ietf
[Top] [All Lists]

Re: Security for the Internet of Things and Other Things (Was: Re: Observations on (non-technical) changes affecting IETF operations)

2016-03-09 22:44:07
On Wed, Mar 9, 2016 at 12:41 PM, Livingood, Jason
<Jason_Livingood(_at_)comcast(_dot_)com> wrote:
Sure, WiFi security is an issue for IoT. But there are probably much more
fundamental IoT security issues. IMHO I think one of the largest is the
lack of a secure & automatic (no end user interaction) software update
channel.

I think Jari has a very different set of concerns to mine.

My first concern is to bind a device to my portfolio in such a way that:

* The device can recognize data (commands, requests, data) from other
devices in my portfolio as such

* Other devices in my portfolio can recognize that device.


So in PKI terms, what I need to achieve is to 1) install my personal
root of trust onto that device and 2) sign the cryptographic public
keys of the new device with an administration key authorized for that
purpose under my personal root of trust.

If I can achieve those two things, I have a framework of trust that I
can then leverage to securely support any machine configuration or
management operation. I could send the device a message to the effect
'download and install the latest BIND updates, check the sigs match
this root, signed <me>'

Once you have bilateral authentication, many things that are now
complex become straightforward.


Now that is not all I would want from a software update scheme. I
would probably want to have some mechanism that makes it possible to
know that updates exist, that this is the latest one. And that leads
to blockchain like constructs. I am probably also going to want some
means of engaging a third party to curate updates for me. For example,
check that the patch works on my devices. If I have redundant systems,
I certainly don't want them both to patch at the same time.


If I get the binding I describe, all things become possible. But
achieving that binding requires a communication of some sort between
my devices. And that gets me into a bootstrap problem. How does my
device know what the network configuration parameters are to connect
to the network and download the parameters?

Yes, this can be made easy but I have yet to see it made easy in
practice. Once upon a time, my Linksys boxen came with a button that
was 'all I needed to press' to connect up a device. Only it didn't
work because I would have to download the proprietary software drivers
to make it work with their PCMCIA cards.

I am pretty uncompromising where ease of use is concerned. This is not
a problem I have seen any commercial product solve to my satisfaction
to date.

<Prev in Thread] Current Thread [Next in Thread>