Minutes of the 2015-01-21 IAB Teleconference (Tech Chat & Business Meeting)

1. Roll-call, agenda-bash, administrivia, minutes

1.1. Attendance

PRESENT

• Mary Barnes
• Marc Blanchet
• Alissa Cooper (IESG Liaison)
• Lars Eggert (IRTF Chair)
• Heather Flanagan (RFC Editor Liaison)
• Mat Ford (ISOC Liaison)
• Joel Halpern
• Ted Hardie
• Russ Housley (IAB Chair)
• Eliot Lear
• Xing Li
• Cindy Morgan (IAB Executive Administrative Manager)
• Erik Nordmark
• Dave Thaler
• Amy Vezza (IETF Secretariat)

REGRETS

• Jari Arkko (IETF Chair)
• Joe Hildebrand
• Alexey Melnikov (RSOC Chair)
• Andrew Sullivan
• Brian Trammell

GUEST

• Hannes Tschofenig

1.2. Administrivia

No changes were made to the agenda.

1.3. Meeting Minutes

The minutes of the 14 January 2015 tech chat and business meeting remain under review.

2. Tech Chat: Smart Objects

Hannes Tschofenig joined the IAB to discuss the security aspects of the Internet of Things (IOT). Hannes noted that it is difficult to offer a comprehensive security solution for the Internet of Things. He added that the phrase “Internet of Things” is used quite broadly, and can mean different things depending on the context in which it is used.

IOT devices have limitations in the amount of flash memory and RAM they have available, and they should operate efficiently so that the user is not constantly having to change batteries. Hardware costs, energy costs, and development costs are all important aspects of constrained devices; there is a tradeoff on how much to spend on designing something new versus reusing existing software and protocol
design.

Hannes Tschofenig discussed different ways to develop security solutions for IOT applications:

• Do a classic threat analysis (e.g., RFC 3552)
• Use generic security recommendations (e.g., NIST SP, IETF BCPs, national standards, etc.)
• Look at and learn from attacks
• Follow design patterns

Hannes Tschofenig noted that when looking at generic IETF recommendations for security, the key length recommendations are important for IOT devices, as are requirements for randomness. He added that PC hardware has lots of sources of randomness to draw from that IOT devices often do not have; IOT developers need to think about these things up front.

Eliot Lear suggested that Hannes clarify why key length is so important to IOT. Hannes Tschofenig replied that there is a tradeoff between performance and security. Shorter key lengths offer better performance, but lead to a negative impact on security.

Marc Blanchet said that it would be good to know what length of keys IOT devices can handle, noting that there might be impacts on IETF protocols. Hannes Tschofenig replied that at the IAB’s Smart Object workshop a few years back, many people said that one could not use a public key or ECC on IOT devices. It turns out that that is not correct, but they did not take the key length issue into account.

Russ Housley observed that in some cases hardware was added to improve performance, and asked what the cost impact of that is. Hannes Tschofenig replied that it depends on the capability of the hardware being added; you can get a crypto accelerator for $1 per chip which would help some, but you could also get a trusted execution environment for $10 per chip. How much to spend on the security depends on the cost points of specific units and the volume produced. Russ Housley added that it would be nice to know where that line is drawn.

Hannes Tschofenig noted that there was a vulnerability in a home router found back in 2002 for which a patch was developed, but the patch was not distributed along the value chain of chip manufacturers. There is risk in having devices that never get updated; Hannes referred to Bruce Schneier’s article, “The Internet of Things Is Wildly Insecure—And Often Unpatchable”  on this topic from last year. Dave Thaler observed that automatic updates are less available for IOT devices, especially if the user wants reasonable authentication of the code.

Hannes Tschofenig offered the following security recommendations:

• Follow key length recommendations
• Always encrypt to improve resistance against pervasive monitoring
• Support automatic key management instead of relying on manually provisioned keys
• To support crypto-algorithm agility, consider updating the cryptographic library
• Leave enough head room for software updates
• Follow protocol-specific recommendations such as those for DTLS/TLS.

Hannes Tschofenig reported that there is ongoing work on this topic in the IRTF’s Crypto Forum Research Group (CFRG), as well as in the IETF’s DTLS In Constrained Environments (DICE) Working Group. Dave Thaler asked if there is anything missing that the IETF should be working on. Hannes replied that interoperability testing and documenting how the various mechanisms work, as in the Light-Weight Implementation Guidance (LWIG) Working Group, would be helpful.

Hannes Tschofenig concluded that there is a lot of innovation happening in IOT, and most of it is being driven by smaller companies. Since the resources of smaller companies are more limited, especially with respect to security and privacy, there is a concern that the infrastructure being built now for the future is insecure. He added that to offer security for IOT deployments, many of the existing Internet security standards can be re-used. The availability of high-quality code and easy to use tools will be essential.

The IAB thanked Hannes Tschofenig for his presentation, which can be viewed online at:

http://www.tschofenig.priv.at/Securing-IoT-IAB.pptx

3. Internationalization Statement

The IAB will continue to work on the Internationalization statement via email.

4. draft-flanagan-rfc-preservation

The IAB agreed to accept draft-flanagan-rfc-preservation as an IAB-stream document. Heather Flanagan will post the next version as draft-iab-rfc-preservation.

5. Other Business

There was no other business, and the meeting was adjourned.