Re: [T2TRG] [saag] New Version Notification for draft-irtf-t2trg-iot-seccons-02.txt

Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 06 April 2017 14:33 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: t2trg@ietfa.amsl.com
Delivered-To: t2trg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68EF5127BA3 for <t2trg@ietfa.amsl.com>; Thu, 6 Apr 2017 07:33:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=auckland.ac.nz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1992j_G6Cyo2 for <t2trg@ietfa.amsl.com>; Thu, 6 Apr 2017 07:33:03 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75CAE128616 for <T2TRG@irtf.org>; Thu, 6 Apr 2017 07:33:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1491489180; x=1523025180; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=gtfp7rhGY050dhhnyY4lgLWgcYbxWQfWY4A2EgZkcT4=; b=k0ee4Al70qmU31H8WLaBKOAAXLNv60FBzQG7SUOe+Qc6bCdawFRTWsmY NHS7P614zDeSHhxwNFM4Ppk7rp9senIfUM4bFmzhmDfz9Z5o2RvNrGBbX BHNLC54L3WmhAhlNDvbmS2f1ItfV4cvUGmF5U9fQWAjB2hkZkMB2DsMT8 Kao3S5M2ZWTRZT0UxFstyhlt37gtIklJHxfVexkPj+H21+m8vAqYh5BkO UOO4u2QZ4UiuCteWt9ayjuW3cK8MejkeVkZSWfNVsy3XD9u5E1YkOqK9m qicYj4POTbwwKL8Jw5jtnN4yBVuWPZe2MKyHKxQD0n3BCtIjj181jQqJd Q==;
X-IronPort-AV: E=Sophos;i="5.37,160,1488798000"; d="scan'208";a="148274403"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 10.6.3.4 - Outgoing - Outgoing
Received: from uxcn13-tdc-c.uoa.auckland.ac.nz ([10.6.3.4]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES256-SHA; 07 Apr 2017 02:32:56 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-c.UoA.auckland.ac.nz (10.6.3.24) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Fri, 7 Apr 2017 02:32:56 +1200
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.25]) with mapi id 15.00.1263.000; Fri, 7 Apr 2017 02:32:56 +1200
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "Garcia-Morchon O, Oscar" <oscar.garcia-morchon@philips.com>, Barry Raveendran Greene <bgreene@senki.org>, Eliot Lear <lear@cisco.com>
CC: Mohit Sethi <mohit.m.sethi@ericsson.com>, "T2TRG@irtf.org" <T2TRG@irtf.org>, "saag@ietf.org" <saag@ietf.org>, "Kumar, Sandeep" <sandeep.kumar@philips.com>
Thread-Topic: [saag] [T2TRG] New Version Notification for draft-irtf-t2trg-iot-seccons-02.txt
Thread-Index: AQHSqhfOYH/eADzk1kGNnz4+4VUtI6GzOqGggAEFfACAAEAxgIAB20R+gADVnQCAAT/tSg==
Date: Thu, 06 Apr 2017 14:32:56 +0000
Message-ID: <1491489157910.81916@cs.auckland.ac.nz>
References: <149096223256.21673.7096150636636687245.idtracker@ietfa.amsl.com> <1546ba0e65e946b681ccec46f2abcd8c@DB5PR9001MB0165.MGDPHG.emi.philips.com> <483ad18f-5ded-96e0-3008-1d0eb38f5566@cisco.com>, <0DC0BAC2-C6BA-4D15-9343-60642BBD93C7@senki.org> <1491374652157.84909@cs.auckland.ac.nz>, <0f486dc8e90844658f8107f44486b5cd@DB5PR9001MB0165.MGDPHG.emi.philips.com>
In-Reply-To: <0f486dc8e90844658f8107f44486b5cd@DB5PR9001MB0165.MGDPHG.emi.philips.com>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/t2trg/wA1M5b-RR251BoBWLGk-KY1JIcU>
Subject: Re: [T2TRG] [saag] New Version Notification for draft-irtf-t2trg-iot-seccons-02.txt
X-BeenThere: t2trg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IRTF Thing-to-Thing \(T2T\) Research-Group-in-creation" <t2trg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/t2trg>, <mailto:t2trg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/t2trg/>
List-Post: <mailto:t2trg@irtf.org>
List-Help: <mailto:t2trg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/t2trg>, <mailto:t2trg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Apr 2017 14:33:04 -0000

Garcia-Morchon O, Oscar <oscar.garcia-morchon@philips.com> writes:

>The main goals are:
>- summarize existing solutions out there and in IETF
>- summarize security considerations and challenges that should be addressed
>  in the future

The problem is that almost everyone else who has any interest in the IoS has
also published their own checklist or guidelines or BCP or whatever they felt
like doing.  It's not that we have a lack of guidelines, we have as many as
you like (and that's not just IoS-specific stuff but includes any book on
secure programming, security engineering, and so on), but no-one uses them.
So it seems like we need to look at why people aren't using them, and how we
can get them used.  Why does every J.Random Linux distro come with hardened
system binaries and libraries and books and howto's on further hardening
things, but every IoS device feature strcpy() into fixed-size buffers and XSS
and directory-traversal bugs like it was 1995?

The problem with the non-specificity of many of the guidelines is that you end
up with something that tries to cover, for example, a Raspberry Pi, which is
essentially a Unix server and for which you don't need any new guidelines
because any reference on setting up and hardening a Unix box will do, and at
the other end of the spectrum a PLC running what's labelled as an RTOS but
which is really just a big binary blob containing device drivers, a task
scheduler, a network stack, and the application, all running in ring zero with
no protection features.

So the document currently is an interesting overview of IoS security issues,
and better than most I've seen, but there's no obvious answer to a question
like "I have a PLC, what steps should I take to secure it?".  Instead, it's a
survey of every possible technology and mechanism that could be applied to the
problem, which leads to an obvious suggestion of submitting it as a paper for
Computing Surveys instead of publishing it as an RFC, since it reads very much
like a Computing Surveys paper and would probably work well there.

Peter.