[Suit] FW: New Version Notification for draft-faibish-iot-ddos-usecases-01.txt

<Faibish.Sorin@dell.com> Wed, 25 December 2019 21:52 UTC

Return-Path: <Faibish.Sorin@dell.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 0A5031200E7; Wed, 25 Dec 2019 13:52:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id TrbYQiAfBfUv; Wed, 25 Dec 2019 13:52:26 -0800 (PST)
Received: from mx0a-00154904.pphosted.com (mx0a-00154904.pphosted.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21013120025; Wed, 25 Dec 2019 13:52:25 -0800 (PST)
Received: from pps.filterd (m0170392.ppops.net []) by mx0a-00154904.pphosted.com ( with SMTP id xBPLj43R010723; Wed, 25 Dec 2019 16:52:23 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=smtpout1; bh=JcIOBGEgc8/5cyWmlK/mO7AXrzoFvloWDeRMnMtYNnU=; b=oNP5yQXGI1v5Khhe1DzPphTkKZfNWTBSwsWMZItmc42pgqWreqDSACbjL80M1+MsqyZn iJtuZa5b+5Egi90V6vnKPuDWiyiBM+IC5WGVjRoPpdgUKRYTy0hw/kA5QD280kGLP5qY Ve3xZwTFyMPFHw/9iidhhx6L4worO+X3BXBQVx2EcQ8YAH4d3Ud2ClrPKn8cnLvNHqGw OM9dmxdqgqXdcdTSD588UYg2WTALI5rXvXHL4ngxgDVzbx6RoBN6GIetSmomqTKcAnob MX4lX/K4T6/NYzXVkqA0OUkgZUEzk8UYBX+N4nt7iwqJX/F1vIOmq9NOrgFZdbpYd4SF yQ==
Received: from mx0b-00154901.pphosted.com (mx0b-00154901.pphosted.com []) by mx0a-00154904.pphosted.com with ESMTP id 2x1fej9wjd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 25 Dec 2019 16:52:23 -0500
Received: from pps.filterd (m0134318.ppops.net []) by mx0a-00154901.pphosted.com ( with SMTP id xBPLlq7o095243; Wed, 25 Dec 2019 16:52:22 -0500
Received: from ausxipps310.us.dell.com (AUSXIPPS310.us.dell.com []) by mx0a-00154901.pphosted.com with ESMTP id 2x1ewjfbb9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 25 Dec 2019 16:52:22 -0500
X-LoopCount0: from
X-PREM-Routing: D-Outbound
X-IronPort-AV: E=Sophos;i="5.60,349,1549951200"; d="scan'208";a="464709363"
From: <Faibish.Sorin@dell.com>
To: <teep@ietf.org>
CC: <secdispatch@ietf.org>, <suit@ietf.org>, <rats@ietf.org>
Thread-Topic: New Version Notification for draft-faibish-iot-ddos-usecases-01.txt
Thread-Index: AQHVu2eQmpLQttK5yE+1FHWFMMTBsqfLWOXg
Date: Wed, 25 Dec 2019 21:52:20 +0000
Message-ID: <1f98a6aed319418fa139dcaf37c317d2@x13pwdurdag1001.AMER.DELL.COM>
References: <157730815035.29082.3329281957041349799.idtracker@ietfa.amsl.com>
In-Reply-To: <157730815035.29082.3329281957041349799.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
msip_labels: MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Enabled=True; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Owner=faibish_sorin@emc.com; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SetDate=2019-12-25T21:52:18.7002186Z; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Name=External Public; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Application=Microsoft Azure Information Protection; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Extended_MSFT_Method=Manual; aiplabel=External Public
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,18.0.572 definitions=2019-12-25_07:2019-12-24,2019-12-25 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 spamscore=0 lowpriorityscore=0 malwarescore=0 mlxlogscore=999 phishscore=0 suspectscore=0 mlxscore=0 bulkscore=0 clxscore=1011 priorityscore=1501 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912250191
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 lowpriorityscore=0 malwarescore=0 suspectscore=0 mlxlogscore=999 impostorscore=0 spamscore=0 phishscore=0 mlxscore=0 priorityscore=1501 adultscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912250191
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/btwm7uCpUK_mIA1Prq-abY0lVYU>
Subject: [Suit] FW: New Version Notification for draft-faibish-iot-ddos-usecases-01.txt
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Dec 2019 21:52:30 -0000


Based on the comments of TEEP WG issue #65 was closed with recommendations to move this draft to a different WG. But I just wanted to add more details on the proposed used cases adding the relation to MUD and before moving to a different WG I want to have a new review of the draft. 

After discussions in the joint call with SUIT WG I am considering perhaps moving the draft to SUIT or RATS based on Dave's recommendations. Yet in order to be sure this draft will not go to waste I will ask to move it to SECDISPATCH for the final decision before I toss it. I sincerely believe that this draft is falling between security WGs chairs and it is very relevant for the current state of internet security. 

I agree to Dave that perhaps:
•	TEEP manages the TEE in a device, not the REE in a device.
•	This may be relevant to RATS though 

But I disagree to close it dead as it is important from my view.
•	Propose closing issues as out of scope

Additional to this I am working to expand the python tool that I used to tests TEEP IoT devices that could be used for DDoS attacks. I would ask the TEEP WG to continue testing vulnerability of devices to DDoS (reflected traffic) during next IETF meeting and I want to have 10 minutes to make my case before I go to the SECDISPATCH WG. I will offer to continue to check TEEP devices vulnerability in Vancouver hackathon. 

And finally I will ask and appreciate any comments and review of the new draft. Thank you


-----Original Message-----
From: internet-drafts@ietf.org <internet-drafts@ietf.org> 
Sent: Wednesday, December 25, 2019 4:09 PM
To: faibish, sorin
Subject: New Version Notification for draft-faibish-iot-ddos-usecases-01.txt


A new version of I-D, draft-faibish-iot-ddos-usecases-01.txt
has been successfully submitted by Sorin Faibish and posted to the IETF repository.

Name:		draft-faibish-iot-ddos-usecases
Revision:	01
Title:		Usecases definition for IoT DDoS attacks prevention
Document date:	2019-12-25
Group:		Individual Submission
Pages:		9
URL:            https://www.ietf.org/internet-drafts/draft-faibish-iot-ddos-usecases-01.txt
Status:         https://datatracker.ietf.org/doc/draft-faibish-iot-ddos-usecases/
Htmlized:       https://tools.ietf.org/html/draft-faibish-iot-ddos-usecases-01
Htmlized:       https://datatracker.ietf.org/doc/html/draft-faibish-iot-ddos-usecases
Diff:           https://www.ietf.org/rfcdiff?url2=draft-faibish-iot-ddos-usecases-01

   This document specifies several usecases related to the different
   ways IoT devices are exploited by malicious adversaries to
   instantiate Distributed Denial of Services (DDoS) attacks. The
   attacks are generted from IoT devices that have no proper protection
   against generating unsolicited communication messages targeting a
   certain network and creating large amounts of network traffic. The
   attackers take advantage of breaches in the configuration data in
   unprotected IoT devices exploited for DDoS attacks. The attackers
   take advantage of the IoT devices that can send network packets
   that were generated by malicious code that interacts with an OS
   implementation that runs on the IoT devices. The prupose of this
   draft is to present possible IoT DDoS usecases that need to be
   prevented by TEE. The major enabler of such attacks is related to
   IoT devices that have no OS or unprotected EE OS and run
   code that is downloaded to them from the TA and modified by
   man-in-the-middle that inserts malicious code in the OS.


Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat