IETF Logo Mail Archive

Re: [Suit] SUIT rechartering: proposed text

Russ Housley <housley@vigilsec.com> Tue, 20 July 2021 15:13 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2579D3A265D for <suit@ietfa.amsl.com>; Tue, 20 Jul 2021 08:13:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CpM14vwztCbn for <suit@ietfa.amsl.com>; Tue, 20 Jul 2021 08:13:27 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 769243A2658 for <suit@ietf.org>; Tue, 20 Jul 2021 08:13:27 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 7B27B300BE5 for <suit@ietf.org>; Tue, 20 Jul 2021 11:13:26 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id OthpFkWZImY7 for <suit@ietf.org>; Tue, 20 Jul 2021 11:13:15 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 50C96300AEB for <suit@ietf.org>; Tue, 20 Jul 2021 11:13:10 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Tue, 20 Jul 2021 11:13:09 -0400
References: <66D84CE5-22E6-44F0-8239-8A5832326219@arm.com> <3E7D5E5B-03EE-4EDD-A951-FB119F72DDE8@arm.com> <16339.1613515194@localhost> <E4B87013-1498-463F-98C0-5FF13344C3EA@arm.com> <6FC3F38A-B067-4180-ACD9-A121162EA459@vigilsec.com> <26718.1626138395@localhost> <MN2PR09MB4841BA0A0CC978E70A09A509F0119@MN2PR09MB4841.namprd09.prod.outlook.com>
To: suit <suit@ietf.org>
In-Reply-To: <MN2PR09MB4841BA0A0CC978E70A09A509F0119@MN2PR09MB4841.namprd09.prod.outlook.com>
Message-Id: <67F117E7-28F2-45F3-BC4C-AC8116BCB69F@vigilsec.com>
X-Mailer: Apple Mail (2.3445.104.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/bMJKmocntQIYHOofe1an-8ckS5s>
Subject: Re: [Suit] SUIT rechartering: proposed text
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jul 2021 15:13:30 -0000

I have tried to address the comments from Michael, Dave T., and Dave W.  The biggest change is int inclusion to an additional document for set of claims related for attesting to firmware update status.  This covers the SUIT-related claims that ware currently being considered in the RATS WG.

Please review and comment.

Russ

= = = = = = = 

Vulnerabilities in Internet of Things (IoT) devices have raised the need
for a secure firmware update mechanism that is also suitable for constrained
devices.  Security experts, researchers, and regulators recommend that all IoT
devices be equipped with such a mechanism.  While there are many proprietary
firmware update mechanisms in use today, there is no modern interoperable
approach allowing secure updates to firmware in IoT devices. In June 2016,
the Internet Architecture Board organized a workshop on 'Internet
of Things (IoT) Software Update (IOTSU)', and RFC 8240 documents various
requirements and challenges that are specific to IoT devices.

A firmware update solution consists of several components, including:
* A mechanism to transport firmware images to compatible devices.
* A manifest that provides meta-data about the firmware image (such as a
  firmware package identifier, the hardware the package needs to run, and
  dependencies on other firmware packages), as well as cryptographic
  information for protecting the firmware image in an end-to-end fashion.
* The firmware image itself.

The SUIT WG is defining a firmware update solution (taking into account past
learnings from RFC 4108 and other proprietary firmware update solutions) that
are usable on Class 1 (as defined in RFC 7228) devices, i.e., devices with
~10 KiB RAM and ~100 KiB flash.  The solution may apply to more capable devices
as well.  The SUIT WG is not defining any new transport or discovery mechanisms,
but may describe how to use existing mechanisms within the architecture.

The SUIT WG has already completed work on two documents:
* An IoT firmware update architecture that includes a description of the
  involved entities, security threats, and assumptions.
* An information model for the SUIT manifest.

Now that the information model is complete, the SUIT WG has selected the CBOR
serialization format and the associated COSE cryptographic mechanisms to
encode the SUIT manifest. The SUIT WG may consider a small number of additional
formats in the future; however, to reduce the complexity of a firmware
management solution, a very small number of formats is preferred to enable SUIT
maifest integration and interoperability with other IoT technologies and
ecosystems.  To support a wide range of deployment scenarios, the formats are
expected to be expressive enough to allow the use of different firmware sources
and permission models.

The SUIT WG does not aim to create a standard for a generic application
software update mechanism, but instead the SUIT WG is focusing on firmware
development practices in the embedded industry. Software update solutions that
target updating software other than the firmware binaries (e.g., applications)
are also out of scope.

To support the SUIT manifest format, the SUIT WG is also defining formats and
protocols that enable a SUIT Status Tracker to determine if a particular
manifest could be successfully deployed to a device and determine if an
operation was successful.

In addition, the SUIT WG will specify claims related to the SUIT Status Tracker
that can be used to provide evidence in support of the architecture defined by
the RATS WG.

The SUIT WG will continue to work with silicon vendors and OEMs that
develop IoT operating systems to produce implementations based on SUIT WG
specifications.  In particular, the SUIT WG plans to continue to participate
in IETF Hackathons.

The SUIT WG document deliverables are:
* A SUIT manifest format specification using CBOR.
* A firmware encryption specification for use with SUIT manifests.
* A secure for IoT device to reporting on firmware update status.
* A set of claims related for attesting to firmware update status.
* A SUIT manifest extension to include a MUD file as defined in RFC 8520.

v2.23.0 | Report a Bug | By Email