Re: [Rats] watchdog use case ... RE: Use cases in draft-ietf-rats-architecture-04
Michael Richardson <mcr+ietf@sandelman.ca> Tue, 16 June 2020 20:19 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 926EB3A0925 for <rats@ietfa.amsl.com>; Tue, 16 Jun 2020 13:19:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H_DtI2erjJMs for <rats@ietfa.amsl.com>; Tue, 16 Jun 2020 13:19:42 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D0393A0921 for <rats@ietf.org>; Tue, 16 Jun 2020 13:19:42 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 8D91F38A40; Tue, 16 Jun 2020 16:17:06 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id KQ7rAyXltJ1o; Tue, 16 Jun 2020 16:17:06 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id E858838A20; Tue, 16 Jun 2020 16:17:05 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 518B5AB9; Tue, 16 Jun 2020 16:19:40 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
cc: "Oliver, Ian (Nokia - FI/Espoo)" <ian.oliver@nokia-bell-labs.com>, "rats@ietf.org" <rats@ietf.org>
In-Reply-To: <AM0PR08MB3716A2C59320D3FB8D403FADFA9D0@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <AM0PR08MB3716A2C59320D3FB8D403FADFA9D0@AM0PR08MB3716.eurprd08.prod.outlook.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Tue, 16 Jun 2020 16:19:40 -0400
Message-ID: <12088.1592338780@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/87ClnXDl3xJ0ZYEuU2ig0rBTxC8>
Subject: Re: [Rats] watchdog use case ... RE: Use cases in draft-ietf-rats-architecture-04
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jun 2020 20:19:46 -0000
Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote: > Could the authors of the use case explain the watchdog use case a bit > more? Sure. Dave's reference to the TCG "Authenticated Countdown Timer" is rather detailed, but perhaps misses the forest for the trees. Perhaps I can be a bit more concise. Ian, please let us know if this describes your situation as well. > I do not understand how this is supposed to work. How is the device > allowed to reboot when it sends attestation information to a remote > server? There are usual three parties: Attester, Verifier, Relying Party. The Attester (secure enclave/TPM/etc.) collects Evidence as to health and sends this to a remote Verifier. The Verify creates an Attestation Result as normal. But, in the case, the Relying Party is the Watch Dog timer in the TPM/secure enclave itself. So the Attestation Results are returned to the PC, and provided to the enclave. If the watch dog does not receive regular, and fresh, Attestation Results as to the systems' health, then it forces a reboot. > If malware prevents the device from rebooting, as the text indicates, > why doesn't that malware also prevent the interaction with the > attestation server (for example, pretending that network connectivity > is down)? The arrangement is that of a deadman's switch: if the malware were to prevent the communication, then the watch dog would go off. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Rats] watchdog use case ... RE: Use cases in dra… Hannes Tschofenig
- Re: [Rats] watchdog use case ... RE: Use cases in… Dave Thaler
- Re: [Rats] watchdog use case ... RE: Use cases in… Michael Richardson
- Re: [Rats] watchdog use case ... RE: Use cases in… Hannes Tschofenig
- Re: [Rats] watchdog use case ... RE: Use cases in… Henk Birkholz
- Re: [Rats] watchdog use case ... RE: Use cases in… Hannes Tschofenig
- Re: [Rats] watchdog use case ... RE: Use cases in… Ira McDonald
- Re: [Rats] watchdog use case ... RE: Use cases in… Henk Birkholz