Re: [Anima-bootstrap] brsky concern2: Timelyness of log entries

Toerless Eckert <> Tue, 01 November 2016 20:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8D3641299B2 for <>; Tue, 1 Nov 2016 13:28:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FAKE_REPLY_C=1.486, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id K6bp6XTeIm8k for <>; Tue, 1 Nov 2016 13:28:58 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4A9BC1299B0 for <>; Tue, 1 Nov 2016 13:28:58 -0700 (PDT)
Received: from ( [IPv6:2001:638:a000:4134::ffff:77]) by (Postfix) with ESMTP id 16A1C58C4AE; Tue, 1 Nov 2016 21:28:57 +0100 (CET)
Received: by (Postfix, from userid 10463) id F1ABBB0ACBC; Tue, 1 Nov 2016 21:28:56 +0100 (CET)
Date: Tue, 01 Nov 2016 21:28:56 +0100
From: Toerless Eckert <>
To: Toerless Eckert <>
Message-ID: <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <>
Subject: Re: [Anima-bootstrap] brsky concern2: Timelyness of log entries
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Mailing list for the bootstrap design team of the ANIMA WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 01 Nov 2016 20:28:59 -0000

-> Attacker has physical access to pledge at some point in time.
-> Makes device generate nonce messages. Stashes messages away (not connecting
   to MASA).

-> Device gets later enrolled/installed later by valid owner.
-> Maybe valid owner does re-enroll devices several times, eg: between them
   being put into different locations (as often requered in big customers,
   eg: CPE and the like).

-> Attacker at some point uses stashed nonce messages to extract audit-logs
   (and vouchers) from MASA. Can not use them because attacker does not have
   access to device anymore, but would rase red flags when actual owner
   of devices would do any new re-enrollment where it looks at audit-log.

I am not sure how strong/likely this attack vector is given how the manufacturer
can identify and therefore hopefully track down the attackers registrar (given
that that requires an authenticated ID with the MASA), but:

The log-entry makes everybody easily believe that the device was having the
enrollment sgnaling at the time when it was logged when in reality that is
not true. Yes, it would require up to one more round-trip to establish that
fact, but it looks prudent to me if that was done.