IETF Logo Mail Archive

Re: [Suit] suit-firmware-encryption-00

Dick Brooks <dick@reliableenergyanalytics.com> Mon, 31 May 2021 20:00 UTC

Return-Path: <dick@reliableenergyanalytics.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBBF13A2486 for <suit@ietfa.amsl.com>; Mon, 31 May 2021 13:00:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JAhz0Xyz4Ixt for <suit@ietfa.amsl.com>; Mon, 31 May 2021 12:59:59 -0700 (PDT)
Received: from forward3-smtp.messagingengine.com (forward3-smtp.messagingengine.com [66.111.4.237]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4B3B3A2483 for <suit@ietf.org>; Mon, 31 May 2021 12:59:59 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailforward.nyi.internal (Postfix) with ESMTP id B65001940A89; Mon, 31 May 2021 15:59:57 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Mon, 31 May 2021 15:59:57 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :reply-to:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=n+M6Qft1COkJUPwLfn1uvYgmAB5sf f25/Oya4agJNhA=; b=Vnl+mSAzbzl+a3Lj1Ts9LsRNOmu5AeeiTV3NLjMe4lgYU GAKmzUuX2aihYWvq3SL1PR9mYFTs0Pq9OM4yLOJ62O62B9fyQqSMqQbaFpwhNxNo EBpwOqyfYlC8Zd0fbx+VPVHzpY7wYEgKzSrZ2ysk4Je1nZXyJVD+koj1u3Ql/8GP ldEOrfsIP7MUYuXK1K7zIHyHayBRfcu+b9E5o8sr+TD0hZ9t4k/xcfclNn6Fi6N8 Xe3Yg9Jwha3njVx/8KquQyslaoQ+5oIAZ2IZ10y6goWXySTpWI3uLiv7J/9VaDyY 71v+DYPKIcqy8n1oqWf4mE665LpApWWWLUdY1Jonw==
X-ME-Sender: <xms:PUC1YNkMW9TCNX03Q4oqQTTeUiO_VmIt-mpf9Wws8DWYqxaLfdJxJg> <xme:PUC1YI2KUYbY2lJqVEE8z5QR2V2Dt7zWDFbsJRfTF7m7KChlgzzjd6aP6I94lERGk ydIPpUSaVXCdJE-BQ>
X-ME-Received: <xmr:PUC1YDoEj2qWXFibYPwxTJ3P8uZ8knDfGDU4IKJAMN8bsgcWaFhuDzM>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvdelfedgudegiecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enfghrlhcuvffnffculddqhedmnecujfgurheprhfhvfhfjgfuffhokfggtgfgofhtseht jehgtddvtddvnecuhfhrohhmpedfffhitghkuceurhhoohhkshdfuceoughitghksehrvg hlihgrsghlvggvnhgvrhhghigrnhgrlhihthhitghsrdgtohhmqeenucggtffrrghtthgv rhhnpeehveeikefggfekkeehteejueevtdevgeeugfdthfdvkeekieeljeeggfdtjeduvd enucffohhmrghinheprhgvlhhirggslhgvvghnvghrghihrghnrghlhihtihgtshdrtgho mhdpfihhihhtvghhohhushgvrdhgohhvnecuvehluhhsthgvrhfuihiivgeptdenucfrrg hrrghmpehmrghilhhfrhhomhepughitghksehrvghlihgrsghlvggvnhgvrhhghigrnhgr lhihthhitghsrdgtohhm
X-ME-Proxy: <xmx:PUC1YNlUDFPO6J0QtKgsDS1U4anVJSejMCSvhCnBJh1AUQ3lbDMvPQ> <xmx:PUC1YL3ayhIUuKI1y2aMb_RDLlzdEL5Vk6nrsF1dwwAKPnLDVSSAtA> <xmx:PUC1YMuMB07alCXK5srdRYFW3lgJjpD4xzUl5K46j2EOcqWW6qMkww> <xmx:PUC1YE_C_YJACgpkScyL20cbp8oeJv3LroRlxO9g1mUjRxY0CPqI1Q>
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 31 May 2021 15:59:57 -0400 (EDT)
Reply-To: dick@reliableenergyanalytics.com
From: Dick Brooks <dick@reliableenergyanalytics.com>
To: 'Hannes Tschofenig' <Hannes.Tschofenig@arm.com>, 'Russ Housley' <housley@vigilsec.com>
Cc: 'Michael Richardson' <mcr+ietf@sandelman.ca>, suit@ietf.org
References: <19586.1622075797@localhost> <DBBPR08MB5915CEC125579D78C108D540FA3F9@DBBPR08MB5915.eurprd08.prod.outlook.com> <F6C86CC2-3AF8-4CC5-BB47-AC6579DAA0C4@vigilsec.com> <13894.1622479289@localhost> <64BDF7A0-4B70-4EB3-A764-2BD6CAA3921A@vigilsec.com> <132601d7563d$7097f680$51c7e380$@reliableenergyanalytics.com> <E2D893E5-8462-4F69-88D0-29167B6DB1B3@vigilsec.com> <140a01d7563f$65d2a130$3177e390$@reliableenergyanalytics.com> <DBBPR08MB591549CB964EA7E18C8640C2FA3F9@DBBPR08MB5915.eurprd08.prod.outlook.com>
In-Reply-To: <DBBPR08MB591549CB964EA7E18C8640C2FA3F9@DBBPR08MB5915.eurprd08.prod.outlook.com>
Date: Mon, 31 May 2021 15:59:53 -0400
Organization: Reliable Energy Analytics LLC
Message-ID: <18b401d75657$880bfef0$9823fcd0$@reliableenergyanalytics.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQI/QDB0THmT0m+iwpMcIJ7U5AyVWwGeOG6MAhV23QADMtNZAgELPwAdAnBC4M8B5S+ZkQG9GBtkAvvy+dappiwy8A==
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/bvElLyYIqltGGiFQvzKNPiD5z8c>
Subject: Re: [Suit] suit-firmware-encryption-00
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 May 2021 20:00:05 -0000

Thanks, Hannes. I just submitted a concern regarding the problem encryption
creates for malware scanning, which is one of the SCRM risk assessment
steps, performed before installation

Thanks,

Dick Brooks

Never trust software, always verify and report! T
http://www.reliableenergyanalytics.com
Email: dick@reliableenergyanalytics.com
Tel: +1 978-696-1788

-----Original Message-----
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com> 
Sent: Monday, May 31, 2021 3:57 PM
To: dick@reliableenergyanalytics.com; 'Russ Housley' <housley@vigilsec.com>
Cc: 'Michael Richardson' <mcr+ietf@sandelman.ca>; suit@ietf.org
Subject: RE: [Suit] suit-firmware-encryption-00

Hi Dick,

with the SUIT manifest format I hope we can make information available to
trusted third parties (MUD, COSWID and alike) and at the same time use
encrypted binaries. Having access to the plaintext binary is essential for
adversaries to mount attacks. (Happy to give a tutorial about how this
works.)

Like-wise differential updates may make it difficult for SCRM vendors to
make their analysis but the information in the manifest can help them.

Severable fields allows to remove information from the manifest before it is
sent to the device. This reduces overhead and prevents untrusted parties
from gathering information from the manifest.

Ciao
Hannes

-----Original Message-----
From: Dick Brooks <dick@reliableenergyanalytics.com>
Sent: Monday, May 31, 2021 7:07 PM
To: 'Russ Housley' <housley@vigilsec.com>
Cc: 'Michael Richardson' <mcr+ietf@sandelman.ca>; Hannes Tschofenig
<Hannes.Tschofenig@arm.com>; suit@ietf.org
Subject: RE: [Suit] suit-firmware-encryption-00

I agree, Russ.

Parties subject to the 5/12 Executive Order
(https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/ex
ecutive-order-on-improving-the-nations-cybersecurity/) will likely want to
perform a proactive SCRM risk assessment prior to installation, if my
interpretation of the EO is accurate.

Thanks,

Dick Brooks

Never trust software, always verify and report! T
http://www.reliableenergyanalytics.com
Email: dick@reliableenergyanalytics.com
Tel: +1 978-696-1788

-----Original Message-----
From: Russ Housley <housley@vigilsec.com>
Sent: Monday, May 31, 2021 12:56 PM
To: Dick Brooks <dick@reliableenergyanalytics.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>; Hannes Tschofenig
<Hannes.Tschofenig@arm.com>; suit@ietf.org
Subject: Re: [Suit] suit-firmware-encryption-00

Dick:

Yes, and there are other use cases that require encryption.

Russ


> On May 31, 2021, at 12:53 PM, Dick Brooks
<dick@reliableenergyanalytics.com> wrote:
>
> " If a trustworthy party in the middle of the distribution path is 
> able to detect a problem with cleartext (but signed) firmware, they 
> can report a vulnerability and refuse to pass the update along."
>
> This is precisely the function SCRM vendors are performing today.
> Encrypting a binary object would be an impediment to software supply 
> chain risk assessment functions in place today.
>
> Thanks,
>
> Dick Brooks
>
> Never trust software, always verify and report! T 
> http://www.reliableenergyanalytics.com
> Email: dick@reliableenergyanalytics.com
> Tel: +1 978-696-1788
>
> -----Original Message-----
> From: Suit <suit-bounces@ietf.org> On Behalf Of Russ Housley
> Sent: Monday, May 31, 2021 12:49 PM
> To: Michael Richardson <mcr+ietf@sandelman.ca>
> Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; suit@ietf.org
> Subject: Re: [Suit] suit-firmware-encryption-00
>
> Michael:
>
>>>> I agree that there are also challenges with certification schemes 
>>>> that prevent developers from seeing the source code (or from 
>>>> publishing the source code). That's yet another issue.
>>
>>> SUIT is using signature for the authentication and integrity of the 
>>> firmware.  If the signature remains in place, a party in the middle 
>>> of the distribution cannot insert any malware.
>>
>> The encryption of the firmware keeps third parties from auditing the 
>> software updates to determine if malware has been inserted at the
> "factory"
>> Both white and black hats are currently using binary diff systems to 
>> look at patches.  Black hats use this to develop exploits in the gap 
>> between 9am EST and 9am PST!
>> I am suggesting that this is a "Security Consideration"
>
> Yes, this is a reasonable thing to add to the Security Considerations.
>
> If a trustworthy party in the middle of the distribution path is able 
> to detect a problem with cleartext (but signed) firmware, they can 
> report a vulnerability and refuse to pass the update along.
>
> Russ
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
>


IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended
recipient, please notify the sender immediately and do not disclose the
contents to any other person, use it for any purpose, or store or copy the
information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email