IETF Logo Mail Archive

Re: [Suit] suit-firmware-encryption-00

Dick Brooks <dick@reliableenergyanalytics.com> Wed, 02 June 2021 12:54 UTC

Return-Path: <dick@reliableenergyanalytics.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DC0F3A4211 for <suit@ietfa.amsl.com>; Wed, 2 Jun 2021 05:54:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DxXMYyVloZVl for <suit@ietfa.amsl.com>; Wed, 2 Jun 2021 05:54:30 -0700 (PDT)
Received: from forward5-smtp.messagingengine.com (forward5-smtp.messagingengine.com [66.111.4.239]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C6293A4209 for <suit@ietf.org>; Wed, 2 Jun 2021 05:54:30 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailforward.nyi.internal (Postfix) with ESMTP id D218719411BA; Wed, 2 Jun 2021 08:54:27 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Wed, 02 Jun 2021 08:54:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :reply-to:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=hvvsRQG5i2QFrbp8tWyAjvkNGi4/9 Kp6vT1YJP4Kzpc=; b=XXp2GGcOLSP1EcP8KH8TINpV7IiYfEfX6JKFjP6k8hg1N ssmU5SjeBaTPwbJNWQkLiWba0d3WuPROXfxs/3rOWZ/zirx5M8sZAC6yQg7rASMF s25++Qp9FwHvPhlPiJqSxlXGLftS3bTQZzB6iPE8qQBGhxUc9KoR5vd5idplxidn vasJexT7v7DDPhDfJ6XSAt+/KkLrVq6/ms8Sqd5VgeiHlJFJ+3F1hSyv+p2qQKiH oopsWt+MjxooR5wnj0ZrT9D1eOemWXB0vPd/c9q85ufWvTc12mKCWKCJtDe88opF DEUoy4/jGkwqTxHdqJXQi5c5fMZsdbbL3x+wZfVEg==
X-ME-Sender: <xms:gn-3YChGcyGTSumqlIj2068BS6l0RATERx5CssP4JyHTnVpjLttArQ> <xme:gn-3YDDr8nPJzON4TsAA9EouG1L5pWuLSLg-g7WtNxdNCLtVDOthQxWaDkyt9ZMjS oHl1gUQ_C6-Tx14cQ>
X-ME-Received: <xmr:gn-3YKGbWwV6EvVsXTZrkEhCOs7iPCwWBX4PlFBZA4Zh-yQWALYbn3M>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrvdeljedgheekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheprhfhvfhfjgfuffhokfggtgfgofhtsehtqhhgtddvtdejnecuhfhrohhmpedf ffhitghkuceurhhoohhkshdfuceoughitghksehrvghlihgrsghlvggvnhgvrhhghigrnh grlhihthhitghsrdgtohhmqeenucggtffrrghtthgvrhhnpedvueelvdfftddtuedtffev jeeukeettdelgffgkeetgfduteejgfegvdejiefgueenucffohhmrghinheprhgvlhhirg gslhgvvghnvghrghihrghnrghlhihtihgtshdrtghomhenucevlhhushhtvghrufhiiigv pedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpeguihgtkhesrhgvlhhirggslhgvvghnvg hrghihrghnrghlhihtihgtshdrtghomh
X-ME-Proxy: <xmx:gn-3YLRVI_FEPIz0cO__z8o9PHK9n-1NgFm_iZ9X8dn1NTQjQVj2aw> <xmx:gn-3YPz5PsGcVvzOfeybZR5V2zWr6Kqfm52akyezqNbkCCTu8VdYxw> <xmx:gn-3YJ50n1lsOm06cRDjmDQbkQu7oLgXrjrmwzNZ1HGVnyaR1WcFAA> <xmx:g3-3YK_KmGicZE68xszuEnWb0J_1puhB6yn4RmwDuf4XxLFa7vb_9g>
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 2 Jun 2021 08:54:26 -0400 (EDT)
Reply-To: dick@reliableenergyanalytics.com
From: Dick Brooks <dick@reliableenergyanalytics.com>
To: 'Brendan Moran' <Brendan.Moran@arm.com>
Cc: 'Russ Housley' <housley@vigilsec.com>, 'Michael Richardson' <mcr+ietf@sandelman.ca>, 'Hannes Tschofenig' <Hannes.Tschofenig@arm.com>, 'suit' <suit@ietf.org>
References: <19586.1622075797@localhost> <DBBPR08MB5915CEC125579D78C108D540FA3F9@DBBPR08MB5915.eurprd08.prod.outlook.com> <F6C86CC2-3AF8-4CC5-BB47-AC6579DAA0C4@vigilsec.com> <13894.1622479289@localhost> <64BDF7A0-4B70-4EB3-A764-2BD6CAA3921A@vigilsec.com> <132601d7563d$7097f680$51c7e380$@reliableenergyanalytics.com> <EAD74612-4C5B-4922-B67C-522132DD00D4@arm.com>
In-Reply-To: <EAD74612-4C5B-4922-B67C-522132DD00D4@arm.com>
Date: Wed, 02 Jun 2021 08:54:21 -0400
Organization: Reliable Energy Analytics LLC
Message-ID: <02f301d757ae$6b04c640$410e52c0$@reliableenergyanalytics.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQI/QDB0THmT0m+iwpMcIJ7U5AyVWwGeOG6MAhV23QADMtNZAgELPwAdAnBC4M8B4r2nDanOtCug
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/hwzVTWt6tlAps0h-bD8AzSK18iU>
Subject: Re: [Suit] suit-firmware-encryption-00
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Jun 2021 12:54:35 -0000

Brendan,

There are two implementation models, that I'm aware of, for SCRM best practices in use today:
- SW Customer has its own internal process for SCRM risk assessments (customer is the COSE_Recipient)
- SW Customer outsources SCRM to 3rd party (3rd party is the COSE_Recipient)

I totally agree with " I’m just saying that it’s more difficult to build a ROP attack against a target when you don’t know any of its code." 

The optimal solution will impede the bad guys while simultaneously providing the end use customer with some assurance of trustworthiness for a sw package, before installation is performed. 

The days of "just sign it" and it will be trusted are coming to an end. More controls over the software supply chain are coming, i.e. SBOM and verifiable trusted signers.

Thanks,

Dick Brooks

Never trust software, always verify and report! ™
http://www.reliableenergyanalytics.com
Email: dick@reliableenergyanalytics.com
Tel: +1 978-696-1788

-----Original Message-----
From: Brendan Moran <Brendan.Moran@arm.com> 
Sent: Wednesday, June 2, 2021 8:32 AM
To: Dick Brooks <dick@reliableenergyanalytics.com>
Cc: Russ Housley <housley@vigilsec.com>; Michael Richardson <mcr+ietf@sandelman.ca>; Hannes Tschofenig <Hannes.Tschofenig@arm.com>; suit <suit@ietf.org>
Subject: Re: [Suit] suit-firmware-encryption-00

>
> " If a trustworthy party in the middle of the distribution path is 
> able to detect a problem with cleartext (but signed) firmware, they 
> can report a vulnerability and refuse to pass the update along."
>
> This is precisely the function SCRM vendors are performing today. 
> Encrypting a binary object would be an impediment to software supply 
> chain risk assessment functions in place today.

In this scenario, I would highly recommend simply adding the SCRM vendor to the COSE_Recipients list. This solves the auditing problem without exposing the firmware to malicious third parties. Remember, ROP compilers are a thing that exists and showing your adversary your binary makes it much easier to craft a ROP attack. I’m not arguing for security through obscurity, I’m just saying that it’s more difficult to build a ROP attack against a target when you don’t know any of its code. That fundamentally delays attacks and it also raises the bar: when you account for attacker capability modelling, what this does is reduce the number of possible adversaries.

Balancing audit and right to repair against strong security is non-trivial. However, I believe that we need to start with strong security, with hooks for audit and right-to-repair.

Best Regards,
Brendan

> Thanks,
>
> Dick Brooks
>
> Never trust software, always verify and report! T 
> http://www.reliableenergyanalytics.com
> Email: dick@reliableenergyanalytics.com
> Tel: +1 978-696-1788
>
> -----Original Message-----
> From: Suit <suit-bounces@ietf.org> On Behalf Of Russ Housley
> Sent: Monday, May 31, 2021 12:49 PM
> To: Michael Richardson <mcr+ietf@sandelman.ca>
> Cc: Hannes Tschofenig <Hannes.Tschofenig@arm.com>; suit@ietf.org
> Subject: Re: [Suit] suit-firmware-encryption-00
>
> Michael:
>
>>>> I agree that there are also challenges with certification schemes 
>>>> that prevent developers from seeing the source code (or from 
>>>> publishing the source code). That's yet another issue.
>>
>>> SUIT is using signature for the authentication and integrity of the 
>>> firmware.  If the signature remains in place, a party in the middle 
>>> of the distribution cannot insert any malware.
>>
>> The encryption of the firmware keeps third parties from auditing the 
>> software updates to determine if malware has been inserted at the
> "factory"
>> Both white and black hats are currently using binary diff systems to 
>> look at patches.  Black hats use this to develop exploits in the gap 
>> between 9am EST and 9am PST!
>> I am suggesting that this is a "Security Consideration"
>
> Yes, this is a reasonable thing to add to the Security Considerations.
>
> If a trustworthy party in the middle of the distribution path is able 
> to detect a problem with cleartext (but signed) firmware, they can 
> report a vulnerability and refuse to pass the update along.
>
> Russ
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email