On Wed, Mar 9, 2016 at 12:41 PM, Livingood, Jason <Jason_Livingood@xxxxxxxxxxx> wrote: > Sure, WiFi security is an issue for IoT. But there are probably much more > fundamental IoT security issues. IMHO I think one of the largest is the > lack of a secure & automatic (no end user interaction) software update > channel. I think Jari has a very different set of concerns to mine. My first concern is to bind a device to my portfolio in such a way that: * The device can recognize data (commands, requests, data) from other devices in my portfolio as such * Other devices in my portfolio can recognize that device. So in PKI terms, what I need to achieve is to 1) install my personal root of trust onto that device and 2) sign the cryptographic public keys of the new device with an administration key authorized for that purpose under my personal root of trust. If I can achieve those two things, I have a framework of trust that I can then leverage to securely support any machine configuration or management operation. I could send the device a message to the effect 'download and install the latest BIND updates, check the sigs match this root, signed <me>' Once you have bilateral authentication, many things that are now complex become straightforward. Now that is not all I would want from a software update scheme. I would probably want to have some mechanism that makes it possible to know that updates exist, that this is the latest one. And that leads to blockchain like constructs. I am probably also going to want some means of engaging a third party to curate updates for me. For example, check that the patch works on my devices. If I have redundant systems, I certainly don't want them both to patch at the same time. If I get the binding I describe, all things become possible. But achieving that binding requires a communication of some sort between my devices. And that gets me into a bootstrap problem. How does my device know what the network configuration parameters are to connect to the network and download the parameters? Yes, this can be made easy but I have yet to see it made easy in practice. Once upon a time, my Linksys boxen came with a button that was 'all I needed to press' to connect up a device. Only it didn't work because I would have to download the proprietary software drivers to make it work with their PCMCIA cards. I am pretty uncompromising where ease of use is concerned. This is not a problem I have seen any commercial product solve to my satisfaction to date.