Re: [T2TRG] [saag] New Version Notification for draft-irtf-t2trg-iot-seccons-02.txt
Thorsten Dahm <thorstendlux@google.com> Fri, 07 April 2017 14:17 UTC
Return-Path: <thorstendlux@google.com>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7987B126557 for <t2trg@ietfa.amsl.com>; Fri, 7 Apr 2017 07:17:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vCh6jISICCd1 for <t2trg@ietfa.amsl.com>; Fri, 7 Apr 2017 07:17:22 -0700 (PDT)
Received: from mail-yb0-x22e.google.com (mail-yb0-x22e.google.com [IPv6:2607:f8b0:4002:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B48B3124B0A for <T2TRG@irtf.org>; Fri, 7 Apr 2017 07:17:21 -0700 (PDT)
Received: by mail-yb0-x22e.google.com with SMTP id m133so17337635ybb.1 for <T2TRG@irtf.org>; Fri, 07 Apr 2017 07:17:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=xhQ2jGpX6v1gn/BZ0dXHZVhmSGafo9HY+wK+rSpEH0U=; b=e3VKceJV/6XGr8ejL+nu2HyiG1NQOaRPO4fzgIfctdKjxIde+YIMQ3lhDdcUO7WHgK WqUYGpPvf8WF26mJqnL+4fnxS/euL+oPT8wt1WenrzKuAIDg5krd3ap9/nsTVkaEZxZS f4/Y6f/TELdRrq92ml8l8k1SnxWEeJBPRHHSxowr1aWSZo5mBap8dCPMmj7zpoTKpFLU 4kMYkrtVsk4sKhehAANfIaSx5LIFTgbYghKgX1ULUs0+GBge8ETbmHRoCopL8BgenZlK 6FiXe8KrJbGDIVUmS6cckrukAg3hbSiXu595Wtuuglnb/bDyRr/MBt7Bj82qDGskY8wz /JWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=xhQ2jGpX6v1gn/BZ0dXHZVhmSGafo9HY+wK+rSpEH0U=; b=cu1CdCQdNCDOvJz34XcaDJdMjwI7AqZUGf62FlrcaxyXHJ2JptpOzrXIuBiFNG96Di AUdr3/kthFgHWATUcJuGuuVt6LSgx1BeyaTHgqJ5ka1woqLuYQ7P00WgO5zVQP07VsGW bn29thhm45Zub+9ME4ki/B81ZiI6FbtBkbPmBALI/If/C6XXWlEo/wpEy67Cn+DWfkaR 7K0jU1iQVkBN7N6rL/E6obn7ZdT2Jj/VK0sVFvxXyO3ZCBeNxOFdDg8Rf2HGZXyXTmpX 9sIQJdFynHlzBU9ywim1GCZ6CBSaja+yPS1VVjPs1uo5f+CKQRSib78cQm77ttaARFy5 Ewaw==
X-Gm-Message-State: AFeK/H0+qOi/y9Z/vY1Ea3BIkkdvaMCWStgIfUZgeNLdD/ZxjdORJMwKGt/wt5Y7+IHtdV2NVWkK7JR9LystDmJn
X-Received: by 10.37.164.68 with SMTP id f62mr24739646ybi.78.1491574640376; Fri, 07 Apr 2017 07:17:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.203.148 with HTTP; Fri, 7 Apr 2017 07:16:49 -0700 (PDT)
In-Reply-To: <1491489157910.81916@cs.auckland.ac.nz>
References: <149096223256.21673.7096150636636687245.idtracker@ietfa.amsl.com> <1546ba0e65e946b681ccec46f2abcd8c@DB5PR9001MB0165.MGDPHG.emi.philips.com> <483ad18f-5ded-96e0-3008-1d0eb38f5566@cisco.com> <0DC0BAC2-C6BA-4D15-9343-60642BBD93C7@senki.org> <1491374652157.84909@cs.auckland.ac.nz> <0f486dc8e90844658f8107f44486b5cd@DB5PR9001MB0165.MGDPHG.emi.philips.com> <1491489157910.81916@cs.auckland.ac.nz>
From: Thorsten Dahm <thorstendlux@google.com>
Date: Fri, 07 Apr 2017 15:16:49 +0100
Message-ID: <CAB4uO_wXs5KhcE+cSU6eA0bbvXEqC+HNGRpDrBozudwemRtjuA@mail.gmail.com>
To: "T2TRG@irtf.org" <T2TRG@irtf.org>, "saag@ietf.org" <saag@ietf.org>
Cc: "Garcia-Morchon O, Oscar" <oscar.garcia-morchon@philips.com>, Barry Raveendran Greene <bgreene@senki.org>, Eliot Lear <lear@cisco.com>, Mohit Sethi <mohit.m.sethi@ericsson.com>, "Kumar, Sandeep" <sandeep.kumar@philips.com>, Peter Gutmann <pgut001@cs.auckland.ac.nz>
Content-Type: multipart/alternative; boundary="f403045c6a9698f3d9054c944879"
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/TU-ptrrsErzWsq9boz4_0pTrafU>
Subject: Re: [T2TRG] [saag] New Version Notification for draft-irtf-t2trg-iot-seccons-02.txt
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IRTF Thing-to-Thing \(T2T\) Research-Group-in-creation" <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Apr 2017 14:17:24 -0000
Hi all, I also agree with the statements of the folks who previously commented on the topic. Before the IETF in Chicago I had a private chat with Oscar and pointed out the missing details on mitigation of the risks he points out in his document. Not sure if that should be added to an already long document or if we should split it into a separate document. And yes, while it is a good document and we should have it, documents alone don't change much. What we need are products that implement the best practices as well as network operators and consumers who refuse to connect insecure dishwashers to their enterprise or home network. Without market pressure and holding manufacturers accountable for the damage their products may cause it's hard to convince them to spend money on IoT security. Taking a step back, I doubt that IoT will be able to take care of itself in the next couple of years, so we have to rely on operators to do the job for the manufacturers while we push BCPs and standards like the current document to them. IMHO the extensive usage of features like private VLANs is still very painful and even in combination with stuff like MUD, it would only solve parts of the problem. We as operators probably need to rethink the stack from L1 to L7 and reach out to other Working Groups outside of the IoT / Security space to address the need. The bootstrapping work in ANIMA is a good example for that. We may can't avoid completely connecting devices that use strcpy() into fixed-size buffers to our networks, but we can prevent them from disturbing other devices on the network and limiting the blast radius in case of a (unavoidable?) compromise. Maybe a good topic to be picked up by the T2TRG is the question of how to protect the network from compromised devices, the majority of the work as I can see it focuses currently on the security of the Thing itself. cheers, Thorsten On 6 April 2017 at 15:32, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: > Garcia-Morchon O, Oscar <oscar.garcia-morchon@philips.com> writes: > > >The main goals are: > >- summarize existing solutions out there and in IETF > >- summarize security considerations and challenges that should be > addressed > > in the future > > The problem is that almost everyone else who has any interest in the IoS > has > also published their own checklist or guidelines or BCP or whatever they > felt > like doing. It's not that we have a lack of guidelines, we have as many as > you like (and that's not just IoS-specific stuff but includes any book on > secure programming, security engineering, and so on), but no-one uses them. > So it seems like we need to look at why people aren't using them, and how > we > can get them used. Why does every J.Random Linux distro come with hardened > system binaries and libraries and books and howto's on further hardening > things, but every IoS device feature strcpy() into fixed-size buffers and > XSS > and directory-traversal bugs like it was 1995? > > The problem with the non-specificity of many of the guidelines is that you > end > up with something that tries to cover, for example, a Raspberry Pi, which > is > essentially a Unix server and for which you don't need any new guidelines > because any reference on setting up and hardening a Unix box will do, and > at > the other end of the spectrum a PLC running what's labelled as an RTOS but > which is really just a big binary blob containing device drivers, a task > scheduler, a network stack, and the application, all running in ring zero > with > no protection features. > > So the document currently is an interesting overview of IoS security > issues, > and better than most I've seen, but there's no obvious answer to a question > like "I have a PLC, what steps should I take to secure it?". Instead, > it's a > survey of every possible technology and mechanism that could be applied to > the > problem, which leads to an obvious suggestion of submitting it as a paper > for > Computing Surveys instead of publishing it as an RFC, since it reads very > much > like a Computing Surveys paper and would probably work well there. > > Peter. > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag > -- Thorsten Dahm Network Engineer Google Ireland Ltd. The Gasworks, Barrow Street Dublin 4, Ireland Registered in Dublin, Ireland Registration Number: 368047
- Re: [T2TRG] [saag] New Version Notification for d… Garcia-Morchon O, Oscar
- Re: [T2TRG] New Version Notification for draft-ir… Garcia-Morchon O, Oscar
- Re: [T2TRG] New Version Notification for draft-ir… Eliot Lear
- Re: [T2TRG] [saag] New Version Notification for d… Barry Raveendran Greene
- Re: [T2TRG] [saag] New Version Notification for d… Peter Gutmann
- Re: [T2TRG] [saag] New Version Notification for d… Barry Raveendran Greene
- Re: [T2TRG] [saag] New Version Notification for d… Garcia-Morchon O, Oscar
- Re: [T2TRG] [saag] New Version Notification for d… Garcia-Morchon O, Oscar
- Re: [T2TRG] New Version Notification for draft-ir… Garcia-Morchon O, Oscar
- Re: [T2TRG] New Version Notification for draft-ir… Eliot Lear
- Re: [T2TRG] [saag] New Version Notification for d… Peter Gutmann
- Re: [T2TRG] [saag] New Version Notification for d… Thorsten Dahm