IETF Logo Mail Archive

Re: [Rats] Android comments on EAT draft

Shawn Willden <swillden@google.com> Sat, 06 July 2019 19:34 UTC

Return-Path: <swillden@google.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C65B31200C5 for <rats@ietfa.amsl.com>; Sat, 6 Jul 2019 12:34:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.499
X-Spam-Level:
X-Spam-Status: No, score=-17.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4o0YNTpJooRO for <rats@ietfa.amsl.com>; Sat, 6 Jul 2019 12:34:10 -0700 (PDT)
Received: from mail-yb1-xb32.google.com (mail-yb1-xb32.google.com [IPv6:2607:f8b0:4864:20::b32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51ACF12008B for <rats@ietfa.amsl.com>; Sat, 6 Jul 2019 12:34:10 -0700 (PDT)
Received: by mail-yb1-xb32.google.com with SMTP id i14so3285521ybp.7 for <rats@ietfa.amsl.com>; Sat, 06 Jul 2019 12:34:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hPUo9zgKjTK2JaIU5wfzHaJwZvXIiv0Z61sKkaXtgA0=; b=W1F/vT0p0QfM97r4jUe0ymwkZwZm1n5ggDN3jiJvLTzPJjMqPkAILKmOEvtK0Zm02q +N8XQcs0UWHmV1w3p7gwpikdiNl9q1gRigow5oQnEVxcCle1rPpCjS3SGoBPfwuefVcL iVD/JHhzf3s6c9dRGGX2dY8k+t2mjWQAI5j/vHW8Jf1yVPAO6bxhNGTumI7BDGg6YNEL 9DCCOfrutjXCZrYFUmjNE28A4syVOdw198ZugdXjhoge3aCQFcdSdDiNJXqQlca53Xgm tkzPRUW16H4IotPRk3RZgc7148b3yPwyrAK5Jz6XvHHii6rjKjtwAUh0+2n61HrOmLi5 Bwiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hPUo9zgKjTK2JaIU5wfzHaJwZvXIiv0Z61sKkaXtgA0=; b=YsW1ftlhNweU5Dml5eTVUfV6EaQCZousHdt7n2sK/Oug/ejJw18C7n3l9ZqrcHY5BG 42KLXMTVeLdMAuflTrb31Y9DOtIbkZLbc2T6PmwjJrmCDUtD6TIcZWm68EWQW1rX1PEC 2DBCpbn2lR0vZo46+icHyVILd5fJKHy+52ojljB8ltRv8OMfr77R3q5dZXNqlGK5xLAO Te1uGY/SD0bl/g7PGPftwPuZAEvAlZgGNHtw67+25vfBnLlRA0BgPMaMHvWgqaKPNvuT NS21tgIxDbxV4yIkEmNABjJKK7+BckCO1+MmZwI0TB3sYReyjgZ93xiw9t82lR7rKA+u 7IFQ==
X-Gm-Message-State: APjAAAUOzhyNkdL6dYZt7jrao2CQ86tzOWbOyOinN9sLxcLe6blhVzTq 8MIvVXSpqi8Pme59ITNQvwUMolkZm9krBzLUtILX/6+6TtE=
X-Google-Smtp-Source: APXvYqx9zOPI9qGJ4y9S9dgIrjPyuqlqr5GE1HPy+3Hnh5t4dJYLggLIaCYI1+vpTp9TLtKl9iIoXYs2U5laITMqLmA=
X-Received: by 2002:a25:bc82:: with SMTP id e2mr5590431ybk.12.1562441649010; Sat, 06 Jul 2019 12:34:09 -0700 (PDT)
MIME-Version: 1.0
References: <CAFyqnhVJ-ps4bdhsyQDOHdzHVZsXeK7_kCDXxUVUcuyDzWS3uA@mail.gmail.com> <29657.1562351277@localhost> <CAFyqnhU3KQN_Ww9km8yu7RsdJ1=6ut-bzLmFXtk00H-Zn1ykuQ@mail.gmail.com> <d572ce18b5ea40f18e8ff460dbab1e8b@NASANEXM01C.na.qualcomm.com>
In-Reply-To: <d572ce18b5ea40f18e8ff460dbab1e8b@NASANEXM01C.na.qualcomm.com>
From: Shawn Willden <swillden@google.com>
Date: Sat, 06 Jul 2019 13:33:57 -0600
Message-ID: <CAFyqnhWQhw-JpDxdQLyXhf1wAJX_BUzOftouxBZjGk35q=Vnag@mail.gmail.com>
To: Giridhar Mandyam <mandyam@qti.qualcomm.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietfa.amsl.com" <rats@ietfa.amsl.com>
Content-Type: multipart/alternative; boundary="000000000000790e62058d084b85"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/6DyJWVzLmyPxvtYNEBITcdQci-4>
Subject: Re: [Rats] Android comments on EAT draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Jul 2019 19:34:14 -0000

On Sat, Jul 6, 2019 at 8:05 AM Giridhar Mandyam <mandyam@qti.qualcomm.com>
wrote:

> >>Can you say more about location?
> Are you saying that Android would never provide a relying party (say, an
> open-protocol implementation of Pokemon GO) with where a device is?
>
>
>
> >I strongly doubt that we will ever provide that.  I understand the
> benefits, but the privacy team feels like the risks are too great, that
> it's important that it always be possible to spoof privacy-critical data
> elements like location.
>
>
>
> Can you expand on why “it’s important that it always be possible to spoof
> privacy-critical data elements like location”?
>

I'm not a member of the privacy team, so I don't know all of the
rationale/considerations, but I know one element of it is to protect
dissidents living under oppressive regimes.  There's a desire to make it
possible for them to prevent their devices from giving away any information
they don't want revealed, via rooting and modification of the Android OS.
Since they can't modify TEE/SE functionality, it's on us to limit the
feature set of the TEE/SE code so it doesn't reveal private information, to
the degree we can.

This is why the existing Android attestation uses batch attestation keys,
to avoid making the attestation key a strong unique identifier, and why the
ID attestation features are tightly restricted and include a low-level API
to wipe the IDs and thereby disable ID attestation.  I'm assuming that
similar logic would preclude location attestation, though the question
hasn't actually come up.


> If we compare to the FIDO 2 location extension (
> https://www.w3.org/TR/webauthn/#sctn-location-extension), which can be
> included as part of the FIDO 2 attestation, the location data inclusion in
> the attestation is managed by the browser permissions framework that
> already exists for location (
> https://www.w3.org/TR/webauthn/#browser-permissions-framework-extensions
> ).
>
>
>
> It seems that the Android permissions framework could be similarly
> leveraged for an EAT-based location claim.
>

It could, yes, but I don't think Android will enable that.


>
> -Giri Mandyam, Qualcomm
>
>
>
> *From:* RATS <rats-bounces@ietf.org> *On Behalf Of * Shawn Willden
> *Sent:* Saturday, July 6, 2019 7:25 PM
> *To:* Michael Richardson <mcr+ietf@sandelman.ca>
> *Cc:* rats@ietfa.amsl.com
> *Subject:* Re: [Rats] Android comments on EAT draft
>
>
>
> *CAUTION*: This email originated from outside of the organization.
>
>
>
>
>
> On Fri, Jul 5, 2019 at 12:28 PM Michael Richardson <mcr+ietf@sandelman.ca>
> wrote:
>
>
> Shawn Willden <swillden=40google.com@dmarc.ietf.org> wrote:
>     > Specifically, EAT is about attesting to a *device* while Keystore
>     > Attestation is about attesting to a *key* -- though we also attest to
>     > quite
>
> I have include a section in the use case document called "Cryptographic key
> Attestion"
>
>
>
> Great!
>
>
>
>     > Another, more tractable, area of difference is that EAT provides
> Claims
>     > for
>     > several data items which Android will likely never allow to be
> attested
>     > because of their privacy implications and potential for ecosystem
>     > fragmentation (apps choosing which devices they'll run on -- we
> generally
>     > try to deny them the information they'd like to have to make those
>     > choices).  These are:
>
>     > - UEID
>     > - Origination
>     > - Location
>
> Can you say more about location?
> Are you saying that Android would never provide a relying party (say, an
> open-protocol implementation of Pokemon GO) with where a device is?
>
>
>
> I strongly doubt that we will ever provide that.  I understand the
> benefits, but the privacy team feels like the risks are too great, that
> it's important that it always be possible to spoof privacy-critical data
> elements like location.
>
>
>
>     > Some other claims that we have, and think are important, are OS
> version
>     > and
>     > patch-level (represented as a date, YYYYMMDD); secure boot
> verification
>     > key
>     > digest; secure boot digest (hash of all verified code); application
> ID (a
>     > digest of the requesting app signing key); and secure app version
> (hmm,
>     > don't have a patchlevel, but we should!  I'll see about adding that
> for
>     > R).
>
> These are all intended to be covered under "network attestation", but
> now I wonder if that term is mis-leading.
>
>
>
> Hmm.  Yes, you're attesting to the device state, not anything about a
> network.  I guess "network attestation" is because you're expecting the
> relying party to be the network?
>
>
>
>
> --
>
> Shawn Willden | Staff Software Engineer | swillden@google.com |
>  720-924-6645
>


-- 
Shawn Willden | Staff Software Engineer | swillden@google.com | 720-924-6645

v2.23.0 | Report a Bug | By Email