Skip to main content

Internet of Things (IoT) Security: State of the Art and Challenges
draft-irtf-t2trg-iot-seccons-16

Revision differences

Document history

Date Rev. By Action
2019-04-20
16 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2019-04-09
16 (System) RFC Editor state changed to AUTH48 from RFC-EDITOR
2019-04-03
16 (System) RFC Editor state changed to RFC-EDITOR from EDIT
2019-01-16
16 (System) IANA Action state changed to No IANA Actions from In Progress
2019-01-15
16 (System) RFC Editor state changed to EDIT
2019-01-15
16 (System) IANA Action state changed to In Progress
2019-01-14
16 Allison Mankin IRTF state changed to Sent to the RFC Editor from In IESG Review
2019-01-14
16 Allison Mankin Sent request for publication to the RFC Editor
2019-01-14
16 Carsten Bormann Tag IESG Review Completed set.
2018-12-13
16 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed
2018-12-13
16 Mohit Sethi New version available: draft-irtf-t2trg-iot-seccons-16.txt
2018-12-13
16 (System) New version approved
2018-12-13
16 (System) Request for posting confirmation emailed to previous authors: Mohit Sethi , Oscar Garcia-Morchon , Sandeep Kumar
2018-12-13
16 Mohit Sethi Uploaded new revision
2018-11-20
15 Jenny Bui Resurrection was completed
2018-11-20
15 (System) Document has expired
2018-11-19
15 (System) IANA Review state changed to IANA OK - No Actions Needed
2018-11-19
15 Amanda Baber
(Via drafts-eval@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has reviewed draft-irtf-t2trg-iot-seccons-15 and has the following comments:

We understand that this document doesn't require any …
(Via drafts-eval@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has reviewed draft-irtf-t2trg-iot-seccons-15 and has the following comments:

We understand that this document doesn't require any registry actions.

While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object.

If this assessment is not accurate, please respond as soon as possible.

Thank you,

Amanda Baber
Lead IANA Services Specialist
2018-11-13
15 Ari Keränen Notification list changed to ietf@augustcellars.com, t2trg-chairs@ietf.org, allison-mankin@gmail.com, Jim Schaad <ietf@augustcellars.com> from ietf@augustcellars.com, t2trg-chairs@ietf.org, allison-mankin@gmail.com
2018-11-13
15 Ari Keränen Document shepherd changed to Jim Schaad
2018-11-13
15 Allison Mankin Notification list changed to ietf@augustcellars.com, t2trg-chairs@ietf.org, allison-mankin@gmail.com from ietf@augustcellars.com
2018-11-13
15 Allison Mankin Changed consensus to Yes from Unknown
2018-11-13
15 Allison Mankin See shepherd writeup for a note for the RFC Editor
2018-11-13
15 Allison Mankin IETF conflict review initiated - see conflict-review-irtf-t2trg-iot-seccons
2018-11-13
15 Allison Mankin Changed document writeup
2018-05-19
15 Jim Schaad Tag AD Followup cleared.
2018-05-19
15 Jim Schaad IRTF state changed to In IESG Review from In IRSG Poll
2018-05-19
15 (System) Sub state has been changed to AD Followup from Revised ID Needed
2018-05-19
15 Mohit Sethi New version available: draft-irtf-t2trg-iot-seccons-15.txt
2018-05-19
15 (System) New version approved
2018-05-19
15 (System) Request for posting confirmation emailed to previous authors: Mohit Sethi , Oscar Garcia-Morchon , Sandeep Kumar
2018-05-19
15 Mohit Sethi Uploaded new revision
2018-05-17
14 Jim Schaad Tag Revised I-D Needed set.
2018-05-17
14 Jim Schaad
5/9/2018 - Spencer Dawkins - Ready to Publish

Commenting as an individual ...

A nit: "the presented lifecycle represents to some extend" should be "the …
5/9/2018 - Spencer Dawkins - Ready to Publish

Commenting as an individual ...

A nit: "the presented lifecycle represents to some extend" should be "the presented lifecycle represents to some extent".

I wasn't sure what "the lifecycle could also include an on-the-shelf phase" means - is this "sitting on a shelf before it's installed", or something else?

I'm pretty sure I understand what "a vendor that end-of-life's a device type" means, but "end-of-life" as a verb wasn't easy to parse. Perhaps something like "a vendor that no longer supports a device type because it is at end-of-life"?

The use of "standard attacks" in

  The fact that many IoT systems rely on standard IP
  protocols allows for easier system integration, but this also makes
  standard attacks applicable to a wide number of devices deployed in
  multiple systems.

is jarring. Perhaps something like "this also makes attacks on standard IP protocols in other environments applicable"?

If you could provide any kind of pointer describing "Mirai botnet" beyond what pops up using a search engine, that would become more useful as time passes.

A nit:

      Moreover, additional
      functionality can be introduced in the cloned thing, an example
      of such functionality is a backdoor.

should be something like "thing. An example".

The first sentence in this text

6.  Man-in-the-middle attack: Both the commissioning phase and
      operational phases may also be vulnerable to man-in-the-middle
      attacks.

is very clear that man-in-the-middle attacks can happen during commissioning and during operational phases. Perhaps it's worth using a similar sentence to introduce

5.  Eavesdropping attack:

which starts out talking about commissioning attacks and eventually transitions to operational attacks.

In this text,

7.  Firmware attacks: When a thing is in operation or maintenance
      phase, its firmware or software may be updated to allow for new
      functionality or new features.  An attacker may be able to
      exploit such a firmware upgrade by replacing the thing's
      software with malicious software, thereby influencing the
      operational behavior of the thing.  For example, an attacker
      could add a piece of malicious code to the firmware that will
      cause it to periodically report the energy usage of the lamp to
      a data repository for analysis.

it might be clearer if the example also provided background on why analysing energy usage of a lamp would be a problem - perhaps something like

      For example, an attacker
      could add a piece of malicious code to the firmware that will
      periodically report the energy usage of the lamp to
      a data repository for analysis to determine when a home or office
      is unoccupied.

The reference in this list item

9.  Routing attack: As highlighted in [ID-Daniel],

includes many, but not all, of the routing attacks included in [ID-Daniel], and the attacks that are included aren't presented in the same order. Is this intentional (so that readers of this draft don't need to worry about Neighbor Discovery attacks, which is included in [ID-Daniel] and not in this draft)? It might be helpful to make that connection more clear.

The description of methodologies following this text

  To
  address this challenge, some of the following methodologies can be
  used:

is helpful, but I wonder if there are references that you could provide for each methodology, so that readers who want to follow up know where they can start.

Is it premature to mention BABEL in "4.1.  IP-based IoT Protocols and Standards"? The answer could easily be "yes", but I should ask ... and ISTM that there are plenty of pointers at the same level of maturity (like SUIT and MUD).

It might not be possible to describe

6.  Fairhair Alliance [Fairhair]: Specifies an IoT middleware to
      enable interoperability between different application standards
      used in building automation and lighting systems.

more clearly, but I have a much better sense of what the other "industry alliances and other standardization bodies" listed at the end of Section 4.2 are up to ...

This text

9.  NHTSA [NHTSA]: The US National Highway Traffic Safety
      Administration provides a set of non-binding guidance to the
      automotive industry for improving the cyber security of
      vehicles.

read oddly to me ("provides a set of guidance"). Perhaps "provides guidance" would be clearer?

In this text

  Even if all other devices in a given
  environment are secure, this does not prevent external (passive)
  attacks caused by insecure devices.

are "external" and "passive" intended as synonyms? That's the way it reads to me, but that's not the way I think of those terms in a networking context.

It might be helpful if the first paragraph in Section 5.1.1. (Resource Constraints) was clearer that the problem is small packet size limits at the physical layer being reflected in small IP-layer MTU sizes. Physical layers with small packet size limits that perform hop-by-hop fragmentation and reassembly don't have the same problems (they have other problems, just not the same problems).

In this sentence,

  The
  specification of elliptic curve X25519 [ecc25519], stream ciphers
  such as ChaCha [ChaCha], Diet HIP [ID-HIP-DEX], and [RFC5903] are all
  examples of efforts to make security protocols more resource
  efficient.

you might provide a name for [RFC5903], as you do for the other references. Not all of us remember the RFC numbers ;-)

I wonder if

  Additionally, all security protocols have been revised in
  the last few years to enable cryptographic agility, making
  cryptographic primitives interchangeable.

is true for "all" security protocols. I'd believe "most", "standards-track", or "modern", and probably many other characterizations ...

I thought the "it" in

      Furthermore,
      performance of existing libraries, for example, SEAL [SEAL] is
      still too limited and it is is not widely applicable yet.

was ambiguous. Is this saying

      Furthermore,
      performance of existing libraries, for example, SEAL [SEAL] is
      still too limited and SEAL is is not widely applicable yet.

or

      Furthermore,
      performance of existing libraries, for example, SEAL [SEAL] is
      still too limited and Homomorphic encryption techniques are not
      widely applicable yet.

or something else?

Is the last sentence in

6.  Mechanisms based on object security can bridge the protocol
      worlds, but still require that the two worlds use the same object
      security formats.  Currently the object security format based on
      CBOR Object Signing and Encryption (COSE) [RFC8152] (IoT
      protocol) is different from JSON Object Signing and Encryption
      (JOSE) [RFC7520] or Cryptographic Message Syntax (CMS) [RFC5652].
      Legacy devices relying on traditional Internet protocols will
      need to update to the newer protocols for constrained
      environments to enable real end-to-end security.  Furthermore,
      middleboxes do not have any access to the data and this approach
      does not prevent an attacker from modifying relevant fields in
      CoAP.

specific to CoAP, or more broadly applicable to any transport-level functionality in other protocols?

Thanks for the mention of SUIT in Section 5.4. (Secure software update and cryptographic agility). I wonder if it's worth mentioning TEEP in that section, at about the same level of detail?

Section 5.5. (End-of-Life) mentions the unplanned end-of-life problem when vendors go bankrupt, but I think I have seen more products being "orphaned" by vendors than vendors going bankrupt, even if that was a vendor selling off a specific product line, in recent years. Perhaps it's worth mentioning that.

It looks like "harvest and decrypt" isn't mentioned until Section 5.8 on  Quantum-resistance. I don't think that attack is quantum-computing-specific - Obviously I wasn't there at the time, but https://en.wikipedia.org/wiki/Venona_project talks about messages that were harvested between 1942 and 1945, but were still being decrypted as late as 1980. Perhaps it's worth introducing that concern earlier in the document, and then saying something like "quantum computing makes this worse" in Section 5.8?

A nit: "heatlhcare" should be "healthcare".
2018-05-17
14 Jim Schaad 5/9/2018 - Laurent Ciavaglia - No Objection
2018-05-17
14 Jim Schaad 5/9/2018  Vincent Roca - Ready to Publish
2018-04-22
14 Ari Keränen IRTF state changed to In IRSG Poll from Awaiting IRSG Reviews
2018-04-21
14 Mohit Sethi New version available: draft-irtf-t2trg-iot-seccons-14.txt
2018-04-21
14 (System) New version approved
2018-04-21
14 (System) Request for posting confirmation emailed to previous authors: Mohit Sethi , Oscar Garcia-Morchon , Sandeep Kumar
2018-04-21
14 Mohit Sethi Uploaded new revision
2018-04-08
13 Mohit Sethi New version available: draft-irtf-t2trg-iot-seccons-13.txt
2018-04-08
13 (System) New version approved
2018-04-08
13 (System) Request for posting confirmation emailed to previous authors: Mohit Sethi , Oscar Garcia-Morchon , Sandeep Kumar
2018-04-08
13 Mohit Sethi Uploaded new revision
2018-03-22
12 Ari Keränen Added to session: IETF-101: t2trg  Thu-1550
2018-03-21
12 Ari Keränen IRTF state changed to Awaiting IRSG Reviews
2018-02-28
12 Mohit Sethi New version available: draft-irtf-t2trg-iot-seccons-12.txt
2018-02-28
12 (System) New version approved
2018-02-28
12 (System) Request for posting confirmation emailed to previous authors: Mohit Sethi , Oscar Garcia-Morchon , Sandeep Kumar
2018-02-28
12 Mohit Sethi Uploaded new revision
2018-02-13
11 Mohit Sethi New version available: draft-irtf-t2trg-iot-seccons-11.txt
2018-02-13
11 (System) New version approved
2018-02-13
11 (System) Request for posting confirmation emailed to previous authors: Mohit Sethi , Oscar Garcia-Morchon , Sandeep Kumar
2018-02-13
11 Mohit Sethi Uploaded new revision
2018-02-12
10 Mohit Sethi New version available: draft-irtf-t2trg-iot-seccons-10.txt
2018-02-12
10 (System) New version approved
2018-02-12
10 (System) Request for posting confirmation emailed to previous authors: Mohit Sethi , Oscar Garcia-Morchon , Sandeep Kumar
2018-02-12
10 Mohit Sethi Uploaded new revision
2017-12-08
09 Mohit Sethi New version available: draft-irtf-t2trg-iot-seccons-09.txt
2017-12-08
09 (System) New version approved
2017-12-08
09 (System) Request for posting confirmation emailed to previous authors: Mohit Sethi , Oscar Garcia-Morchon , Sandeep Kumar
2017-12-08
09 Mohit Sethi Uploaded new revision
2017-12-04
08 Ari Keränen Notification list changed to ietf@augustcellars.com from Hannes.Tschofenig@arm.com
2017-11-07
08 Ari Keränen Added to session: IETF-100: t2trg  Tue-1550
2017-10-29
08 Mohit Sethi New version available: draft-irtf-t2trg-iot-seccons-08.txt
2017-10-29
08 (System) New version approved
2017-10-29
08 (System) Request for posting confirmation emailed to previous authors: Mohit Sethi , Oscar Garcia-Morchon , Sandeep Kumar
2017-10-29
08 Mohit Sethi Uploaded new revision
2017-10-09
07 Ari Keränen Notification list changed to Hannes.Tschofenig@arm.com
2017-09-22
07 Mohit Sethi New version available: draft-irtf-t2trg-iot-seccons-07.txt
2017-09-22
07 (System) New version approved
2017-09-22
07 (System) Request for posting confirmation emailed to previous authors: Mohit Sethi , Oscar Garcia-Morchon , Sandeep Kumar
2017-09-22
07 Mohit Sethi Uploaded new revision
2017-09-18
06 Mohit Sethi New version available: draft-irtf-t2trg-iot-seccons-06.txt
2017-09-18
06 (System) New version approved
2017-09-18
06 (System) Request for posting confirmation emailed to previous authors: Mohit Sethi , Oscar Garcia-Morchon , Sandeep Kumar
2017-09-18
06 Mohit Sethi Uploaded new revision
2017-09-10
05 Mohit Sethi New version available: draft-irtf-t2trg-iot-seccons-05.txt
2017-09-10
05 (System) New version approved
2017-09-10
05 (System) Request for posting confirmation emailed to previous authors: Mohit Sethi , Oscar Garcia-Morchon , Sandeep Kumar
2017-09-10
05 Mohit Sethi Uploaded new revision
2017-06-20
04 Mohit Sethi New version available: draft-irtf-t2trg-iot-seccons-04.txt
2017-06-20
04 (System) New version approved
2017-06-20
04 (System) Request for posting confirmation emailed to previous authors: Mohit Sethi , Oscar Garcia-Morchon , Sandeep Kumar
2017-06-20
04 Mohit Sethi Uploaded new revision
2017-05-24
03 Oscar Garcia-Morchon New version available: draft-irtf-t2trg-iot-seccons-03.txt
2017-05-24
03 (System) New version approved
2017-05-24
03 (System) Request for posting confirmation emailed to previous authors: Mohit Sethi , Oscar Garcia-Morchon , Sandeep Kumar , irtf-chair@irtf.org, t2trg-chairs@ietf.org
2017-05-24
03 Oscar Garcia-Morchon Uploaded new revision
2017-03-31
02 Oscar Garcia-Morchon New version available: draft-irtf-t2trg-iot-seccons-02.txt
2017-03-31
02 (System) New version approved
2017-03-31
02 (System) Request for posting confirmation emailed to previous authors: Mohit Sethi , Sandeep Kumar , Oscar Garcia-Morchon , irtf-chair@irtf.org, t2trg-chairs@ietf.org
2017-03-31
02 Oscar Garcia-Morchon Uploaded new revision
2017-02-24
01 Oscar Garcia-Morchon New version available: draft-irtf-t2trg-iot-seccons-01.txt
2017-02-24
01 (System) New version approved
2017-02-24
01 (System) Request for posting confirmation emailed to previous authors: Mohit Sethi , Sandeep Kumar , Oscar Garcia-Morchon , irtf-chair@irtf.org, t2trg-chairs@ietf.org
2017-02-24
01 Oscar Garcia-Morchon Uploaded new revision
2016-10-31
00 Ari Keränen Added to session: IETF-97: t2trg  Wed-1520
2016-10-09
00 Carsten Bormann
This document is based on draft-garcia-core-security and picks up some newer discussion.
It has been repurposed to serve as a collection of security considerations that …
This document is based on draft-garcia-core-security and picks up some newer discussion.
It has been repurposed to serve as a collection of security considerations that may be of interest to implementers, standardizers, and researchers, and might be referenced from the security considerations of other RFCs to reduce unneeded duplication.
2016-10-09
00 Carsten Bormann This document now replaces draft-garcia-core-security instead of None
2016-10-09
00 Carsten Bormann Intended Status changed to Informational from None
2016-10-09
00 Sandeep Kumar New version available: draft-irtf-t2trg-iot-seccons-00.txt
2016-10-09
00 (System) WG -00 approved
2016-10-09
00 Sandeep Kumar Set submitter to "Sandeep S. Kumar ", replaces to (none) and sent approval email to group chairs: t2trg-chairs@ietf.org
2016-10-09
00 Sandeep Kumar Uploaded new revision