IETF Logo Mail Archive

Re: [Suit] Suit manifest with variable recipients

Dick Brooks <dick@reliableenergyanalytics.com> Tue, 20 July 2021 15:01 UTC

Return-Path: <dick@reliableenergyanalytics.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D10343A25D8 for <suit@ietfa.amsl.com>; Tue, 20 Jul 2021 08:01:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j__94iOgzfGu for <suit@ietfa.amsl.com>; Tue, 20 Jul 2021 08:01:38 -0700 (PDT)
Received: from forward3-smtp.messagingengine.com (forward3-smtp.messagingengine.com [66.111.4.237]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53FEF3A25E5 for <suit@ietf.org>; Tue, 20 Jul 2021 08:01:38 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailforward.nyi.internal (Postfix) with ESMTP id 36D171940382; Tue, 20 Jul 2021 11:01:37 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Tue, 20 Jul 2021 11:01:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :reply-to:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=OE9U/PHJACPWhof6+MEICV6Wfrkvd kXw1LIPMII/RFE=; b=jHRLjaNFbpzcNnLoMTT9i6DCYlzHXAYe+e5nsmNcNELji 6otV8An57p3z2DtnmuGjVxh3/aT+RPtyaMlvekY7+S0iJWGTrHd/cURBJAYejKXX RjPYeEcPqCfIDNGQBL93ygx0Eypf51sIzBs2EpH3WPKY3AjFizhB9SqIRmFETeSQ lUhYQWwJMNu5lYfxhF3La51JCOHZT/p96zjM3pAo/vcGAoEZ2t0DUppdiGoBcehv dlPy57pMxW0Joo5pcrrS1TMErozC6Cr/Jz6F+jFXMb2t4AXfP5rNVtFVZCDlqvWf 6pPs3yC7IXWiPsLHTzPwIJJbBJneCIQQXgKiidMbg==
X-ME-Sender: <xms:UOX2YNLWdAK4S9ZviPVjvOScBRfF04piYI2zkvm-HvG_7lF-00uQtw> <xme:UOX2YJI_TnJTsiWoBlcP98nQV24hWbq6lQQMGIJpyMtKwXnTtvHhgLDcfDY5NHulX pxqkWcdqcjmGICcjQ>
X-ME-Received: <xmr:UOX2YFuVZibLS1CSBG4Ks1McHj2THb6XQtgauBSpQ_Sc1BxksfkZXaM>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrfedvgdekudcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpehrhffvfhgjufffohfkgggtgffothesthhqghdtvddtjeenucfhrhhomhepfdff ihgtkhcuuehrohhokhhsfdcuoeguihgtkhesrhgvlhhirggslhgvvghnvghrghihrghnrg hlhihtihgtshdrtghomheqnecuggftrfgrthhtvghrnhepgffhhfekjeevlefgiefhvdeg teehhfffffekheduieetgffhudeigffffedujeejnecuffhomhgrihhnpehrvghlihgrsg hlvggvnhgvrhhghigrnhgrlhihthhitghsrdgtohhmpdhivghtfhdrohhrghenucevlhhu shhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpeguihgtkhesrhgvlh hirggslhgvvghnvghrghihrghnrghlhihtihgtshdrtghomh
X-ME-Proxy: <xmx:UOX2YObFpGJkSdWKkiFArHemA35jhCdpLsslCBh_Lq32ppeQeGLVbQ> <xmx:UOX2YEarQCpbhXWi4YgQVdgxZ4bKsm9uWb6qtSdk-LDL1b5S7ukq8Q> <xmx:UOX2YCBt2DDnDHIWRQPI50Tag_CrpKYGTrKUd-2QStufG3dm4qZuXg> <xmx:UeX2YPxnvJ2R8aGS5dTdrLMfGuIB4w9c1WBBJEK_07AHvj9FiJmjPg>
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 20 Jul 2021 11:01:36 -0400 (EDT)
Reply-To: dick@reliableenergyanalytics.com
From: Dick Brooks <dick@reliableenergyanalytics.com>
To: 'Russ Housley' <housley@vigilsec.com>, 'Brendan Moran' <Brendan.Moran@arm.com>
Cc: 'Michael Richardson' <mcr+ietf@sandelman.ca>, 'suit' <suit@ietf.org>
References: <F51C5D05-043E-4F07-9A4C-7044646192E3@arm.com> <27551.1626138598@localhost> <4B4235A6-3965-4FBD-AEA8-E16C900C4A0C@arm.com> <43747220-600F-44EE-98D5-B59C1AA3F63D@vigilsec.com>
In-Reply-To: <43747220-600F-44EE-98D5-B59C1AA3F63D@vigilsec.com>
Date: Tue, 20 Jul 2021 11:01:29 -0400
Organization: Reliable Energy Analytics LLC
Message-ID: <338701d77d78$226ff8b0$674fea10$@reliableenergyanalytics.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQHUcayfBUPwmx+dqfkKjZ7FXQ+WXwGnm9yWAqOSdZsBeHJzBqsj7xew
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/wTZhhZTh64_WI8sLASNAv8YYPTg>
Subject: Re: [Suit] Suit manifest with variable recipients
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jul 2021 15:01:45 -0000

This also appears to be a provenance/chain of custody issue, if Brendan's scenario is feasible. 

Thanks,

Dick Brooks

Never trust software, always verify and report! ™
http://www.reliableenergyanalytics.com
Email: dick@reliableenergyanalytics.com
Tel: +1 978-696-1788

-----Original Message-----
From: Suit <suit-bounces@ietf.org> On Behalf Of Russ Housley
Sent: Tuesday, July 20, 2021 10:35 AM
To: Brendan Moran <Brendan.Moran@arm.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>; suit <suit@ietf.org>
Subject: Re: [Suit] Suit manifest with variable recipients

Brendan:

This is a DoS issue.  We wanted distribution to be able to add recipients and remove recipients.  This means that an attacker can also add recipients and remove recipients.  A second signature to bind the recipient information to the author-signed firmware would be a way to prevent attackers from doing this manimulation, but it comes at the cost of a second signature and the management of the trust anchor to validate it.

Russ


> On Jul 20, 2021, at 5:58 AM, Brendan Moran <Brendan.Moran@arm.com> wrote:
> 
> There is another possibility that I don’t think we’ve discussed. It has some pros and a really big con. For the sake of completeness, here it is: We keep the COSE_Encrypt exactly as it is and allow standard manifest overrides via dependencies. This is good because it means that only authorised parties can edit the recipients list. This is bad because it means that the unused recipients structures cannot be severed.
> 
> 
> I do have a big concern about the existing proposals: It is not possible to detect tampering with the recipients list. An on-path attacker could remove one or many devices from the recipients list. This would not be flagged as corruption because all signatures and digests are still correct. This would appear exactly as though the target device was not authorised to receive the update. This gives an on-path attacker an elevation of privilege because they can now control the recipients list without the explicit rights to do so. This is different from a normal denial of service attack; it is far less detectable.
> 
> For example, suppose a Firmware Author provides firmware to many Device Operators. Under normal DoS conditions, the location of an on-path attacker dictates how much control they have: if they are between the Firmware Author and the Device Operator, then either all the Device Operator’s devices are upgraded, or none of them are. If they are between the Device Operator and the Recipient (Device), then they can control whether that specific device is upgraded. This attack is detectable and not scalable.
> 
> However in our situation, an on-path attacker upstream of the Device Operator gains fine-grained control of which of the Device Operator’s devices are upgraded. This is scalable and difficult to detect. A Device Operator would need to communicate with the Firmware Author to determine why certain devices were not upgraded before the attack was discovered, giving attackers a window of opportunity. Depending on implementation details, competency, level of automation, and any other coincident attacks launched by the threat actor, this window could be longer or shorter.
> 
> 
> 
> 
> I don’t believe that this is inline with our goals, however this specific threat is not listed in the threat model within draft-ietf-suit-information-model—evidence that threat models are living documents, I suppose! Perhaps this threat should be discussed in draft-ietf-suit-firmware-encryption?
> 
> 
> I think the solution, though less than ideal, is to place some metadata in the manifest about the COSE_Encrypt within the manifest. In short, if COSE_Encrypt is external to the manifest, it must be authenticated by the manifest. If it is altered by an authorised party, that must be explicit and authenticated as well.
> 
> 
> I can see two possible implementations for this:
> 1) manifest override. A digest of the COSE_Encrypt is placed in the manifest. This digest can be replaced by an authorised party by creating a dependent manifest that overrides it. This approach suggests that we should add the facility to digest integrated payloads/images as Øyvind requested..
> 
> 2) COSE_Sign: If the COSE_Encrypt (actually a COSE_Encrypt_Tagged in this case) is overridden, then it must be replaced with a COSE_Sign_tagged containing the altered COSE_Encrypt. This initially seems less complex, but 1) reuses existing code paths, whereas 2) requires the creation of new ones.
> 
> I think we should consider requiring a digest of the COSE_Encrypt to be verified in advance of using the COSE_Encrypt in order to detect tampering. However if the COSE_Encrypt has been tampered with, but the resulting key is still usable, there’s no reason to halt installation. This presents an unusual problem: the verification of COSE_Encrypt is more important at the distribution level than at the Recipient level. At the Recipient level, it’s most important for reporting purposes.
> 
> The “correct” answer for this issue is not immediately clear to me.
> 
> Best Regards,
> Brendan
> 
>> On 13 Jul 2021, at 02:09, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
>> 
>> 
>> Brendan Moran <Brendan.Moran@arm.com> wrote:
>>> The result is that COSE_Recipients MUST be held outside of the 
>>> manifest’s chain of trust. This complicates matters somewhat. It 
>>> would be better if most of the COSE_Encrypt was held under the trust 
>>> umbrella while the COSE_Recipients were held outside the umbrella. 
>>> However, COSE does not support detached Recipient lists. This may be 
>>> a failing of COSE, and perhaps it should be discussed there. In the 
>>> interim, however, SUIT needs to move forward with some solution to 
>>> deploying variable recipient lists.
>> 
>> I think it is reasonable that SUIT give COSE a clear set of requirements.
>> (Let's not do CBOR packed goof again)
>> 
>>> I can see several options:
>> 
>> 
>>> Option 1: Place the COSE_Encrypt outside the manifest, reference it 
>>> by URI (remote) or Integer (envelope) Modify 
>>> suit-parameter-encryption-info to take a tstr (URI) or integer 
>>> (Envelope Reference)
>> 
>>> This means that all devices supporting the encryption-info parameter 
>>> MUST support both integrated, detached local, and detached remote 
>>> modes. I don’t think this is really in the spirit of SUIT.
>> 
>> I see your point.
>> 
>>> Option 2: Place the COSE_Encrypt outside the manifest, reference it 
>>> by Integer (envelope) Add a new 
>>> suit-parameter-encryption-info-detached
>>> that takes the integer (Envelope Reference)
>> 
>>> This has the benefit of being unambiguous. However, it creates a new
>>> problem: what happens if both the
>>> suit-parameter-encryption-info-detached and the 
>>> suit-parameter-encryption-info are set? Does there need to be a rule 
>>> that one explicitly unsets the other? How does that work with 
>>> permissions?
>> 
>> It sounds to me that either it's invalid (manifest rejected 
>> outright), or one simply has a higher priority than the other.
>> 
>>> Option 3: Abuse COSE slightly: Place a COSE_Encrypt0 in the 
>>> manifest. Place a list of recipients outside the manifest.
>> 
>>> This has the benefit of being what we actually want, but it probably 
>>> won’t play nice with COSE libraries.
>> 
>> I think that few devices will have totally generic COSE libraries anyway.
>> Encoders can cope.
>> 
>> 
>> --
>> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>>          Sandelman Software Works Inc, Ottawa and Worldwide
>> 
>> 
>> 
>> 
> 
> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit

_______________________________________________
Suit mailing list
Suit@ietf.org
https://www.ietf.org/mailman/listinfo/suit

v2.23.0 | Report a Bug | By Email