IETF Logo Mail Archive

Re: [Rats] FIDO TPM attestation

Laurence Lundblade <lgl@island-resort.com> Thu, 14 November 2019 15:51 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B291A120113 for <rats@ietfa.amsl.com>; Thu, 14 Nov 2019 07:51:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TwXXXytvPZqm for <rats@ietfa.amsl.com>; Thu, 14 Nov 2019 07:51:09 -0800 (PST)
Received: from p3plsmtpa06-10.prod.phx3.secureserver.net (p3plsmtpa06-10.prod.phx3.secureserver.net [173.201.192.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A57FB1200BA for <rats@ietf.org>; Thu, 14 Nov 2019 07:51:09 -0800 (PST)
Received: from [10.141.0.58] ([45.56.150.139]) by :SMTPAUTH: with ESMTPA id VHOmiGKNcww7JVHOminPND; Thu, 14 Nov 2019 08:51:09 -0700
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <CEB0F75D-E703-41B9-8EEE-C95E848FBC8C@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_56A87F96-1E59-4751-B2AF-AF11775BA164"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 14 Nov 2019 07:51:08 -0800
In-Reply-To: <9F48E1A823B03B4790B7E6E69430724D0163BD29CD@EXCH2010B.sit.fraunhofer.de>
Cc: "rats@ietf.org" <rats@ietf.org>
To: "Fuchs, Andreas" <andreas.fuchs@sit.fraunhofer.de>
References: <62DD1AD3-6F1A-4B2B-8236-10ECCE254443@island-resort.com> <9F48E1A823B03B4790B7E6E69430724D0163BD29CD@EXCH2010B.sit.fraunhofer.de>
X-Mailer: Apple Mail (2.3445.104.11)
X-CMAE-Envelope: MS4wfIpRGz7ufhaAmzr/cZKYgTmw6HRjKKzsFHDq2Q0L9HH5LoFy74f4MRWd/hsb3cPGFjrSX/qthPt4GvlDn9aUBceMcXhBZOReeweeoAf7uWzk+aR1iRjI cF//j9zYNrUattLyj90Ecxk8iMsO17XElsnSWUye++jcxx9/Dl2nnbQly2wtxayu8EO0vlkuPJgUfne70FOTL7RNjmqsuxWa/M4=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/6FBLwiw1xDXmJGkkMsmo2EudXNE>
Subject: Re: [Rats] FIDO TPM attestation
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Nov 2019 15:51:12 -0000

> On Nov 14, 2019, at 1:46 AM, Fuchs, Andreas <andreas.fuchs@sit.fraunhofer.de> wrote:
> 
> The FIDO code running inside a TEE is not standardized (to the level of TPM) and most certainly not CC-evaluated.


That’s not true.

The FIDO L3 and L3+ Certification program <https://fidoalliance.org/certification/authenticator-certification-levels/authenticator-level-3/> is CC (Common Criteria) based (AVA_VAN.3 and AVA_VAN.4).  

Many FIDO authenticators run on secure elements which provides roughly equivalent security to a TPM, however since the full authenticator protocol runs on the turing-complete secure element the full FIDO protocol is secured, not just the key storage. Here’s one <https://www.yubico.com/products/yubikey-hardware/yubikey%20neo/>.

Global Platform offers a CC-based certification program for TEE’s <https://www.commoncriteriaportal.org/files/ppfiles/anssi-profil_PP-2014_01.pdf>. FIDO is working on a certification program that will make use of that.

BSI has published a CC-based protection profile for FIDO <https://www.commoncriteriaportal.org/files/ppfiles/pp0096a_pdf.pdf>.

Android Keystore’s now supports StrongBox <https://proandroiddev.com/android-keystore-what-is-the-difference-between-strongbox-and-hardware-backed-keys-4c276ea78fd0>, which puts the keys in a secure element.

Qualcomm’s Snapdragon mobile phone chip has a secure-element like subsystem <https://www.qualcomm.com/news/releases/2019/06/25/qualcomm-snapdragon-855-becomes-first-mobile-soc-receive-smart-card> (not the TEE) that is CC-certified.

TEE and TEE-like offerings are stronger than they used to be, particular by supporting memory encryption.

Turing complete security products come in a range of security levels all the way up the security level offered by a TPM. EAT implementations can be just as secure and certified as TPM attestation.

LL

v2.23.0 | Report a Bug | By Email