IETF Logo Mail Archive

Re: [Rats] Android comments on EAT draft

Jeremy O'Donoghue <jodonogh@qti.qualcomm.com> Fri, 17 May 2019 11:21 UTC

Return-Path: <jodonogh@qti.qualcomm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1421212037F for <rats@ietfa.amsl.com>; Fri, 17 May 2019 04:21:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tbS306CEWUun for <rats@ietfa.amsl.com>; Fri, 17 May 2019 04:21:31 -0700 (PDT)
Received: from alexa-out-ams-01.qualcomm.com (alexa-out-ams-01.qualcomm.com [185.23.61.162]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F48212036D for <rats@ietf.org>; Fri, 17 May 2019 04:21:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1558092091; x=1589628091; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=5t2Dg4FYKVm8R0AFlaz3fuqSfxzc7xiArpjw8bPvsZc=; b=SIsuKOn2EHu08BT63WiJZOboBb1+tPY6PY+vs2RqC6ik3I7xbUmiREcU T5Ao5WQhSJ6UTVc3hBhAsoBsqcYEXdjMKeXo1m9/h3V5lcf5emRyQI3Mc QynVYklr6Uw8uH88DfpTR1o/BxUUEmgM92eCpfp1uaeN/90cxFBY6MA+s M=;
Received: from ironmsg01-ams.qualcomm.com ([10.251.56.2]) by alexa-out-ams-01.qualcomm.com with ESMTP; 17 May 2019 13:21:29 +0200
X-IronPort-AV: E=McAfee;i="5900,7806,9259"; a="8105768"
Received: from euamsexm01a.eu.qualcomm.com ([10.251.127.40]) by ironmsg01-ams.qualcomm.com with ESMTP/TLS/AES256-SHA; 17 May 2019 13:21:29 +0200
Received: from euamsexm01a.eu.qualcomm.com (10.251.127.40) by euamsexm01a.eu.qualcomm.com (10.251.127.40) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 17 May 2019 13:21:27 +0200
Received: from euamsexm01a.eu.qualcomm.com ([10.251.127.40]) by euamsexm01a.eu.qualcomm.com ([10.251.127.40]) with mapi id 15.00.1395.000; Fri, 17 May 2019 13:21:27 +0200
From: Jeremy O'Donoghue <jodonogh@qti.qualcomm.com>
To: Thomas Fossati <Thomas.Fossati@arm.com>
CC: Shawn Willden <swillden=40google.com@dmarc.ietf.org>, "rats@ietf.org" <rats@ietf.org>, Laurence Lundblade <lgl@island-resort.com>, Simon Frost <Simon.Frost@arm.com>
Thread-Topic: [Rats] Android comments on EAT draft
Thread-Index: AQHVC4B9pNHWJdcAQkKTElalgfWFNqZs5PyAgACT9wCAAKZ4gIAAAOWAgACyVICAABUCAIAAJSYA
Date: Fri, 17 May 2019 11:21:27 +0000
Message-ID: <B1A69042-5A07-44F6-8BE1-6D28D32EAD38@qti.qualcomm.com>
References: <CAFyqnhVJ-ps4bdhsyQDOHdzHVZsXeK7_kCDXxUVUcuyDzWS3uA@mail.gmail.com> <35459D73-3D08-4E0B-814B-780AD60DD600@island-resort.com> <HE1PR0801MB1643AA2E129098E2C65F9163EF0A0@HE1PR0801MB1643.eurprd08.prod.outlook.com> <CAFyqnhX9f5s21roZvz_VcfR+sd3E89SYmunZKX-2JMC4Rqy_cw@mail.gmail.com> <CAFyqnhXzoo9+2pu1qboPSiHr7YTzfRjOcJj3oEpOX_uFWbRyKA@mail.gmail.com> <E5AEF90D-D0A4-4F64-AA60-090167A31725@qti.qualcomm.com> <EAEFEF91-D04A-474C-9048-C9DA5B98EC9C@arm.com>
In-Reply-To: <EAEFEF91-D04A-474C-9048-C9DA5B98EC9C@arm.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.104.11)
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.251.52.12]
Content-Type: multipart/alternative; boundary="_000_B1A690425A0744F68BE16D28D32EAD38qtiqualcommcom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/-8DaR_nAHJtXNUZyKuhrxsvs2Ls>
Subject: Re: [Rats] Android comments on EAT draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 May 2019 11:21:35 -0000

Hi Thomas,

Please see inline

On 17 May 2019, at 10:08, Thomas Fossati <Thomas.Fossati@arm.com<mailto:Thomas.Fossati@arm.com>> wrote:

Hi Jeremy,

Thanks for the insights into GlobalPlatform.

I have a few questions inline.

On 17/05/2019, 08:53, Jeremy O'Donoghue wrote:
This specific point is one for which GlobalPlatform has a solution in
our TEE/SE related claim definitions. It is possible that this
solution may be more general, although it had not previously occurred
to me that this could be the case.

[...]

The Digital Letter of Approval is a published specification, available
for free (of charge) download behind a click-through license at
https://globalplatform.org/specs-library/?filter-committee=tps.  I am
aware that some RATS participants may be unable/unwilling to access
this document, so I paste the outline DLOA format information below:

The Digital Letter of Approval (DLOA) is an XML file containing the
minimum fields required to:

* Identify the platform – the combination of the application and the
 platform – this DLOA corresponds to

It is not completely clear to me what is meant by platform in this
context?  Is it the TEE/SE only or is it the whole device or something
else?

Today the "platform" is a unique identifier, normally chosen by the manufacturer, that identifies the hardware and any software relevant to the Target of Evaluation described in a Security Target document - in GlobalPlatform terms this is the TEE or SE, but it is really dependent on the chosen Protection Profile.

There is nothing inherently preventing this from being an entire device although there are, to my knowledge, few certifications that operate at the device level. I do expect this to change.

Also when you mention the "platform identifier" a few paragraphs below,
what kind of identifier is this?  And who has authority to mint these
IDs?

* Identify the Authority that issued the corresponding Letter of
 Approval

* Provide the expiration date of the corresponding Letter of
 Approval

* Identify the Letter of Approval from which this DLOA has been
 generated (i.e. include the identifier of the Letter of Approval
 issued by the Authority)

* Ensure authenticity and integrity of the DLOA thanks to a digital
 signature computed by the Authority

* Provide additional information such as the date of issuance of the
 corresponding Letter of Approval or a URL where the original Letter of
 Approval can be retrieved

All of these would be issued by a Conformance Assessment Body (CAB).

In most cases the CAB approves test laboratories to perform the testing on behalf of a device manufacturer and submit reports to the CAB for assessment. Labs may choose to participate in multiple schemes, both commercial and/or government run.

In general, we can consider several types of Conformance Assessment Body.


  *   Commercial CAB schemes such as GlobalPlatform, EMVCo, FIDO, China UnionPay
  *   Government-run / Supra-national schemes such as ANSSI, BSI, SOG-IS mutual recognition, probably ENISA in future,

In principle, anyone can set up such a scheme. In practice a degree of credibility is needed to assure relying parties of the value of a certification. Commercial CABs face challenges here and usually go to considerable lengths to show that certifications are meaningful (e.g. GlobalPlatform went to ANSSI for assessment of the TEE Protection Profile.

I expect two general changes in the use of certification over the next couple of years that might affect how we think of attesting certifications:


  *   Regulation at the national or supra-national level. It may be that certifications from selected "trusted" CABs are required for some device classes.
  *   Creation of meaningful certifications at the whole device level. As an example, a device may have some components that are certified at high levels of assurance (e.g. a Secure Element or TPM / EAL4+), others at a lower ("substantial" / EAL2+) level and some without more than simple functional compliance (e.g. a WiFi subsystem). Such certification will certify a complete device as fit for purpose as some level, depending on the Security Functional Requirements for that device class.

The general concept behind DLOA is flexible enough to adapt to these.


The work to incorporate this in an EAT is ongoing, and will be shared
at Public Review time, but basically you need two claims: one is a
platform identifier and the second is the URL of a web service where
certification details can be retrieved.

The web service is generally operated by a Certification Body
(GlobalPlatform in the case of GlobalPlatform compliance secretariat)
and allows retrieval of complete certification information which is
valid at the time of retrieval.

If an approach based on an external registrar service is of more
general interest, I can arrange a more detailed explanation.

That would be fantastic.

Cheers, t


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email