Security for the Internet of Things and Other Things (Was: Re: Observations on (non-technical) changes affecting IETF operations)

Jari Arkko <jari.arkko@piuha.net> Tue, 08 March 2016 16:37 UTC

Return-Path: <jari.arkko@piuha.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4706B12D801 for <ietf@ietfa.amsl.com>; Tue, 8 Mar 2016 08:37:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([127.0.0.1]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OD6Btc_5wUlL for <ietf@ietfa.amsl.com>; Tue, 8 Mar 2016 08:36:58 -0800 (PST)
Received: from p130.piuha.net (p130.piuha.net [IPv6:2a00:1d50:2::130]) by ietfa.amsl.com (Postfix) with ESMTP id 6956312D7FB for <ietf@ietf.org>; Tue, 8 Mar 2016 08:36:58 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 1B0152CCBF; Tue, 8 Mar 2016 18:36:57 +0200 (EET) (envelope-from jari.arkko@piuha.net)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pp4Hn0zvvfhU; Tue, 8 Mar 2016 18:36:56 +0200 (EET)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2a00:1d50:2::130]) by p130.piuha.net (Postfix) with ESMTP id DC77D2CC9A; Tue, 8 Mar 2016 18:36:55 +0200 (EET) (envelope-from jari.arkko@piuha.net)
Subject: Security for the Internet of Things and Other Things (Was: Re: Observations on (non-technical) changes affecting IETF operations)
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_95166599-924B-43A0-9AF2-F477706E5DE9"; protocol="application/pgp-signature"; micalg=pgp-sha512
X-Pgp-Agent: GPGMail 2.5.2
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <CAMm+LwiBT9S-twGVzC-7yVBZ9dHA3+8f4ffPv3LyoZ_8+kdqmw@mail.gmail.com>
Date: Tue, 8 Mar 2016 16:36:54 +0000
Message-Id: <32C28750-37FF-4EDC-B0A8-A532B175C201@piuha.net>
References: <E83FC2B4-867D-44C9-AE1B-F4C414ABD041@piuha.net> <4A95BA014132FF49AE685FAB4B9F17F657DF2330@dfweml701-chm> <EDFB7D0B-2A49-46BD-A84C-0E1FA07793FA@piuha.net> <20160307133944.GB25576@gsp.org> <56DD876C.6050008@cs.tcd.ie> <CAMm+LwiBT9S-twGVzC-7yVBZ9dHA3+8f4ffPv3LyoZ_8+kdqmw@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/iyoSqS9udp4iTozrfzelGz7jQSg>
Cc: IETF <ietf@ietf.org>, Rich Kulawiec <rsk@gsp.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 16:37:01 -0000

Phillip,

> First, I disagree with Jari's original analysis of the problem. The
> Internet security problem is not limited to IoT:

Of course. That’s not the only security problem we have… didn’t think I said it was. But apologies if I was unclear. Anyway...

> I think the big difference is that in IoT it is impossible to ignore
> the usability problem that cripples most IETF security protocols.

The usability problem is big in IOT. Although I would probably call it the manageability, deployment, and usability problem.

> With
> the new EC curves we can now do public key crypto on 16 bit and even 8
> bit devices (just don't do it too often). But we are still constrained
> by the affordances of the devices:
> 
> * IoT devices don't always have display capability
> 
> * IoT devices often don't have a keyboard device.

Yup.

> Once we recognize the fact that our principal constraints are
> usability constraints, we can develop an architecture that addresses
> the problems of the IoT world and also the Internet in general.

We can, but having been on the field for some time, I have a feeling that this isn’t an easy problem. Step 1 of the path to an improvement is recognising that we have a problem. We do! And at least a subset of the engineers working in this space have understood that. The world as a whole is beginning to understand that given many news stories about this. And I’m eager for us and others to do more here. But solutions aren’t necessarily clear cut or easy. It will take time and effort.

> We are not going to be able to configure cryptography or any other
> settings on an IoT device. But we have a variety of protocols that can
> be used to connect an IoT device to a 'secure console' where
> administration takes place:
> 
> * Device has an LED status light and a QR Code with the SHA-2 digest
> of a public key printed thereon. Administrator connects device through
> a mobile app that uses the camera.
> …  Configuring wireless is harder than wired of course as you have
> to configure the WiFi settings. But that could be sorted with a change
> to the WiFi specs to add a standardized 'calling channel' SSID.
> 
> 
> This is the set of problems I think I have solved with the
> Mathematical Mesh.

Thanks! And these are all useful things, probably good components for solutions.

I want to add that the security problem for IOT is wider than setting up the secure wireless connectivity. I’m going out on a limb and say that that in the networks that I work with, that’s a largely solved problem modulo many non-IOT related updates that are being handled. However, it would be a mistake to think that it is all we need. We obviously do need wireless security, we obviously need transport level crypto to protect our COAP and other transactions, but perhaps even more than those things, we need to protect the data that is passed around, protect data that is stored, safeguard applications that process that data and necessarily have to have access to many sources of information, figure out how metadata such as directories and semantic definitions need to be protected, figure out how we authorise various applications and actors to act, and so on.

I think that’s a tall order, and we better get moving!

Jari