[Lake] From formal analysis of attested TLS to attested EDHOC
Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Thu, 18 December 2025 23:07 UTC
Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: lake@mail2.ietf.org
Delivered-To: lake@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id A05F79C98ECB for <lake@mail2.ietf.org>; Thu, 18 Dec 2025 15:07:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.397
X-Spam-Level:
X-Spam-Status: No, score=-4.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L_LIjF2ETxzT for <lake@mail2.ietf.org>; Thu, 18 Dec 2025 15:07:43 -0800 (PST)
Received: from mailout3.zih.tu-dresden.de (mailout3.zih.tu-dresden.de [141.30.67.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id B10C39C98EBF for <lake@ietf.org>; Thu, 18 Dec 2025 15:07:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=Content-Type:Subject:From:To:MIME-Version:Date :Message-ID:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=jxnMwQlJr+VHeaTpZqHVYI1xrAJEJNEkEnQj54najRQ=; b=Hc5FJpMqlzZDhsfvN3tFEqyv0j 4n/lsJMnKHsuBjIKNDO4WkeMJa03GSd9L6RvQcZ/5elIdKWYqvkbNl8NaB306pAkwz580qlf4u5ku oAB9umkKAYHc78Md7PQ/IS+nNgkuEETEZv4oF5pENmfvvjpDeRioaXBMCCKQvxdC1EUzCjGOXdl13 m8RGtVsf6Ocn4zwR3Fb8PFndr0tJX2toRYoBb0GrMQzazDigbP5KjAGwYsvKn5R4eoZj1tNnhKErl 64NoBVQhzs2ybI3T0WlLLowG2+glpr7ng0+1qwe95zVKLdyLXukiBkepxB9kElmHK+5tNkbS5YjYI a2yNFOEA==;
Received: from msx-t422.msx.ad.zih.tu-dresden.de ([172.26.35.139] helo=msx.tu-dresden.de) by mailout3.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1vWN5y-006NUO-HD for lake@ietf.org; Fri, 19 Dec 2025 00:07:43 +0100
Received: from [10.12.5.228] (141.76.13.149) by msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.35; Fri, 19 Dec 2025 00:07:34 +0100
Message-ID: <1780aac8-5f7f-4bc4-b973-cfa4696ced04@tu-dresden.de>
Date: Fri, 19 Dec 2025 00:07:33 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: "lake@ietf.org" <lake@ietf.org>
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms010105010305080700080503"
X-ClientProxiedBy: MSX-T416.msx.ad.zih.tu-dresden.de (172.26.35.136) To msx-t422.msx.ad.zih.tu-dresden.de (172.26.35.139)
X-TUD-Virus-Scanned: mailout3.zih.tu-dresden.de
Message-ID-Hash: GF2XRQ2MEGESVG3WOTELJUAIZ3SRK4TE
X-Message-ID-Hash: GF2XRQ2MEGESVG3WOTELJUAIZ3SRK4TE
X-MailFrom: muhammad_usama.sardar@tu-dresden.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Lake] From formal analysis of attested TLS to attested EDHOC
List-Id: Lightweight Authenticated Key Exchange <lake.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/lake/FhB68GT1qSZuRILN7gMPQdn6SEc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lake>
List-Help: <mailto:lake-request@ietf.org?subject=help>
List-Owner: <mailto:lake-owner@ietf.org>
List-Post: <mailto:lake@ietf.org>
List-Subscribe: <mailto:lake-join@ietf.org>
List-Unsubscribe: <mailto:lake-leave@ietf.org>
Hi all,
In Montreal, I had very interesting discussions with Marco and Göran on
how to make my formal analysis more flexible and useful for EDHOC.
Following up on these discussions, we (i.e., I, Mariam Moustafa and
Tuomas Aura) would like to share our paper [0] and formal analysis [1]
of attested TLS protocols for your review and feedback, and for further
research and development towards attested EDHOC. In particular, our
approach takes security goals of remote attestation and TLS separately
(cf. Sec. 5.1 in [0]), such that TLS security goals can be replaced by
EDHOC security goals in the future. We are thinking on the lines of
making the protocol model modular as well, such that TLS protocol model
can be replaced by EDHOC protocol model. We are particularly interested
in feedback in this direction. This approach also seems well-aligned
with lake charter stating:
*
Remote attestation of EDHOC peers, reusing as much as possible available
work from the RATS and TLS working groups.
Perhaps we should add SEAT WG there as well.
In our paper [0], we formally analyzed two of the most prominent
attested TLS protocols:
1. Interoperable RA-TLS [2] (pre-handshake attestation)
2. draft-fossati-tls-attestation (TLS-attest) [3] (intra-handshake
attestation)
Analysis of [3] may be particularly interesting for this WG because
draft-ietf-lake-ra has been following this draft (except for the
post-handshake part). Several slides and videos/recordings are already
available in README in [1].
We submitted the artifacts at AsiaCCS (Core rank A security conference)
as part of the paper review process and the paper has been accepted for
publication with very good reviews (3xaccept, 1xweak accept). So we are
pretty confident that our approach will provide a firm basis for formal
analysis of attested EDHOC.
One limitation is that it currently has Server as Attester. Analysis for
Client as Attester is planned, and that should then be directly useful
for attested EDHOC (Initiator as Attester).
We welcome any feedback/questions related to the paper, artifacts and
the overall plan to move towards attested EDHOC.
-Usama
[0]
https://www.researchgate.net/publication/398839141_Identity_Crisis_in_Confidential_Computing_Formal_Analysis_of_Attested_TLS
[1] https://github.com/CCC-Attestation/formal-spec-id-crisis
[2] https://github.com/ccc-attestation/interoperable-ra-tls
[3] https://datatracker.ietf.org/doc/draft-fossati-tls-attestation/
PS: For any follow-up, please keep me explicitly in To/CC. I am
currently overwhelmed with SEAT work and currently not following this list.
- [Lake] From formal analysis of attested TLS to at… Muhammad Usama Sardar