IETF Logo Mail Archive

Re: [Suit] SUIT Manifest MTI Algorithms

Emmanuel Baccelli <Emmanuel.Baccelli@inria.fr> Wed, 10 November 2021 17:53 UTC

Return-Path: <emmanuel.baccelli@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 994853A120A for <suit@ietfa.amsl.com>; Wed, 10 Nov 2021 09:53:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q69WbhyHSFof for <suit@ietfa.amsl.com>; Wed, 10 Nov 2021 09:53:38 -0800 (PST)
Received: from mail-yb1-f178.google.com (mail-yb1-f178.google.com [209.85.219.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 444EB3A11FD for <suit@ietf.org>; Wed, 10 Nov 2021 09:53:38 -0800 (PST)
Received: by mail-yb1-f178.google.com with SMTP id j75so8474043ybj.6 for <suit@ietf.org>; Wed, 10 Nov 2021 09:53:38 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jQ6V23QPy0/isyfq0vzLNEg5dI9lnU4gkbtw7SzDsr4=; b=ogvW8Rc/kE+/jXzHdX46qd0luVBWOIqjqSnmagnBXF2yyIUHYKAwwefiOO9HXH0ooA tEF+i6AInQ7kKcGLcFe63O5akc3pCzd3WZIDlOz/Czzr2vDpecDvKxN98V7f3mVNzzkO 7x973BV/UJrkVYK9UWWXedY9gq0dctFH8gqX5bgER2UFMLI2D3+Xjq5G3lm663yspc2l VzyB9Hc/PDbzfuaO4PkogBoqfr2g+VhPsjONv8gLjIXtbclBuqJrPFcCnDSfpD/leG2M 3fNBI9E/hKNEeLmHKazVmBc6tUPNatj+4QFdUYroiCbXh7NPyT/mGtTIQ2j5GyMRkHP3 7hxg==
X-Gm-Message-State: AOAM5307WpCeCVtDul5ZFrqtSHqiVX2aQ32N2giv4Rq8tE+MaDPD9DiE VcEBsCc3Q2GfN62fOvzyEefCWawu3HN6Q7fLgR5MGgyFV9k/XA==
X-Google-Smtp-Source: ABdhPJzYq1y2zAh+D9M4a/vBzugcN8W0sivG3D1SCxRJQ3MeKgD3yMCYYuAnsUQp4FylizTPCCEQSazju4wt/HP6ijA=
X-Received: by 2002:a25:284:: with SMTP id 126mr1110256ybc.486.1636566817297; Wed, 10 Nov 2021 09:53:37 -0800 (PST)
MIME-Version: 1.0
References: <ED069850-06BE-4DEA-A319-FDF0469627C3@vigilsec.com>
In-Reply-To: <ED069850-06BE-4DEA-A319-FDF0469627C3@vigilsec.com>
From: Emmanuel Baccelli <Emmanuel.Baccelli@inria.fr>
Date: Wed, 10 Nov 2021 18:53:26 +0100
Message-ID: <CANK0pbZcuYidA7hX823t5Q0V8+Nq_5LjVgXcQcN2MOhb+D9u4w@mail.gmail.com>
To: suit <suit@ietf.org>
Cc: Russ Housley <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary="000000000000cbd96905d072e786"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/N710boAiHUdRCScd8wW6erMKVNA>
Subject: Re: [Suit] SUIT Manifest MTI Algorithms
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Nov 2021 17:53:43 -0000

Hi there,

One pain point is how small, microcontroller-based IoT devices may (or may
not) be able to meet this requirement.

We have recently conducted an experimental study on this topic, evaluating
SUIT on common microcontrollers (Cortex-M, ESP-32 and RISC-V)
In particular, we evaluate the cost of upgrading from ed25519 to HSS/LMS
with SUIT used to secure actual RIOT firmware updates:
see preprint at https://eprint.iacr.org/2021/781.pdf

In a nutshell: for small-sized software updates using SUIT with LMS, we
measured impact on network transfer costs (~45% more data over the wire)
and on memory footprint on-device (~35% more Flash memory required), but
only little impact on RAM or execution time, compared to using SUIT with
ed25519. If the baseline is something else  (i.e. not SUIT, or not
ed25519), the overhead might be more.

Note: we studied software-only, generic implementations. E.g., for LMS we
used Scott's implementation https://github.com/cisco/hash-sigs. If the
implementation is in HW or if the crypto is not part of the software that
needs to be updated, this overhead could be less.

What will be considered bearable overhead to upgrade to SUIT-compliant
security, on microcontroller-based IoT devices? That is a question.

Best,

--Emmanuel


On Wed, Nov 10, 2021 at 3:13 PM Russ Housley <housley@vigilsec.com> wrote:

> On Monday, there was a discussion of the mandatory-to-implement (MTI)
> algorithms, which concluded that HSS/LMS MUST be supported and ECDSA SHOULD
> be supported.
>
> If you have concerns with this way forward, please respond to this message
> with your concerns by 26 November 2021.
>
> For the SUIT WG Chairs,
>  Russ
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
>

v2.8.7 | Report a Bug | By Email