Re: Security for the Internet of Things and Other Things (Was: Re: Observations on (non-technical) changes affecting IETF operations)

Stewart Bryant <stewart.bryant@gmail.com> Fri, 11 March 2016 16:50 UTC

Return-Path: <stewart.bryant@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF30112D969 for <ietf@ietfa.amsl.com>; Fri, 11 Mar 2016 08:50:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BxVIvAjSiKYE for <ietf@ietfa.amsl.com>; Fri, 11 Mar 2016 08:50:44 -0800 (PST)
Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E975E12D958 for <ietf@ietf.org>; Fri, 11 Mar 2016 08:50:43 -0800 (PST)
Received: by mail-wm0-x22a.google.com with SMTP id p65so25496512wmp.1 for <ietf@ietf.org>; Fri, 11 Mar 2016 08:50:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=Hd7SpIOn3fg8/+nIK4+3yfBMtPixc51DsJBvbxPt+mE=; b=cN3rI1zapfRD6BJR+xRVKGeH2jujFVhe8P00SgyCfDB75VHGrSIiv6L0RTlKgaLGGo TB7Jmm5V0lqC0CCfM7naCDHJ7fCMfpDbMaN4s4a7A/csl/+tzGVTkZ0Eb/W0y6Xp4Acw flHXaQXiK4LA+bOk2Z8SXyxKLU2+HoutMjMMzW7Ow1yGqz+TOzIwa1VYRvHeb6H+WBXh sL9NVXyfKL+SWPLd8u65Jw2a0m7AfVR5XH9tA5XLU8Q8ACwabkzv+R2aU9DaV0i34XPC Cyu4ChqBAbWNxlfa+sS1n8kcI/jGF+nQxEjP80GEe0G26Ufg/TevQ+Ew1ntDcysjgAPO yb1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=Hd7SpIOn3fg8/+nIK4+3yfBMtPixc51DsJBvbxPt+mE=; b=a/GfCYKaatWiKyfQMzSKTcAINV/Em/gwTAZRLoSENxGw744BUVI4L7zxNU/ntHeqKV G9smLf3N8jbOkR+75jjpn9MbHV09nr+sSmMMnpYNX3VkKbYvRYEl61c7pnddQtHOrwbg zM/QUhcaKiMVU41EAMJp3nMqueVLpmNd0sOmsDZ+yJ/cyH3Sky2w2E2fzMaeypTQGljB nZuu55EjPb/yiJ/R5dYqtXCSNlPTxzwGYOA96JeuIIMQlpgc3W0OXjbU3nzsUJVzLKev 4gHrfW02a49akPBp6khOANnjQJi0H5sHxM2DMOCdJUwgR9MC8eV4LLKRjLX/iuyVYjFD bkHg==
X-Gm-Message-State: AD7BkJIHrBqXSFJPF5OBE9RZjEGI4BVwqCWfnOXqNengHUlSA6Wv2K2vxek6yaxtXmnvlg==
X-Received: by 10.28.5.77 with SMTP id 74mr4195075wmf.62.1457715042470; Fri, 11 Mar 2016 08:50:42 -0800 (PST)
Received: from [192.168.2.126] (host213-123-124-182.in-addr.btopenworld.com. [213.123.124.182]) by smtp.gmail.com with ESMTPSA id lh1sm9214944wjb.20.2016.03.11.08.50.40 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 11 Mar 2016 08:50:41 -0800 (PST)
Subject: Re: Security for the Internet of Things and Other Things (Was: Re: Observations on (non-technical) changes affecting IETF operations)
To: Eliot Lear <lear@cisco.com>, "Livingood, Jason" <Jason_Livingood@comcast.com>, Michael Richardson <mcr+ietf@sandelman.ca>, Jari Arkko <jari.arkko@piuha.net>
References: <E83FC2B4-867D-44C9-AE1B-F4C414ABD041@piuha.net> <4A95BA014132FF49AE685FAB4B9F17F657DF2330@dfweml701-chm> <EDFB7D0B-2A49-46BD-A84C-0E1FA07793FA@piuha.net> <20160307133944.GB25576@gsp.org> <56DD876C.6050008@cs.tcd.ie> <CAMm+LwiBT9S-twGVzC-7yVBZ9dHA3+8f4ffPv3LyoZ_8+kdqmw@mail.gmail.com> <32C28750-37FF-4EDC-B0A8-A532B175C201@piuha.net> <9806.1457534345@obiwan.sandelman.ca> <D305C9B8.12B536%jason_livingood@cable.comcast.com> <56E2E2C9.7090908@cisco.com>
From: Stewart Bryant <stewart.bryant@gmail.com>
Message-ID: <56E2F75F.2090900@gmail.com>
Date: Fri, 11 Mar 2016 16:50:39 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <56E2E2C9.7090908@cisco.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/8qtEKo4cWHLK2gwACZduBM_5eWk>
Cc: Phillip Hallam-Baker <phill@hallambaker.com>, IETF <ietf@ietf.org>, Rich Kulawiec <rsk@gsp.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Mar 2016 16:50:45 -0000


On 11/03/2016 15:22, Eliot Lear wrote:
>
> On 3/9/16 6:41 PM, Livingood, Jason wrote:
>> Sure, WiFi security is an issue for IoT. But there are probably much more
>> fundamental IoT security issues. IMHO I think one of the largest is the
>> lack of a secure & automatic (no end user interaction) software update
>> channel.
> Even if it's there day 0, it won't be there at some point.  And the
> device will be.
>
> Eliot
>
>

A conventional s/w update channel is only appropriate for some devices.

For very cheap sealed devices, the update channel is via the garbage can.

For devices that only offer one way (outbound) communications the
update channel is via physical access.

For devices that only offer one way (inbound) communications the
update channel could be over the communications channel (STB's
do this today) but will be very much resource (device and
communications channel) constrained.

- Stewart