Internet-Draft | MUD (D)TLS Profile for IoT devices | August 2022 |
Reddy, et al. | Expires 27 February 2023 | [Page] |
This memo extends the Manufacturer Usage Description (MUD) specification to incorporate (D)TLS profile parameters. This allows a network security service to identify unexpected (D)TLS usage, which can indicate the presence of unauthorized software or malware on an endpoint.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 27 February 2023.¶
Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Encryption is necessary to enhance the privacy of end users using IoT devices. TLS [RFC8446] and DTLS [I-D.ietf-tls-dtls13] are the dominant protocols (counting all (D)TLS versions) providing encryption for IoT device traffic. Unfortunately, in conjunction with IoT applications' rise of encryption, malware authors are also using encryption which thwarts network-based analysis such as deep packet inspection (DPI). Other mechanisms are thus needed to help detecting malware running on an IoT device.¶
Malware frequently uses proprietary libraries for its activities, and those libraries are reused much like any other software engineering project. [malware] indicates that there are observable differences in how malware uses encryption compared with how non-malware uses encryption. There are several interesting findings specific to (D)TLS which were found common to malware:¶
If observable (D)TLS profile parameters are used, the following functions are possible which have a positive impact on the local network security:¶
The YANG module specified in Section 5 of this document is an extension of YANG Data Model for Network Access Control Lists (ACLs) [RFC8519] to enhance MUD [RFC8520] to model observable (D)TLS profile parameters. Using these (D)TLS profile parameters, an active MUD-enforcing network security service (e.g., firewall) can identify MUD non-compliant (D)TLS behavior indicating outdated cryptography or malware. This detection can prevent malware downloads, block access to malicious domains, enforce use of strong ciphers, stop data exfiltration, etc. In addition, organizations may have policies around acceptable ciphers and certificates for the websites the IoT devices connect to. Examples include no use of old and less secure versions of TLS, no use of self-signed certificates, deny-list or accept-list of Certificate Authorities, valid certificate expiration time, etc. These policies can be enforced by observing the (D)TLS profile parameters. Network security services can use the IoT device's (D)TLS profile parameters to identify legitimate flows by observing (D)TLS sessions, and can make inferences to permit legitimate flows and to block malicious or insecure flows. The proposed technique is also suitable in deployments where decryption techniques are not ideal due to privacy concerns, non-cooperating end-points, and expense.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119][RFC8174] when, and only when, they appear in all capitals, as shown here.¶
"(D)TLS" is used for statements that apply to both Transport Layer Security [RFC8446] and Datagram Transport Layer Security [RFC6347]. Specific terms are used for any statement that applies to either protocol alone.¶
'DoH/DoT' refers to DNS-over-HTTPS and/or DNS-over-TLS.¶
In Enterprise networks, protection and detection are typically done both on end hosts and in the network. Host security agents have deep visibility on the devices where they are installed, whereas the network has broader visibility. Installing host security agents may not be a viable option on IoT devices, and network-based security is an efficient means to protect such IoT devices. If the IoT device supports a MUD (D)TLS profile, the (D)TLS profile parameters of the IoT device can be used by a middlebox to detect and block malware communication, while at the same time preserving the privacy of legitimate uses of encryption. The middlebox need not proxy (D)TLS but can passively observe the parameters of (D)TLS handshakes from IoT devices and gain visibility into TLS 1.2 parameters and partial visibility into TLS 1.3 parameters.¶
Malicious agents can try to use the (D)TLS profile parameters of legitimate agents to evade detection, but it becomes a challenge to mimic the behavior of various IoT device types and IoT device models from several manufacturers. In other words, malware developers will have to develop malicious agents per IoT device type, manufacturer and model, infect the device with the tailored malware agent and will have keep up with updates to the device's (D)TLS profile parameters over time. Furthermore, the malware's command and control server certificates need to be signed by the same certifying authorities trusted by the IoT devices. Typically, IoT devices have an infrastructure that supports a rapid deployment of updates, and malware agents will have a near-impossible task of similarly deploying updates and continuing to mimic the TLS behavior of the IoT device it has infected. However, if the IoT device has reached end-of-life and the IoT manufacturer will not issue a firmware or software update to the Thing or will not update the MUD file, the "is-supported" attribute defined in Section 3.6 of [RFC8520] can be used by the MUD manager to identify the IoT manufacturer no longer supports the device.¶
The end-of-life of a device does not necessarily mean that it is defective; rather, it denotes a need to replace and upgrade the network to next-generation devices for additional functionality. The network security service will have to rely on other techniques discussed in Section 8 to identify malicious connections until the device is replaced.¶
Compromised IoT devices are typically used for launching DDoS attacks (Section 3 of [RFC8576]). For example, DDoS attacks like Slowloris and Transport Layer Security (TLS) re-negotiation can be blocked if the victim's server certificate is not be signed by the same certifying authorities trusted by the IoT device.¶
In (D)TLS 1.3, full (D)TLS handshake inspection is not possible since all (D)TLS handshake messages excluding the ClientHello message are encrypted. (D)TLS 1.3 has introduced new extensions in the handshake record layers called Encrypted Extensions. Using these extensions handshake messages will be encrypted and network security services (such as a firewall) are incapable to decipher the handshake, and thus cannot view the server certificate. However, the ClientHello and ServerHello still have some fields visible, such as the list of supported versions, named groups, cipher suites, signature algorithms and extensions in ClientHello, and chosen cipher in the ServerHello. For instance, if the malware uses evasion techniques like ClientHello randomization, the observable list of cipher suites and extensions offered by the malware agent in the ClientHello message will not match the list of cipher suites and extensions offered by the legitimate client in the ClientHello message, and the middlebox can block malicious flows without acting as a (D)TLS 1.3 proxy.¶
To obtain more visibility into negotiated TLS 1.3 parameters, a middlebox can act as a (D)TLS 1.3 proxy. A middlebox can act as a (D)TLS proxy for the IoT devices owned and managed by the IT team in the Enterprise network and the (D)TLS proxy must meet the security and privacy requirements of the organization. In other words, the scope of middlebox acting as a (D)TLS proxy is restricted to Enterprise network owning and managing the IoT devices. The middlebox would have to follow the behaviour detailed in Section 9.3 of [RFC8446] to act as a compliant (D)TLS 1.3 proxy.¶
To further increase privacy, Encrypted Client Hello (ECH) extension [I-D.ietf-tls-esni] prevents passive observation of the TLS Server Name Indication extension and other potentially sensitive fields, such as the ALPN [RFC7301]. To effectively provide that privacy protection, ECH extension needs to be used in conjunction with DNS encryption (e.g., DoH). A middlebox (e.g., firewall) passively inspecting ECH extension cannot observe the encrypted SNI nor observe the encrypted DNS traffic. The middlebox acting as a (D)TLS 1.3 proxy that does not support ECH extension will act as if connecting to the public name and it follows the behaviour discussed in Section 6.1.6 of [I-D.ietf-tls-esni] to securely signal the client to disable ECH.¶
A common usage pattern for certain type of IoT devices (e.g., light bulb) is for it to "call home" to a service that resides on the public Internet, where that service is referenced through a domain name (A or AAAA record). As discussed in Manufacturer Usage Description Specification [RFC8520], because these devices tend to require access to very few sites, all other access should be considered suspect. If an IoT device is pre-configured to use a DNS resolver not signaled by the network, the MUD policy enforcement point is moved to that resolver, which cannot enforce the MUD policy based on domain names (Section 8 of [RFC8520]). If the DNS query is not accessible for inspection, it becomes quite difficult for the infrastructure to suspect anything. Thus the use of a DNS resolver not signaled by the network is incompatible with MUD in general. A network-designated DoH/DoT server is necessary to allow MUD policy enforcement on the local network, for example, using the techniques specified in [I-D.ietf-add-dnr] and [I-D.ietf-add-ddr].¶
This document specifies a YANG module for representing (D)TLS profile. The (D)TLS profile YANG module provides a method for network security services to observe the (D)TLS profile parameters in the (D)TLS handshake to permit intended use and to block malicious behavior. This module uses the cryptographic types defined in [I-D.ietf-netconf-crypto-types]. See [RFC7925] for (D)TLS 1.2 and [I-D.ietf-uta-tls13-iot-profile] for DTLS 1.3 recommendations related to IoT devices, and [RFC7525] for additional (D)TLS 1.2 recommendations.¶
A companion YANG module is defined to include a collection of (D)TLS parameters and (D)TLS versions maintained by IANA: "iana-tls-profile" (Section 5.3).¶
The (D)TLS parameters in each (D)TLS profile include the following:¶
GREASE [RFC8701] sends random values on TLS parameters to ensure future extensibility of TLS extensions. Similar random values might be extended to other TLS parameters. Thus, the (D)TLS profile parameters defined in the YANG module by this document MUST NOT include the GREASE values for extension types, named groups, signature algorithms, (D)TLS versions, pre-shared key exchange modes, cipher suites and for any other TLS parameters defined in future RFCs.¶
The (D)TLS profile does not include parameters like compression methods for data compression, [RFC7525] recommends disabling TLS-level compression to prevent compression-related attacks. In TLS 1.3, only the "null" compression method is allowed (Section 4.1.2 of [RFC8446]).¶
This document augments the "ietf-acl" ACL YANG module defined in [RFC8519] for signaling the IoT device (D)TLS profile. This document defines the YANG module "ietf-acl-tls", which has the following tree structure:¶
module: ietf-acl-tls augment /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches: +--rw client-profile {match-on-tls-dtls}? +--rw client-profile +--rw tls-dtls-profiles* [profile-name] +--rw profile-name string +--rw supported-tls-versions* ianatp:tls-version +--rw supported-dtls-versions* ianatp:dtls-version +--rw cipher-suites* [cipher hash] | +--rw cipher ianatp:cipher-algorithm | +--rw hash ianatp:hash-algorithm +--rw extension-types* | ianatp:extension-type +--rw acceptlist-ta-certs* | ct:trust-anchor-cert-cms +--rw spki | +--rw spki-pin-sets* ianatp:spki-pin-set | +--rw spki-hash-algorithm? iha:hash-algorithm-type +--rw psk-key-exchange-modes* | ianatp:psk-key-exchange-mode | {tls-1-3 or dtls-1-3}? +--rw supported-groups* | ianatp:supported-group +--rw signature-algorithms-cert* | ianatp:signature-algorithm | {tls-1-3 or dtls-1-3}? +--rw signature-algorithms* | ianatp:signature-algorithm +--rw application-protocols* | ianatp:application-protocol +--rw cert-compression-algorithms* | ianatp:cert-compression-algorithm | {tls-1-3 or dtls-1-3}? +--rw certificate-authorities* ianatp:certificate-authority {tls-1-3 or dtls-1-3}?¶
<CODE BEGINS> file "ietf-acl-tls@2020-10-07.yang" module ietf-acl-tls { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-acl-tls"; prefix ietf-acl-tls; import iana-tls-profile { prefix ianatp; reference "RFC XXXX: Manufacturer Usage Description (MUD) (D)TLS Profiles for IoT Devices"; } import ietf-crypto-types { prefix ct; reference "RFC CCCC: Common YANG Data Types for Cryptography"; } import iana-hash-algs { prefix iha; reference "RFC IIII: Common YANG Data Types for Hash algorithms"; } import ietf-access-control-list { prefix acl; reference "RFC 8519: YANG Data Model for Network Access Control Lists (ACLs)"; } organization "IETF OPSAWG (Operations and Management Area Working Group)"; contact "WG Web: <https://datatracker.ietf.org/wg/opsawg/> WG List: opsawg@ietf.org Author: Konda, Tirumaleswar Reddy TirumaleswarReddy_Konda@McAfee.com "; description "This YANG module defines a component that augments the IETF description of an access list to allow (D)TLS profile as matching criteria. Copyright (c) 2020 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices."; revision 2020-11-02 { description "Initial revision"; reference "RFC XXXX: Manufacturer Usage Description (MUD) (D)TLS Profiles for IoT Devices"; } feature tls-1-2 { description "TLS Protocol Version 1.2 is supported."; reference "RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2"; } feature tls-1-3 { description "TLS Protocol Version 1.3 is supported."; reference "RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3"; } feature dtls-1-2 { description "DTLS Protocol Version 1.2 is supported."; reference "RFC 6346: Datagram Transport Layer Security Version 1.2"; } feature dtls-1-3 { description "DTLS Protocol Version 1.3 is supported."; reference "draft-ietf-tls-dtls13: Datagram Transport Layer Security 1.3"; } feature match-on-tls-dtls { description "The networking device can support matching on (D)TLS parameters."; } augment "/acl:acls/acl:acl/acl:aces/acl:ace/acl:matches" { if-feature "match-on-tls-dtls"; description "(D)TLS specific matches."; container client-profile { description "A grouping for (D)TLS profiles."; container client-profile { description "A grouping for DTLS profiles."; list tls-dtls-profiles { key "profile-name"; description "A list of (D)TLS version profiles supported by the client."; leaf profile-name { type string { length "1..64"; } description "The name of (D)TLS profile; space and special characters are not allowed."; } leaf-list supported-tls-versions { type ianatp:tls-version; description "TLS versions supported by the client."; } leaf-list supported-dtls-versions { type ianatp:dtls-version; description "DTLS versions supported by the client."; } list cipher-suites { key "cipher hash"; leaf cipher { type ianatp:cipher-algorithm; description "AEAD encryption algorithm as defined in RFC5116."; } leaf hash { type ianatp:hash-algorithm; description "Hash algorithm used with HKDF as defined in RFC5869."; } description "A list of Cipher Suites supported by the client."; } leaf-list extension-types { type ianatp:extension-type; description "A list of Extension Types supported by the client."; } leaf-list acceptlist-ta-certs { type ct:trust-anchor-cert-cms; description "A list of trust anchor certificates used by the client."; } container spki { description "A grouping for spki."; leaf-list spki-pin-sets { type ianatp:spki-pin-set; description "A list of SPKI pin sets pre-configured on the client to validate self-signed server certificate or raw public key."; } leaf spki-hash-algorithm { type iha:hash-algorithm-type; description "cryptographic hash algorithm used to generate the SPKI pinset."; } } leaf-list psk-key-exchange-modes { if-feature "tls-1-3 or dtls-1-3"; type ianatp:psk-key-exchange-mode; description "pre-shared key exchange modes."; } leaf-list supported-groups { type ianatp:supported-group; description "A list of named groups supported by the client."; } leaf-list signature-algorithms-cert { if-feature "tls-1-3 or dtls-1-3"; type ianatp:signature-algorithm; description "A list signature algorithms the client can validate in X.509 certificates."; } leaf-list signature-algorithms { type ianatp:signature-algorithm; description "A list signature algorithms the client can validate in the CertificateVerify message."; } leaf-list application-protocols { type ianatp:application-protocol; description "A list application protocols supported by the client."; } leaf-list cert-compression-algorithms { if-feature "tls-1-3 or dtls-1-3"; type ianatp:cert-compression-algorithm; description "A list certificate compression algorithms supported by the client."; } leaf-list certificate-authorities { if-feature "tls-1-3 or dtls-1-3"; type ianatp:certificate-authority; description "A list of the distinguished names of certificate authorities acceptable to the client."; } } } } } } <CODE ENDS>¶
The TLS and DTLS IANA registries are available from https://www.iana.org/assignments/tls-parameters/tls-parameters.txt and https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.txt.¶
The values for all the parameters in the "iana-tls-profile" YANG module are defined in the TLS and DTLS IANA registries excluding the tls-version, dtls-version, spki-pin-set, and certificate-authority parameters. The values of spki-pin-set and certificate-authority parameters will be specific to the IoT device.¶
The TLS and DTLS IANA registries do not maintain (D)TLS version numbers. In (D)TLS 1.2 and below, "legacy_version" field in the ClientHello message is used for version negotiation. However in (D)TLS 1.3, the "supported_versions" extension is used by the client to indicate which versions of (D)TLS it supports. TLS 1.3 ClientHello messages are identified as having a "legacy_version" of 0x0303 and a "supported_versions" extension present with 0x0304 as the highest version. DTLS 1.3 ClientHello messages are identified as having a "legacy_version" of 0xfefd and a "supported_versions" extension present with 0x0304 as the highest version.¶
In order to ease updating the "iana-tls-profile" YANG module with future (D)TLS versions, new (D)TLS version registries are defined in Section 10.2 and Section 10.3. Whenever a new (D)TLS protocol version is defined, the registry will be updated using expert review; the "iana-tls-profile" YANG module will be automatically updated by IANA.¶
The "iana-tls-profile" YANG module is defined as follows:¶
<CODE BEGINS> file "iana-tls-profile@2020-10-07.yang" module iana-tls-profile { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:iana-tls-profile"; prefix ianatp; organization "IANA"; contact " Internet Assigned Numbers Authority Postal: ICANN 12025 Waterfront Drive, Suite 300 Los Angeles, CA 90094-2536 United States Tel: +1 310 301 5800 E-Mail: iana@iana.org>"; description "This module contains YANG definition for the (D)TLS profile. Copyright (c) 2020 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices."; revision 2020-11-02 { description "Initial revision"; reference "RFC XXXX: Manufacturer Usage Description (MUD) (D)TLS Profiles for IoT Devices"; } typedef extension-type { type uint16; description "Extension type in the TLS ExtensionType Values registry as defined in Section 7 of RFC8447."; } typedef supported-group { type uint16; description "Supported Group in the TLS Supported Groups registry as defined in Section 9 of RFC8447."; } typedef spki-pin-set { type binary; description "Subject Public Key Info pin set as discussed in Section 2.4 of RFC7469."; } typedef signature-algorithm { type uint16; description "Signature algorithm in the TLS SignatureScheme registry as defined in Section 11 of RFC8446."; } typedef psk-key-exchange-mode { type uint8; description "Pre-shared key exchange mode in the TLS PskKeyExchangeMode registry as defined in Section 11 of RFC8446."; } typedef application-protocol { type string; description "Application-Layer Protocol Negotiation (ALPN) Protocol ID registry as defined in Section 6 of RFC7301."; } typedef cert-compression-algorithm { type uint16; description "Certificate compression algorithm in TLS Certificate Compression Algorithm IDs registry as defined in Section 7.3 of ietf-tls-certificate-compression"; } typedef certificate-authority { type string; description "Distinguished Name of Certificate authority as discussed in Section 4.2.4 of RFC8446."; } typedef cipher-algorithm { type uint8; description "AEAD encryption algorithm in TLS Cipher Suites registry as discussed in Section 11 of RFC8446."; } typedef hash-algorithm { type uint8; description "Hash algorithm used with HMAC-based Extract-and-Expand Key Derivation Function (HKDF) in TLS Cipher Suites registry as discussed in Section 11 of RFC8446."; } typedef tls-version { type enumeration { enum tls-1.2 { value 1; description "TLS Protocol Version 1.2. TLS 1.2 ClientHello contains 0x0303 in 'legacy_version'."; reference "RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2"; } enum tls-1.3 { value 2; description "TLS Protocol Version 1.3. TLS 1.3 ClientHello contains a supported_versions extension with 0x0304 contained in its body and the ClientHello contains 0x0303 in 'legacy_version'."; reference "RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3"; } } description "Indicates the TLS version."; } typedef dtls-version { type enumeration { enum dtls-1.2 { value 1; description "DTLS Protocol Version 1.2. DTLS 1.2 ClientHello contains 0xfefd in 'legacy_version'."; reference "RFC 6346: Datagram Transport Layer Security 1.2"; } enum dtls-1.3 { value 2; description "DTLS Protocol Version 1.3. DTLS 1.3 ClientHello contains a supported_versions extension with 0x0304 contained in its body and the ClientHello contains 0xfefd in 'legacy_version'."; reference "RFC DDDD: Datagram Transport Layer Security 1.3"; } } description "Indicates the DTLS version."; } } <CODE ENDS>¶
This document augments the "ietf-mud" MUD YANG module to indicate whether the device supports (D)TLS profile. If the "ietf-mud-tls" extension is supported by the device, MUD file is assumed to implement the "match-on-tls-dtls" ACL model feature defined in this specification. Furthermore, only "accept" or "drop" actions SHOULD be included with the (D)TLS profile similar to the actions allowed in Section 2 of [RFC8520].¶
This document defines the YANG module "ietf-mud-tls", which has the following tree structure:¶
module: ietf-mud-tls augment /ietf-mud:mud: +--rw is-tls-dtls-profile-supported? boolean¶
The model is defined as follows:¶
<CODE BEGINS> file "iana-tls-mud@2020-10-20.yang" module ietf-mud-tls { yang-version 1.1; namespace "urn:ietf:params:xml:ns:yang:ietf-mud-tls"; prefix ietf-mud-tls; import ietf-mud { prefix ietf-mud; } organization "IETF OPSAWG (Operations and Management Area Working Group)"; contact "WG Web: <https://datatracker.ietf.org/wg/opsawg/> WG List: opsawg@ietf.org Author: Konda, Tirumaleswar Reddy TirumaleswarReddy_Konda@McAfee.com "; description "Extension to a MUD module to indicate (D)TLS profile support. Copyright (c) 2020 IETF Trust and the persons identified as authors of the code. All rights reserved. Redistribution and use in source and binary forms, with or without modification, is permitted pursuant to, and subject to the license terms contained in, the Simplified BSD License set forth in Section 4.c of the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info). This version of this YANG module is part of RFC XXXX; see the RFC itself for full legal notices."; revision 2020-10-19 { description "Initial revision."; reference "RFC XXXX: Manufacturer Usage Description (MUD) (D)TLS Profiles for IoT Devices"; } augment "/ietf-mud:mud" { description "This adds a extension for a manufacturer to indicate whether (D)TLS profile is is supported by a device."; leaf is-tls-dtls-profile-supported { type boolean; description "This value will equal 'true' if a device supports (D)TLS profile."; } } } <CODE ENDS>¶
The following text outlines the rules for a network security service (e.g., firewall) to follow to process the MUD (D)TLS Profile:¶
The example below contains (D)TLS profile parameters for a IoT device used to reach servers listening on port 443 using TCP transport. JSON encoding of YANG modelled data [RFC7951] is used to illustrate the example.¶
{ "ietf-mud:mud": { "mud-version": 1, "mud-url": "https://example.com/IoTDevice", "last-update": "2019-18-06T03:56:40.105+10:00", "cache-validity": 100, "extensions": [ "ietf-mud-tls" ], "ietf-mud-tls:is-tls-dtls-profile-supported": "true", "is-supported": true, "systeminfo": "IoT device name", "from-device-policy": { "access-lists": { "access-list": [ { "name": "mud-7500-profile" } ] } }, "ietf-access-control-list:acls": { "acl": [ { "name": "mud-7500-profile", "type": "ipv6-acl-type", "aces": { "ace": [ { "name": "cl0-frdev", "matches": { "ipv6": { "protocol": 6 }, "tcp": { "ietf-mud:direction-initiated": "from-device", "destination-port": { "operator": "eq", "port": 443 } }, "ietf-acl-tls:client-profile" : { "tls-dtls-profiles" : [ { "supported-tls-versions" : ["tls-1.3"], "cipher-suites" : [ { "cipher": 19, "hash": 1 }, { "cipher": 19, "hash": 2 } ], "extension-types" : [10,11,13,16,24], "supported-groups" : [29] } ] }, "actions": { "forwarding": "accept" } } } ] } } ] } } }¶
The following illustrates the example scenarios for processing the above profile:¶
Security considerations in [RFC8520] need to be taken into consideration. The middlebox must adhere to the invariants discussed in Section 9.3 of [RFC8446] to act as a compliant proxy.¶
Although it is challenging for a malware to mimic the TLS behavior of various IoT device types and IoT device models from several manufacturers, malicious agents have a very low probability of using the same (D)TLS profile parameters as legitimate agents on the IoT device to evade detection. Network security services should also rely on contextual network data to detect false negatives. In order to detect such malicious flows, anomaly detection (deep learning techniques on network data) can be used to detect malicious agents using the same (D)TLS profile parameters as legitimate agent on the IoT device. In anomaly detection, the main idea is to maintain rigorous learning of "normal" behavior and where an "anomaly" (or an attack) is identified and categorized based on the knowledge about the normal behavior and a deviation from this normal behavior.¶
Privacy considerations discussed in Section 16 of [RFC8520] to not reveal the MUD URL to an attacker need to be taken into consideration. The MUD URL can be stored in Trusted Execution Environment (TEE) for secure operation, enhanced data security, and prevent exposure to unauthorized software.¶
Full handshake inspection (Section 4.1) requires a TLS proxy device which needs to decrypt traffic between the IoT device and its server(s). There is a tradeoff between privacy of the data carried inside TLS (especially e.g., personally identifiable information and protected health information) and efficacy of endpoint security. It is strongly RECOMMENDED to avoid a TLS proxy whenever possible. For example, an enterprise firewall administrator can configure the middlebox to bypass TLS proxy functionality or payload inspection for connections destined to specific well-known services. Alternatively, a IoT device could be configured to reject all sessions that involve proxy servers to specific well-known services. In addition, mechanisms based on object security can be used by IoT devices to enable end-to-end security and the middlebox will not have any access to the packet data. For example, Object Security for Constrained RESTful Environments (OSCORE) [RFC8613] is a proposal that protects CoAP messages by wrapping them in the COSE format [RFC8152].¶
This document requests IANA to register the following URIs in the "ns" subregistry within the "IETF XML Registry" [RFC3688]:¶
URI: urn:ietf:params:xml:ns:yang:iana-tls-profile Registrant Contact: The IESG. XML: N/A; the requested URI is an XML namespace.¶
URI: urn:ietf:params:xml:ns:yang:ietf-acl-tls Registrant Contact: The IESG. XML: N/A; the requested URI is an XML namespace.¶
URI: urn:ietf:params:xml:ns:yang:ietf-mud-tls Registrant Contact: The IESG. XML: N/A; the requested URI is an XML namespace.¶
IANA is requested to create an IANA-maintained YANG Module called "iana-tls-profile", based on the contents of Section 5.3, which will allow for new (D)TLS parameters and (D)TLS versions to be added to "client-profile". The registration procedure will be Expert Review, as defined by [RFC8126].¶
This document requests IANA to register the following YANG modules in the "YANG Module Names" subregistry [RFC6020] within the "YANG Parameters" registry.¶
name: iana-tls-profile namespace: urn:ietf:params:xml:ns:yang:iana-tls-profile maintained by IANA: Y prefix: ianatp reference: RFC XXXX¶
name: ietf-acl-tls namespace: urn:ietf:params:xml:ns:yang:ietf-acl-tls maintained by IANA: N prefix: ietf-acl-tls reference: RFC XXXX¶
name: ietf-mud-tls namespace: urn:ietf:params:xml:ns:yang:ietf-mud-tls maintained by IANA: N prefix: ietf-mud-tls reference: RFC XXXX¶
IANA is requested to create an the initial version of the IANA-maintained YANG Module called "iana-tls-profile", based on the contents of Section 5.3, which will allow for new (D)TLS parameters and (D)TLS versions to be added. IANA is requested to add this note:¶
When a 'tls-version' or 'dtls-version' value is respectively added to the "ACL TLS Version Codes" or "ACL DTLS Version Codes" registry, a new "enum" statement must be added to the iana-tls-profile YANG module. The following "enum" statement, and substatements thereof, should be defined:¶
When a (D)TLS parameter is added to "ACL (D)TLS Parameters" registry, a new "type" statement must be added to the iana-tls-profile YANG module. The following "type" statement, and substatements thereof, should be defined:¶
When the iana-tls-profile YANG module is updated, a new "revision" statement must be added in front of the existing revision statements.¶
IANA is requested to add this note to "ACL TLS Version Codes", "ACL DTLS Version Codes", and "ACL (D)TLS Parameters" registries:¶
The registration procedure for "ietf-acl-tls" YANG module will be Specification Required, as defined by [RFC8126].¶
IANA is requested to create a new registry titled "ACL TLS Version Codes". Codes in this registry are used as valid values of 'tls-version' parameter. Further assignments are to be made through Expert Review [RFC8126].¶
+-------+---------+-----------------+-----------+ | Value | Label | Description | Reference | | | | | | | | | | | +-------+---------+-----------------+-----------+ | 1 | tls-1.2 | TLS Version 1.2 | [RFC5246] | +-------+---------+-----------------+-----------+ | 2 | tls-1.3 | TLS Version 1.3 | [RFC8446] | +-------+---------+-----------------+-----------+¶
IANA is requested to create a new registry titled "ACL DTLS Version Codes". Codes in this registry are used as valid values of 'dtls-version' parameter. Further assignments are to be made through Expert Review [RFC8126].¶
+-------+---------+----------------+-----------------------+ | Value | Label | Description | Reference | | | | | | | | | | | +-------+---------+----------------+-----------------------+ | 1 |dtls-1.2 |DTLS Version 1.2| [RFC6346] | +-------+---------+----------------+-----------------------+ | 2 |dtls-1.3 |DTLS Version 1.3|[draft-ietf-tls-dtls13]| +-------+---------+----------------+-----------------------+¶
IANA is requested to create a new registry titled "ACL (D)TLS parameters".¶
The values for all the (D)TLS parameters in the registry are defined in the TLS and DTLS IANA registries (https://www.iana.org/assignments/tls-parameters/tls-parameters.txt and https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.txt) excluding the tls-version, dtls-version, spki-pin-set and certificate-authority parameters. Further assignments are to be made through Expert Review [RFC8126]. The registry is initially populated with the following parameters:¶
+----------------------------+-------------+--------+---------------------------------------------+ | Parameter Name | YANG | JSON | | | | Type | Type | Description | | | | | | +----------------------------+-------------+--------+---------------------------------------------+ | extension-type | uint16 | Number | Extension type | +----------------------------+-------------+--------+---------------------------------------------+ | supported-group | uint16 | Number | Supported group | +----------------------------+-------------+--------+---------------------------------------------+ | spki-pin-set | binary | String | Subject public key info pin set | +----------------------------+-------------+--------+---------------------------------------------+ | signature-algorithm | uint16 | Number | Signature algorithm | +----------------------------+-------------+--------+---------------------------------------------+ | psk-key-exchange-mode | uint8 | Number | pre-shared key exchange mode | +----------------------------+-------------+--------+---------------------------------------------+ | application-protocol | string | String | Application protocol | +----------------------------+-------------+--------+---------------------------------------------+ | cert-compression-algorithm | uint16 | Number | Certificate compression algorithm | +----------------------------+-------------+--------+---------------------------------------------+ | certificate-authority | string | String | Distinguished name of Certificate Authority | +----------------------------+-------------+--------+---------------------------------------------+ | cipher-algorithm | uint8 | Number | AEAD encryption algorithm | +----------------------------+-------------+--------+---------------------------------------------+ | hash-algorithm | uint8 | Number | Hash algorithm | +----------------------------+-------------+--------+---------------------------------------------+ | tls-version | enumeration | String | TLS version | +----------------------------+-------------+--------+---------------------------------------------+ | dtls-version | enumeration | String | DTLS version | +----------------------------+-------------+--------+---------------------------------------------+¶
IANA is requested to create a new MUD Extension Name "ietf-mud-tls" in the MUD Extensions IANA registry https://www.iana.org/assignments/mud/mud.xhtml.¶
Thanks to Flemming Andreasen, Shashank Jain, Michael Richardson, Piyush Joshi, Eliot Lear, Harsha Joshi, Qin Wu, Mohamed Boucadair, Ben Schwartz, Eric Rescorla, Panwei William, Nick Lamb and Nick Harper for the discussion and comments.¶