[Suit] Fwd WGLC on draft-ietf-suit-firmware-encryption-14 due on September 11, 2023
Hannes Tschofenig <hannes.tschofenig@gmx.net> Sat, 23 September 2023 17:10 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28993C151076 for <suit@ietfa.amsl.com>; Sat, 23 Sep 2023 10:10:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.806
X-Spam-Level:
X-Spam-Status: No, score=-2.806 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmx.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4bEatQ2lgQDO for <suit@ietfa.amsl.com>; Sat, 23 Sep 2023 10:10:39 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0C2AC14CE40 for <suit@ietf.org>; Sat, 23 Sep 2023 10:10:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1695489033; x=1696093833; i=hannes.tschofenig@gmx.net; bh=ICmoqslYLuCIwSpGdvFAOEWQ5k1Mr09KEPuK6hqvoI0=; h=X-UI-Sender-Class:Date:To:Cc:From:Subject; b=LnSUr5EBXphCvZlaQ7KIlCbR14o/mI56f+8veqZOqgFk5vfABFOp4L2fh9x0qLqo0V2+vACx2h+ rHVLg89M3fwkifY8EVkUGiBtE4u3oMu3PE5GpOasHyGRJ0YC1j53aPQiboQJ1fia/12ASjyAvWgFv Su/BfMg+E+4pQieusyb8yFrN7J47XFyC/7bqA4DiTUXkBp0lw05y7l4pRXzG4LgirjjOXJ1949D3z njpUguX81iziTasUkbQrXUjQ4s0CA9tD89GmAfPUjh1QulPpA/5f4fS0WeH1AM7zR8PGxiRcSWmVs Qexeq2IE6Rg9g7C4so7JQ/KiC329r/XoYCYw==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from [172.16.254.186] ([195.149.218.225]) by mail.gmx.net (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MEUz4-1quYgU3c30-00FzT4; Sat, 23 Sep 2023 19:10:32 +0200
Message-ID: <ddee2d10-01ea-425c-bd72-77e556a10809@gmx.net>
Date: Sat, 23 Sep 2023 19:10:32 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: "suit@ietf.org" <suit@ietf.org>
Cc: Ruud.Derwig@synopsys.com
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:i7o8xuZNAG45GuPrLpj+gGY9WVW3z9ld1YdLJo5cOdZYV2GU5ap mcH5MUSmayZrww4TTTv2k3leoGBY9bPro1Avpmfe3XZ6WbBtoyInsLMWL0/yV7NYXrZrSw1 eR0yo6UhyFO5/sdGlQ+1V5jvL1KnbgYdUtpMYUoOoeCCAEXgGDT4KBJJAxHVWMUJanLHQcE J0ZGmEmMOnwv4uJdJZKRg==
UI-OutboundReport: notjunk:1;M01:P0:09ReTfKbbEs=;rMhAs/n8AuudRRpXUPSqGfRotKe rDfN+Qj+okbV3Sng67wngypB3v9PSAx1LWSpyE4u+LVu4aBNX1VY4D1r9oaOwGglv/fFJKKXl DcKoqtDaah2RhxT5fCO5hMRPqHepgt4STSWv/wl9mGgGccKdhpUaLy9FXDveSv2ziB11Vs5/+ Yrb8UiT5My8jcv7cDAC7ECi+9KP4hoduKi54beTUvHmGIBWpC4/TPrRYchHWC22+Tt4g7ihIv pbcqdwM+dUjRU88R/MUo9mD2NRx0fL/oZ5dlaY5K6W+jVOsy60Tnfdm0/YyNLCnODn7nu6Pvc RFsm2GPKyBnUYAtvDKJAHYBS3GMXQNGtG+dbweKWH5BPorzZf5dJdIo9q+keOxTFxFMg9+fKm 9OzS8uW5b2rA+p5T1rPvSPyXHiUoYjWvMU6O15r221cr9GqLn20ptCuQf7DURWp67jVm3jTYF 0smRc4hFX6d0FKgDMqTFEGA668KJA3qSQcV7ewt5ahEE2DzygdIC8FetSQRzpAr4U0y/Fo0XP PxXR4LAq+nM52sMEnmZPn/+3NgK9hH5gKeyA95wxglArwrJ+h6yfxBC8VosTD4OlUqQxNR/ct 7/LHcdBiPWrnzhzq2ADQfbgJ+nT0GoF+pJboDSGFODjjFTytS6Jd+ngVbZxyxS9/3ftUVjdbD Rawrcktzzn4ZOjCyDvjUREb2iehkQP2i8h+jcdqV+YH24hyN+Nam85qsDyAvXJoaOOb0qoWSZ rjU0TaQ9ZcOx4SRHRDod9/KBWf9lxJEMn4jPdoFtJlj/ogsQ/prvgx2mtZafA9QhLXlc94qZB OoMXOxuvPNs5S4YsWVAxqi/4ANHtrBoOvjr1JVzK/3zhDjqhtyf9J0VfxarvIYRY/zOHP5XXW W1LEjh3NRDrenwcGNXJMDSMQ2gGZ4RqjX6Tpm04MM4AXZieDQbiuCk00VFyATyxxkZ5fiMVUq vNzqfyGV7Xc/EVe4zM8Nyf8Y9Pc=
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/jYVAhNJPU2jC0gy0zV9CX6t0s4k>
Subject: [Suit] Fwd WGLC on draft-ietf-suit-firmware-encryption-14 due on September 11, 2023
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Sep 2023 17:10:41 -0000
In this email I am forwarding review comments of draft-ietf-suit-firmware-encryption-14 from Ruud Derwig. Ruud chaired a EEMBC security group for many years, which developed the SecureMark-TLS benchmark. I asked him to review the draft because of his unique security expertise. Thanks again for the review comments, Ruud. Ciao Hannes ---- Hi Hannes, I finally had some time to look at this. Please find my feedback notes below – not sure it all makes sense, I may miss some context/goals or assumptions… Introduction “Encryption prevents third parties, including attackers, from gaining access to the firmware binary. Hackers typically need intimate knowledge of the target firmware to mount their attacks. For example, return-oriented programming (ROP) [ROP] requires access to the binary and encryption makes it much more difficult to write exploits.” All good, maybe (could be considered out of scope for this) add a remark that beside confidentiality of the binary, confidentiality of the sources (e.g. in case of open-source) may be required as well to prevent reverse engineering and/or reproduction of the binary firmware) Conventions This seems not only about conventions, but also some assumptions/use-models. E.g. “The author, which is responsible for creating the firmware image, does not know the recipients.”. I can imagine a different scenario where the channel/distribution system is not trusted, and the author does know the recipient. Is the goal protection of images during transportation, or when at rest stored inside a device? These may be different, and e.g. devices may have a unique key programmed into OTP for firmware decryption. In such a case, the provider of the firmware / provisioning service could encrypt the firmware with that device unique key (in a secure environment) and simply use that as payload with the firmware update service (no need to trust the ‘channel’). Or, maybe this is just a matter of definitions, and the role for the one doing the encryption is what the document calls “distribution”, but could be the same as the ‘author’. Architecture Reading on, I see the author does may know the recipient? Or at least get that info from the distributor. 4 to 6 : didn’t review in detail, need to dive into the latest SUIT stuff first… 7 firmware updates in flash memory Is this an informative section, or part of the proposed standard? More and more devices support HW-based, inline/on-the-fly decryption. Is that in scope of this proposal? In such a case, the encryption details are determined by the specific HW (and could be a differentiating feature/secret of the vendor), and firmware could still execute in place (XIP) instead of being copied. “Since the image in primary slot is available in cleartext” -> this seems to imply that the encryption is only for protection of the distribution. How about protection of firmware images inside devices? If it is only about the channel, aren’t their simpler ways (TLS) to ensure confidentiality? Regards, Ruud.
- [Suit] Fwd WGLC on draft-ietf-suit-firmware-encry… Hannes Tschofenig