IETF Logo Mail Archive

Re: [Suit] suit-firmware-encryption-00

Dick Brooks <dick@reliableenergyanalytics.com> Wed, 02 June 2021 12:44 UTC

Return-Path: <dick@reliableenergyanalytics.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE8CD3A41C1 for <suit@ietfa.amsl.com>; Wed, 2 Jun 2021 05:44:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W14qP44EYwXK for <suit@ietfa.amsl.com>; Wed, 2 Jun 2021 05:44:10 -0700 (PDT)
Received: from forward5-smtp.messagingengine.com (forward5-smtp.messagingengine.com [66.111.4.239]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A923B3A41BF for <suit@ietf.org>; Wed, 2 Jun 2021 05:44:10 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailforward.nyi.internal (Postfix) with ESMTP id 80354194125D; Wed, 2 Jun 2021 08:44:09 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Wed, 02 Jun 2021 08:44:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :reply-to:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=hrvbVIh9WIgKF0awQR163eNoOM8Ij qiVRnc3LKQOTkg=; b=C5T44VNTucBLpAbJ2aKPiHF91SA3eXNg7tghk6JtKTlc+ PMz2UiIdk0GrAkJJMnf/EAIgQdK5F9PO/OmVFn4mscpFRgyagAtxqNOJWdewwNvw YkmmD6dZgmU+QFsOrw+Pr4pdUZWPvR9prF4rf+h/9xddLwOTKplb91J7SydW7Pqy 4JucfnzAII7Z6Eh6zv0T1lsBOcsiw4KmgGvWgo5B2thQ/n5Uzzm7G8NpwnIzJImA HfbTxarwqiDYPEjGxLm2fHa7mDoqe0cqtu2Aaj55AITXgLHjVF2ORFc18ntOZa32 rpcoKvXjeb59fYUTBCEDBuKH2fIYFU2Sa+Hz6dU/w==
X-ME-Sender: <xms:GX23YLMfSkYPeGXgKiL3W4pJqb2PaKNSkcMywfroArzkiXDdRal2Gg> <xme:GX23YF9tBEGO9xBCqBSR_DqZyBzWmizlibHDIZurNKy5yQ4iSP0jjLsdYxBX-rZGk l267JT-n8e8EPaOWg>
X-ME-Received: <xmr:GX23YKRDGtbTv2zGaVaVtKtzj-otLsHYmE4XVCRzCd3YTKOCKnhm4ZM>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvdeljedgheehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheprhfhvfhfjgfuffhokfggtgfgofhtsehtqhhgtddvtdejnecuhfhrohhmpedf ffhitghkuceurhhoohhkshdfuceoughitghksehrvghlihgrsghlvggvnhgvrhhghigrnh grlhihthhitghsrdgtohhmqeenucggtffrrghtthgvrhhnpefghffhkeejveelgfeihfdv geethefhffffkeehudeitefghfduiefgffefudejjeenucffohhmrghinheprhgvlhhirg gslhgvvghnvghrghihrghnrghlhihtihgtshdrtghomhdpihgvthhfrdhorhhgnecuvehl uhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepughitghksehrvg hlihgrsghlvggvnhgvrhhghigrnhgrlhihthhitghsrdgtohhm
X-ME-Proxy: <xmx:GX23YPuQB5r7VcyxOmldAgxCBMpEQEN6-vqRjGaQ7xqUygpIUNC-ew> <xmx:GX23YDcBIu_aL4cYZznPOkGT-xClBrRvKAIUjVsttg-Pe3bJ9t7bGA> <xmx:GX23YL2KLLCu-9Twoe_ySWf7yROmlGIUbJ98hUbw8JckUiCEgRO3Ug> <xmx:GX23YEpe4QRpbLCBL7OJFTgwc9Gn0f1MIG9LmwzrLcHrsF_trEMNBg>
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 2 Jun 2021 08:44:08 -0400 (EDT)
Reply-To: dick@reliableenergyanalytics.com
From: Dick Brooks <dick@reliableenergyanalytics.com>
To: 'Brendan Moran' <Brendan.Moran@arm.com>
Cc: 'Hannes Tschofenig' <Hannes.Tschofenig@arm.com>, 'Michael Richardson' <mcr+ietf@sandelman.ca>, 'Russ Housley' <housley@vigilsec.com>, suit@ietf.org
References: <19586.1622075797@localhost> <DBBPR08MB5915CEC125579D78C108D540FA3F9@DBBPR08MB5915.eurprd08.prod.outlook.com> <F6C86CC2-3AF8-4CC5-BB47-AC6579DAA0C4@vigilsec.com> <13894.1622479289@localhost> <DBBPR08MB59153D31EE75D565A64B4F79FA3F9@DBBPR08MB5915.eurprd08.prod.outlook.com> <186901d75657$0ab645a0$2022d0e0$@reliableenergyanalytics.com> <1B50DDD2-2B47-4044-B812-30BE0D80B31D@arm.com>
In-Reply-To: <1B50DDD2-2B47-4044-B812-30BE0D80B31D@arm.com>
Date: Wed, 02 Jun 2021 08:44:04 -0400
Organization: Reliable Energy Analytics LLC
Message-ID: <021201d757ac$fb26bb90$f17432b0$@reliableenergyanalytics.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQI/QDB0THmT0m+iwpMcIJ7U5AyVWwGeOG6MAhV23QADMtNZAgFLDFHUAKWKaG4CNkkQV6nYbMDw
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/OyAy1raIwPVvbIjTMspNfb7rUZY>
Subject: Re: [Suit] suit-firmware-encryption-00
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jun 2021 12:44:16 -0000

Thanks for your insights Brendan.

I believe Hannes addressed this concern by suggesting an extension attesting to the results of a malware scan, performed by the original software source supplier prior to encryption, that a SW consumer can trust.
This would provide the end use customer with the information they need to assess trustworthiness for an encrypted object, with regard to the presence of malware, as part of a software supply chain risk assessment.

Do you agree that this is an acceptable compromise?


Thanks,

Dick Brooks

Never trust software, always verify and report! ™
http://www.reliableenergyanalytics.com
Email: dick@reliableenergyanalytics.com
Tel: +1 978-696-1788

-----Original Message-----
From: Brendan Moran <Brendan.Moran@arm.com> 
Sent: Wednesday, June 2, 2021 8:34 AM
To: Dick Brooks <dick@reliableenergyanalytics.com>
Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; Michael Richardson <mcr+ietf@sandelman.ca>; Russ Housley <housley@vigilsec.com>; suit@ietf.org
Subject: Re: [Suit] suit-firmware-encryption-00

Encryption support is not optional. It’s mandatory. Many organisations will not consent to their binaries being publicly available. This is easy to demonstrate: most MCUs support read-out protection. We can’t simply remove encrypted payload support because it changes the audit story. Instead, firmware authors must cooperate with auditors.

Best Regards,
Brendan

> On 31 May 2021, at 20:56, Dick Brooks <dick@reliableenergyanalytics.com> wrote:
>
> I believe encryption would "get in the way of" a malware scan 
> performed during a software supply chain risk assessment.
>
>
> Thanks,
>
> Dick Brooks
>
> Never trust software, always verify and report! T 
> http://www.reliableenergyanalytics.com
> Email: dick@reliableenergyanalytics.com
> Tel: +1 978-696-1788
>
> -----Original Message-----
> From: Suit <suit-bounces@ietf.org> On Behalf Of Hannes Tschofenig
> Sent: Monday, May 31, 2021 3:47 PM
> To: Michael Richardson <mcr+ietf@sandelman.ca>; Russ Housley 
> <housley@vigilsec.com>; suit@ietf.org
> Subject: Re: [Suit] suit-firmware-encryption-00
>
> Hi Michael,
>
>>> SUIT is using signature for the authentication and integrity of the 
>>> firmware.  If the signature remains in place, a party in the middle
> of
>>> the distribution cannot insert any malware.
>
>> The encryption of the firmware keeps third parties from auditing the
> software updates to determine if malware has been inserted at the "factory"
>> Both white and black hats are currently using binary diff systems to 
>> look
> at patches.  Black hats use this to develop exploits in the gap 
> between 9am EST and 9am PST!
>> I am suggesting that this is a "Security Consideration"
>
> A description of the software is contained in the COSWID and, as 
> Brendan suggests, in a MUD file that is included with the manifest 
> (see https://datatracker.ietf.org/doc/html/draft-moran-suit-mud).
> Furthermore, I can imagine that those authorized to audit the software 
> can do so either based on the source code or by giving them access to 
> the binary.
>
> Ciao
> Hannes
>
> IMPORTANT NOTICE: The contents of this email and any attachments are 
> confidential and may also be privileged. If you are not the intended 
> recipient, please notify the sender immediately and do not disclose 
> the contents to any other person, use it for any purpose, or store or 
> copy the information in any medium. Thank you.
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email