Hannes Tschofenig

Personal blog about various IETF and Internet related activities

Nov 18

I attended Mbed Connect 2018 in San Jose and talked about the role of standards for IoT security. My co-worker Jan Jongboom provided a nice summary in this blog post “It’s a wrap: Mbed Connect US 2018 is done”. I stayed there for the entire event and was surprised about the large number of participants at the hands-on workshop. It is great to see so many developers coming to these events. As someone who likes to play with hardware I was fortunate enough to get hold of the new Nuvoton M2351 board and later at Arm TechCon I spoke with folks from ST Microelectronics and I will now receive a STM32L562 board. Both boards contain MCUs supporting the Arm v8-M architecture. Since I am trying to improve security of Internet of Things devices it is great to see more and more chip vendors offering low end MCUs that are developed with IoT security in mind. Only a few years ago it was difficult to find microcontrollers that offered a hardware-based random number generator, enough RAM for doing public key crypto, and hardware-based crypto support (SHA256, AES, and even ECDSA). Previously one had to use a dedicated crypto chip, which was both expensive and difficult to integrate into the rest of the software stack. Often the vendors required you to sign an NDA to get the documentation and the SDK for using the crypto functionality. Now, things have changed. That’s great news. With the availability of TrustZone suport for Cortex M MCUs I expect to see a substantial increase in security for IoT devices.

Anyway, here are two videos recording during the event. They explain a little bit of what I was talking about at Mbed Connect and at Arm TechCon:

Sep 18

I will give two talks at Arm TechCon 2018, see https://www.armtechcon.com. Arm TechCon brings together thousands of engineers, architects, developers and product designer of leading companies in the embedded industry.

First, I will focus on the new TLS and DTLS 1.3 specifications and the implementation I have been working on. Second, I will introduce the new IoT security benchmark, called SecureMark-TLS, developed within the benchmarking organization EEMBC. I have the honor to do the second talk together with Peter Torelli, the president of EEMBC.

In addition to Arm TechCon I will be speaking at the Arm Research Summit, see https://www.arm.com/company/events/research-summit, in a webinar organized by our Keil team, see https://pages.arm.com/secure-device-management-with-Keil-MDK.html, and also at the NIS Summer School, see https://nis-summer-school.enisa.europa.eu.

May 16

We are organizing another workshop on Internet of Things related matters. This time we will talk about the importance of software / firmware updates.


We are seeking input on this topic via the workshop. The workshop webpage also provides examples for topics, such as:

  • Protocol mechanisms for distributing software updates: What protocols mechanisms are available for distributing firmware updates? Do these protocols meet the needs?
  • What security mechanisms should be used for protecting software updates? What is the experience with those?
  • What meta-data about software / firmware packages should be provided? Is there a best current practice?
  • What are the implications of operating system and hardware design on the software update mechanisms? Are there new requirements that need to be taken into account with the increasing deployment of microcontrollers? Do high-level languages on these microntrollers change the way we will do software updates in the future?
  • How are software updates different on devices that provide hardware security (such as Trusted Execution Environments)? Can we make software updates on these devices easier for developers?
  • What are the privacy implications of software update mechanisms?
  • What are the implications of device ownership and control for software update?

We are looking for input on state-of-the-art techniques as well as requirements and ideas for future work.

With your contributions this will become an interesting workshop. Please submit your position paper by 20th May 2016 and we will see each other in Dublin on the 13th and 14th of June, 2016.

Feb 16

OpenID-Connect Outh-20-Logo2

Early this year we announced our plans to organize an OAuth security workshop on the IETF OAuth mailing list. We did this after we held a per-invitation only security workshop late December in response to the discovery of the OAuth Authorization Server Mix-Up problem. In the meanwhile we have made progress in the planning activities and we are happy to announce that the workshop will take place July 14th and 15th 2016 in Trier/Germany. The date fits nicely with the IETF meeting in Berlin and our host, the Chair for Information Security and Cryptography at the University of Trier, may be familiar to some of you in context of the formal security analysis of OAuth also published earlier this year.

More information about the event can be found on the workshop page.

With this workshop we particularly encourage researchers and other security experts to analyse OAuth and OAuth extensions and to report their findings at this workshop. Please note the position paper deadline, which is May 21st.

In terms of the scope for the workshop we are seeking security papers related to OAuth, OpenID Connect, and other technologies using OAuth under the hood. Papers on technologies that are used in OAuth, such as JOSE, or impact the security of OAuth, such as Web technology, are also welcome.

We are looking forward to your contributions and to the discussions at the workshop! Feel free to contact us if there are questions.

Feb 16

FIDO Privacy Whitepaper


In time for the data privacy day the FIDO Privacy & Public Policy working group released their FIDO Privacy whitepaper. This new whitepaper is targeted at regulators, data protection authorities, and “policy makers”. Of course, everyone with interest in privacy is also welcome to take a look at it. Due to the primary audience it includes a high-level summary of the FIDO protocols and the value proposition of the FIDO technology.

In the main part of the whitepaper we compare the European privacy principles (as outlined in Directive 95/46/EC) with the functionality provided by FIDO. The FIDO privacy principles on which the FIDO specifications are built are relevant to this description. To avoid a European-bias we also compare the Identity Ecosystem Steering Group (IDESG) privacy requirements with the FIDO privacy principles.

The description should help to gain a better understanding of how FIDO meets current regulatory mandates.

In case you want to read more, take a look at the blog post with the title ‘There is No Privacy Without Security‘ and at the whitepaper itself. Let me or us know if you have some questions.

Feb 16

Today’s Internet of Things deployments are not known for their great interoperability. Typically, devices are only able to speak to one specific gateway, app downloaded from the device vendor, or to a single cloud provider. Getting devices from different vendors to talk to each other is challenging.

The reason for this situation is not necessarily a lack of standards; in fact there are various ways organizations and vendors are trying to approach the problem but the different solutions have pros & cons. Everyone seems to have their own story on how things be done. While many of these solution approaches are documented and published in specifications there are just too many of them. Are the requirements and use cases so different or we are just constantly re-inventing the wheel (without knowing the state-of-the-art)?

The Internet Architecture Board (IAB) is organizing a workshop that aims to shed some light on this topic in an attempt to find out whether there is interest to improve the situation. You need to submit a position paper to attend the workshop. We will review the position papers and then invite authors to attend the workshop (since the space is limited).

There is deadline for submitting a position paper, which is next Monday (February 22nd, 2016). 

We received various questions about the workshop and I thought I should summarize some of them.

  1. Q: Can we move the date? A: Unfortunately not. We know that there are conflicts when you organize these types of workshops since there are so many events going on at the same time. There are also events adjacent to this workshop, such as the Thing-to-Thing Research Group meets the two days before the workshop and the Bluetooth SIG has their meetings already right before the workshop starts.
  2. Q: What do you expect as an outcome? A: Due to the position paper requirement we expect organizations, companies and individuals to submit write-ups that describe the current state of the art, as well as their ideas about where the work should be going. Having a good understanding of the state-of-the-art and an insight into the design requirements is important. At the workshop itself we will have lots of discussions and those will be captured in a workshop report. Of course we hope to all gain new insight in where we should be moving with the work on data and information models. Maybe there is some chance to harmonize the work across organizations to ensure better interoperability for all. Finally, the face-to-face meeting will give experts the possibility to connect with others. From past experience we can say that this will lead to more efficient communication across organizations.
  3. Q: Is there a possibility for remote participation? A: Unfortunately, we will not offer remote participation. We have tried it in other workshops in the past and it just does not work. It is painful for those sitting on the remote end and it negatively impacts the discussions for the participants in the room. The socializing opportunities, which are an important part of such a workshop, are also lost.
  4. Q: Will there be presentations? A: Yes, there will be presentations. However, those are different than in academic workshops. We are not interested in presentations that repeat the content of position papers. In fact we assume everyone has read he position papers before arriving at the workshop. The purpose of the workshop is to have discussions. A minimum number of presentations will be given to get the scope set and the discussions going. We want to have discussions on the aspects that have been identified as challenges from the position papers.
  5. Q: How should the position paper look like? A: I have created a blog post about this topic some time ago (in context of another workshop). You may want to take a look at my short write-up. The workshop webpage also provides some questions for you to think about.
Dec 15

Last week Simon Lemay and I gave a tutorial about the Lightweight Machine-to-Machine (LWM2M) standard developed by the Open Mobile Alliance (OMA) to participants from the IETF ACE working group.

LWM2M offers several features that are relevant for Internet of Things security and also for the work in the IETF ACE working group, such as

  • Software Updates
  • Distribution of keys and access control policies (during a process called bootstrapping in the specification)
  • Remote Device and Application Configuration
  • Diagnostics

In summary, LWM2M is a device lifecycle management solution that builds on IETF protocols designed to be lightweight, such as CoAP, various CoAP extensions (such as Resource Directory), and DTLS.

Our slide deck should give you an idea what we have been talking about.

You can also download the PPTX version of the slide from here.

We also recorded the webinar and you can find it here. (The recording was done using Cisco’s Webex and the video was then converted to MP4 using the Cisco provided Network Recording Player.)

The OMA LWM2M specification has been around for a while and therefore various testfests (i.e., interoperability events) have been held already. Another one is coming next month — more information can be found at http://openmobilealliance.org/event/oma-testfest-sandiego/.