IETF Logo Mail Archive

Re: [Suit] Common firmware update flaws

Brendan Moran <Brendan.Moran@arm.com> Mon, 21 September 2020 16:51 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CA7C3A0403 for <suit@ietfa.amsl.com>; Mon, 21 Sep 2020 09:51:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=CLZg6wqO; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=CLZg6wqO
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sqRQlgK0Rp9N for <suit@ietfa.amsl.com>; Mon, 21 Sep 2020 09:51:01 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2074.outbound.protection.outlook.com [40.107.21.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2090C3A0400 for <suit@ietf.org>; Mon, 21 Sep 2020 09:51:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5rGX1s1l9a3YxmTIR6+BlYqp9NUbUL5Ea20DjJHH1LA=; b=CLZg6wqOl04pA5i/8fF/+8LAKWU/biLt3Xaziy/5x6mlKHltvNkiYcFeAEQwmIfVpDHg7PKbn5xEOmHvRezJ7fXIsL910xMv8ej1UFvVMlJhOGpoO7n6h+9R66bqctTvevyuSD2IqR8YdAVu6M1XO+8PSPwmq2q+Nt+wcIaj3/s=
Received: from AM6PR05CA0032.eurprd05.prod.outlook.com (2603:10a6:20b:2e::45) by PR3PR08MB5580.eurprd08.prod.outlook.com (2603:10a6:102:8a::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.11; Mon, 21 Sep 2020 16:50:57 +0000
Received: from VE1EUR03FT026.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:2e:cafe::35) by AM6PR05CA0032.outlook.office365.com (2603:10a6:20b:2e::45) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.14 via Frontend Transport; Mon, 21 Sep 2020 16:50:57 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT026.mail.protection.outlook.com (10.152.18.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.15 via Frontend Transport; Mon, 21 Sep 2020 16:50:55 +0000
Received: ("Tessian outbound a0bffebca527:v64"); Mon, 21 Sep 2020 16:50:55 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 1241a052b9305271
X-CR-MTA-TID: 64aa7808
Received: from 72bf64868415.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 1EF157DF-8EF9-47E9-B1AA-9728CB1AE1BA.1; Mon, 21 Sep 2020 16:50:30 +0000
Received: from EUR05-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 72bf64868415.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 21 Sep 2020 16:50:30 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Qr1IevbMUiwInTxUWSTdF4fiboBA0hoTQxgovanIA3sX8uLpPLmsbFmrqVcyw0bS/Muf93PMUUghIMGtub0KJDpGOS9a05oKleS7fkc1XotCiyo+znhwittVJCQiRxo2Ks5lq+04ME4CFwY3kclKkV6ncEYjEllHoOjP7gmm/SFqUNwBZNsCODTheBsBocf+XqV2LjCbWCzJKh7oB0zSPt1Ic9eWLU+qq1wJaTa+yJyYPM8IZ2QMGz3HDpWAmPegtB5JqJ5MNfNYUmc0HJYATjgjIab0dbkOt4Oz/Py5op6boGTerou7Bw+5R7kA17YB5DTBXwX9e0n16dcy1U2M8Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5rGX1s1l9a3YxmTIR6+BlYqp9NUbUL5Ea20DjJHH1LA=; b=PMxrP1R8PEzGLGYUGz+S+S9W2rQUmuJ2kbJREPVdDRdsPbDOj5BBFMLw+J6M1fZfCv1WvnRDWonyizzegmesJwi1MYfdX1kYvOrFmwmOpGLWM7pNnCBwzFk+bmtRCOo1Dym1Wa3KVqchSDDxfA3LNcKcI6uJmjQlILw0/W9qSjZBBTf8USoFAq33efLKEtc0Y0dx4QipuDheYoYs95W+S32ZGOd4pBBO5o1xD1SruuYiSW68nRv9EAJPVILGnqS6RWVVylzkAjWOR28NByhvsMHOxEWOVzoT68XXXmPPPwRbje4lzC9ekOpPMozAbThB3eCc2tQgkfrL+1GGNdn6+g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5rGX1s1l9a3YxmTIR6+BlYqp9NUbUL5Ea20DjJHH1LA=; b=CLZg6wqOl04pA5i/8fF/+8LAKWU/biLt3Xaziy/5x6mlKHltvNkiYcFeAEQwmIfVpDHg7PKbn5xEOmHvRezJ7fXIsL910xMv8ej1UFvVMlJhOGpoO7n6h+9R66bqctTvevyuSD2IqR8YdAVu6M1XO+8PSPwmq2q+Nt+wcIaj3/s=
Received: from AM6PR08MB4738.eurprd08.prod.outlook.com (2603:10a6:20b:cf::10) by AM6PR08MB4181.eurprd08.prod.outlook.com (2603:10a6:20b:ad::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.15; Mon, 21 Sep 2020 16:50:27 +0000
Received: from AM6PR08MB4738.eurprd08.prod.outlook.com ([fe80::d33:ff44:f1d:6b2c]) by AM6PR08MB4738.eurprd08.prod.outlook.com ([fe80::d33:ff44:f1d:6b2c%7]) with mapi id 15.20.3391.011; Mon, 21 Sep 2020 16:50:27 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Fabien BESSIERES <bessieres.fabien@gmail.com>
CC: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, suit <suit@ietf.org>
Thread-Topic: [Suit] Common firmware update flaws
Thread-Index: AdaMvnA4R+ZSnBgPSuyAMcdkw4wW5wAXiLYAAMat1gA=
Date: Mon, 21 Sep 2020 16:50:27 +0000
Message-ID: <B42EC8F2-0694-48E5-B05A-175DFF501715@arm.com>
References: <AM0PR08MB3716F68A9DD2AC86EE540710FA3E0@AM0PR08MB3716.eurprd08.prod.outlook.com> <CAGpCU7GWRO=-c4SZb=Xt96ARjmZr4=LoLRWr0d3JfAMXG5D5rA@mail.gmail.com>
In-Reply-To: <CAGpCU7GWRO=-c4SZb=Xt96ARjmZr4=LoLRWr0d3JfAMXG5D5rA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3608.120.23.2.1)
Authentication-Results-Original: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [82.20.19.206]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 29c0242d-31f1-4316-e25e-08d85e4e8227
x-ms-traffictypediagnostic: AM6PR08MB4181:|PR3PR08MB5580:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <PR3PR08MB55802EFE428E6E0E8487C4F3EA3A0@PR3PR08MB5580.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: YeT1Yn7RRRgzLHqRbcpLUk+ty1DMEEtzLrYV6hMUZMPZnkoZs655mqFEcY3Y5p2Tne8B/NXXZWskYJ/N74gFc3KYkpV2PEel7wbIGlYroxD/azBF+xixKNkhTYCeGqAnid3sfpRoHNXaeCbpFRCAA0EF6aiwHTlXSRbjbFdTA+4jQjN+TkCmaqwBIOTCtl2/ki/iOw5U71GZ+EkmLkv/Tpr5sz7w4pvR14U3VewIjcXxGa/s1ujhzPmY1RdmSWIf7qPJWgxFbXdLRghP6wBFNkbwLmJD2AjPRo+4VeUzPSE0RyX0v4vGWeC8MjdQp96Xqkuc29YCd/z07A8VU5kW3oVtnTAxe0iQHHiwGL1Ks+bJOPmm6swDn6u1kW4/T8w8PdqY2ghwdweOoH6pygVMsmeyH/lt64LBH71BhlLIxuwhTBpt/cpLZWieNZx1rOYc
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB4738.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(376002)(396003)(39860400002)(136003)(366004)(186003)(33656002)(26005)(36756003)(5660300002)(15650500001)(91956017)(71200400001)(4326008)(966005)(316002)(76116006)(66946007)(83080400001)(66574015)(66446008)(53546011)(6506007)(54906003)(83380400001)(2616005)(8936002)(6486002)(6512007)(66556008)(8676002)(478600001)(64756008)(2906002)(66476007)(86362001)(6916009); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: PqWel9XvFjTBMehcY1cAX0az547WOkbuOpXDDKl1ZI6cn3YffnkY8n6JcSgMTtizdWv/wz1pkj2GHp2BGN3VTOf7ItZTBdJNMgLSrusHQqYL+ctxpuz86nlziCykTmZC0dkZQHTpVdt5Lft7BI/rq2DoyUhTx3iRbuU1ynqAKOeINpI/NDGBy6Y7ejZg8oSEUQlCONBbs+DSO9MQzZ6FYTIwGuLmsuAwvlegqSDr2Kc1xEJcLbWqWUxoI8xbRSk/X9eRXtZLV+gkcvVQEaVMTfDv6v9wsQOLyZTvKsNLkKyzkXBoDvPAg9GZ8vRYZzi54k9dYpOU0JyHutxG6i/Ea32pjExAYw2QT/PHePuyg8D75zTuK/aZX0u9DFIucAxsSZZkZMIy2dGpIlpUokxdze6Rfr7YuIH1b0n5T9J01lgZVT0/C1sIpAY3M74t8aT40esswRS/1YdrvP7iFPkBmjDfkgI+RHv1hCWlntg8zkhP9/AuUNU1ptBajaAE4ARysalpJKtPSLx37/NhV9nRulUQfExO15v2egsakChkmtnWIhN5p586WWXgj13ABtq2aPlYrkvNRFaCoq8I7dLyZ0A93ZRFeJ+PSk938x4N5aBOurCS4ya6TNBSfMsd2wdP4spXaGDoPt07M5WRYYCr6A==
Content-Type: text/plain; charset="utf-8"
Content-ID: <58F067A80490114C982C5DC11EEB3F76@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4181
Original-Authentication-Results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT026.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: eea946c4-4b1e-4c5d-d951-08d85e4e7173
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: JIrmoGs4GY1V9rgVvtxEwp4e+yi1lf0ZEWD4oBVjec4//1Khyy8T3ACoPZlEAKjzaeVdF7xLL9QqvY+3W37f6tQd9uzbH6GzeDODOtKzWPiFqRF8qsCIDadvilW88Ch+TitMQ8yK25r05zqvqfhjGFCmeN/XlmxVdpv6wwRG/EZ37QmpJ2LOArQLK7Xf/fIx0qHXyOm0i9VIrvJIZEDSN2lb149hGgDfnegreDLzEPms9p2JyF7CDxyodgJUwNp4iUY8DCWoS6vx+j9a5dO8kyOTm6kjRwEoG+yMxF36oN8zQALIcA7KiMxV12RZDa5XAG5WcnvrIbb73hM+OO/XEFRdRcB7XXxuvaSe1TxEfEcmCSDiaZPew3onsN9akgIIHAORpsCQvgy+yp51Lu3KNLM4m9gsKS/SrCxyfByeoe2K0/c+TRn/vXeHjz2+bQ+Hr6Xn7YqD5yjAhVJgpB3R6bDKB8eQv1PKQ0OBwrcdGrQ=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(376002)(346002)(39860400002)(396003)(136003)(46966005)(54906003)(2616005)(86362001)(15650500001)(36756003)(70206006)(5660300002)(4326008)(70586007)(966005)(8676002)(478600001)(8936002)(6862004)(53546011)(6486002)(6512007)(336012)(316002)(83080400001)(82740400003)(82310400003)(33656002)(83380400001)(186003)(81166007)(66574015)(6506007)(47076004)(2906002)(356005)(26005)(36906005); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Sep 2020 16:50:55.5869 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 29c0242d-31f1-4316-e25e-08d85e4e8227
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT026.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR08MB5580
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/BF0mW3USM5hmUCtpdONUlwxtm7k>
Subject: Re: [Suit] Common firmware update flaws
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2020 16:51:06 -0000

Hi Fabien, Hi Hannes,

A list of common practices that are insecure was originally brought up in the TSVART review of draft-ietf-suit-architecture (https://datatracker.ietf.org/doc/review-ietf-suit-architecture-11-tsvart-lc-briscoe-2020-08-09/). I don’t understand what purpose it serves because this is exactly the point of the information model. Or, more specifically, the threat model that is in the information model. It lists all firmware-update-specific attacks (that we could think of, but it’s pretty exhaustive). I’d rather avoid the duplication caused by adding a threat model to the architecture when there’s already a threat model in the information model.

See below for more.

Best Regards,
Brendan

> On 17 Sep 2020, at 19:01, Fabien BESSIERES <bessieres.fabien@gmail.com> wrote:
>
> Hi,
>
> Here is my feedback :
>
> Question 1: I believe that the architecture document could include a list of common practices that are insecure.

[BJM]
I don’t understand what purpose this would have. Common insecure practices are well covered already. You can find a full threat model in the companion to the architecture: the information model. (https://datatracker.ietf.org/doc/draft-ietf-suit-information-model/)

This doesn’t exclusively list anti-patterns, but it does list threats, which are intimately related to anti-patterns.

If you would like examples of real-world attacks that exploit insecure practices in IoT devices, we can reference Annex D of the ENISA baseline security requirements for IoT devices. If you would like a list of good practices, we can reference Annex A of the ENISA baseline security requirements for IoT devices.

https://www.enisa.europa.eu/publications/baseline-security-recommendations-for-iot
[/BJM]

> Question 2: (a) I don't see any problem in adding directly referenced to published flaws.
> (b) But yes it should be examples that are fixed with the SUIT manifest
>
> I believe that addressing common mistakes/errors/flaws is one of the goals of the architecture, so it should appear in the document. What do you think ?

[BJM] as above, I think this is already well-covered. Unless we’ve got something new to add, should we not just reference the information model and the ENISA baseline security requirements for IoT devices?

> Fabien
>
> Le jeu. 17 sept. 2020 à 08:58, Hannes Tschofenig <Hannes.Tschofenig@arm.com> a écrit :
> Hi all,
>
>
>
> In his review, Bob Briscoe suggested to list “common practices that are insecure, and perhaps some common misconceptions about secure firmware update” in the SUIT architecture document.
>
>
>
> So far, nobody suggested to include such a list in the architecture document and hence I would like to reach out to the group.
>
>
>
> There are different ways to write such a text and the key decisions are:
>
>
>
> • Should we include references to published flaws or keep the description abstract?
> • Should we include only examples that we later fix with the SUIT manifest? For example, a firmware update can change the nature of a product (e.g. excluding the use of third party printer cartridges).
>
>
> Question 1: Would you like to have such text to be added?
>
>
>
> Question 2: If so, what is your answer to (a) and (b)?
>
>
>
> Your feedback is appreciated. Text contributtions are welcome!
>
>
>
> Ciao
>
> Hannes
>
>
>
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email