IETF Logo Mail Archive

Re: [Rats] Supply Chain Attestation (was Re: 3 Use cases)

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Mon, 07 October 2019 16:08 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23D77120169 for <rats@ietfa.amsl.com>; Mon, 7 Oct 2019 09:08:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SOukUjp7HyQ7 for <rats@ietfa.amsl.com>; Mon, 7 Oct 2019 09:08:45 -0700 (PDT)
Received: from mail-oi1-x22e.google.com (mail-oi1-x22e.google.com [IPv6:2607:f8b0:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D86C12011C for <rats@ietf.org>; Mon, 7 Oct 2019 09:08:45 -0700 (PDT)
Received: by mail-oi1-x22e.google.com with SMTP id o205so12112177oib.12 for <rats@ietf.org>; Mon, 07 Oct 2019 09:08:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=NO7TLaJ4Aldz5Dx6GL4SjS676tjTNzhPLMjs5D8wQ8I=; b=XEwad1C+ufh7m3P/MgfZ6XBDtWvJSjSbjTlYzaThjDqdpTv0xPkUK7WAJ04BP/ynBZ +tsbp2ShDYnAokT/G4B7MsFmd4FojtFKnlG4GOpE7ai4zWIYrKiTDnxx8gSUXc0M9JLA BOo3eGl6QrFPvo9HmNcSgSWWKEVQvfXera3n8S0rZkrVVn1eh4r+sTiFbhFSOT2L28Nq 5xL1nhxa+9vFZ/RVYsF3Kvsq1esT4vjaeAWk0Il0C+HhrjwOHoPmB/JcA58yC/iNc4Wd 1ZEPGUbQiWnmXx9KY4OzI6/bxNboZ55snkUkKielj+u8X+JiZmUQAWQmQKEeU9jhg94f cetA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=NO7TLaJ4Aldz5Dx6GL4SjS676tjTNzhPLMjs5D8wQ8I=; b=I5anZFrr2HEvvsDGXjcvtrzyQ2LHbhITfjFzcbF2MQYzBhqDyeXAWH4x6CYPJLkSYF rLifYlytXf5OU43xOcCvM4+mkOvScDHoNnxRuVX4pUotWTl6uYZwBOGchZ+/w5UcXYLN W9hXrLh7HNKD8uAMPZa2hTI+m5iE9gCE3cdq3TcKUKT7ULXY0bKxDJ7PbYpe+U6ychV9 /rgPNmfcWsso4j2SRKD4L25piMjlNTjzKz8zrbSsJ5EQvbUM9pbZrkB5EOhtj+2uXlTl K8hhteVGs49/d1HHJTbjHuVcwsYSnI6gnyEHtzEDMa61akJP64U3A0ay8KR8Yf8pcOnx 7cjQ==
X-Gm-Message-State: APjAAAWRGsLp6qv5lLNrP45F+xR9uif7rHD1YKM6g1qaYudyBVhuky2H fM1jpaMthfK4bBYnHbXIlweyOptqJztygPwjZlY=
X-Google-Smtp-Source: APXvYqwL4WY+2MDD2wVPTlT//OpemR+yqG4NY7H/J9tCtdszsTFKIfcfCrE1XiL0mhP8gHBD85PwwxcIgcbV7RtF3no=
X-Received: by 2002:aca:b142:: with SMTP id a63mr11507oif.119.1570464524838; Mon, 07 Oct 2019 09:08:44 -0700 (PDT)
MIME-Version: 1.0
References: <HE1PR0701MB2267E23FFE8FF91F5DAC6FD58FCF0@HE1PR0701MB2267.eurprd07.prod.outlook.com> <1882.1570451614@dooku.sandelman.ca>
In-Reply-To: <1882.1570451614@dooku.sandelman.ca>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Mon, 07 Oct 2019 12:08:09 -0400
Message-ID: <CAHbuEH6=O7zwyKD3-NAG=128dFtd7BVZ0QKEPTUcCLmJeenEGg@mail.gmail.com>
To: Michael Richardson <mcr@sandelman.ca>
Cc: "Oliver, Ian (Nokia - FI/Espoo)" <ian.oliver@nokia-bell-labs.com>, "rats@ietf.org" <rats@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000022ae7d059454442c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/-iNqIhqIg-VNOSJpegObAuZB6VU>
Subject: Re: [Rats] Supply Chain Attestation (was Re: 3 Use cases)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2019 16:08:48 -0000

On Mon, Oct 7, 2019 at 8:32 AM Michael Richardson <mcr@sandelman.ca> wrote:

>
> {sorry for the time-warp email, responding to you was important to me}
>
> Oliver, Ian (Nokia - FI/Espoo) <ian.oliver@nokia-bell-labs.com> wrote:
>     > Supply Chain Attestation
>
>     > A device is shipped from an OEM via some delivery mechanism and is
>     > received by a customer. The customer requires assurance that the
> device
>     > has not been tampered with. This differs from the usual attestation
>     > scenarios between a device/element and attestation server/verifier in
>     > that this requires knowledge of the partial or full configuration of
>     > the device being shipped and configured before introduction into the
>     > customer's environment.
>
>     > This use case then requires interaction between two attestation
> points
>     > to ensure that the integrity of the device has not changed with
> regards
>     > to a) the device, b) the original [possibly partial] configuration,
> c)
>     > the device manufacturer's measurements and d) the receiver -
> customer's
>     > - measurements..
>
> There are quite a number of entities that are looking for the attestation
> that involves not the device, but the configuration as well.
>
> I think that this fits into 5.1: Device Capabilities/Firmware Attestion.
> I think that the need for sensitivity to configuration is generally
> something
> that the TCG RIV work:
>      The TCG RIV Reference Document addresses the problem of knowing if a
> networking device
>      should be part of a network, if it belongs to the operator, and if it
> is RUNNING
>      APPROPRIATE SOFTWARE.
>
> Guy has posted their document as
> draft-fedorkow-rats-network-device-attestation, which
> makes it much more accessible if you aren't a TCG member (I'm not).
>
> You allude (but are perhaps not explicit enough) in your second paragraph
> that there is some interaction between different attesters to generate the
> required set of claims needed.  Do you imagine that this is done via
> multiple
> signatures on a claim set, or some kind of nested claim structure, or
> perhaps
> use of passport claim for one part, followed by a background-check style
> process for the second. (Dave Thaler's slides included that option too)
>

I would guess a nested claim structure so that you could 'wrap'  a claim
set and signature of code that is relied upon.  Having a standard format
and evaluation method (TEEP) for this use case is then very important
across vendors int he supply chain.  Your other suggestion could work as
well, but the consistent ablity to validate will be very important.  I'd
like to follow the discussion and thoughts of others.

Best regards,
Kathleen

> --
> ]               Never tell me the odds!                 | ipv6 mesh
> networks [
> ]   Michael Richardson, Sandelman Software Works        | network
> architect  [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on
> rails    [
>
>
>
>
>
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats
>


-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email