[Ace] Security and privacy for small memory microprocessor based IoT devices are still being invented
Hannes Tschofenig <Hannes.Tschofenig@arm.com> Mon, 19 March 2018 19:21 UTC
Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: ace@ietfa.amsl.com
Delivered-To: ace@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB86C12D959 for <ace@ietfa.amsl.com>; Mon, 19 Mar 2018 12:21:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.909
X-Spam-Level:
X-Spam-Status: No, score=-2.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YN10Myvdu2zC for <ace@ietfa.amsl.com>; Mon, 19 Mar 2018 12:21:22 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0054.outbound.protection.outlook.com [104.47.0.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4732212DA11 for <ace@ietf.org>; Mon, 19 Mar 2018 12:21:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Mv6iBi2aNlG0osiDrwjF1EOmiGtVmG9gBXR7gfBpOTU=; b=JTy8AcruOSzhEie+or98gj0llnBMzKarcmrXE8PmBGk3OpJaI1vIyndwTrYZRHRvD2T4u0WibchWkPSWDc+Upz/lyw4nuFi7/zoWM4tso7xckYmJzW0FT4ZIWZq3tBDJsx9lbuFT5hIcGzos1zbAdVEMGFaAQh/+EFq5Kb0TJUE=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1808.eurprd08.prod.outlook.com (10.168.67.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.588.14; Mon, 19 Mar 2018 19:21:18 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::783f:d09c:fea6:f83d]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::783f:d09c:fea6:f83d%17]) with mapi id 15.20.0588.016; Mon, 19 Mar 2018 19:21:18 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "ace@ietf.org" <ace@ietf.org>
Thread-Topic: Security and privacy for small memory microprocessor based IoT devices are still being invented
Thread-Index: AdO/sF0YON4BZIT0RNem0DH5HC1fmw==
Date: Mon, 19 Mar 2018 19:21:18 +0000
Message-ID: <VI1PR0801MB2112660D8AEF495716F990CCFAD40@VI1PR0801MB2112.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [2001:67c:370:128:dcc:a64f:188:5dbf]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1808; 7:oiQrrpLHPmu6doKvvUAcIcNM+Ga9CZNPip9rZuPaUD2X6aZNYjpfbQDMcRcqbKqIl2wjAwCSMdRG8boFZBjOdDIWot9/HK69xYYzR3QdubjmvYyQbEh0OWzkwuSZ+forArGVlnvdR+a+EgCzTUXerOfc1NjgajwGcVqFx9CfymAaikpFxe77oyuk+PQVz01FJgQ+EcSe8WqRM70P/qF6rEZFaLY2A3G8VWub7bd0pBZknKt6CusBCTfEQUECx0xm
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: ceda48fd-5823-4ab8-7ac6-08d58dce9744
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(48565401081)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1808;
x-ms-traffictypediagnostic: VI1PR0801MB1808:
x-microsoft-antispam-prvs: <VI1PR0801MB18084E91B544299633BF2A8FFAD40@VI1PR0801MB1808.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(278428928389397)(192374486261705)(21748063052155)(280585135097487);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(3231221)(944501244)(52105095)(6055026)(6041310)(20161123560045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123564045)(6072148)(201708071742011); SRVR:VI1PR0801MB1808; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB1808;
x-forefront-prvs: 06167FAD59
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(346002)(39380400002)(396003)(366004)(376002)(40434004)(199004)(189003)(11905935001)(15650500001)(2501003)(5640700003)(790700001)(54896002)(9686003)(7696005)(6306002)(99286004)(55016002)(68736007)(2900100001)(6116002)(106356001)(5630700001)(606006)(46003)(2420400007)(236005)(74316002)(19273905006)(316002)(2906002)(72206003)(105586002)(86362001)(25786009)(6436002)(5250100002)(186003)(5660300001)(7110500001)(33656002)(966005)(3280700002)(6916009)(2351001)(97736004)(5890100001)(53936002)(8676002)(1730700003)(81156014)(81166006)(3660700001)(6506007)(8936002)(478600001)(7736002)(14454004)(102836004)(59450400001)(563064011); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1808; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: YO2JTL+DQp4CMtFkYn/AB7V9nMOdMbN/uvVjMf8eBdw9t0wACJdQx6VnCdWNxI9uLelx2DNNoGRiVCGirWtZ+dOe4m+3g6BSkZmmqQreYr91JHVrB/ZY8spN8dOR4CoZP5Ftn2w2WwRCIryb1nn9Q6RfHBBmTzUwXy4amd2qm/BeXhoXFNneIeIgVvS/8kaJ1nw5hUasca5JfZR1RnaHfKNIDx538pegTbtzeELKykb3TKXhrnjd0IUfGV2myYuqfGzqvr75zFU9lMsGBV/LVF4OzB3it6+TkTdzyGBPFqvmmbPcjVaPiP4+AORqKujLAaR9ENGdEncfyezu58La1Q==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_VI1PR0801MB2112660D8AEF495716F990CCFAD40VI1PR0801MB2112_"
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ceda48fd-5823-4ab8-7ac6-08d58dce9744
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2018 19:21:18.2170 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1808
Archived-At: <https://mailarchive.ietf.org/arch/msg/ace/h3b5GVe5dq_h44L6dcSKGhzAgYE>
Subject: [Ace] Security and privacy for small memory microprocessor based IoT devices are still being invented
X-BeenThere: ace@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Authentication and Authorization for Constrained Environments \(ace\)" <ace.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ace>, <mailto:ace-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ace/>
List-Post: <mailto:ace@ietf.org>
List-Help: <mailto:ace-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ace>, <mailto:ace-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2018 19:21:29 -0000
Here is the article mentioned during the ACE meeting today: https://www.networkworld.com/article/3223952/internet-of-things/5-reasons-why-device-makers-cannot-secure-the-iot-platform.html As you can see that there are some misconceptions about our IETF work. It is easy to conclude that "Security and privacy for small memory microprocessor based IoT devices are still being invented" reading some IETF drafts. This motivated me to start a webinar series on "Securing IoT applications with Mbed TLS" to clarify topics raised in this article and other IoT security myths. The first part is available for download: http://www2.keil.com/mbed/mbedtls Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
- [Ace] Security and privacy for small memory micro… Hannes Tschofenig