IETF Logo Mail Archive

Re: [Suit] Suit manifest with variable recipients

Brendan Moran <Brendan.Moran@arm.com> Thu, 22 July 2021 15:26 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E4473A4A34 for <suit@ietfa.amsl.com>; Thu, 22 Jul 2021 08:26:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=g0xneWRI; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=g0xneWRI
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CPP1yqWagqyQ for <suit@ietfa.amsl.com>; Thu, 22 Jul 2021 08:26:16 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00079.outbound.protection.outlook.com [40.107.0.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2239A3A4A30 for <suit@ietf.org>; Thu, 22 Jul 2021 08:26:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6znsSh66W/j0wn8HsSvNHCZemF3jvBaCXR3af9KnP2o=; b=g0xneWRIYSkWOwsWmKhXc/Pm0eMR2ecx6IYgIMLu/Etza8txGzhoFYPd04LHnEgvmpBj0Vxhy720PSn82gGkSEVv1kyZpj9P+8xsswmL0tW6qtxNI0Hoh6rKdVcyqJWZenM3wUaCkLMQqFus+cnt/B+2JNZkZK+3E1Pvz8gVHhQ=
Received: from AM5PR0601CA0050.eurprd06.prod.outlook.com (2603:10a6:206::15) by AM4PR0802MB2369.eurprd08.prod.outlook.com (2603:10a6:200:65::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.25; Thu, 22 Jul 2021 15:26:13 +0000
Received: from VE1EUR03FT026.eop-EUR03.prod.protection.outlook.com (2603:10a6:206:0:cafe::32) by AM5PR0601CA0050.outlook.office365.com (2603:10a6:206::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.25 via Frontend Transport; Thu, 22 Jul 2021 15:26:13 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT026.mail.protection.outlook.com (10.152.18.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.24 via Frontend Transport; Thu, 22 Jul 2021 15:26:12 +0000
Received: ("Tessian outbound bbfc4df8f27e:v99"); Thu, 22 Jul 2021 15:26:12 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 6e8295f7dba6c217
X-CR-MTA-TID: 64aa7808
Received: from 36ab8f851bed.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 24FACA81-9F87-4FAB-8FA5-CEF1E8D5D0C3.1; Thu, 22 Jul 2021 15:25:45 +0000
Received: from EUR05-DB8-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 36ab8f851bed.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 22 Jul 2021 15:25:45 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dK1W60wgqdg/tE5V3MfJjQd0d8U69RNSQkp+0lWrRJ3VBWavBaEx62er3W9839zP6651/8RD6C3zOZyu73KYTM2jv3h7QQ1yMkFdbLUU5B+jhVihRItKvkZvpYLB/TnChYEYUMeS5U4vAy0iYQiobfUReiI6cL61jGn9Ia41CXmSvSSE6pE+FULjHDILpESyW1isTW1Ow+g7xiZLipm6LdAs1nPW4BYrm/eIIT4JUZg8K8raJBOf6ThlVU4ZkqkQwESFLf7QjtLv20EgFxP/a5Y/mrEvX0Ie6qxbIR9Y/sflGt4l9QEaYG/MHHZD+2mRFFdEkTe+O2Fz9+0XzpnrjA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6znsSh66W/j0wn8HsSvNHCZemF3jvBaCXR3af9KnP2o=; b=CjX6Rj4DKB70I9rORJBBfK1EysvurARAEyKJuRC39M7oNH3T2WYhC0QtkLZQobsMDynrMGiWuqRTQoEqVLKI8pp66+1ty8NHDjkOdJDBlEXh6qPZ/V0u0vfQKUi0mvPm3vfsDW/NOw1q/CvHUA0r0WnpVm8L85kJB+lH6zGC6CwoiRNpE/iAa6JM79P0HNWtWUGLU44XZmwRIgbIyiARspz9vhyt3XKQ7+jI+U9ure7W5ja8UpYb4YesuGm5XmycqMXwPMOVVF3g1eXe4OInhekFVSOM2T5o+8jJmqBwXMlcjENx6lgxky+ORBJDOyn0BTHDrHx9Mrn8ICDjEa0tGA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6znsSh66W/j0wn8HsSvNHCZemF3jvBaCXR3af9KnP2o=; b=g0xneWRIYSkWOwsWmKhXc/Pm0eMR2ecx6IYgIMLu/Etza8txGzhoFYPd04LHnEgvmpBj0Vxhy720PSn82gGkSEVv1kyZpj9P+8xsswmL0tW6qtxNI0Hoh6rKdVcyqJWZenM3wUaCkLMQqFus+cnt/B+2JNZkZK+3E1Pvz8gVHhQ=
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com (2603:10a6:10:1ae::11) by DB6PR0802MB2584.eurprd08.prod.outlook.com (2603:10a6:4:98::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4352.24; Thu, 22 Jul 2021 15:25:43 +0000
Received: from DBAPR08MB5576.eurprd08.prod.outlook.com ([fe80::f4d7:fc24:6a91:25a4]) by DBAPR08MB5576.eurprd08.prod.outlook.com ([fe80::f4d7:fc24:6a91:25a4%9]) with mapi id 15.20.4352.025; Thu, 22 Jul 2021 15:25:42 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: suit <suit@ietf.org>
Thread-Topic: [Suit] Suit manifest with variable recipients
Thread-Index: AQHXd1zMssEUvRyoaECAi77KD/QJ+KtAGN4AgAuUEQCAAkC0AIABP0sA
Date: Thu, 22 Jul 2021 15:25:42 +0000
Message-ID: <6BAA5E0E-7100-4418-8AAC-7A9420491D52@arm.com>
References: <F51C5D05-043E-4F07-9A4C-7044646192E3@arm.com> <27551.1626138598@localhost> <4B4235A6-3965-4FBD-AEA8-E16C900C4A0C@arm.com> <6855.1626898972@localhost>
In-Reply-To: <6855.1626898972@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3654.100.0.2.22)
Authentication-Results-Original: sandelman.ca; dkim=none (message not signed) header.d=none; sandelman.ca; dmarc=none action=none header.from=arm.com;
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: dd6101f9-e178-4365-7ddb-08d94d250a31
x-ms-traffictypediagnostic: DB6PR0802MB2584:|AM4PR0802MB2369:
X-Microsoft-Antispam-PRVS: <AM4PR0802MB2369886F8AE31698B3A4D397EAE49@AM4PR0802MB2369.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: Fo5+bKkL2+YB8ti+RpKJ2k+7TVKXJrY8NZbBjhZZFpcOP+cBAAEnnlTzViciFRJ75WOAFXx7xtxGsaIOy9zBuorkapX/jsVcSqwiU3PIwYalNs8BehIQfHA1I8v6tlUqBjDk/9EuryGrec0z640sQvYF53LpD5l6jnvWeA4KPqfMVvTbKwu/RLlcp0hS1FM+rWIts3D0/BTa2sR/MftDzZ9kX2YhAN4IoKNMSbVGSHQT8eAzqbsVDuyxJqoLh4TPnEPTOKyHfaB/v1g1gSMXHOcbHuJMYpzu5HN+YPutN8JkQHTy7iNFz2tL/SVdK0q316JzzfCJIPsOBmmBApE6bxqvaxjgJ2TgO9/9834NQ336Un+no6NP3JaZAs+EsGBzsJyKDeTIYc9V8IcJzFb7kPRwb2zmsGUgil9b+TcKeTGlBQuyrvtSnorL2UHdd2IhbGCS2CjTRITly3EosO1LBob2oocpNfEz8j5Puupd5iz5RabrX0YyBENFWrsY6pwZUjRjI42Hoj/iO1aT8/ZggwlPSLbI6TMzNFC4E7TXGI+/TdPv5Oukukks7S1kf/ILOYSm7O2vkNeXuj5EcQcrb6sZVepBc7HNab38MiR1M+1Smbn8YJ3IY+9NZdH7SQC3G9Mw8cNFxMBBihBoWMq9fwRiqCM7XcPdcG8B1t3GJKBfvmtm/pLZYhVVdaD6i0sqBn9S6R8SUvCgkHjAjQ7lPOJf1c/wtt3165YwpGgHFOa76dgjjBXb7eGalEGdK4nVWTI7/r6e07Vfc0sfMw9WVOboX/6s5JSxym2szdEFwJZbSHggJ4YOqVP6FXu429RoCyMm/rSvQFNu9WR5PAcQFBjPvF/5tb65mcZw/yJJy7c=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBAPR08MB5576.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39850400004)(346002)(136003)(376002)(366004)(396003)(2616005)(6512007)(478600001)(38100700002)(186003)(33656002)(122000001)(26005)(66446008)(64756008)(8676002)(66476007)(83380400001)(316002)(76116006)(66946007)(8936002)(53546011)(66574015)(71200400001)(4326008)(86362001)(966005)(91956017)(2906002)(6486002)(36756003)(66556008)(6506007)(5660300002)(45980500001)(38070700004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: AKr/JM+8N9bozuouivtvon1pZHcl288XJ9ixVLbB3AJoPadqfVE0SEPft2wDUTjP4Hcn6344RhxNVmTUfrKsF9D+Hk7dxQSqDNPh91A6nIA4vhN+tKPqyyQt6xqyOWcolL2mrDgaQbCNKWTrZj/S9opf6jqDlJjoZE/WWe33aNp7eYLF6i045Al0PnKLgo33mHe/MVibh7irA3ksPD9F/H51Bd5/welEgFcD0FNdhlx/BO/kve/QqniYSmuplgFt0F0GeL1Z9JIQBCBIYdU3P4kJXqZyt0pZOHcdvto1OiN2cBjV32U8/c+dHF9h+HAh37AGaEVLkpVNaIh39+e0nmvH38hNUajsfOuFKUt2iBFxfN5IsLX4IsJtQhelTRzXxgx/cPy52HqaOdjRhmq3waIKZXRiJ6cd+venxeEuyeFDo0ZYhtZFC8xznxf5D8TXyYywrofLmICYfDtYhhqo1bWyc84MTUgDnUUK7Xe8Yk0w7KVGZi1IzOxv86Y98kryq/gWZTviG89jQec0Gjj8fbOCRBmXkwgRaRAubC8A4w72ARy2NjI60qDe+tOJzuRsFpyd+vbKJd7rCGGwyHtpK7ldZapa5iSUMcTyfzQBZ7QO0DGUtq47bT1f5DUPHIY28QzDOHzc/sCfRi8oMCVLKzm/m3km6Hjxa/pp8EB3zc02vMcAfQsXI41xNsGz+1fvLA+r4aYESD2HKxCiF6gJ5ckreetH8mSkV9qrYclymRNrCFgZHzSRtzhWiVYgSqkU7VDT1XWC/Cqm4mHLUX2Z7hX1e8AF2PGFnCTJjAlmf7DRHeddYgBLLpVtO8RhGa5+0qiR1xhXKUnnIX4fE4qGkPawx2Zto6AfZo2AS7UqoLvdckI5SYEXuhuIkIqsVaRoB6fXcNfuN1erW1x3btKIkXPnYcAItKvA66LGbjL46akd5n2alWo0NufeFbT0OAlKvVmP2ayxnKPWk97rFdrjczK1DWiN23Pq+CRJyuqR9rhwII9uwjD/Hsu/iq1PatjWrinOyozkvepqVMo7tvFCbbRDcqUcQlv0Hrph5j1eYqDBS44pGQUgFVibD9K2619uyL31o/oWszTYNxGmY/cQRzR4IiOCzIapcE5nlY9sME/gAlJn6uHcEhG7mTZlz9ZhHui3rPKJQAmyD8qb9SlnMuxguOD9uM7kWoGLJFX3v37g5glq/YhGe/WusKFtjmQ0bpZBVxTLfP8y79phxsQtar9oPBZsnJs8w4ttPZlz0p4wpD8hwbVxewhFJopdR2eGmvJrr2RlZSd1KDqUxrnQ9iTfEn7YCOct+toWx3KtNhCVOlbBHam1yHRmi7aQltp4
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <1DCA7CD19C2B2641997B4650DB341FCB@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0802MB2584
Original-Authentication-Results: sandelman.ca; dkim=none (message not signed) header.d=none; sandelman.ca; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT026.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: aceb3075-dde5-4916-cb67-08d94d24f83c
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: bsecFemtn0QpfXDfQbeUs5LT8peh7u/2GY59Ux/MZpE4JKjOyprzb3KBVXMPYdySvP9XQviaidGxLqsW1FAFoj2pQT9jBy2fY57OOgJJwRQFg84tuL4kUDzzeug3dIdgJauLK6+fnB2sO55bIN7bwnaVZ2pRMYUl/UUagCT8LyY+jrXIzJpwoFAvFIzVpsFvct1+7vuKlDqeyy7rDEdX37cT8CLblwiDyjKwuX7j1IlGXDtrE5zaStueItdTvvVTfcUwtSm6tVCnC0yedKLDLat0ts7Zcn13ktYAdxQsW8wOb93wGVUhp9J48KjCpqncPP+4i4pWuE0RIB4PRbn/Poj+GA/vONpEUa5KFbNnPYNdLa8zHLftm915ZvYxgmaOhDJAOrHF25HdTHON786LmqTH519TfHZYFv7suIdMrU4OI6fvefJLm5HBBIkQAJPifrLYyyf/uLD+XCtO2sULcEsB131kxo+TOTqNLTRkfNghop7N9c8e1Z8hNyyPqNv44hCG0LlCSUHyXymN8+7/oJTIIWoQwG4kf5af9d1cIeB9dW6v9v/to5l2Pdq9uk0CrQa0AYqna2TLJyWrwNonq/0gsTMxowr6Z4JN/JL9i2oCjoTmBrU9VnG04S3jDT94tdT9N6vaS7Spi85Kyo5ufEw8lHeFzvt2hu3ppxlLehtPcwvITBnLxU4z/824FJM/F03848OX/P7c5TAwo+isah+DQvX0XXLOSJqGWbd7rRjjdkWnUxTUNXQ0s36MkCAJSGMRS3CCtjwp6tOR548+lRx/1UDqnlabraHAifDjIH3XufHSUmYDBO2PbAOPe1EU
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(39850400004)(396003)(346002)(376002)(136003)(46966006)(36840700001)(5660300002)(4326008)(86362001)(186003)(26005)(70206006)(8936002)(6512007)(83380400001)(2906002)(81166007)(36860700001)(70586007)(6486002)(316002)(53546011)(33656002)(82740400003)(47076005)(478600001)(966005)(336012)(6506007)(8676002)(356005)(2616005)(36756003)(82310400003)(6862004)(66574015); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jul 2021 15:26:12.8202 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: dd6101f9-e178-4365-7ddb-08d94d250a31
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT026.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0802MB2369
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/ZupBT4vZRJVwxOGhg6Qtk63eRIo>
Subject: Re: [Suit] Suit manifest with variable recipients
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jul 2021 15:26:23 -0000


> On 21 Jul 2021, at 21:22, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
>
>
> Not sure why I'm explicitely in the CC, reply-all I guess.

Yup.

>> I don’t believe that this is inline with our goals, however this
>> specific threat is not listed in the threat model within
>> draft-ietf-suit-information-model—evidence that threat models are
>> living documents, I suppose! Perhaps this threat should be discussed in
>> draft-ietf-suit-firmware-encryption?
>
> I think that such an on-path attacker can also drop the entire update, right?
> Or such an on-path attacker could selectively suppress the manifest getting
> to specific devices anyway.  The summary is that this is not something new
> that is enabled by fine-grained control of the encryption.

It depends where the on-path attacker is. If they are resident between the firmware author and the status tracker, then it was all or nothing: suppress the manifest in its entirety or don’t. This fine-grained control of encryption allows them fine-grained suppression control with repudiation: a single recipient can be suppressed by an attacker upstream of the status tracker without any evidence they have done so. It is impossible to tell whether an attacker suppressed the recipient or the manifest author suppressed the recipient.

>> I think the solution, though less than ideal, is to place some metadata
>> in the manifest about the COSE_Encrypt within the manifest. In short,
>> if COSE_Encrypt is external to the manifest, it must be authenticated
>> by the manifest. If it is altered by an authorised party, that must be
>> explicit and authenticated as well.

So, this is wrong. It’s not that the COSE_Encrypt MUST be authenticated by the manifest; it’s that the COSE_Encrypt MUST be authenticated! More below.

> I think that this barks up the wrong tree.
> Let's go back to the architecture (now RFC9019: woohoo!)

Hurray!

> Isn't the Status Tracker supposed to keep track of what version each device
> is running, and let it know that there is something new?

There are two threats that we need to concern ourselves with:

1: The threat described above: An on-path attacker upstream of the status tracker suppresses a device. This is different from existing SUIT DoS threats because of the targeting of single devices from outside a network. To be clear, this is not simply a DoS; it is an Elevation of Privilege (unprivileged actor decides which devices are updated) AND a Repudiation threat (Not possible to know who chose which devices received updates). The status tracker CAN inform the device of the new update, but the device appears not to have been authorised by the owner of the firmware (via the Content Encryption Key)

2: An on-path attacker (upstream or downstream of the status tracker) tampers with the COSE_Encrypt, causing a device to spend extra energy on receiving data, cryptographic operations, flash writes, etc.


These two threats are detected in different parts of the infrastructure and so may require different solutions.

For threat 1, the status tracker needs to validate that there has been no tampering with the list of recipient devices. This requires a signature that covers the recipient list. This signature does NOT need to be verified by a Manifest Processor. Therefore, this signature does not need to be integrated into the manifest dependency hierarchy and it does not need to be integrated as metadata in the manifest; it can exist purely in the envelope. Furthermore, the signature MAY be severed prior to delivery to a Recipient Device.

For threat 2, we want to prevent a device from performing unnecessary payload fetches, public key cryptographic operations, and flash writes. For the sake of argument, the energy cost to receive a byte over LoRa is approximately 15x the energy cost to write it to flash [1]. There’s not much we can do to make sure the cipher text of the payload is correct before fetching it. The manifest already provides a mechanism for verifying before decrypting, but that is not always applicable nor desirable from an energy perspective.

The COSE_Recipients structure is more interesting. We cannot verify the whole structure without public key operations unless there is already a trusted PSK with the distributor, but this simply recreates the key distribution problem.

In the Hybrid Public-Key Encryption (HPKE, non-interactive ephemeral-static Diffie-Hellman exchange) case, COSE_Encrypt contains the ephemeral public key and COSE_Recipients structure contains the cipher text of the Content Encryption Key (CEK) and a key id. The ephemeral public key is the same for all recipients. Similarly, the CEK is the same for all recipients. The CEK ciphertext and the key id are different for each recipient. While the ephemeral public key could be different for multiple “batches” of recipient devices, the CEK MUST be the same for the same payload.

In this case, it would make sense to authenticate the CEK. The digest of the CEK could be added to the manifest trivially in the parameter that references the COSE_Encrypt in the envelope. This would resolve Threat 2. We could potentially authenticate the ephemeral public key. I’m not certain that this improves over CEK authentication in a meaningful way since we can’t reasonably authenticate the CEK ciphertext without additional public key operations

1 public key operation to validate the manifest
1 public key operation to compute the shared secret
1 digest of CEK

A separately-signed COSE_Encrypt list makes this worse:

1 public key operation to validate the manifest
1 public key operation to validate the COSE_Encrypt & COSE_Recipients (including a digest of the whole COSE_Encrypt, not just a CEK)
1 public key operation to compute the shared secret

Including a digest of the CEK adds no public key operations and allows us to avoid fetching, decrypting, and storing a payload if the CEK is invalid. It takes less space to encode and less energy to verify. It costs 1 SUIT_Digest to encode this in the manifest. Given that this is a scenario where there is a COSE_Encrypt containing a public key, and a COSE_Recipient containing a key id, and a ciphertext key, a single SUIT_Digest is not a substantial increase in size.



To summarise, I think that the best course of action is to add a detached COSE_Sign for each COSE_Encrypt OR wrap the whole SUIT_Envelope in a COSE_Sign—though this becomes much more complex with dependencies that have encrypted payloads. The COSE_Sign allows the author and status tracker to exchange manifests without tampering by on-path attackers between. This COSE_Sign MAY be pruned prior to distribution to Recipients.

>
> AFAIK, standardization of the status tracker was not a goal in this round of
> SUIT.  I'm unclear if we this was an ordering/chartering decision, or if it
> was because we really didn't think we could accomplish this without boiling
> oceans.  RFC9019 mentions that LwM2M already has this functionality, and so
> maybe we will never ever have a single standard, but maybe it's time to
> identify what other places we can place the Status Tracker functionality.

This isn’t about the status tracker. This is about document format support for ensuring that the recipient list isn’t tampered with between Author and Status Tracker, between Status Trackers, or between Status Tracker and Recipient.

> We have also been discussing SBOM pointers via MUD and/or Remote Attestation.

I wrote a draft that’s very related to this for iotops! https://datatracker.ietf.org/doc/draft-moran-iot-nets/

>
> At this time, I think that the manifest has became a bit of a hammer, and
> we'e actually run out of nail-shaped things.

Overall, I think I agree. However, we have a few use cases left to cover, or cover more explicitly, I think.



Cheers,
Brendan

[1] The background for receive vs write estimates is as follows; but it may vary substantially with data rates, models of transceiver & MCU, etc.
SX1262 LoRa transceiver quotes up to 62.5kb/s, 8.2mA @ 1.8V in RX mode => 0.236 pJ/b or 1.89pJ/B
STM32F401RE quotes 12mA erase current (3.3V & 32-bit mode) and 16us word programming time => 0.119pJ/B



> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>           Sandelman Software Works Inc, Ottawa and Worldwide
>
>
>
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email