IETF Logo Mail Archive

Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-encryption-14 due on September 11, 2023

Michael Richardson <mcr+ietf@sandelman.ca> Sun, 10 September 2023 22:21 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF9EAC14CE4D for <suit@ietfa.amsl.com>; Sun, 10 Sep 2023 15:21:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DcPjmOnmUFMu for <suit@ietfa.amsl.com>; Sun, 10 Sep 2023 15:21:01 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 91023C14CF1C for <suit@ietf.org>; Sun, 10 Sep 2023 15:21:01 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 3936F38DBE for <suit@ietf.org>; Sun, 10 Sep 2023 18:21:00 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id egWTa0iOwfsQ for <suit@ietf.org>; Sun, 10 Sep 2023 18:20:59 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 8143338DBD for <suit@ietf.org>; Sun, 10 Sep 2023 18:20:59 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1694384459; bh=Zbfzn+ZlQexFsADRX5nOm8sxQwPAjFo7WKHk86Oxjt4=; h=From:To:Subject:In-Reply-To:References:Date:From; b=dYgQ7H5hg9DgG1Y89IZCdH5enBX4LyQ0ipBSoKJCb1rUWMJ8k8N4teZvTVdkeKCHV 3bjHfPtTwReB2oEUnwjvarnyJYZOsCxTZHBovhnL2JDixSWjWoWfv3E5IMeBhXr3WX whIglzLCKtNrRIC+Xln7+xFu9uFubDP+4he37zhvodW29pyHF6ryHK4ee0uVNBut6+ 65jsUKxXWAaBStZPfNOuSEyQfeO+Y8xtiae8orF85EAxf8abAaj2FLIjCxZVw3uzcP 6mMGGyo/7Z1RKzlyTN3wc2/9FTNxrPDfnHVu17NVrEIeM7seC3ZdPIZ2u++JRXBbax XmDGAqc4834wQ==
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id D8F8A44C for <suit@ietf.org>; Sun, 10 Sep 2023 18:20:58 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: suit@ietf.org
In-Reply-To: <GV2PR10MB7438B53F9EA845B2B78BB17BEEE6A@GV2PR10MB7438.EURPRD10.PROD.OUTLOOK.COM>
References: <MW4PR09MB988694F9A88981948F4290B4F0E0A@MW4PR09MB9886.namprd09.prod.outlook.com> <GV2PR10MB7438B53F9EA845B2B78BB17BEEE6A@GV2PR10MB7438.EURPRD10.PROD.OUTLOOK.COM>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 27.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sun, 10 Sep 2023 18:20:58 -0400
Message-ID: <23882.1694384458@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/xbRV0LBzZitJ9PYTK3cfpW0ZiUU>
Subject: Re: [Suit] WG: WGLC on draft-ietf-suit-firmware-encryption-14 due on September 11, 2023
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Sep 2023 22:21:07 -0000

Hi, I re-read draft-ietf-suit-firmware-encryption-14.
My comments below are entirely of an editorial nature.

1. Figure one has a data flow from right to left.
   My brain would prefer left-to-right, but if you want to do it this way,
   then can you add arrows to the lines so that the payload+manifest clearly
   flows *to* the devices?

2. The lack of any standard way to "obtains information about the
   recipients and their keys from the distribution system."

   should probably be more clearly noted.

3. "The author treats the distribution system as the initial recipient"
   this is also not-standardized, and I think might involve some kind of
   integration with a sales channel.

An upside of this intermediate step is that:
- distribution system can inspect the contents
- distribution system does not need to disclose which devices are involved.
  (or where they are, or how they are named)

}   If the author and distributor are separate entities, then the author
}   must delegate encryption rights to the distributor.  By the principle

they are clearly depicted as different entities.  I wonder if you mean the
author and sender are different entities?

It seems like model 1 (replaces the COSE_Encrypt, signs again) is just for
discussion, and has not been really adopted.  I would rather that this was
part of the security considerations, if it is not really a choice.
This model also implies that the devices are able to trust the distributor,
so they have had their trust anchors updated, which also means that the
distributor has actual control over the devices, and is able to survive the
business failure of the author.

}   Since
}   a device will typically only support one of the content key
}   distribution algorithms, the distribution system needs to know a

I think this refers to AES-KW vs ES-DH, vs model 1/2 above.

} the distribution system needs to know about
} the properties of the deployed devices

how does this distribution system know this? Is it derivable from the content
that the author/sender provides, or does it require configuration?

}   RFC Editor's Note (TBD1): The value for the suit-parameter-
}   encryption-info parameter is set to 19, as the proposed value.]

I suggest: TBD19  if IANA has not yet done their thing.

}   Another attack concerns battery exhaustion.  An attacker may swap
}   detached payloads and thereby force the device to process a wrong

wow, this just jumps into the middle of a protocol description.
This paragraph and the next one seem like Security Considerations to me.
The availability of the digest is protocol, but the reasons for it can/should
be SC.

} Many other methods are specified in the literature, and even
} supported by COSE.

okay, but I guess, think, that AES-KW and ES-DH provide for 99% of the target
cases then?

AES-KW, combined with distribution doing re-encrypt, implies that the
distribution system has access to the KEK for every device.   Is the KEK not
unique per-device?  6.1.2 implies it might not always be.

I suggest that the different ways of using AES-KW, with common KEK across
devices, vs per-device KEK be clearly named and listed a different options.
And then third option of different CEKs!

I think that 6.2.2, "same encrypted payload", the CEK is the same, but the
CEK is encrypted multiple times with different KEKs, derived from the
different ES-DH operations, because every device has a different g^y?

Is there a case where all devices have the same g^y?

Ditto comment about PIC becoming more and more common, and anyway, compile to
two different slots.  There is also a situation where the secondary image
space is not directly addresseable ("external flash").  Even cases where the
image is loaded into RAM before being executable, and the "flash" is more disk-like.

I think this section 7 could be an appendix.
sections 7.1/7.2 seems more of a standard statement, and contains BCP14
language.

Thanks for including examples with private keys. I think you can mark those
pieces as code blocks so they are more easily extracted.

}   To provide high security for AES Key Wrap, it is important that the
}   KEK is of high entropy, and that implementations protect the KEK from
}   disclosure.  Compromise of the KEK may result in the disclosure of
}   all key data protected with that KEK.

I believe that protecting firmware from disclosure is a low-value activity.
(Others disagree: but I continue to believe they have IPR violations to hide)

HOWEVER, one of the useful things for suit-firmware-encryption is for
configuration data.   That could even include application identity keys.
Keeping application credentials across hardware replacements is probably an
important simplication for IoT ecosystems.

I believe that one could have multiple KEKs: that the firmware-encryption one
might be different from the configuration encryption one.  This is worth
mentioning.

On the whole I found the SC section far far too short, and I've indicated
some text that I think could move there.   I think that the SC should review
the 5 (6?) possible ways to use CEKs, KEKs, and ES-DH keys, providing some
guidance on which might be appropriate to different uses, or at least, laying
out the different properties in a more easily digested table-like format.

I also think that it would be good to collect the set of "no standard exists
for..." into a single place, maybe bullet pointed, as that will more clearly
tell people where they need to come up with answers.

Again, I believe that my comments are all of an editorial nature, and that in fact
nothing should stop deployment of this specification.









--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email