]> Arm Limited

brendan.moran.ietf@gmail.com

Nordic Semiconductor

oyvind.ronningstad@gmail.com

Openchip & Software Technologies, S.L.

akira.tsukamoto@gmail.com

Security SUIT Internet-Draft This document specifies cryptographic algorithm profiles to be used with the SUIT manifest (see draft-ietf-suit-manifest). These are the mandatory-to-implement algorithms to ensure interoperability.

Introduction This document specifies algorithm profiles for SUIT manifest parsers and authors to ensure better interoperability. These profiles apply specifically to a constrained node software update use case. Mandatory algorithms may change over time due to an evolving threat landscape. Algorithms are grouped into algorithm profiles to account for this. Profiles may be deprecated over time. SUIT will define five choices of Mandatory To Implement (MTI) profile specifically for constrained node software update. These profiles are: One Symmetric MTI profile Two "Current" Constrained Asymmetric MTI profiles Two "Current" AEAD Asymmetric MTI profiles One "Future" Constrained Asymmetric MTI profile At least one MTI algorithm in each category MUST be FIPS qualified. Because SUIT presents an asymmetric communication profile, where manifest authors have unlimited resources and manifest recipients have constrained resources, the requirements for Recipients and Authors are different. Recipients MAY choose which MTI profile they wish to implement. It is RECOMMENDED that they implement the "Future" Asymmetric MTI profile. Recipients MAY implement any number of other profiles. Recipients MAY choose not to implement an encryption algorithm if encrypted payloads will never be used. Authors MUST implement all MTI profiles. Authors MAY implement any number of other profiles. This draft 'makes use of AES-CTR with a digest algorithm in COSE as specified in (). AES-CTR is used because it enables out-of-order reception and decryption of blocks, which is necessary for some constrained node use cases. Out-of-order reception with on-the-fly decryption is not available in the preferred encryption algorithms. Authenticated Encryption with Additional Data (AEAD) is preferred over un-authenticated encryption and an AEAD profile SHOULD be selected wherever possible. See Security Considerations in this draft () and in (Section 8) for additional details on the considerations for the use of AES-CTR. Other use-cases of the SUIT Manifest () MAY define their own MTI algorithms.

Algorithms The algorithms that form a part of the profiles defined in this document are grouped into: Digest Algorithms Authentication Algorithms Key Exchange Algorithms (OPTIONAL) Encryption Algorithms (OPTIONAL) Algorithm profiles are defined using COSE algorithm identifiers (see ).

Profiles Recognized profiles are defined below.

 Symmetric MTI profile: suit-sha256-hmac-a128kw-a128ctr Algorithm Type Algorithm COSE Key Digest SHA-256 -16 Authentication HMAC-256 5 Key Exchange A128KW Key Wrap -3 Encryption A128CTR -65534

Current Constrained Asymmetric MTI Profile 1: suit-sha256-esp256-ecdh-a128ctr Algorithm Type Algorithm COSE Key Digest SHA-256 -16 Authentication ESP256 -9 Key Exchange ECDH-ES + A128KW -29 Encryption A128CTR -65534

Current Constrained Asymmetric MTI Profile 2: suit-sha256-eddsa-ecdh-a128ctr Algorithm Type Algorithm COSE Key Digest SHA-256 -16 Authentication Ed25519 -50 Key Exchange ECDH-ES + A128KW -29 Encryption A128CTR -65534

Current AEAD Asymmetric MTI Profile 1: suit-sha256-esp256-ecdh-a128gcm Algorithm Type Algorithm COSE Key Digest SHA-256 -16 Authentication ESP256 -9 Key Exchange ECDH-ES + A128KW -29 Encryption A128GCM 1

Current AEAD Asymmetric MTI Profile 2: suit-sha256-ed25519-ecdh-chacha-poly Algorithm Type Algorithm COSE Key Digest SHA-256 -16 Authentication Ed25519 -50 Key Exchange ECDH-ES + A128KW -29 Encryption ChaCha20/Poly1305 24

Future Constrained Asymmetric MTI Profile 1: suit-sha256-hsslms-a256kw-a256ctr Algorithm Type Algorithm COSE Key Digest SHA-256 -16 Authentication HSS-LMS -46 Key Exchange A256KW -5 Encryption A256CTR -65532 The decision as to how deep the tree is, is a decision that affects authoring tools only (see ). Verification is not affected by the choice of the "W" parameter, but the size of the signature is affected. In order to support long lifetimes needed by IoT device, deep trees are RECOMMENDED.

Reporting Profiles When using Manifest Recipients Response communication, particularly data structures that are designed for reporting of update capabilities, status, progress, or success, the same profile as the is used on the SUIT manifest SHOULD be used. There are cases where this is not possible, such as suit-sha256-hsslms-a256kw-a256ctr. In this case, the closest equivalent profile SHOULD be used, for example suit-sha256-esp256-ecdh-a128ctr.

Security Considerations Payload encryption is often used to protect Intellectual Property (IP) and Personally Identifying Information (PII) in transit. The primary function of payload in SUIT is to act as a defense against passive IP and PII snooping. By encrypting payloads, confidential IP and PII can be protected during distribution. However, payload encryption of firmware or software updates of a commodity device is not a cybersecurity defense against targetted attacks on that device.

Payload encryption as a cybersecurity defense To define the purpose of payload encryption as a defensive cybersecurity tool, it is important to define the capabilities of modern threat actors. A variety of capabilities are possible: find bugs by binary code inspection send unexpected data to communication interfaces, looking for unexpected behavior use fault injection to bypass or manipulate code use communication attacks or fault injection along with gadgets found in the code Given this range of capabilities, it is important to understand which capabilities are impacted by firmware encryption. Threat actors who find bugs by manual inspection or use gadgets found in the code will need to first extract the code from the target. In the IoT context, it is expected that most threat actors will start with sample devices and physical access to test attacks. Due to these factors, payload encryption serves to limit the pool of attackers to those who have the technical capability to extract code from physical devices and those who perform code-free attacks.

Use of AES-CTR in payload encryption AES-CTR mode with a digest is specified, see . All of the AES-CTR security considerations in apply. A non-AEAD encryption mode is specified in this draft due to the following mitigating circumstances: Out-of-order decryption must be supported. Therefore, we must use a stream cipher that supports random access. Chosen plaintext attacks are extremely difficult to achieve, since the payloads are typically constructed in a relatively secure environment--the developer's computer or build infrastructure--and should be signed in an air-gapped or similarly protected environment. In short, the plaintext is authenticated prior to encryption. Content Encryption Keys must be used to encrypt only once. See . As a result of these mitigating circumstances, AES-CTR is an acceptable cipher for typical software/firmware delivery scenarios.

IANA Considerations IANA is requested to create a page for COSE Algorithm Profiles within the category for Software Update for the Internet of Things (SUIT) IANA is also requested to create a registry for COSE Algorithm Profiles within this page. The initial content of the registry is: Profile Status Digest Auth Key Exchange Encryption Descriptor Array Reference suit-sha256-hmac-a128kw-a128ctr MANDATORY -16 5 -3 -65534 [-16, 5, -3, -65534] suit-sha256-esp256-ecdh-a128ctr MANDATORY -16 -7 -29 -65534 [-16, -7, -29, -65534] suit-sha256-eddsa-ecdh-a128ctr MANDATORY -16 -8 -29 -65534 [-16, -8, -29, -65534] suit-sha256-esp256-ecdh-a128gcm MANDATORY -16 -7 -29 1 [-16, -7, -29, 1] suit-sha256-ed25519-ecdh-chacha-poly MANDATORY -16 -8 -29 24 [-16, -8, -29, 24] suit-sha256-hsslms-a256kw-a256ctr MANDATORY -16 -46 -5 -65532 [-16, -46, -5, -65532] New entries to this registry require Standards Action. A recipient device that claims conformance to this document will have implemented at least one of the above algorithms. As time progresses, if entries are removed from mandatory status, they will become SHOULD, MAY and then possibly NOT RECOMMENDED for new implementation. However, as it may be impossible to update the SUIT manifest processor in the field, support for all relevant algorithms will almost always be required by authoring tools. When new algorithms are added by subsequent documents, the device and authoring tools will then claim conformance to those new documents.

This document specifies the conventions for using the Hierarchical Signature System (HSS) / Leighton-Micali Signature (LMS) hash-based signature algorithm with the CBOR Object Signing and Encryption (COSE) syntax. The HSS/LMS algorithm is one form of hash-based digital signature; it is described in RFC 8554. Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. This specification additionally describes how to represent cryptographic keys using CBOR. This document, along with RFC 9053, obsoletes RFC 8152. The Concise Binary Object Representation (CBOR) data format is designed for small code size and small message size. CBOR Object Signing and Encryption (COSE) is specified in RFC 9052 to provide basic security services using the CBOR data format. This document specifies the conventions for using AES-CTR and AES-CBC as content encryption algorithms with COSE. Arm Limited Fraunhofer SIT Inria Nordic Semiconductor This specification describes the format of a manifest. A manifest is a bundle of metadata about code/data obtained by a recipient (chiefly the firmware for an Internet of Things (IoT) device), where to find the code/data, the devices to which it applies, and cryptographic information protecting the manifest. Software updates and Trusted Invocation both tend to use sequences of common operations, so the manifest encodes those sequences of operations, rather than declaring the metadata. University of Applied Sciences Bonn-Rhein-Sieg Vigil Security, LLC Arm Limited Linaro SECOM CO., LTD. This document specifies techniques for encrypting software, firmware, machine learning models, and personalization data by utilizing the IETF SUIT manifest. Key agreement is provided by ephemeral-static (ES) Diffie-Hellman (DH) and AES Key Wrap (AES-KW). ES-DH uses public key cryptography while AES-KW uses a pre-shared key. Encryption of the plaintext is accomplished with conventional symmetric key cryptography.

A. Full CDDL The following CDDL creates a subset of COSE for use with SUIT. Both tagged and untagged messages are defined. SUIT only uses tagged COSE messages, but untagged messages are also defined for use in protocols that share a ciphersuite with SUIT. To be valid, the following CDDL MUST have the COSE CDDL appended to it. The COSE CDDL can be obtained by following the directions in .

.and COSE_Messages SUIT_COSE_Profile_ES256_ECDH_A128CTR = SUIT_COSE_Profile<-7,-65534> .and COSE_Messages SUIT_COSE_Profile_EDDSA_ECDH_A128CTR = SUIT_COSE_Profile<-8,-65534> .and COSE_Messages SUIT_COSE_Profile_ES256_ECDH_A128GCM = SUIT_COSE_Profile<-7,1> .and COSE_Messages SUIT_COSE_Profile_EDDSA_ECDH_CHACHA20_POLY1304 = SUIT_COSE_Profile<-8,24> .and COSE_Messages SUIT_COSE_Profile_HSSLMS_A256KW_A256CTR = SUIT_COSE_Profile<-46,-65532> .and COSE_Messages SUIT_COSE_Profile = SUIT_COSE_Messages SUIT_COSE_Messages = SUIT_COSE_Untagged_Message / SUIT_COSE_Tagged_Message SUIT_COSE_Untagged_Message = SUIT_COSE_Sign / SUIT_COSE_Sign1 / SUIT_COSE_Encrypt / SUIT_COSE_Encrypt0 / SUIT_COSE_Mac / SUIT_COSE_Mac0 SUIT_COSE_Tagged_Message = SUIT_COSE_Sign_Tagged / SUIT_COSE_Sign1_Tagged / SUIT_COSE_Encrypt_Tagged / SUIT_COSE_Encrypt0_Tagged / SUIT_COSE_Mac_Tagged / SUIT_COSE_Mac0_Tagged ; Note: This is not the same definition as is used in COSE. ; It restricts a COSE header definition further without ; repeating the COSE definition. It should be merged ; with COSE by using the CDDL .and operator. SUIT_COSE_Profile_Headers = ( protected : bstr .cbor SUIT_COSE_alg_map, unprotected : SUIT_COSE_header_map ) SUIT_COSE_alg_map = { 1 => algid, * int => any } SUIT_COSE_header_map = { * int => any } SUIT_COSE_Sign_Tagged = #6.98(SUIT_COSE_Sign) SUIT_COSE_Sign = [ SUIT_COSE_Profile_Headers, payload : bstr / nil, signatures : [+ SUIT_COSE_Signature] ] SUIT_COSE_Signature = [ SUIT_COSE_Profile_Headers, signature : bstr ] SUIT_COSE_Sign1_Tagged = #6.18(SUIT_COSE_Sign1) SUIT_COSE_Sign1 = [ SUIT_COSE_Profile_Headers, payload : bstr / nil, signature : bstr ] SUIT_COSE_Encrypt_Tagged = #6.96(SUIT_COSE_Encrypt) SUIT_COSE_Encrypt = [ SUIT_COSE_Profile_Headers, ciphertext : bstr / nil, recipients : [+SUIT_COSE_recipient] ] SUIT_COSE_recipient = [ SUIT_COSE_Profile_Headers, ciphertext : bstr / nil, ? recipients : [+SUIT_COSE_recipient] ] SUIT_COSE_Encrypt0_Tagged = #6.16(SUIT_COSE_Encrypt0) SUIT_COSE_Encrypt0 = [ SUIT_COSE_Profile_Headers, ciphertext : bstr / nil, ] SUIT_COSE_Mac_Tagged = #6.97(SUIT_COSE_Mac) SUIT_COSE_Mac = [ SUIT_COSE_Profile_Headers, payload : bstr / nil, tag : bstr, recipients :[+SUIT_COSE_recipient] ] SUIT_COSE_Mac0_Tagged = #6.17(SUIT_COSE_Mac0) SUIT_COSE_Mac0 = [ SUIT_COSE_Profile_Headers, payload : bstr / nil, tag : bstr, ] ]]>