IETF Logo Mail Archive

Re: [Suit] HR Review: Firmware Update Architecture for IoT Devices

Dave Thaler <dthaler@microsoft.com> Wed, 11 July 2018 22:07 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A18A130EAA for <suit@ietfa.amsl.com>; Wed, 11 Jul 2018 15:07:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uSfVZycWbTp3 for <suit@ietfa.amsl.com>; Wed, 11 Jul 2018 15:07:50 -0700 (PDT)
Received: from NAM01-BY2-obe.outbound.protection.outlook.com (mail-by2nam01on0127.outbound.protection.outlook.com [104.47.34.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0ABC3130E73 for <suit@ietf.org>; Wed, 11 Jul 2018 15:07:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PV1YKnJPNADYW1YOKVZcn3XnK5oCoZ+wqckOeHdckwc=; b=hLUkGfHS0KM9BNbGXeSmMd/frbVVA0du54bJksFMzhiREezCW/cqBqIPXU80+HDDZYZzUFKmwhFBcMN7IrtltsklwqTACvNLVU6FSCsYPhyvO0yUtWUCXlp+ztlbAvIa7Z2m+VY9S4EzDhU4fA81+go2amtwlQTN3qaAENrQQ/M=
Received: from SN4PR2101MB0816.namprd21.prod.outlook.com (10.167.151.158) by SN4PR2101MB0880.namprd21.prod.outlook.com (10.167.151.161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.952.6; Wed, 11 Jul 2018 22:07:39 +0000
Received: from SN4PR2101MB0816.namprd21.prod.outlook.com ([fe80::11f4:8db2:7397:4dc0]) by SN4PR2101MB0816.namprd21.prod.outlook.com ([fe80::11f4:8db2:7397:4dc0%9]) with mapi id 15.20.0952.017; Wed, 11 Jul 2018 22:07:39 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Gurshabad Grover <gurshabad@cis-india.org>, "suit@ietf.org" <suit@ietf.org>, "hrpc@irtf.org" <hrpc@irtf.org>
CC: Sandeep Jha <sandeepkjha18@gmail.com>
Thread-Topic: [Suit] HR Review: Firmware Update Architecture for IoT Devices
Thread-Index: AQHUGV58Ovm/h+XLhU+7R6QhQ2qfPaSKi2iw
Date: Wed, 11 Jul 2018 22:07:39 +0000
Message-ID: <SN4PR2101MB0816F43DE79B8811CE63FCACA35A0@SN4PR2101MB0816.namprd21.prod.outlook.com>
References: <11993b06-5da6-e397-3457-de6ecec87bb4@cis-india.org>
In-Reply-To: <11993b06-5da6-e397-3457-de6ecec87bb4@cis-india.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=dthaler@ntdev.microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-07-11T22:07:05.5868444Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:9:cc7d:4400:7c36:a059]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; SN4PR2101MB0880; 7:wVvpNEHrzBcR4A0S93JF18sZeaRFt7wzQDAXD5DAIIPF3yqz/uTsnmZHdtyA2loZzYQGacP+Xe/oqj+1QntEaRfHXu1r1CbHxYby0ZES3v3iVfqZdSAbLM/8Rrn1kREaH/lCObHokk1iRW3xr9x63oXBje8LkSNtM2kHp17/KfmG3zKwNlgyU3zSm+e9+7N4d9itGmIXZ8Jt8rWkE0ixkx3QCrs9fMtU0DyD94RqXzZBru0Z/u6ZNCMMhJSy23x+
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: f09316d9-4bba-4b11-7439-08d5e77ab76d
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(5600053)(711020)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(48565401081)(2017052603328)(7193020); SRVR:SN4PR2101MB0880;
x-ms-traffictypediagnostic: SN4PR2101MB0880:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com;
x-microsoft-antispam-prvs: <SN4PR2101MB0880B43DD4CF41F5307BEB78A35A0@SN4PR2101MB0880.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3002001)(3231311)(944501410)(52105095)(2018427008)(10201501046)(93006095)(93001095)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(6072148)(201708071742011)(7699016); SRVR:SN4PR2101MB0880; BCL:0; PCL:0; RULEID:; SRVR:SN4PR2101MB0880;
x-forefront-prvs: 0730093765
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(366004)(396003)(39860400002)(136003)(189003)(199004)(99286004)(25786009)(14454004)(10090500001)(478600001)(2906002)(8990500004)(229853002)(15650500001)(33656002)(10290500003)(6116002)(68736007)(105586002)(97736004)(106356001)(53936002)(4326008)(6246003)(9686003)(5660300001)(6436002)(55016002)(7736002)(7696005)(305945005)(2501003)(2900100001)(11346002)(256004)(74316002)(5250100002)(8936002)(86612001)(2201001)(39060400002)(14444005)(102836004)(6506007)(76176011)(486006)(316002)(8676002)(110136005)(476003)(446003)(81166006)(46003)(186003)(22452003)(81156014)(86362001); DIR:OUT; SFP:1102; SCL:1; SRVR:SN4PR2101MB0880; H:SN4PR2101MB0816.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: 80/dwGA67YJ51ee8lvlKB3kq6UfSDzWCYscRzuBP/PoTPBILwTJQUUlE+iU4z20Y3PAJA05RNWkrZ99IoQRTHBnLAqMlurNgWMIAh0u4x/48dKDI73UnrbL6/HpBR7jJB/9ewefbG/Rehqz2SBCgkTvwDHFAJmXh6coByN2JykXR0gJVYxwkREDU8fH7bP2rV4gArxL5CGnkK1vM7phSF+c0I823tB8sob3pfNc2xf1QrgKpWaS0U6IhZQ4hLgFlndSn6cGQXXkS4FC9GmDas2oLFtfg8+3jt034nteLpnw5XUvW+ldW8FnyGwPjbDVVNh/uMUWG87jHsq77yq1wHGogtg/Q4ZMcqAN24JDJfyg=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f09316d9-4bba-4b11-7439-08d5e77ab76d
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jul 2018 22:07:39.0341 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN4PR2101MB0880
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/WHrvCNV4HKNY9jEpOaYpeBf0Ieo>
Subject: Re: [Suit] HR Review: Firmware Update Architecture for IoT Devices
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2018 22:07:53 -0000

Thanks Gurshabad.

A clarifying question below...

> # Privacy ([RFC8280], section 6.2.2)
> Privacy considerations are with regards to maintaining the confidentiality of firmware image and 
> manifest. Both the firmware image and manifest contain information about the device. As mentioned
> in the older version of the drafts, Class ID and Vendor ID are typically compiled as strings into the
> firmware image. If an untrusted intermediary storage is assumed, as in [SUIT-ARCH], this device
> information will be available to all intermediary and snooping parties, which may violate the device
> operator’s privacy. Additionally, device information can be used by an attacker to design and mount
> targeted attacks on the device.
>
> Concern: The drafts are inconsistent in its recommendation of encryption of firmware images.
> Section 3.3.13 of [SUIT-IM] says that the information model must enable encrypted payloads to
> prevent the attackers from reading the content of the firmware images whereas Section 3.3 of
> [SUIT-ARCH] leaves the choice of encryption to the authors/OEMs.
>
> Recommendation: We recommend removing these inconsistencies, and that the drafts mandate
> the encryption of the firmware image. Accordingly, we recommend the relevant text of section
> 3.3 of [SUIT-ARCH] be updated.

I believe the argument for it not being mandatory is that many IoT devices are not associated with
humans.  For example, factory devices are owned by the factory not a human.   Can you elaborate
on what the concern is for such devices that would warrant mandatory encryption?   Your comment
seems focused on devices associated with humans, and so I cannot tell whether your comment
applies more generally to all use cases that are in scope for the drafts.

Dave

v2.23.0 | Report a Bug | By Email