Michael StJohns <mstjo...@comcast.net> wrote:
>> I'm less sure that I agree with the subsequent view that we can't
>> adopt this item until we have assurance; I'd say that asking for the
>> issue to be addressed as part of the adoption process is reasonable,
>> and objecting at WGLC if it has not been addressed is the right way.
>
http://www.techworm.net/2016/11/researchers-use-drones-hijack-philips-hue-smart-lights.html
> describes how the use of multi-party symmetric key systems weakens even
> minimal security guarantees in a IOT system. In this article, its
> noted that the HUE lights have firmware that's signed/encrypted by a
> symmetric key (which - by definition then needs to be included in every
> device to decrypt/verify the firmware), and that the attackers were
> able to extract the key from a lightbulb with relative ease; craft
> their own firmware and cause the lightbulbs to load it in a chain
> reaction.
I had read all about this, and I wondered how they had gotten the bogus
firmware accepted; I thought that this was the "bug", but I hadn't read (or I
had missed) that the firmware was symmetric signed. That's really really dumb.
> So I'd turn this around and ask for a offer of proof that we can find a
> way to do this safely *BEFORE* having the IETF invest time and
> resources in the work. I don't expect a fully fleshed out solution,
> but I haven't seen even a hint that anyone knows how to mitigate the
> risks.
I see your point.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
