TLV type 22) which must contain exactly two TLVs: a SigType (TLV type 27, leaf) containing a valid keyed signature type from the types listed in Section 5.2.2 followed by a KeyLocator (TLV type 28) containing a KeyDigest (TLV type 29, leaf) of length 32 bytes containing the thumbprint of the cert needed to validate the signature. The SigType in the publication must match the collection's publication validator which must match the #pubValidator specified in the schema.

  5. SigValue (TLV type 23, leaf) containing the result of signing the publication using the algorithm and key specified by the SigInfo. The Length of the TLV must match the length used by the signature type as per Section 5.2.2. The collection's publication signature validator must successfully validate the signature.

For example, what follows are two consecutive publications made to the msgs collection. First, operator alice publishes a command for all lock devices to lock themselves (similar to the multiple subscriptions per-light shown in Figure 3, the schema requires that all lockable devices subscribe to the iot1/lock/command/all prefix in msgs):

6 (Data) size 216:
| 7 (Name) size 68:
| | 8 (Generic) size 4:  iot1
| | 8 (Generic) size 4:  lock
| | 8 (Generic) size 7:  command
| | 8 (Generic) size 3:  all
| | 8 (Generic) size 4:  lock
| | 8 (Generic) size 17:  p38863@aphone.local
| | 37 (SequenceNum) size 4:  b4a1 ea2a
| | 37 (SequenceNum) size 0:
| | 36 (Timestamp) size 7:  23-09-18@19:40:45.591793
| 20 (MetaInfo) size 3:
| | 24 (ContentType) size 1:  0 (Blob)
| 21 (Content) size 32:  Msg #3 from operator:alice-38863
| 22 (SigInfo) size 39:
| | 27 (SigType) size 1:  8 (EdDSA)
| | 28 (KeyLocator) size 34:
| | | 29 (KeyDigest) size 32:  7096 5de9 6848 7543  d2c8 e459 24fb 7b0..
| 23 (SigValue) size 64:  61b3 fc3c 03df 2c89  7a0c ddae 27a2 f883  dd..
|                         2699 899f 1c91 46c1  3127 9da8 8948 e783  68..

Three milliseconds later, the gate publishes that it has locked itself:

6 (Data) size 214:
| 7 (Name) size 69:
| | 8 (Generic) size 4:  iot1
| | 8 (Generic) size 4:  lock
| | 8 (Generic) size 5:  event
| | 8 (Generic) size 4:  gate
| | 8 (Generic) size 6:  locked
| | 8 (Generic) size 17:  p59280@rpi2.local
| | 37 (SequenceNum) size 4:  e131 5a4b
| | 37 (SequenceNum) size 0:
| | 36 (Timestamp) size 7:  23-09-18@19:40:45.594867
| 20 (MetaInfo) size 3:
| | 24 (ContentType) size 1:  0 (Blob)
| 21 (Content) size 29:  Msg #3 from device:gate-59280
| 22 (SigInfo) size 39:
| | 27 (SigType) size 1:  8 (EdDSA)
| | 28 (KeyLocator) size 34:
| | | 29 (KeyDigest) size 32:  3dde 0f21 beae 2c20  3ea3 5c2e 77ca 9d4..
| 23 (SigValue) size 64:  3913 011d 7e74 807c  94b5 e725 a8e7 5b2f  09..
|                         bc99 9c8b fa9f f929  4722 f23a 1fbe cd84  b6..

As described in Section 9, the schema is designed for spoofing and replay protection of publications. Section 5.4 notes that the per-publication EdDSA signature prevents spoofing or modification. Since all collections ignore duplicates of an existing publication, replays of anything in the collection will be ignored. Publications have a collection-dependent lifetime that is generally ephemeral. To keep collections from growing without bound, publications are removed once their arrival time plus lifetime exceeds the node's local time. Arriving publications are ignored if their timestamp (name component 9) plus a collection-dependent "expiry time" is after the node's local time. "lifetime" is substantially larger then "expiry time" to account for clock skew so the combination of these two mechanisms prevents all replay.

5.2.1.4. Certificates

As noted above, a Certificate must be in a Data TLV containing the same five TLVs in the same order as cAdds and publications. Certificates are distinguished by having a Metainfo ContentType of Key (2) and by having a Validity Period specified according to a more rigorous subset of the rules in [RFC1422] section 3.3.6 as described in item 5 below.

A Certificate (TLV type 6) must contain the following five TLVs and they must be in this order:

  1. Name TLV which must contain at least five components and the first component's length must be non-zero. The schema specifies the format of the Name including number and type of components, allowed values, allowed signers, etc. Implementations must construct and sign certs so that they are consistent with the schema. (Tools to do this are supplied with the example implementation.) Implementations must fully validate certs both cryptographically and against the schema before adding accepting them. "Fully validating" requires that the cert's signer has been accepted thus a cert cannot be accepted until its entire signing chain has been accepted.

  2. Metainfo (TLV type 20) saying the Cert's ContentType is Key (2), This means the container has no TLV structure to validate.

  3. Content container (TLV type 21) containing Length bytes. Length must equal the size of the public key associated with the cert's SigInfo SigType

  4. SigInfo container (TLV type 22) which must contain exactly two TLVs: a SigType (TLV type 27, leaf) containing a valid keyed signature type from the types listed in Section 5.2.2 followed by a KeyLocator (TLV type 28) containing a KeyDigest (TLV type 29, leaf) of length 32 bytes containing the thumbprint of the cert needed to validate the signature. The KeyDigest must be followed by a Validity Period (TLV 253) containing a NotBefore (TLV 254, leaf) containing a valid 15 character ISO 8601-1:2019 format GMT timepoint followed by a NotAfter (TLV 255, leaf) containing a valid 15 character ISO 8601-1:2019 format GMT timepoint. The cert must be ignored if the NotBefore value is >= the NotAfter value, if the NotAfter value is < the current time or if the validity period is not completely contained within its signing cert's validity period. The SigType in the Cert must match the #certValidator type specified in the schema.

  5. SigValue (TLV type 23, leaf) containing the result of signing the Cert using the algorithm and key specified by the SigInfo. The Length of the TLV must match the length used by the signature type as per Section 5.2.2.

For example, what follows is the frontdoor's identity cert used in the home IoT example which gets added to the "cert" collection:

6 (Data) size 240:
| 7 (Name) size 50:
| | 8 (Generic) size 4:  iot2
| | 8 (Generic) size 6:  device
| | 8 (Generic) size 9:  frontdoor
| | 8 (Generic) size 3:  KEY
| | 8 (Generic) size 4:  0eaf f793
| | 8 (Generic) size 3:  dct
| | 36 (Timestamp) size 7:  23-02-18@18:17:46.088971
| 20 (MetaInfo) size 3:
| | 24 (ContentType) size 1:  2 (Key)
| 21 (Content) size 32:  de19 4605 7f77 a7bd  1317 de41 002c fe15  1bc..
| 22 (SigInfo) size 81:
| | 27 (SigType) size 1:  8 (EdDSA)
| | 28 (KeyLocator) size 34:
| | | 29 (KeyDigest) size 32:  8c7f 1de9 ebc9 17b6  a8e9 dce9 056a 74c..
| | 253 (Validity) size 38:
| | | 254 (NotBefore) size 15:  20230219T021746
| | | 255 (NotAfter) size 15:  20240219T021746
| 23 (SigValue) size 64:  c8b9 5883 4b9a 8aac  9ad0 e5e4 5eef 0a18  4b..
|                         1b3a 1574 58d4 0528  1740 883e d90c 836f  ed..

5.2.2. Leaf TLVs

Most of DeftT's leaf TLVs were described above but there are two important enumeration types, name components and signature types, with particular constraints and implications.

There are four types of components allowed in a Name (TLV 7):

Table 1: Name Component Types
Type TLV Description
Generic 8 Arbitrary blob of bytes
csID 35 32-bit murmurhash of cState name (number)
Timestamp 36 GMT time point in microseconds (number)
SequenceNum 37 unsigned 64-bit integer (number)

"Number" types are encoded in big-endian order (MSB first) with all leading zero bytes suppressed. Thus their length can be zero to eight bytes. For example, a SequenceNum of 0 would be [37, 0], 100 would be [37, 1, 100] and 1,000,000 would be [37, 3, 15, 66, 64].

There are five types of signature allowed in a SigType (TLV 27) and each requires the SigValue (TLV 23) in a Data with that SigType have a particular size:

Table 2: Signature Types
Type Value SigValue length Description
stSHA256 0 32 SHA256 data integrity
stAEAD 7 40 [RFC8103] content privacy plus full data integrity
stEdDSA 8 64 Ed25519 provenance and full data integrity
stRFC7693 9 64 [RFC7693] full data integrity
stAEADSGN 13 104 [RFC8103] content privacy with Ed25519 provenance and data integrity

5.2.3. TLV header details

All TLV headers use the same format. They occupy either 2 or 4 bytes, depending on the value of L. L specifies the length in bytes of V. Lengths in the range 0 to 252 occupy one byte. A length of zero is allowed and indicates there are no V bytes. Lengths in the range 253 to 65535 occupy three bytes: a 'flag byte' of 253 followed by the two bytes of the 16 bit length in big endian order. Lengths greater than 65535 (deliberately) can not be represented so a DeftT object can be no larger than 65535+4 = 65539 bytes. (Objects of arbitrary size can be handled by a segmentation/reassembly layer above DeftT such as dct/shims/mbps.hpp in the example implementation.)

L must use the minimum description length coding. For example, a length of 0 must be encoded as the single byte [0], not as the 3 bytes [253, 0, 0], 252 is encoded as [252], 253 as [253, 0, 253], 256 as [253, 1, 0] and 65535 as [253, 255, 255].

T specifies the type of data in the container. It occupies one byte, must be an element of the valid types set defined below, and must conform to that element's rules.

5.3. Application and network interface

Figure 9 and Figure 10 show the blocks and modules application information passes through in DeftT and may be useful references for this subsection. In a trust domain, applications pass information to be communicated to their DeftT, which packages it into publication(s) that are added to the local collection copy. These publications are also sent in a PDU via the system network interface to be received by other members of the domain which add the publications to their local collections. If a received publication matches a subscription, the information it contains is passed to the application. (For more detail, see the library at [DCT].) DeftT is organized into modules that perform its tasks. A DeftT shim exchanges information with applications. The example implementation [DCT] provides a message-based publish/subscribe (mbps) API that exchanges messages with the application and publications with the sync protocol. (Other APIs are possible.) DeftT startup begins when a shim object is instantiated by the application and given its identity bundle. Startup includes creating a certificate distributor and, optionally, group key distributors, depending on schema-specified signing. After startup, the msgs syncps of each member will maintain a cState containing the IBLT of its view of the collection. (In the stable, synchronized state, all members of a collection will have the same IBLT.)

Applications subscribe to all messages, or to a subset by topic, by passing a callback function to the mbps subscribe method. Application subscriptions are turned into syncps subscriptions via mbps. An application with new information to communicate passes the formatted topic items as parameters and the other content in a message via a publish call. Only the topic components and the message, if any, are passed between the application and mbps. Mbps adds mbps-specific components to the parameter list and invokes a schemaLib method that builds a valid (according to the schema) publication and can be passed to syncps to publish. Messages that exceed the content size limits of a single publication are segmented by mbps and carried in multiple publications. If a member's identity chain lacks the attributes required for a specific publication, no publication is built. The publication is signed using the sign method of the appropriate sigmgr and passed to syncps.

In syncps, the publication is packaged into a cAdd, signed using the sign method of the designated sigmgr and passed to the face. The updated IBLT is packaged into a new cState that is handed to the face. syncps is covered in detail in (syncps-a-set-reconciliation-protocol) and Section 5.5.

Trust domain members only process PDUs that share their trust domain identifier (Section 5.2.1.1 and Section 5.2.1.2). When a new cAdd is received at a member, the face ensures it matches an outstanding cState and, if so, passes it on to its matching syncps(es). Syncps validates (both structurally and cryptographically) the cAdd using the appropriate sigmgr's validate and continues, extracting valid publications. Each publication is structurally validated via a sigmgr and valid publications are added to the local collection and IBLT. Publications that match a subscription are passed to mbps, invoking the sigmgr's decrypt if the publication is encrypted. (Publication decryption is not available at relays.) mbps receives the publication and passes any topic components of interest to the application along with the content (if any) via the callback registered when it subscribed. (If the original content was spread across publications, mbps will wait until all of the content is received, reassembling using the publications' sCnt components.)

5.4. syncps: a set reconciliation protocol

Each DeftT has a syncps module to implement set reconciliation. syncps uses IBLTs to solve the multiparty set-difference problem efficiently without the use of prior context and with communication proportional to the size of the difference between the sets being compared. IBLTs have been used for set reconciliation in blockchain systems, specifically in Bitcoin Cash, contributing optimizations available as open-source code [Graphene19] that syncps utilizes.

The state of a local collection is encoded in an IBLT. A syncps announces its local collection state (set of currently known publications) by sending a cState (Section 5.2.1.1) that also serves as a query for additional data not reflected in its local state. Receipt of a cState performs three simultaneous functions: (1) announces new publications, (2) notifies of publications that member(s) are missing and (3) acknowledges publication receipt. The first may prompt a recipient to share its cState to get the new publication(s). The second results in a recipient sending a cAdd (Section 5.2.1.2) containing all the locally available publications that are missing from the IBLT in the cState. These are added to a cAdd in configurable priority order (e.g., newest first) until either all eligible publications have been added or the cAdd PDU is full. The third is used optionally and may result in a progress notification sent to other local modules so anything waiting for delivery confirmation can proceed.

On broadcast media, syncps uses any cStates it hears to reduce (suppress) sending excess cStates and listens for cAdds that may add to its collection. This means that one-to-many publications cause a single cState and a single cAdd on the media independently of the number of members desiring the publication (the theoretical minimum possible for reliable delivery). The digest size of a cState can be controlled by publication lifetime, dynamically constructing the digest to maximize communication progress and, if necessary for a large network, dynamically adapting topic specificity.

A cAdd with new publication(s) responds to a particular cState as per (Section 5.2.1.2 item 1). Any DeftT that is missing a publication (due to being out-of-range, asleep, channel errors, etc.) can receive it from any other DeftT. syncps continues to send cAdds as long as it receives cStates with IBLTs missing any of its active publications. This results in reliability that is subscriber-oriented, not publisher-oriented. syncps currently prevents redundant broadcasts by having originating publishers send their responding publications immediately while others delay before supplying missing publications, canceling if a responding cAdd is overheard. Other approaches are possible.

Figure 12 is a state diagram of the collection synchronization protocol. When a new syncps is started, it always sends its local cState (starts unsuppressed) on the network and sets an expiration timer for the cState. If this timer expires, the "new local cState" actions are repeated and the cState may be suppressed (thus not sent). For most collections, the initial cState will show an empty collection (certificate collections will have the local identity chain). The events that can move the collection forward are (1) the arrival of a cState from the network, (2) the arrival of a cAdd from the network whose csID matches a hash value stored from a previously received or sent cState, or (3) arrival of a new publication from its shim. For an arriving cAdd, each publication is extracted, validated, and passed to any registered subscriber callback(s). Non-validating packets are silently discarded (may optionally set alerts or count discards). As reception of new Pub(s) may cause an application process to create and add new publications to the local collection, sending of new pubs is deferred until the entire cAdd has been processed. If there are no new pubs to send, syncps moves to its "set sendCStateTimer" state where a cancelable sendCState timer is set to the estimated dispersion delay of this local subnet. (Dispersion should be << cState lifetime. More on dispersion delay in Section 5.5.)

syncpsSD new local cState entry/ make local cState from local IBLT do/ (if not suppressed) send exit/ cStateLifeTimer=cStateLifeTime process Pubs to send entry/ cancel sendCStateTimer do/ for(eligible haves) if (PubsToSend < cAdd size) PubsToSend.add(have) process cAdd entry/ newPubs=false do/ extract, validate & pass to any subscriber(s) all Pubs in cAdd sending cAdd do/ send cAdd(hash(cState),PubsToSend) wait for event process cState entry/ find record or add to cState store do/ update this cState record exit/ local = (this cState == local cState) set sendCstateTimer (re)set cStateTimer=f(dispersion) get stored cState peel IBLT values entry/ extract iblt from cState do/ peel with local for haves and needs sendcState timer expires cStateLifeTimer expires Pub from shim no cState cState local cAdd with stored csID !local best cState haves>0 || needs>0 / csID=hash(cState) no haves | needs PubsToSend > 0 !PubsToSend Pub from shim / newPubs=true !newPubs newPubs / csID=cAdd.csID
Figure 12: State diagram of a syncps module

Newly created publications are always eligible to send as no one else can have them. If any publications are created while in "process cAdd", the next state is "process pubs to send" with csID set to the csID field of the cAdd on entry to "process cAdd". In "process pubs to send" any pending sendCState will be canceled and eligible pubs are packaged as content for a new cAdd. The pubs of a sent cAdd are subject to a hold time (during which they are ineligible to send) of twice the dispersion delay to avoid responding to cStates sent before reception of a cAdd containing the Pub. If there are pubs to send, a cAdd with that content and the passed in csID is sent, then the set sendCStateTimer state is entered; when there are no pubs to send, the action moves there directly.

Another path to exit the "wait for event" state is reception of a cState which moves to "process cState" where incoming cStates are recorded, If this cState matches the local cState, the syncps returns to the wait state. Otherwise, the IBLT is extracted from the cState, an IBLT is computed on the local Pub collection, and they are peeled to find the ones the received cState has that are not in the local collection ("needs") and the ones that are in the local collection and not in the received cState ("haves"). Syncps enters the "process pubs to send" state with csID set to the hash of the cState's name. Eligible pubs are "haves" that do not have a hold time set and locally generated publications are sent preferentially. Publications obtained from others are not immediately eligible to send; members delay to give the originator time to respond, sending these when further cStates indicate a member continues to need them.

A syncps also exits the wait state when the attached shim has a publication to send. Since a new Pub will not appear in any previously issued cState, any cState can be used, including one issued locally. In "get stored cState", the best one (the most recent cState from the network if available) is retrieved and passed to the "peel IBLT values" state where its cState.csID is used for the csID value. There will always be at least the one new publication to send in this case.

This state diagram is intended to capture the major functionality of a syncps module while excluding excessive detail. In particular, Figure 12 does not show "housekeeping" tasks on the collection, e.g., removal of expired publications.

5.5. Synchronizing a collection

DeftT syncps modules interact on a (usually) multicast subnet to keep their collections synchronized. The following example illustrates member actions and communications to synchronize a collection (see also the sequence diagram in Figure 13).

Starting with all members connected to the collection (having confirmed publication of their identity credentials) and with an empty msgs collection (i.e., no applications have active publications), member2's application passes content to its DeftT via an mbps.publish(). The content is packaged into a publication (p1) and passed to syncps which creates and sends a cAdd PDU. The cAdd uses a hash of the shared (empty) cState as its cState identifier (third component of the Name -- see Section 5.2.1.2 item 1) to indicate the publication(s) it carries are additions to the collection in that state. Member2's new local cState (containing p1) is scheduled to be sent at a delay of the subnet's dispersion time (d) plus a small random value (r). Dispersion time is an estimate of the expected time for a cAdd to reach every member's collection. It may be a fixed or adaptive estimate and syncps is robust to inaccuracies: an overestimate may lead to longer delays and an underestimate may lead to more cState traffic on the channel. Members receive and validate the cAdd, then extract and validate p1, passing it to subscriptions. Each member schedules a sendCState after a small random delay r. (Scheduling a new sendCState cancels any pending sendCState.) When the sendCState timer expires, a new local cState is created with the IBLT of the collection (which will contain p1). This cState's expiration time is scheduled (value significantly longer than d) and the member sends the cState unless it is suppressed.

DeftT suppresses cStates that are identical to one that has already been heard twice. If member2 is waiting to confirm p1, it can do so with the first of these cStates it receives. In Figure 13, member6 did not receive the cAdd but reception of one of the new cStates shows the presence of p1 so member6 immediately sends its own local cState (which has an empty collection, lacking member2's publication). In this example, all members receive member6's cState, but member2, as p1's originator, responds preferentially and sends p1 in a new cAdd immediately. All other members set a timer (to d+r) to send p1. That timer is cancelled if the member receives a cAdd responding to member6's cState that contains p1. Meanwhile, member6 receives the new cAdd, adds p1 to its collection and schedules a new cState for delay r. That cState will be suppressed as it matches those already sent by the other members. Now the distributed collection is synchronized with a state of one publication (p1). If no other application content is created, cStates will be sent at ~cStateLifetime. On the channel, we will see one cState per ~cStateLifetime since each overlaps enough to suppress others. When p1 expires, it will be removed at each local collection and the subsequent cState will show an empty collection.

syncseq Simple Collection Synchronization member1 member1 member2 member2 member3 member3 member4 member4 member5 member5 member6 member6 member7 member7 synchronized empty collection (no Pubs) cState(0) send cAdd(0,p1) (re)sched cState d+r rcv cAdd & validate extract p1& validate (re)sched cState r rcv cAdd & validate extract p1& validate (re)sched cState r rcv cAdd & validate extract p1& validate (re)sched cState r rcv cAdd & validate extract p1& validate (re)sched cState r rcv cAdd & validate extract p1& validate (re)sched cState r the smallest random r value later send cState(p1) sched cState expiry send cState(p1) sched cState expiry members receiving two identical cStates suppress sending identical cStates schedule received cState expiry rcv cState(p1) send own cState(0) send cAdd(0,p1) response as p1 is a "have" Pub originated locally set timer to respond other's response will cancel set timer to respond other's response will cancel set timer to respond other's response will cancel set timer to respond other's response will cancel set timer to respond other's response will cancel rcv cAdd & validate extract p1& validate schedule cState r member6's r later send cState(p1) suppressed synchronized collection cState(p1) cState expiry later send cState(p1) & sched cState expiry send cState(p1) & sched cState expiry at cState lifetime timeout, members receiving two identical cStates suppress sending identical cStates sched cState expiry p1 lifetime is exceeded cState lifetime plus randomization passes send cState(0) & sched cState expiry send cState(0) & sched cState expiry at cState lifetime timeout, members receiving two identical cStates suppress sending identical cStates sched cState expiry synchronized collection cState(0)
Figure 13: Seven members using DeftT on a multicast subnet

Although Figure 13 shows one publication at a time for clarity, the logic applies if multiple members are publishing simultaneously or at close intervals (less than d or the cStateLifeTime). Distributed collections are always moving toward synchronization but during periods of intense interaction, times when all members are synchronized may be infrequent; this is not a problem.

5.6. Distributors

Distributors implement services a Deft requires for its operation. Distributors optional to general operation are specified in the communication schema.

5.6.1. Certificate distributor

DeftT's certificate distributor is a required module. It implements a collection of all the signing chain certificates in the Domain. When a new DeftT is instantiated, it must publish all the certificates from its identity bundle as well as its locally created signing certificate. This joining process was shown in Figure 8. Since many certificates in a member's chain are shared, that will be reflected in each cState and those certs will not be sent on the subnet. A member DeftT must receive a cState showing its signing chain in another member's local collection before a DeftT can be considered "connected" to the trust domain. This ensures there is at least one other member that can receive the PDUs it sends.

5.6.2. Group key distributors

Group key distributors are optional in DeftT but required, and automatically supplied, if encryption is specified in the schema. When present, they are instantiated after their local certificate distributor has "connected." The example implementation contains two types of group key distributors. A group key distributor handles creation and distribution of a single symmetric key to all members of the Domain to use to encrypt either publications or PDUs (if both are encrypted, there is a group key distribuor for each). A subscriber group key distributor distinguishes subscribers that can decrypt PDUs and/or publication and publishers that encrypt PDUs and/or publications (a member can be both subscriber and publisher). The group key distributor is briefly described here.

A trust domain using group key encryption must have at least one member with the attribute or capability of "keymaker" in its identity chain. Keymaker-capable members of a Domain elect a keymaker that makes a new symmetric encryption key upon winning the election. The non-keymakers publish key requests that the keymaker uses to create a list of current members. Requests and the symmetric key both have limited lifetimes. The keymaker uses each member's signing cert to encrypt a copy of the current key and creates and publishes as many publications as needed to carry all the encrypted keys. In these publications, entries are indexed by the thumbprint of the associated signing cert and the range of thumbprints is used in the publication name. Members only accept such publications from keymaker-capable signers and, in case of conflict, use the key sent by a member whose signing cert thumbprint is the smallest.

If the keymaker receives a new key request in between making new keys, a copy of the key will be encrypted for it and published. There is no explicit revocation but a blacklist can be implemented and either published or passed from an application and a new group key can be made and distributed to non-blacklisted members ahead of the normal schedule.

5.6.3. Other distributors

Distributors may be used for other types of key distribution and for distributing other types of information, e.g. blacklisted members, clock synchronization, or domain statistics.

5.7. Schema-based information movement

Although the Internet's transport and routing protocols emphasize universal reachability with packet forwarding based on destination, a significant number of applications neither need nor desire to transit the Internet (e.g., see [RFC8799]). This is true for a wide class of OT applications. Further, liberal acceptance of packets while depending on the good sending practices of others leaves critical applications open to misconfiguration and attacks. Internet protocols use header information to tell them how to forward packets; A DeftT PDU's header only contains a sync zone id and a collection name. Each DeftT has a trust management engine with a copy of rules (a schema or subschema). DeftT only creates and moves its publications in accordance with the fully specified communication schemas and never moves a PDU between sync zones. This approach differs in both intent and execution from Internet forwarding. It may not be appropriate for all use cases but offers new opportunities to address the specific security requirements of many Limited Domain use cases.

DeftT PDUs on the same subnet may be in different sync zones or trust domains and DeftT sync zones in the same trust domain may be on different subnets. In some cases, it is useful to define sync zones whose DeftTs have a compatible, but more limited, version of the trust domain's communication schema which is itself complete as a communication schema. "Compatible" means there is at least one publication type and associated signer specification in common or one schema may be a subset of the other. This subschema was mentioned in Section 1.4 and Section 4 and is further discussed in Section 6. Different subschemas may be deployed for sync zones on the same subnet or on different subnets. A subschema cert will have a different thumbprint from that of the full trust domain and different sync zones can be identified by the thumbprint of the (sub)schema in use.

Any part of a verifiable defined-trust identity can be used in the delineation of sync zones, e.g. specific component(s) of identity names allowed to sign publications can be constrained to be identical so that publications are effectively only relayed to a particular "group" as identified by those components. This is enforced via the secured schema, i.e., non-"group" publications will not validate.

For example, a unicast link may be used to connect two remotely located subnets of the same trust domain and only certain types of publications should pass through the unicast link. Relays can be used where the DeftTs on the unicast link have a restricted subschema (e.g. Figure 14-right). Further, different sync zones on the same subnet might be used where certain members have more limited access, either due to the technology of their devices or to restrict their access (e.g., guests of a network). Relays could limit publications simply by filtering publications or subscribing to subsets of publications but use of a subschema in different sync zones provides enforcement of publication movement.

Both cStates and cAdds contain their sync zone id and are not moved between subnets while publications are defined in the trust domain's communication schema and can move to any DeftT that can validate them. In the case of DeftTs on the same subnet but in with different (sub)schema certs, the cState and cAdd PDUs are differentiated by the sync zone id (thumbprint of the (sub)schema certificate as in Section 5.2.1.1 item C1). The sync zone id is used at the face module to determine whether or not to process a PDU. A DeftT's syncps manages a particular collection on a single subnet. Relays move publications between separate sync zones of the same trust domain by moving publications between the relay's multiple DeftT instances.

A relay is implemented [DCT] as an application running on a device with a DeftT interface in each sync zone (two or more) Figure 14. Each DeftT participates using a communication identity valid for the schema used by the DeftT. Only publications (including certs) are relayed between DeftTs and the publication must validate (to the extent possible) against the schema of each DeftT. Consequently cAdd encryption is unique per sync zone while publication encryption holds across the domain.

Since relay applications merely pass publications in the msgs collection, their DeftT API module (a "shim", see Section 5.1) performs pass-through of valid publications. As a consequence and a further security measure for boundary devices, relays have no need for publication encryption keys; this is enforced by use of a capability cert in relay identity chains. (The group symmetric key is never given to an identity with the relay capability in its chain.) For example, if we added a relay definition to the example of Figure 7:

rlyCert: _domain/"relay"/_myid/_certFormat <= rlyCap
capCert: _domain/"CAP"/capId/capArg/_certFormat
rlyCap:  capCert & {capId: "RLY", capArg: _} <= domainCert

The relay of Figure 14-left is on three separate wireless subnets. If all three DeftTs are using an identical schema, a new validated cert added to the cert store of an incoming DeftT is then passed to the other two, which each validate the cert before adding to their own cert stores (superfluous in this case, but not a lot of overhead for additional security). When a valid publication is received at one DeftT, it is passed to the other two DeftTs to validate against their schemas and published if it passes.

relayextend relayextend Relay b r oadcast segment 0 b r oadcast segment 2 b r oadcast segment 1 ch0 ch1 ch2 local network 1 local network 2 Relay Relay cell connection, tcp tunnel, etc.
Figure 14: Relays connect subnets

A relay may have different identities and schemas for each DeftT, but its DeftTs must have the same trust anchor and schemas that are identical copies, proper subsets or overlapping subsets of the domain schema. Publications that are undefined for a particular DeftT are silently discarded if they do not validate upon relay, just as they are when received from a face. This means the relay application of Figure 14-left can remain the same but publications will only be published to a different subnet if its DeftT has that specification in its schema. In addition, relays may filter publications at the application level or restrict subscriptions on some of their DeftT interfaces. Figure 14-right shows extending a trust domain geographically by using a unicast connection (e.g., over a cell line or tunnel over the Internet) between two relays which also interface to local broadcast subnets. Everything on each local subnet shows up on the other. A communication schema subset could be used here to limit the types of publications sent on the remote link, e.g., logs or alerts. Using this approach in Figure 14-right, local communication for subnet 1 can be kept local while subnet 2 might send commands and/or collect log files from subnet 1.

More generally, relays can form a mesh of broadcast subnets with no additional configuration (i.e., relays on a broadcast network do not need to be configured with others' identities and can join at any time). The mesh is efficient: publications are only added to an individual DeftT's collection once regardless of how it is received. Relays with overlapping broadcast physical media will only add a publication to any of its DeftTs once; syncps ensures there are no duplicates. More on the applicability of DeftT meshes is in Section 8.

5.8. Performance measurements

Measurements and profiling have been performed using examples from the open source [DCT] proof-of-concept codebase (v11.2) running on an Apple M1-max and an x86 linux-based machine. On both machines the code was compiled with clang-16 at optimization level -O3 but no additional or platform-dependent flags. An application examples/hmIoT/app2.cpp [DCT] with an operator role issue commands to app2.cpp's with device roles which are expected to perform the operation (e.g., lock the door) and report their subsequent status (e.g., locked). The schema used calls for EdDSA signing of publications and AEAD encryption of cAdds. Measuring the time from the appearance of the cAdd carrying the command publication until the appearance of the cAdd carrying the status publication captures the time to receive a cAdd, process its publication, convert the resulting application message into a publication and then add the publication to its local collection and package it and send it in a cAdd. On ethernet with negligible transmission delay, the Apple platform takes ~200us and the linux x86 ~300us.

Memory use is dominated by the certificate store (the cert collection) and the msgs collection of publications carrying application content. In the former case, each certificate is ~300 bytes and a member only stores its own signing chain as well as those of members that create publications the communication schema says they can accept. Measurement has shown memory use to be consistently less than 2 Mbytes.

The home IoT example was profiled on an M1-max using Apple's instruments tool. The time spent was classified both by the DeftT action it was invoked in and the codebase it was part of (DeftT, the libsodium cryptographic library, or the Boost async I/O library interface the to system's UDP/IP networking and scheduling). For each action, times were normalized by the total time spent on the action. The numbers in the table below are percentages of the total time taken for the action in the first column. For each codebase, the number given is the percentage time taken by its busiest function. The name of the action's largest item, irrespective of codebase, shown in the final column.

Table 3: Profiling Results from an Apple M1-max
action DeftT% crypto% system% largest item
make msg-to-Pub 32 68 0 EdDSA signing
send cAdd 3 4 84 sendTo syscall
send cState 10 0 80 sendTo syscall
handle cAdd 1 6 81 recvFrom syscall
handle Pub-to-msg 4 94 0 EdDSA validation
handle cState 3 0 73 recvFrom syscall

Note that none of the absolute times are large. For example, the EdDSA validation that accounts for 94% of incoming Pub-to-msg handling takes 22 microseconds and the corresponding signature that's 68% of make msg-to-Pub takes 16 microseconds. In general, send and receive syscall handling dominates and these delays are experienced by any transport protocol. Roughly half of this appears to be due to Boost's lock-heavy "executor" model which might be fixed by switching to c++20 co-routines. A real-time OS like Zephyr would be expected to remove much of the remaining system cost.

Thanks to the availability of hardware AES accelaration on both Arm and Intel platforms, the time to perform the cAdd AEGIS crypto is quite small: 300ns to simultaneously validate and decrypt on either platform. These measurements convince us that users and industries promoting the use of signing in networking would do well to focus on accelerating asymmetric key functions.

Table 4 shows the fixed and per-byte signing and validation costs for the current reference implementation [DCT] as measured by its time_signing.cpp tool. Hardware accelerated AEGIS-128L and AEGIS-256, were added in Sep 13, 2023 libsodium 1.0.19 release. AEAD-AEGIS is 4.5x faster than AEAD-IETF on the Intel platform and 7.8x faster on the Arm platform. Given the rapid evolution of high quality crypto algorithms and implementations, it's important that infrastructure and application code that relies on crypto be able to keep up. It took less than a day to add an AEGIS sigmgr to [DCT] and a one line change to the home IoT schema to switch the home IoT apps to use it. Since the sigmgr API is generic, no app or DeftT code changed.

Table 4: Measured Sigmgr per-operation times
operation Intel Arm M1-max
EdDSA signing 21us + 5.3us/KB 15us + 3.8us/KB
EdDSA validation 58us + 2.6us/KB 41us + 1.9us/KB
AEAD encryption 735ns + 885ns/KB 437ns + 2430ns/KB
AEAD decryption 719ns + 853ns/KB 433ns + 2420ns/KB
AEGIS encryption 209ns + 211ns/KB 176ns + 147ns/KB
AEGIS decryption 173ns + 192ns/KB 205ns + 141ns/KB

5.9. Congestion control

Each DeftT manages its collection on a single broadcast subnet (since unicast is a proper subset of multicast, a point-to-point connection is viewed as a trivial broadcast subnet), thus it only has to deal with that subnet's congestion. As described in the previous section, a device connected to two or more subnets may create DeftTs having the same collection name on each subnet with a publication Relay between them but DeftT never forwards PDUs between subnets. It is, of course, possible to run DeftT over an extended broadcast network like a PIM multicast group but the result will generally require more configuration and be less reliable, efficient and secure than DeftT's self-configuring peer-to-peer Relay mesh.

DeftT sends at most one copy of any publication over any fully connected subnet, independent of the number of publishers and subscribers on the subnet. Thus the total DeftT traffic on a subnet is strictly upper bounded by the application-level publication rate. As described in Section 5.4, DeftTs publish a cState specifying the set elements they currently hold. If a DeftT receives a cState specifying the same elements (publications) it holds, it doesn't send its cState. Thus the upper bound on cState publication rate is the number of members on the subnet divided by the cState lifetime (typically seconds to minutes) but is typically one per cState lifetime due to the duplicate suppression. Each member can send at most one cAdd in response to a cState. This creates a strict request/response flow balance which upper bounds the cAdd traffic rate to (number of members - 1) times the cState publication rate. The flow balance ensures an instance can't send a new cState until it's previous one is either obsoleted by a cAdd or times out. Similarly a cAdd can only be sent in response to the cState which it obsoletes. Thus the number of outstanding PDUs per instance is at most one and DeftT cannot cause subnet congestion collapse.

If a Relay is used to extend a trust domain over a path whose bandwidth delay product is many times larger than typical subnet MTUs (1.5-9KB), the one-outstanding-PDU per member constraint can result in poor performance (1500 bytes per 100ms transcontinental RTT is only 120Kbps). DeftT can run over any lower layer transport and stream-oriented transports like TCP or QUIC allow for a 'virtual MTU' that can be set large enough for DeftT to relay at or above the average publication rate (the default is 64KB which can relay up to 5Mbps of publications into a 100ms RTT). In this case there can be many lower layer packets in flight for each DeftT cAdd PDU but their congestion control is handled by TCP or QUIC.

6. Trust domain rule sets and schemas

OT applications are distinguished (from general digital communications) by well-defined roles, behaviors and relationships that constrain the information to be communicated (e.g., as noted in [RFC8520]). The capabilities and attributes of Things can be characterized in structured abstract profiles that can be machine-readable (e.g., [ONE][RFC8520][ZCL]). Energy applications in particular have defined strict attribute- and role-based access controls [IEC] but currently proposed enforcement requires the interaction of a number of mechanisms across the communications stack [NERC]. In Defined-trust Communications, structured profiles and rules strictly define permitted behaviors including what types of messages can be issued or acted on; undefined behaviors are not permitted. These rules, along with local configuration, are incorporated directly into the schemas used by DeftT's integrated trust management engine both to prohibit undefined behaviors and to construct compliant publications. This not only provides a fine-grained security but a highly usable security, an approach that can make an application writer's job easier since applications do not need to contain local configuration and security considerations.

DCT [DCT] includes a language (VerSec) for expressing the rules of communication, its compiler, and other tools to create the credentials a DeftT needs at run-time. DCT is example code that is provided as open source that is frequently updated to improve features and performance but may have bugs or unoptimized features in any particular release.

6.1. Communication schemas

Defined-trust's use of communication schemas is influenced by [SNC][SDSI] and the field of trust management defined by Blaze et. al. [DTM] as the study of security policies, security credentials, and trust relationships. and refined by Li et. al. [DLOG]. Communications schemas also have roots in the trust schemas for Named-Data Networking, described in [STNDN] as "an overall trust model of an application, i.e., what is (are) legitimate key(s) for each data packet that the application produces or consumes." DeftT's use is based on an approach introduced in [NDNW] and extended with introduction of the declarative VerSec schema language in [DNMP][IOTK][DCT]. Here a schema is analogous to the plans for constructing a building. Construction plans serve multiple purposes:

  1. Allow permitting authorities to check that the design meets applicable codes
  2. Show construction workers what to build
  3. Let building inspectors validate that as-permitted matches as-built

Construction plans get this flexibility from being declarative: they describe "what" to do, not "how" to do it. As noted on paragraph 4 of [DLOG]:

a declarative trust management specification based on a formal foundation guarantees all parties to a communication have the same notion of what constitutes compliance.

The schema is critical to Defined-trust Communications, adopting the more descriptive term communication schema (or just schema where its usage is clear) for the rules that define the communications of a trust domain. The schema details the meaning and relationship of individual components of the filename-like names (URI syntax [RFC3986]) of publications and certificates. The intent for a domain's communications is expressed in fine-grained rules: "who can say what." Credentials that define "who" are specified along with complete definitions of "what". Defined-trust communications has been targeted at OT networking where administrative control is explicit and it is not unreasonable to assume that identities and communication rules can be securely configured at every device. A single schema, securely provided to all members, provides the same protection as dozens of manually configured, per-node ACL rules.

A VerSec compiler, schemaCompile, and examples are included with the Defined-trust Communications Toolkit [DCT]. The compiler checks the formal soundness of the VerSec text specification (case 1 above) then converts it to a signed, compact, binary form. The compiler also reports diagnostics and includes a digraph listing that can be used to confirm that the intent of the schema has been implemented (and to flag problems). The binary form is used by DeftT to build (case 2) or validate (case 3) the publications (format covered in Section 5.2.1.3). As certificates are a type of publication, they are distributed and validated using DeftT, though they are subject to additional constraints (Section 5.2.1.4).

6.2. VerSec schema description language

VerSec follows LangSec principles to minimize misconfiguration and attack surface. Its structure is amenable to a forms-based input or a translator from the structured data profiles often used by standards [ONE][RFC8520][ZCL]. As declarative languages are expressive and strongly typed, they can express the constructs of these standards in their rules. VerSec continues to evolve and add new features as its application domain is expanded; the latest released version is at [DCT]. Other languages and compilers are possible as long as they supply the features and output needed for DeftT.

VerSec describes constraints on both the layout and components of names and on the structural and signing relationships between names; its statements simply state facts that can be given in any order. The language can only produce entities (publications, certificates, signing chains, etc.) with a fixed layout so the run-time validatation is loop- and recursion-free. All alternatives (e.g., different signing chains for the same publication) must be explicitly enumerated so validation and construction are constant time and space. The language is intended for trust domains with a common, local trust anchor. This means the set of signing chains for any schema must be a directed acyclic grap (DAG). This property is verified at compile time and exploited to make the runtime testing for signing-loops stateless and O(1).

6.2.1. Lexical building blocks

Names consist of a sequence of components separated by slashes /

Each component is an expression that can be:

  • a literal string enclosed in quotes "
  • an identifier
  • an internal function call
  • an expression enclosed in parens
  • two expressions separated by a vertical bar |.

Identifiers are a sequence of letters, digits and underscores starting with a letter, underscore or sharp sign. A leading underscore indicates that the component's value will be derived from schema rules and it must resolve to a concrete value (literal string, function call or signing chain component name) for the schema to be correct. Component identifiers that don't start with "_" are parameters that must be supplied at run time.

Comments start with "//" and terminate at the end-of-line. Comments, blank lines and whitespace are ignored.

A schema consists of a series of statements. A statement can describe either a definition or a signing chain. Statements must be terminated by a comma or newline.

6.2.2. Definitions

A definition consists of an identifier followed by a colon followed by an expression. Semantically it means that replacing the identifier with the expression, or vice-versa, doesn't change the meaning of the schema.

The expression must be a Name (sequence of components separated by slashes) or another definition's identifier. It can be followed by (optional) component constraints and/or signing constraints. For example,

#mypub: /_domain/_topic/param
req: #mypub & {_topic: "request"}

defines #mypub as a three component name whose components can be referenced as '_domain', '_topic' and 'param' and req as a specialization of it whose _topic component is constrained to be the literal string "request".

In publication definitions, like #mypub above, the expression must be a Name which is used to define the publication's component tag identifiers. Publication variant definitions, like req above, start with the parent publication's identifier followed by constraints to specialize it.

Publication identifiers that start with a sharp sign (#) are "exported": they appear in the binary schema together with their tags plus the parameters and optimized, compiled form of component constraints and signing constraints of all their variants. The current convention is that the first such definition describes publications in the msgs collection and the remainder specify runtime constraints such as signing algorithms (e.g., Figure 11). We plan to add collections as first-class entities in the VerSec language which will remove the need for this hack.

6.2.2.1. Component Constraints

A component constraint is an open brace followed by one or more constraint terms followed by a closing brace. Each constraint term consists of a tag identifier followed by a colon followed by an expression followed by a comma or newline. The semantics of a component constraint is that all its terms must hold, e.g.,

#mypub & {_topic: "req", param: "status"} | {_topic: "cmd", param: "start"}

resolves to /_domain/"req"/"status" and /_domain/"cmd"/"start" while

#mypub & {_topic: "req"|"cmd", param: "status"|"start"}

resolves to the full cross product {req,cmd} x {status,start}.

An ampersand (&) must separate the component constraints from the definition's initial Name or identifier. As the examples show, multiple component constraints can be given, separated by | or &. The two operators have equal precedence so if a mixture of | and & is used, parens are needed to ensure the intended evaluation order.

6.2.2.2. Signing Constraints

A signing constraint consists of a <= (signed-by operator) followed by one or more definition identifiers separated by | operators, e.g.,

cmd: #mypub & {_topic: "cmd"} <= opCert
req: #mypub & {_topic: "req"} <= opCert | userCert

says that cmd publications must be signed by an opCert while req publications can be signed by either an opCert or a userCert. If the domain signing authority only signs an opCert for designated operators, the semantic enforced here by the run-time library is "operators can issue requests and commands but normal users can only issue requests". This is enforced at the subscriber(s) via their validating that cmds are signed by an opcert, so a compromised publisher forging a cmd or signing one with a userCert produces at most an "attempted security breach" log message. (A compromised publisher with access to a valid opcert is still a threat but that needs to be addressed by key hygiene measures like secure signing enclaves and limited key lifetimes.)

6.2.3. Signing Chains

A signing chain is a sequence of identifiers separated by <= operators. All of the identifiers must be defined as publications or certs somewhere in the schema. The chain doesn't have to include all the certs on the path from the publication to the trust root as signing chain and signing constraint information is interpreted as edges in a signing DAG that defines all the legal chains for the schema. (For diagnostic purposes the compiler debug option adds the DAG in graphviz dot format to its output.) The DAG is checked to insure:

  • all nodes in the graph have been defined
  • the cert graph is a DAG (there are no cycles)
  • there is only one trust anchor (the DAG has a single sink)
  • all signed publications have path(s) to the trust anchor

A publication's entire signing chain, not just its immediate signing cert, is used to establish provenance, authorizations, capabilities and trust. If a chain has variants that are not distinguished by the immediate signer, enough of the chain should be specified to disambiguate.

6.2.4. Syntax and Semantics

Either a publication or a certificate is the first element of each signing chain. The remaining elements must all be certificates, each of which cryptographically signs the element preceding it. The final element must be a self-signed Trust Anchor so it signs both the preceding element and itself. This validation structure allows not just the publication's components but all the components in the chain to be used to enforce policy when building and validating publications. This is normally done implicitly via signing rules as above, but it can also be done explicitly by mirroring components within a cert chain. For example, for forensic logging it could be useful to know who issued the cmd and req publications of the previous example. Say opCert and userCert are defined as roleCert instances and roleCert is defined with a _role component containing the type of role and a _roleID component containing a person identifier like an employee number or name:

roleCert: /_domain/_role/_roleID
opCert:   roleCert & {_role: "operator"}
userCert: roleCert & {_role: "user"}

then adding a roleID component to #mypub:

#mypub: /_domain/_topic/_roleID/param

will cause the runtime to set that component to the value of _roleID in the signing cert when the publication is built and verify the component matches the signing cert's when the publication is received. For non-parameter identifiers like _roleID, the compiler creates runtime schema component correspondence information that allows both the builder and verifier to ensure that all signing chain components with that identifier contain the same value.

Parameters and correspondences are essentially schema 'variables' that are bound to concrete values by the runtime to create a logically grounded (fully specified and verifiable) publication. To ensure that all generated publications are grounded, the runtime schema describes all the parameters needed and the publication builder method throws an error if any of them are not supplied. For correspondences, the compiler checks that all non-parameter identifiers in a publications also appear in at least one cert of the publication's signing chain(s) and terminates with an error if not. (If no cert in the chain contains the identifier, that component can't be filled in with a concrete value at runtime so the schema doesn't produce grounded publications and is in error.) Certs don't need this check because, at runtime, certs are pre-built, grounded objects and the runtime only has to check, once, that they meet the constraints of the schema.

6.3. Schema examples

(Figure 15) shows a simple communication schema that defines the format of all publications in this domain's msgs collection to be an "#mpub", a six component name. The strings between the slashes define the tags used to reference components in the VerSec rules and in the run-time schema library. For example, the tag of the final component is _ts and the & {_ts: timestamp()} constraint on the name makes the component's TLV type a Timestamp (Section 5.2.2) which will be set to the current time when an #mpub is built and be validated as a timepoint when received.

The first component gets its value from the variable "_domain" and #pubPrefix is set as this value so that the schema contains information on what part of the name is considered common prefix. (This is a common prefix for all publications in this domain, not just those in msgs.) The schema puts no constraints on other name components of an #mpub but requires that #mpub publications be signed by (<=) a mbrCert. Thus the schema enforces that only enrolled domain members can publish.

The Validator lines specify cryptographic signing/validation methods for an #mpub, the domain certs, and the PDU that carries publications. Here all use EdDSA signing.

In operation, this schema puts no constraints on #mpubs inner four name components (additional constraints could be imposed by the application but they won't be enforced by DeftT). When it starts, a DeftT adds its signing certificate chain to the domain certificate collection (see Section 7.2), thus announcing its identity to all other members. Using the preconfigured trust anchor and schema, any member can verify the identity of any other member. This approach means members are not preconfigured with identities of other members and new entities can join at any time. Member signing certificates must adhere to the schema; publications or PDUs with unknown signers are discarded. The timestamp component is used to prevent replay attacks.

 #mpub: /_domain/trgt/topic/loc/arg/_ts & { _ts: timestamp() } <= mbrCert

 #pubPrefix:     _domain

 mbrCert:        _domain/_mbrType/_mbrId/_certinfo <= netCert
 netCert:        _domain/_certinfo

 #msgsValidator: "EdDSA"
 #certValidator: "EdDSA"
 #pduValidator:  "EdDSA"

 _domain:        "example"
 _certinfo:      "KEY"/_/"dct"/_
Figure 15: An example communication schema in VerSec [DCT]

This schema cryptographically identifies the source of every publication and ensures that only enrolled members can publish but offers no privacy beyond that supplied by the lower level communications media. DeftT includes an AEGIS AEAD validator subsystem that leverages each subnet's certificate collection to securely distribute symmetric-encryption nonce cover keys to all members on the subnet. This results in PDU privacy and integrity equivalent to TLS-1.3 at zero-cost (Table 4 measurements show that AEGIS encrypts/decrypts at memory speed).

Two changes are required to the above schema to enable this. First, #pduValidator should be changed to "AEAD" instead of "EdDSA". Second, the definition for a keymaker capability cert should be added and made an alternative signer of mbrCerts:

kmCap:    _domain/"CAP"/"KM"/_capArg/_certinfo <= netCert
mbrCert:  _domain/_mbrType/_mbrId/_certinfo <= kmCap | netCert

If a schema requires that msgs PDUs be encrypted, all subnet members need to use the same randomly-generated encrypt/decrypt cover key to communicate so DeftT automatically creates a local group key distributor (Section 5.6.2) to obtain it. When each member starts, this distributor checks its group-key collection to see if a keymaker has been elected. If not and if the member's signing chain contains a KM capability, it will start/join a Paxos-like election by publishing a candidate message to the group-key collection. When a keymaker has been elected, members publish requests for the current cover key and the keymaker publishes replies that contain the group key encrypted using the requesting member's public signing key. The keymaker retrieves the member's public signing key from its local store of validated certificates by using the key locator of that member's signed request.

In addition to certificate capabilities like KM, VerSec and DeftT allow for Attribute-Based Access Control (ABAC) [NIST] using attributes of the subject, object, action and environment to determine authorization. ABAC takes advantage of the system's context to offer the fine-grained control of capability enumeration but with much less configuration and DeftT uses the schema to manage the ABAC locally at each member. For example, returning to the Figure 15 schema, define the members as either sensors (whose job is to report measurements), loggers (whose job is to solicit then archive sensor reports) or admins (whose job is to configure sensors and loggers). This has the communication pattern that loggers publish request messages to solicit sensor status messages and admins publish config messages to sensors and loggers who reply with state messages. Six rules have to be added to the example to express and enforce this communication pattern: three to distinguish the three member types and three to describe what they can say.

sensorCert: mbrCert & { _mbrType: "sensor" } <= netCert
loggerCert: mbrCert & { _mbrType: "logger" } <= kmCap | netCert
adminCert:  mbrCert & { _mbrType: "admin" } <= netCert

sensorMsg: #mpub & {topic:"status"|"state"} <= sensorCert
loggerMsg: #mpub & {topic:"request"|"state"} <= loggerCert
adminMsg:  #mpub & {topic:"config"} <= adminCert

An AEAD kmCap was included in the above to show that ABAC and capabilities are not antagonists. In this case, sensors have limited processors and are often battery powered and admins are people who come and go. Since keymaker is a critical, always on infrastructure service, loggers are the only members qualified to be keymakers but whether any particular logger gets a kmCap is the system administrator's decision which is what the <=kmCap|netCert signing constraint says.

Communication schema changes are the only changes required in order to increase security and add privacy: neither code nor binary needs to change and DeftT handles all aspects of validators. This unique approach of integrating identity and communication rules into the transport makes it relatively to produce and evolve secure systems.

Converting desired behavioral structure into a schema is the major task of applying Defined-trust Communications to an application domain. Once completed, all the deployment information is contained in the schema. Although a particular schema cert defines a particular trust domain, the text version of a schema can be re-used for related applications. For example, a home IoT schema could be edited to be specific to a particular home network or a solar rooftop neighborhood and then signed with a chosen trust anchor.

7. Certificates and identity bundles

Defined-trust's approach is partially based on the seminal SDSI [SDSI] approach to create user-friendly namespaces that establish transitive trust through a certificate (cert) chain that validates locally controlled and managed keys, rather than requiring a global Public Key Infrastructure (PKI). When certificates are created, they have a particular context in which they should be utilized and trusted rather than conferring total authority. This is particularly useful in OT where communicating entities share an administrative control and using a third party to certify identity is both unnecessary and a potential security vulnerability. Well-formed certificates and identity deployment are critical elements of this framework. This section describes certificate requirements and the identity bundles that are securely distributed to trust domain members.

7.1. Obviate CA usage

DeftT's certificates are easily generated and signed by the local administrative authority ([DCT] includes utilities to create certs) so there is no reason to aggregate a plethora of unrelated claims into one cert (the Aggregation problem [W509] mentioned in Section 1). A DCT cert's one and only Subject Name is the Name of the publication that contains the public key as its content and neither name nor content are allowed to contain any optional information or extensions. Certificates are created with a lifetime; local production means cert lifetimes can be just as long as necessary (as recommended in [RFC2693]) so there's no need for the code burden and increased attack surface associated with certificate revocation lists (CRLs) or use of on-line certificate status protocol (OSCP). Keys that require longer lifetimes, like device keys, get new certs before the current ones expire and may be distributed through DeftT (e.g., using a variant of the group key distributors in DCT). If there is a need to exclude previously authorized identities from a domain, there are a variety of options. The most expedient is via use of an AEAD cAdd or publication validator by ensuring that the group key maker(s) of a domain exclude that entity from subsequent symmetric key distributions until its identity cert expires (and it is not issued an update). Another option is to publish an identity that supplants that of the excluded member. A new schema can be distributed at any time but the receiving application will need to start a new DeftT using that schema though it can run in parallel with the old DeftT for some period of time. Though more complex, it is also possible to distribute a new schema and identities (without changing the trust anchor), e.g., using remote attestation via the TPM.

From Section 6, a member is granted attributes in the schema via the certs that appear in its identity chain. Identity certs are always accompanied by their full chain-of-trust, both when installed and when the member publishes its identity to the cert collection. Every signing chain in the domain has the same trust anchor at its root and its compliant format specified in the schema. Without the entire chain, a signer's right to issue publications cannot be validated. Cert validation is according to the schema which may specify attributes and capabilities for publication signing from any certificate in the chain. For this model to be well founded, each cert's key locator must uniquely identify the cert that actually signed it. This property ensures that each locator resolves to one and only one signing chain. A cert's key locator is a thumbprint, a SHA256 hash of the entire signer's publication (name, content, key locator, and signature), ensuring that each locator resolves to one and only one cert and signing chain. Use of the thumbprint locator ensures that certs are not open to the substitution attacks of name-based locators like X.509's "Authority Key Identifier" and "Issuer" [ConfusedDep][CAvuln][TLSvuln].

7.2. Identity bundles

Identity bundles comprise the certificates needed to participate in a trust domain: trust anchor, schema, and an identity chain. The private key corresponding to the leaf certificate of the identity chain should be installed securely when a device is first commissioned (e.g., out-of-band) for a network while the public certs of the bundle may be placed in a file in a well-known location or may, in addition, have their integrity attested or even be encrypted.

Figure 16 shows the steps involved in creating identity bundles and their correspondence of the steps to the "building plans" model. (The corresponding tools available in DCT are shown across the bottom and the relationship to the "building plans" model is shown across the top.)

tools.config tools.config text binary make signed identity certs for each entity r epeat for all entities draw up plans validate plans authentic copies of plans schemaCompile make_bundle make_cert schema_cert DCT tools: wrap binary schema in schema cert signed by trust anchor create/adapt communications schema make identity bundle with trust anchor, schema and identity chain certs compile schema
Figure 16: Creating identity bundles

The process in Figure 16 can be used to construct an identity bundle using the example schema from Section 6.2 for a sensor with mbrId = 1. Then the bundle can be inspected using the ls_bundle utility at [DCT] showing the certs it contains. Left hand notations designate the certs by their position in the bundle and show which cert precedes it ("<=") in the chain. The private key for cert 3 is also in this bundle, indicated by "key" at the first bytes of the key value.

0 root: /example/KEY/^4c29d555/dct/23-09-20@16:36
1 <= 0: /example/schema/#mpub/KEY/^545b55ff/dct/23-09-20@16:36
2 <= 0: /example/CAP/KM/1/KEY/^77fe722e/dct/23-09-20@16:36
3 <= 2: /example/sensor/1/KEY/^d0660cc1/dct/23-09-20@16:36 key '6ca45831...

In the examples at [DCT], an identity bundle (with private key) is given directly to an application via the command line, useful for development, and the application passes callbacks to utility functions that supply the certs and a signing pair separately. For deployment, good key hygiene using best current practices must be followed e.g., [COMIS]. [DCT] examples use configured member identities to sign locally created signing certs (with associated private keys) and the example schemas give the format for these signing cert names. A DeftT will request a new signing cert shortly before expiration of the one in use. Upon each signing cert update, only this new cert needs to be published via DeftT's cert distributor.

In deployment, a small application manager may be programmed for two specific purposes. First, it is registered with a supervisor [SPRV] (or similar process control) for its own (re)start to serve as a bootstrap for the application. Second, it can have access to the TPM functions and the ability to create "short-lived" (hours to several days) public/private key pair(s) that are signed by the installed (commissioned) private identity key using the TPM. This signing key pair is created at (re)start and recreated at the periodicity of the signing cert lifetime. Figure 17 outlines a representative procedure. Since the signing of the public cert happens via requests to the TPM, the identity key (used to sign the cert) cannot be exfiltrated. The locally created signing key is used in the communications path where TPM signing overhead is prohibitive.

InstallIdbundle InstallIdbundle TPM bundle public certs supervisor process app cert distributor publishes entity's signing chain cert bundle and new signing cert commissioning Device 1. start app, passing in cert bundle 2. make pub signing key pair 3. put public key in signing cert with ~1 day lifetime 4. request that TPM sign the cert with device key 5. give signing cert & its secret key to app 6. before cert's expiry repeat steps 2-5
Figure 17: Representative commissioning and signing key maintenance

All DCT certs have a validity period. Publication signing key pairs (with public signing certs) are generated locally so they can easily be refreshed as needed. Trust anchors, schemas, and the member identity chain are higher value and often require generation under hermetic conditions by some authority central to the organization. Their lifetime should be application- and deployment-specific, but the higher difficulty of cert production and distribution often necessitates liftetimes of weeks to years.

Secure device configuration and on-boarding should be carried out using the best practices most applicable to a particular deployment. The process of enrolling a device by provisioning an initial secret and identity in the form of public-private key pair and using this information to securely onboard a device to a network has a long history. Current and emergent industry best practices provide a range of approaches for both secure installation and update of private keys. For example, the private key of the bundle can be secured using the Trusted Platform Module, the best current practice in IoT [TATT][DMR][IAWS][TPM][OTPM][SIOT][QTPM][SKH][RFC8995], or secure enclave or trusted execution environment (TEE) [ATZ] where available. In that case, an authorized configurer adding a new device can use TPM tools to secure the private signing key and install the rest of the bundle file in a known location before deploying the device in the network. Where entities have public-private key pair identities of any (e.g., non-DCT) type, these can be leveraged for DeftT identity installation.

Updating schemas and other certificates over the deployed network (OTA) is application-domain specific and can either make use of domain best practices or develop custom DeftT-based distribution. Changing the trust anchor is considered a re-commissioning. The example here is merely illustrative; with pre-established secure identities and well-founded approaches to secure on-line communications, a trust domain could be created OTA using secure identities established through some other system of identity.

8. Use cases

(footnote Roger Jungerman contributed significantly to this section.)

8.1. Secure Industrial IoT

IIoT sensors offer significant advantages in industrial process control including improved accuracy, process optimization, predictive maintenance and analysis, higher efficiency, low-cost remote accessibility and monitoring, reduced downtime, power savings, and reduced costs [IIOT]. Critical Digital Assets (CDA) are a class of industrial assets such as power plants or chemical factories which must be carefully controlled to avoid loss-of-life accidents and where IIoT sensors require tight security. Even when IIoT sensors are not used for direct control of CDA, spoofed sensor readings can lead to destructive behavior. There are real-life examples (such as uranium centrifuges) of nation-state actors changing sensor readings through cyberattacks leading to equipment damage. These risks result in a requirement for stringent security reviews and regulation of CDA sensor networks. Despite the advantages of deploying CDA sensors, adequate security is prerequisite to deploying the CDA sensors. Information conveyed via DeftT has an ensured provenance and may be efficiently encrypted making it ideal for this use.

8.1.1. Meshing without additional configuration

IIoT sensors may be fixed or mobile (including drone-based); mobility and envirnomental factors may cause different sensor gateways to receive measurements from a particular sensor over time. A DeftT mesh captures publications anywhere within its combined network coverage area and ensures it efficiently reaches all members as long as they are in range of at least one member that has received the information. An out-of-service or out-of-range member can receive all active subscribed publications once it is in range and/or able to communicate. DeftT forms meshes with no additional configuration (beyond DeftT's usual identity bundle and private identity key) needed to make devices recognize one another in the trust domain. To see how DeftT propagates information throughout a partially connected mesh, consider Figure 18 where sensor S1's signal can reach devices D1-D4 but not D5 and D6. (Refer to Section 5.4 and Section 5.5.)

robust robust { { sensor S1 device D1 device D2 device D3 device D4 device D5 device D6 S1 Range Limit
Figure 18: Members out-of-range of publication's originator can receive from non-originating members
  1. S1 sends a cAdd with its latest measurement publication that is received by D1-D4 and added to their collections after which they synchronize their cStates which now contain this publication
  2. Either a device in range of D5 and/or D6 sends a cState that shows the new publication which results in a cState that lacks the new publication being set from D5 and/or D6. This cState serves as a request for the new publication. Or D5 and/or D6 send a periodic cState update that lacks the new publication and it is received by at least one of D1-D4.
  3. When devices that have received the new publication hear those cStates without it, they wait a dispersion delay (plus a small random value) so that the originator or some other device might respond, after which they send the publication in a cAdd unless a cAdd responding to the specific lacking cState is overheard first.

8.1.2. Mixed connectivity in a challenging environment

The large physical scale of many industrial processes necessitates that expensive cabling costs be avoided through wireless transport and battery power. Wireless sensor deployments in an industrial environment can suffer from signal outages due to shielding walls and interference caused by rotating machinery and electrical generators. In particular, nuclear power plant applications have radioactive shielding walls of very thick concrete and security regulations make any plant modifications to add cabling subject to expensive and time-consuming reviews and permitting.

Consider an industrial setting where LoRa sensors collect a wide range of information (e.g., temperature, movement/vibration, light levels, etc.) that is broadcast in layer 2 LoRaWAN messages (see Figure 19). The site's WiFi network includes fixed displays, mobile tablets, and devices with both a LoRaWAN gateway interface and a WiFi interface (Gateways). The WiFi-enabled devices can subscribe to subsets of the information available through DeftT. Data privacy is ensured by encrypting cAdd PDUs. Deploying several Gateways within a single sensor's broadcast range reduces the number of lost sensor LoRa packets and the DeftT WiFi mesh is resilient against transmission outages. DeftT publications are sent once and heard by all in-range members while publications missing from one DeftT's set can be supplied by another within range. In Figure 19 Gateways are deployed in fixed locations near the doorways in shielded walls to ensure connectivity of the WiFi mesh. A Controller with long-term data storage is sited in a control room and connected via an Ethernet cable to a Gateway that also has an Ethernet interface and runs a DeftT relay. Mobile WiFi devices can move throughout the site and maintain connection to both the sensors and the Controller (through the Gateways).

As in many existing MQTT-based deployments, LoRaWAN server components are assumed to be integrated with the Gateway devices but these devices communicate via DeftT over adhoc WiFi. All Gateways participate in a collection for join messages but only the join server originates LoRaWAN join-accept publications. Only one Gateway has the join server capability (defined in the schema and conferred via identity chain). The join server may distribute the (encrypted) application key to Gateways that display sensor information or to WiFi devices that may perform more sophisticated tasks e.g., a tablet that analyzes and displays historical sensor input.

Multiple Gateways can receive sensor messages which they package as publications using the device identifier (DevAddr) and unique count (uplink FCnt) as components of the name and publish in a collection of sensor measurements. If publications are encrypted with a group key, the full name will be unique and only those Gateways that did not receive the broadcast directly from a sensor will obtain it via the DeftT WiFi interface. (Collection synchronization discards duplicates.) Otherwise, if publications are signed with the identity of the originating Gateway, the shim can discard duplicates before passing to the subscribing application. The Controller receives publications of sensor data via a TCP connection to the TCP face of the DeftT relay and receives a copy of the application key.

meshEx meshEx Cont r oller GW1 GW2 Da t a s t o re TCP TCP relay device device sensor sensor sensor sensor sensor sensor
Figure 19: IIOT Gateways and relay extend a trust domain

In addition to specifying encryption and signing types, schema rules control which users can access specific sensors. For example, an outside predictive maintenance analysis vendor can be allowed access to the vibration sensor data from critical motors, relayed through the Internet, while only plant Security can see images from on-site cameras.

8.2. Secure access to Distributed Energy Resources (DER)

The electrical power grid is evolving to encompass many smaller generators with complex interconnections. Renewable energy systems such as smaller-scale wind and solar generator sites must be economically accessed by multiple users such as building owners, renewable asset aggregators, utilities, and maintenance personnel with varying levels of access rights. North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) regulations specify requirements for communications security and reliability to guard against grid outages [DER]. Legacy NERC CIP compliant utility communications approaches, using dedicated physically secured links to a few large generators, are no longer practical. DeftT offers multiple advantages over bilateral TLS sessions for this use case:

  • Security. Encryption, authentication, and authorization of all information objects. Secure brokerless pub/sub avoids single-point broker vulnerabilities. Large generation assets of hundreds of megawatts to more than 1 gigawatt, particularly nuclear power plants must be controlled securely or risk large-scale loss of life accidents. Hence, they are attractive targets for sophisticated nation-state cyber attackers seeking damage with national security implications. Even small-scale DER generators are susceptible to a coordinated attack which could still bring down the electric grid.
  • Scalability. Provisioning, maintaining, and distributing multiple keys with descriptive, institutionalized, hierarchical names. DeftT allows keys to be published and securely updated on-line. Where historically a few hundred large-scale generators could supply all of the energy needs for a wide geographic area, now small-scale DER such as residential solar photovoltaic (PV) systems are located at hundreds of thousands of geographically dispersed sites. Many new systems are added daily and must be accommodated economically to spur wider adoption.
  • Resiliency. A mesh network of multiple client users, redundant servers, and end devices adds reliability without sacrificing security. Generation assets must be kept on-line continuously or failures risk causing a grid-wide blackout. Climate change is driving frequent natural disasters including wildfires, hurricanes, and temperature extremes which can impact the communications infrastructure. If the network is not resilient communications breakdowns can disable generators on the grid leading to blackouts.
  • Efficiency. Data can be published once from edge gateways over expensive cellular links and be accessed through servers by multiple authorized users, without sacrificing security. For small residential DER systems, economical but reliable connectivity is required to spur adoption of PV compared to purchasing from the grid. However, for analytics, maintenance and grid control purposes, regular updates from the site by multiple users are required. Pub/sub via DeftT allows both goals to be met efficiently.
  • Flexible Trust rules: Varying levels of permissions are possible on a user-by-user and site-by-site basis to tightly control user security and privacy at the information object level. In an energy ecosystem with many DER, access requirements are quite complex. For example, a PV and battery storage system can be monitored on a regular basis by a homeowner. Separate equipment vendors for batteries and solar generation assets, including inverters, need to perform firmware updates or to monitor that the equipment is operating correctly for maintenance and warranty purposes. DER aggregators may contract with a utility to supply and control multiple DER systems, while the utility may want to access production data and perform some controls themselves such as during a fire event where the system must be shut down. Different permissions are required for each user. For example, hourly usage data which gives detailed insight into customer behaviors can be seen by the homeowner, but for privacy reasons might only be shared with the aggregator if permission is given. These roles and permissions can be expressed in the communication rules and then secured by DeftT's use of compiled schemas.

The specificity of the requirements of NERC CIP can be used to create communication schemas that contain site-specifics, allowing applications to be streamlined and generic for their functionality, rather than containing security and site-specifics.

9. Security Considerations

This document presents a transport protocol that secures the information it conveys (COMSEC in the language of [RFC3552]). Security of data in the application space is out-of-scope for this document, but use of a trusted execution environment (TEE), e.g., ARM's TrustZone, is recommended where this is of concern. There is significant industry awareness of the ubiquitous need for trust of computing devices. To the extent that they have sponsored Caliptra [caliptra], the RTL (registered transfer language) for a root of trust element that can be included without cost in any design.

Unauthorized changes to DeftT code could bypass validation of received PDUs or modify the content of outgoing PDUs prior to signing (but only valid PDUs are accepted at receiver; invalid PDUs are dropped by uncompromised member). Although securing DeftT's code is out-of-scope for this document, DeftT has been designed to be easily deployed with a TEE. Revisiting Figure 2, Figure 20 highlights how all of the DeftT code and data can be placed in the secure zone (long-dashed line), reachable only via callgates for the Publish and Subscribe API calls.

hwtrust hwtrust-rfc On-Device App Device Specific Code Certs, keys and Trust schema Shim Subscribe Publish call gates secured code and data in TrustZone Publication Validator Publication Builder Network
Figure 20: DeftT secured with a Trusted Execution Environment

Providing crypto functions is out-of-scope of this document. The example implementation uses libsodium, an open source library maintained by experts in the field [SOD]. Crypto functions used in any alternative implementation should be of similar high quality.

Enrollment of devices is out-of-scope. A range of solutions, from preconfiguration to over-the-air, are available and selection of one is dependent on specifics of a deployment. Example approaches include the Open Connectivity Foundation (OCF) onboarding and BRSKI [RFC8995]. NIST NCCOE network layer onboarding might be adapted, treating a communication schema like a MUD URL.

Protecting private identity and signing keys is out-of-scope for this document. Good key hygiene should be practiced, securing private credentials using best practices for a particular application class, e.g. [COMIS][OWASP]. As signing key pairs are updated locally and the private key is used for every publication, TPM storage for that key is not practical but other trusted memory and execution could be used for the key and its signing functions. These key pairs can be updated frequently. DeftT does not contain any specific remediation if a signing or identity key is exfiltrated; additional monitoring may be implemented where the threat level is high.

DeftT's unit of information transfer is a publication. It is an atomic unit sized to fit in a lower layer transport PDU (if needed, fragmentation and reassembly are done in shim or application). All publications must be signed and the signature must be validated. All publications start with a Name (Section 5.2.1.3). Publications are used both for ephemeral communication, like commands and status reports, and long-lived information like certs. The set reconciliation-based syncps protocol identifies publications using a hash of the entire publication, including its signature. A sync collection can contain at most one instance of any publication so replays of publications in the collection are discarded as duplicates on arrival. The current DeftT implementation requires weakly synchronized clocks with a known maximum skew. Publications have a lifetime enforced by their sync collection; their names include a timestamp used both to enforce that lifetime and prevent replay attacks by keeping a publication in the local collection (but not advertising its existence) until its lifetime plus the skew has passed. (Lifetimes in current applications range from days or years for certs to milliseconds for status and command communications). Publications arriving a skew time before their timestamp or a skew time plus lifetime after their timestamp are discarded.

An attacker can modify, drop, spoof, or replay any DeftT PDU or publication but DeftT is designed for this to have minimal effect:

  1. modification - all DeftT cAdd PDUs must be either signed or AEAD encrypted with a securely distributed nonce group key. This choice is specified in the schema and each DeftT checks at startup that one of these two properties holds for the schema and throws an error if not.

    • for signed PDUs each receiving DeftT must already have the complete, fully validated signing chain of the signer or the PDU is dropped. The signing cert must validate the PDU's signature or the PDU is dropped.

    • for encrypted PDUs (and publications) the symmetric group key is automatically and securely distributed using signing identities. Each receiver uses its copy of the current symmetric key to validate the AEAD MAC and decrypt the PDU content. Invalid or malformed PDUs and publications are dropped.

    cState modification to continually send an older, less complete state in order to generate the sending of cAdds could create a DoS attack but counter measures could be implemented using available DeftT information in order to isolate that entity or remove it from the trust domain.

  2. dropped PDUs - DeftT's sync protocol periodically publishes cStates regardless of whether the collection has changed, resulting in (re)sending dropped cAdds (if any). Unlike connection-oriented transports, DeftT can and will obtain any publications missing from its collection from any member that has a valid copy.

  3. spoofing - DeftT uses a trust management engine that validates the signing. Malformed publications and PDUs are dropped as early as possible.

  4. replay - A cAdd is sent in response to a specific cState, so a replayed cAdd must match a current cState and, if so, the cAdd's publication(s) will be filtered for duplicates and obsolescence as described above. A cAdd that doesn't match a current cState will be dropped on arrival.

Peer member authentication in DeftT comes through the integrated trust management engine. Every DeftT instance is started with an identity bundle that includes the domain trust anchor, the schema in certificate format signed by this trust anchor, and its own member identity chain with a private identity key and the chain signed at the root by trust anchor. Members publish their identity chains before any publications are sent. The trust management engine unconditionally drops any publication or PDU that does not have a valid signer or whose signer lacks the role or capabilities required for that particular publication or PDU.

DeftT takes a modular approach to signing/validation of its PDUs and publications, so a number of approaches to integrity, authenticity, and confidentiality are possible (and several are available at [DCT]). Security features that are found to have vulnerabilities will be removed or updated and new features are easily added.

A compromised member of a trust domain can only build messages that match the role and attributes in its signing chain. Thus, a compromised lightbulb can lie about its state or refuse to turn on, but it can't tell the front door to unlock or send camera footage to a remote location. Multiple PDUs could be generated, resulting in flooding the subnet. There are possible counter-measures that could be taken if some detection code is added to the current DeftT, but this is deferred for specific applications with specific types of threats and desired responses.

DeftT's modular structure allows for any cryptographic methods to be used as sigmgrs. New methods can easily be added to the transport as long as they present the same API.

The example implementation's encryption modules provide for encryption on both cAdd PDUs and publications. The latter must be signed by the originator in addition to being encrypted. This is not required for cAdd PDUs, so the specific entity that sent the cAdd cannot be determined but the publications it carries must be signed, even if not encrypted. In DeftT, any member can resend a publication from any other member (without modification) so group encryption (in effect, group signing) is no different. Some other encryption approaches are provided whose potential vulnerabilities are described with their implementations and a signed, encrypted approach is also available [DCT]. [DCT] relies on the crypto library libsodium and on linux random implementations with respect to entropy issues. In general, these are quite application-dependent and should be further addressed for particular deployments.

10. References

[ATZ]
Ngabonziza, B., Martin, D., Bailey, A., Cho, H., and S. Martin, "TrustZone Explained: Architectural Features and Use Cases", , <https://doi.org/10.1109/CIC.2016.065>.
[CAvuln]
Marlinspike, M., "More Tricks for Defeating SSL in Practice", , <http://2015.hack.lu/archive/2009/moxie-marlinspike-some_tricks_for_defeating_ssl_in_practice.pdf>.
[CHPT]
CheckPoint, "The Dark Side of Smart Lighting: Check Point Research Shows How Business and Home Networks Can Be Hacked from a Lightbulb", , <https://www.globenewswire.com/news-release/2020/02/05/1980090/0/en/The-Dark-Side-of-Smart-Lighting-Check-Point-Research-Shows-How-Business-and-Home-Networks-Can-Be-Hacked-from-a-Lightbulb.html>.
[CIDS]
OperantNetworks, "Cybersecurity Intrusion Detection System for Large-Scale Solar Field Networks", , <https://www.sbir.gov/sbirsearch/detail/2104327>.
[COMIS]
Lydersen, L., "Commissioning Methods for IoT", , <https://www.silabs.com/documents/public/presentations/ew-2019-iot-security-commissioning-methods-for-iot.pdf>.
[COST]
Guy, W., "Wireless Industrial Networking Alliance, Wired vs. Wireless: Cost and Reliability", , <https://www.fierceelectronics.com/embedded/wired-vs-wireless-cost-and-reliability>.
[ConfusedDep]
Support, G. C., "Additional authenticated data guide", , <https://cloud.google.com/kms/docs/additional-authenticated-data#confused_deputy_attack_example>.
[DCT]
Pollere, "Defined-trust Communications Toolkit", , <https://github.com/pollere/DCT>.
[DER]
NERC, "North American Electric Reliability Corporation: Distributed Energy Resources: Connection, Modeling, and Reliability Considerations", , <https://www.nerc.com/pa/RAPA/ra/Reliability%20Assessments%20DL/Distributed_Energy_Resources_Report.pdf>.
[DIFF]
Eppstein, D., Goodrich, M. T., Uyeda, F., and G. Varghese, "What's the difference?: efficient set reconciliation without prior context", .
[DIGN]
Bandyk, M., "As Dominion, others target 80-year nuclear plants, cybersecurity concerns complicate digital upgrades", , <https://www.utilitydive.com/news/as-nuclear-plants-look-to-digitize-controls-and-enhance-performance-cyber/566478/>.
[DLOG]
Li, N., Grosof, B., and J. Feigenbaum, "Delegation logic", , <https://doi.org/10.1145/605434.605438>.
[DMR]
al., M. C. E., "Device Management Requirements to Secure Enterprise IoT Edge Infrastructure", , <https://www.wwt.com/white-paper/device-management-requirements-to-secure-enterprise-iot-edge-infrastructure/>.
[DNMP]
Nichols, K., "Lessons Learned Building a Secure Network Measurement Framework Using Basic NDN", .
[DTM]
Blaze, M., Feigenbaum, J., and J. Lacy, "Decentralized Trust Management", , <https://doi.org/10.1109/SECPRI.1996.502679>.
[Demers87]
Demers, A. J., Greene, D. H., Hauser, C., Irish, W., Larson, J., Shenker, S., Sturgis, H. E., Swinehart, D. C., and D. B. Terry, "Epidemic Algorithms for Replicated Database Maintenance", , <https://doi.org/10.1145/41840.41841>.
[Graphene19]
Ozisik, A. P., Andresen, G., Levine, B. N., Tapp, D., Bissias, G., and S. Katkuri, "Graphene: efficient interactive set reconciliation applied to blockchain propagation", , <https://doi.org/10.1145/3341302.3342082>.
[HSE]
Kapersky, "Secure Element", , <https://encyclopedia.kaspersky.com/glossary/secure-element/>.
[IAWS]
Ganapathy, K., "Using a Trusted Platform Module for endpoint device security in AWS IoT Greengrass", , <Using a Trusted Platform Module for endpoint device security in AWS IoT Greengrass>.
[IBLT]
Goodrich, M. T. and M. Mitzenmacher, "Invertible bloom lookup tables", , <https://doi.org/10.1109/Allerton.2011.6120248>.
[IEC]
IEC, "Power systems management and associated information exchange - Data and communications security - Part 8: Role-based access control for power system management", , <https://webstore.iec.ch/publication/61822>.
[IEC61850]
Wikipedia, "IEC 61850", , <https://en.wikipedia.org/wiki/IEC_61850>.
[IIOT]
Rajiv, "Applications of Industrial Internet of Things (IIoT)", , <https://www.rfpage.com/applications-of-industrial-internet-of-things/>.
[IOTK]
Nichols, K., "Trust schemas and {ICN:} key to secure home IoT", , <https://doi.org/10.1145/3460417.3482972>.
[ISO9506MMS]
ISO, "Industrial automation systems --- Manufacturing Message Specification --- Part 1: Service definition", , <https://www.iso.org/obp/ui/#iso:std:iso:9506:-1:ed-2:v1:en>.
[LANGSEC]
LANGSEC, "LANGSEC: Language-theoretic Security "The View from the Tower of Babel"", , <http://langsec.org>.
[LangSecErr]
Momot, F., Bratus, S., Hallberg, S. M., and M. L. Patterson, "The Seven Turrets of Babel: {A} Taxonomy of LangSec Errors and How to Expunge Them", , <https://langsec.org/papers/langsec-cwes-secdev2016.pdf>.
[MATR]
Alliance, C. S., "Matter is the foundation for connected things", , <https://buildwithmatter.com/>.
[MHST]
Wikipedia, "MQTT", , <https://en.wikipedia.org/wiki/MQTT>.
[MINSKY03]
Minsky, Y., Trachtenberg, A., and R. Zippel, "Set reconciliation with nearly optimal communication complexity", , <https://doi.org/10.1109/TIT.2003.815784>.
[MODOT]
Saleem, D., Granda, S., Touhiduzzaman, M., Hasandka, A., Hupp, W., Martin, M., Hossain-McKenzie, S., Cordeiro, P., Onunkwo, I., and D. Jose, "Modular Security Apparatus for Managing Distributed Cryptography for Command and Control Messages on Operational Technology Networks (Module-OT)", , <https://www.nrel.gov/docs/fy22osti/79974.pdf>.
[MPSR]
Mitzenmacher, M. and R. Pagh, "Simple multi-party set reconciliation", .
[MQTT]
OASIS, "MQTT: The Standard for IoT Messaging", , <mqtt.org>.
[NDNW]
Jacobson, V., "Watching NDN's Waist: How Simplicity Creates Innovation and Opportunity", , <http://ice-ar.named-data.net/meetings/2019-ICE-WEN-Annual/0-ICNWEN-Van-Keynote.pdf>.
[NERC]
NERC, "Emerging Technology Roundtable - Substation Automation/IEC 61850", , <https://www.nerc.com/pa/CI/Documents/roundtable%20-%20IEC%2061850%20slides%20%20(20161115).pdf>.
[NIST]
Hu, C., Ferraiolo, D., Kuhn, D., Schnitzer, A., Sandlin, K., Miller, R., and K. Scarfone, "Guide to Attribute Based Access Control (ABAC) Definition and Considerations", , <https://www.nist.gov/publications/guide-attribute-based-access-control-abac-definition-and-considerations-0>.
[NMUD]
al, D. D. E., "Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD)", , <https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1800-15.pdf>.
[NPPI]
Hashemian, H. M., "Nuclear Power Plant Instrumentation and Control", , <https://cdn.intechopen.com/pdfs/21051/InTechNuclear_power_plant_instrumentation_and_control.pdf>.
[NVR]
Gutmann, P., "Everything you Never Wanted to Know about PKI but were Forced to Find Out", , <https://www.cs.auckland.ac.nz/~pgut001/pubs/pkitutorial.pdf>.
[ONE]
OneDM, "One Data Model", , <https://onedm.org/>.
[OPR]
King, R., "Commercialization of NDN in Cybersecure Energy System Communications video", , <https://www.nist.gov/news-events/events/2019/09/ndn-community-meeting>.
[OSCAL]
NIST, "OSCAL: the Open Security Controls Assessment Language", , <https://pages.nist.gov/OSCAL/>.
[OTPM]
Hinds, L., "Keylime - An Open Source TPM Project for Remote Trust", , <https://www.youtube.com/watch?v=YtPsruEqGeY>.
[OWASP]
owasp.org/www-project-sidekek/, "SideKEK README", , <https://github.com/OWASP/SideKEK>.
[PRAG]
e}bowicz, J. W., Cabaj, K., and J. Krawiec, "Messaging Protocols for IoT Systems---A Pragmatic Comparison", , <https://www.mdpi.com/1424-8220/21/20/6904>.
[QTPM]
Arthur, D. C. W., "Quick Tutorial on TPM 2.0", , <https://link.springer.com/chapter/10.1007/978-1-4302-6584-9_3>.
[RFC1422]
Kent, S., "Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management", RFC 1422, DOI 10.17487/RFC1422, , <https://www.rfc-editor.org/info/rfc1422>.
[RFC2693]
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., and T. Ylonen, "SPKI Certificate Theory", RFC 2693, DOI 10.17487/RFC2693, , <https://www.rfc-editor.org/info/rfc2693>.
[RFC3552]
Rescorla, E. and B. Korver, "Guidelines for Writing RFC Text on Security Considerations", BCP 72, RFC 3552, DOI 10.17487/RFC3552, , <https://www.rfc-editor.org/info/rfc3552>.
[RFC3986]
Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, DOI 10.17487/RFC3986, , <https://www.rfc-editor.org/info/rfc3986>.
[RFC4291]
Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, DOI 10.17487/RFC4291, , <https://www.rfc-editor.org/info/rfc4291>.
[RFC4292]
Haberman, B., "IP Forwarding Table MIB", RFC 4292, DOI 10.17487/RFC4292, , <https://www.rfc-editor.org/info/rfc4292>.
[RFC4949]
Shirey, R., "Internet Security Glossary, Version 2", FYI 36, RFC 4949, DOI 10.17487/RFC4949, , <https://www.rfc-editor.org/info/rfc4949>.
[RFC6335]
Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S. Cheshire, "Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry", BCP 165, RFC 6335, DOI 10.17487/RFC6335, , <https://www.rfc-editor.org/info/rfc6335>.
[RFC7252]
Shelby, Z., Hartke, K., and C. Bormann, "The Constrained Application Protocol (CoAP)", RFC 7252, DOI 10.17487/RFC7252, , <https://www.rfc-editor.org/info/rfc7252>.
[RFC7693]
Saarinen, M., Ed. and J. Aumasson, "The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC)", RFC 7693, DOI 10.17487/RFC7693, , <https://www.rfc-editor.org/info/rfc7693>.
[RFC8103]
Housley, R., "Using ChaCha20-Poly1305 Authenticated Encryption in the Cryptographic Message Syntax (CMS)", RFC 8103, DOI 10.17487/RFC8103, , <https://www.rfc-editor.org/info/rfc8103>.
[RFC8366]
Watsen, K., Richardson, M., Pritikin, M., and T. Eckert, "A Voucher Artifact for Bootstrapping Protocols", RFC 8366, DOI 10.17487/RFC8366, , <https://www.rfc-editor.org/info/rfc8366>.
[RFC8520]
Lear, E., Droms, R., and D. Romascanu, "Manufacturer Usage Description Specification", RFC 8520, DOI 10.17487/RFC8520, , <https://www.rfc-editor.org/info/rfc8520>.
[RFC8613]
Selander, G., Mattsson, J., Palombini, F., and L. Seitz, "Object Security for Constrained RESTful Environments (OSCORE)", RFC 8613, DOI 10.17487/RFC8613, , <https://www.rfc-editor.org/info/rfc8613>.
[RFC8799]
Carpenter, B. and B. Liu, "Limited Domains and Internet Protocols", RFC 8799, DOI 10.17487/RFC8799, , <https://www.rfc-editor.org/info/rfc8799>.
[RFC8995]
Pritikin, M., Richardson, M., Eckert, T., Behringer, M., and K. Watsen, "Bootstrapping Remote Secure Key Infrastructure (BRSKI)", RFC 8995, DOI 10.17487/RFC8995, , <https://www.rfc-editor.org/info/rfc8995>.
[RFC9000]
Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based Multiplexed and Secure Transport", RFC 9000, DOI 10.17487/RFC9000, , <https://www.rfc-editor.org/info/rfc9000>.
[RFC9119]
Perkins, C., McBride, M., Stanley, D., Kumari, W., and JC. Zúñiga, "Multicast Considerations over IEEE 802 Wireless Media", RFC 9119, DOI 10.17487/RFC9119, , <https://www.rfc-editor.org/info/rfc9119>.
[RFC9200]
Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and H. Tschofenig, "Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth)", RFC 9200, DOI 10.17487/RFC9200, , <https://www.rfc-editor.org/info/rfc9200>.
[RSK]
Ellison, C. and B. Schneier, "Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure", .
[SDSI]
Rivest, R. L. and B. W. Lampson, "SDSI - A Simple Distributed Security Infrastructure", .
[SIOT]
Truong, T., "How to Use the TPM to Secure Your IoT/Device Data", , <https://tonytruong.net/how-to-use-the-tpm-to-secure-your-iot-device-data/>.
[SKH]
Yates, T., "Secure key handling using the TPM", , <https://lwn.net/Articles/768419/>.
[SNC]
Smetters, D. K. and V. Jacobson, "Securing Network Content", , <https://named-data.net/wp-content/uploads/securing-network-content-tr.pdf>.
[SOD]
Bernstein, D., Lange, T., and P. Schwabe, "libsodium", , <https://doc.libsodium.org/>.
[SPRV]
AgendalessConsulting, "Supervisor: A Process Control System", , <http://supervisord.org/>.
[ST]
Samsung, "SmartThings API (v1.0-PREVIEW)", , <https://smartthings.developer.samsung.com/docs/api-ref/st-api.html##operation/listCapabilities>.
[STNDN]
Yu, Y., Afanasyev, A., Clark, D. D., claffy, K., Jacobson, V., and L. Zhang, "Schematizing Trust in Named Data Networking", .
[TATT]
Microsoft, "TPM attestation", , <https://docs.microsoft.com/en-us/azure/iot-dps/concepts-tpm-attestation>.
[TLSvuln]
al., C. B. E., "Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations", , <https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4232952/>.
[TPM]
Griffiths, P., "TPM 2.0 and Certificate-Based IoT Device Authentication", , <https://www.globalsign.com/en/resources/white-papers-ebooks/white-paper-tpm-20-and-certificate-based-iot-device-authentication>.
[W509]
Wikipedia, "X.509: Security", , <https://en.wikipedia.org/wiki/X.509#Security>.
[WSEN]
Kintner-Meyer, M., Brambley, M., Carlon, T., and N. Bauman, "Wireless Sensors: Technology and Cost-Savings for Commercial Buildings", , <https://www.aceee.org/files/proceedings/2002/data/papers/SS02_Panel7_Paper10.pdf>.
[WegmanC81]
Wegman, M. N. and L. Carter, "New Hash Functions and Their Use in Authentication and Set Equality", , <https://doi.org/10.1016/0022-0000(81)90033-7>.
[ZCL]
zigbeealliance, "Zigbee Cluster Library Specification Revision 6", , <https://zigbeealliance.org/wp-content/uploads/2019/12/07-5123-06-zigbee-cluster-library-specification.pdf>.
[caliptra]
Project, O. C., "Caliptra -- Silicon RoT Services", , <https://www.opencompute.org/documents/caliptra-silicon-rot-services-09012022-pdf>.
[netstrings]
Bernstein, D. J., "Netstrings", , <https://cr.yp.to/proto/netstrings.txt>.
[tnetstrings]
tnetstrings, "About Tagged Netstrings", , <https://web.archive.org/web/20140210012056/http://tnetstrings.org/>.