SUIT Working Group J. Lee Internet-Draft Sejong University Intended status: Standards Track J. Park Expires: May 1, 2021 ETRI October 28, 2020 Distributed SUIT Architecture Model draft-lee-suit-distarch-01 Abstract The management of data is entirely centralized on servers in a server client model which leads the servers to be high-value targets for adversaries. Also, firmware consumers fail to download the latest firmware image if the author is disappeared in the server client model. The distribution of network for managing the manifest and firmware image files thus required. This draft introduces a distributed SUIT architecture model, which utilizes blockchains to resolve the issues of the server client model for SUIT. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL","SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119] Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on May 1, 2021. Lee & Park Expires May 1, 2021 [Page 1] Internet-Draft Distributed SUIT Architecture Model October 2020 Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Motivations . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Distributed SUIT Architecture . . . . . . . . . . . . . . . . 4 4. Example Procedure . . . . . . . . . . . . . . . . . . . . . . 6 5. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 8 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 8. Normative References . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 1. Introduction In the existing SUIT architecture, firmware images and manifest files are stored in the firmware servers, which deploy the firmware images based on the traditional server-client model. However, in the server-client model, servers may endure excessive network traffic and overload because of the centralized architecture. As the number of IoT devices is rapidly increasing, the servers will be overwhelming to handle the requests from the IoT devices all around the world. Also, a server is a high-value target for adversaries since the server takes charge of data management. In the server-client model, the firmware consumers are unable to download the latest firmware image if the authors disappeared. In this draft, we propose a distributed firmware update architecture by applying blockchain to the existing SUIT architecture. The proposed distributed SUIT architecture decentralizes the requests from the IoT devices, prevents targeting attacks, and provides sustainable updates even after an author disappears. Lee & Park Expires May 1, 2021 [Page 2] Internet-Draft Distributed SUIT Architecture Model October 2020 2. Motivations The existing SUIT update architecture is as follows: Firmware + +----------+ Firmware + +-----------+ Manifest | |-+ Manifest | |-+ +--------->| Firmware | |<---------------| | | | | Server | | | Author | | | | | | | | | | +----------+ | +-----------+ | | +----------+ +-----------+ | /-------+-------\ /-----------\ / v \ / \ | +------------+ | / \ | | Firmware | | | | / | Consumer | \ Device / +--------+ \ | +------------+ | Management | | | | / | |<----\---------------/---> | Status | \ ` | Device | ` | | Tracker| | / +------------+ \ / | | \ \ / | +--------+ | \ / \ / \ / \ / \ Network / | Device | , Operator , \ Operator / \ / | | | | \ / \ / '-----------' '----------------' Figure 1: Existing SUIT Architecture The existing SUIT architecture can cause failures and targeting attacks due to the centralized server-client model. The author's continued service offer is not guaranteed. The company and its servers may disappear due to an attacker's cyber-attack or funding problems. In the worst case, all author nodes managed by the author may not function properly. At this point, devices that have not been updated with the latest firmware before the author disappears can no longer update the firmware. The existing SUIT architecture cannot solve author disappearing issues. If the firmware update does not complete properly, the client may not be able to use the newly provided service or the security patch and be exposed to the cyber-attack easily. Lee & Park Expires May 1, 2021 [Page 3] Internet-Draft Distributed SUIT Architecture Model October 2020 3. Distributed SUIT Architecture In the firmware update architecture based on server-client model, the firmware consumers request the firmware server to download the latest version of the firmware. However, the traditional server-client method adopted in the existing SUIT architecture can cause several problems in network traffic, data security and firmware update persistence. In the server-client model, data is dependently managed by the server in a centralized structure. Since many clients request one server, this centralized structure causes excessive overhead when excessive network traffic occurs and may cause a situation in which requests are not properly processed. In addition, when an attacker attacks a server, it is impossible to use all data managed by the server, so an attack targeting the server may occur. Lee & Park Expires May 1, 2021 [Page 4] Internet-Draft Distributed SUIT Architecture Model October 2020 +------+ | |-+ +--------|Author| | | | | | | +------+ | | +------+ | | Firmware+ | Manifest Blockchain | Network | +----------------------|--------------------------+ | V | +------------+ | | | |-+ | | |Registration| | | | | Node | | | | | | | | | +------------+ | | | .+------------- | | - `. | | ,' \ | | / ' | | .' `. | | +------`-----+ +-----'------+ | | | |-+ | |-+ | | | Retrieval | | | General | | | | | Node | +------------+ Node | | | | | | | | | | | | +------------+ | +------------+ | | | +------------+ +------------+ | | | | +---------+---------------------------------------+ | | Firmware+ | Manifest | | V +------------+ | Firmware | | Consumer | +------------+ | | | Device | +------------+ Figure 2: Distributed SUIT Architecture Lee & Park Expires May 1, 2021 [Page 5] Internet-Draft Distributed SUIT Architecture Model October 2020 As shown in Figure 2, the authors upload the manifest files and firmware images to the blockchain network in the proposed firmware update architecture. The IoT devices download the manifest files and firmware images through the blockchain network. When an IoT device requests upload, the retrieval nodes retrieve the firmware images that were stored as chunks in a distributed file system and deliver the manifest file and firmware image after the device verified. 4. Example Procedure The following figure shows an example of the procedure of the blockchain based distributed firmware update architecture. The example procedure assume that the manifest files and firmware images are transmitted independently, and only the firmware image is distributedly stored. Blockchain Nodes +-----------------------------------------+ | | +------+ |+------------+ +---------+ +----------+| +-------+ |Author| ||Registration| | General | | Retrieval|| | IoT | | | || Node | | Node | | Node || | Device| +--+---+ |+------+-----+ +----+----+ +-----+----+| +---+---+ | | | | | | | | +-------+-------------+-------------+-----+ | | | | | | | | | | | | Create | | | | | manifest | | | | | and | | | | | firmware | | | | | image file | | | | |--------+ | | | | | | | | | | |<-------+ | | | | | | | | | | | | | | | Request for | | | | | registration| | | | | check and | | | | | manifest | | | | | verification| | | | |------------>| | | | | | | | | | | Check if | | | | |the author is| | | | | registered | | | | |--------+ | | | Lee & Park Expires May 1, 2021 [Page 6] Internet-Draft Distributed SUIT Architecture Model October 2020 | | | | | | | |<-------+ | | | | | | | | | | | | | | | Verify | Verify | Verify | | | manifest and| manifest and| manifest | | | firmware | firmware | and firm- | | | image | image | ware image| | |--------+ |--------+ |--------+ | | | | | | | | | | |<-------+ |<-------+ |<-------+ | | | | | | | | | | | | Request for | | | | | firmware | | | | | image file | | | | |to the block-| | | | |chain network| | | | |<------------| | | | | | | | | | | | | | | Upload the | | | | | firmware | | | | | image | | | | |------------>| Firmware image stored | | | | distributed | | | |<------------+------------>| | | | | | | | | | | | | | IoT devices periodically check | | | the latest version of firmware | | | released by the author | | |<------------+-------------+---------->| | | | | | | | | | | | | Request for the upload with | | | public key or pre-shared key | | |<------------+-------------+-----------| | | | | | | | | | | | | | | Validate | | | | | manifest | | | | |--------+ | | | | | | | | | | |<-------+ | | | | | | | | | | | | | | | Send | Lee & Park Expires May 1, 2021 [Page 7] Internet-Draft Distributed SUIT Architecture Model October 2020 | | | | manifest | | | | |---------->| | | Download the | | | | distributed firmware image| | | |-------------+------------>| | | | | | | | | | Validate | | | | | firmware | Request | | | | image | firmware | | | | +--------| image | | | | | |<----------| | | | +------->| | | | | | | | | | | Send | | | | | firmware | | | | | image | | | | |---------->| | | | | | Figure 3: Example Procedure 5. Conclusion TBA. 6. Security Considerations TBA. 7. IANA Considerations This document presents no IANA considerations. 8. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . Authors' Addresses Lee & Park Expires May 1, 2021 [Page 8] Internet-Draft Distributed SUIT Architecture Model October 2020 Jong-Hyouk Lee Sejong University 209, Neungdong-ro, Gwangjin-gu Seoul 05006 Republic of Korea EMail: jonghyouk@sejong.ac.kr Jungsoo Park ETRI 218, Gajeong-ro, Yuseong-gu Deajeon 34129 Republic of Korea EMail: pjs@etri.re.kr Lee & Park Expires May 1, 2021 [Page 9]