IETF Logo Mail Archive

Re: [Rats] Android attestations: Re: draft-richardson-rats-usecases-00 comments

Shawn Willden <swillden@google.com> Thu, 20 June 2019 13:17 UTC

Return-Path: <swillden@google.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0865120113 for <rats@ietfa.amsl.com>; Thu, 20 Jun 2019 06:17:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.509
X-Spam-Level:
X-Spam-Status: No, score=-17.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4mA-xFLcVygO for <rats@ietfa.amsl.com>; Thu, 20 Jun 2019 06:17:01 -0700 (PDT)
Received: from mail-yb1-xb35.google.com (mail-yb1-xb35.google.com [IPv6:2607:f8b0:4864:20::b35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C21F212015C for <rats@ietf.org>; Thu, 20 Jun 2019 06:17:01 -0700 (PDT)
Received: by mail-yb1-xb35.google.com with SMTP id i14so1213878ybp.7 for <rats@ietf.org>; Thu, 20 Jun 2019 06:17:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=05TCb3yzqiRz0SieMyfovvcSQiJrnLK8TbRw2dXQfu8=; b=iMvrSd8PRGfL2HntiXmaR6hbRqEgzkmXi/UixXY2L94XnkejnCtlf54yapXXqxXgD4 LxCtYQqxz0jGFpLfD9MwxHxotxXA8JSt/cqdGNH72AtYoJ268sEBycf8ZsU5HnB4BJLm shST4VXDVih0xoAg6/YeF2wSdI+yFzIZJnfDTV8RU/sokqszlk2y/rcmiCObwT8KU1ZE EywUXT857Z3pCYPCBubcIT0LuEo0zuARRbtGTX294qToNBzq0LZ5uLzqoTfNdYw5HG4r BkRUAUr2u18TQtSxZSJfKPMLyqXX10F44LZNMBNB0DuF3+7ejbzDiwwf+XC8v9qHIhZs JK4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=05TCb3yzqiRz0SieMyfovvcSQiJrnLK8TbRw2dXQfu8=; b=RXAcEQX26FMQNgMsNyYn6sEaM/S3y1wrsoOb1umb3je5+nx61ePdDAh8lCKO4Y92ao ImJ5ROFJuZb+6D2pOiuFPPyDpbirJsneqEZCK4GwJv4yMQVcxq3dDRvjXS7B4/QHgdvH b5rgAzjgV5kDUQ4S1H5mpY2lTfNb+lmnLv26MW1Sv0llPkoTAJXIqWAEpsy2QfX/IGpy l2xBHc0vphZ9rmDtqTUVP4LU37VU/t/i14O7Pdcuni8fnBl0+6rlaH2PpBfidkjV9hLn J4tC22N7qGqvcxsxi1VMi8yYVR7PqJmJUTBIBIKScQ3xcrI4IlWtS+0azc/gf170w60p 0RBw==
X-Gm-Message-State: APjAAAVNgO5n53dZ4Oc01awAEmcTAmtu+HrOyx3H1X16jsliZPtpVaDw +QlxSkEvbvGqoSH9CzFXmmx3+p4K1bXwvJJMwXwnYw==
X-Google-Smtp-Source: APXvYqx9RvWCX+QjVvRLQmfZaF0DdRLYxt2VBQTKFzcGkraLZvbZkTJrAqOLIRUOYFlDwOdtNM07Ng/NP2G9ByGktX0=
X-Received: by 2002:a5b:44:: with SMTP id e4mr67881094ybp.257.1561036620465; Thu, 20 Jun 2019 06:17:00 -0700 (PDT)
MIME-Version: 1.0
References: <MW2PR00MB03963ABEB87211AD28A16240A6490@MW2PR00MB0396.namprd00.prod.outlook.com> <12503.1552447661@localhost> <219648D6-188A-429D-A13F-ED6155DE9016@island-resort.com> <14288.1553710783@dooku.sandelman.ca> <4EB6FF13-2DAF-4BDC-AC90-C46720D61AF0@arm.com> <bf003513-209a-7d5f-a9a5-58ade6c23545@gmail.com> <21417.1560911502@dooku.sandelman.ca> <fbc05f84-232b-7ca6-47c1-9b23d73e47ca@gmail.com>
In-Reply-To: <fbc05f84-232b-7ca6-47c1-9b23d73e47ca@gmail.com>
From: Shawn Willden <swillden@google.com>
Date: Thu, 20 Jun 2019 15:16:48 +0200
Message-ID: <CAFyqnhUkVaYMtjpB9wa4h6hEwd=h3hXHkCr9w8bd8LSXEo0ckA@mail.gmail.com>
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>, Anthony Nadalin <tonynad=40microsoft.com@dmarc.ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>, Laurence Lundblade <lgl@island-resort.com>
Content-Type: multipart/alternative; boundary="0000000000003f2ac4058bc12991"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/ECd99ZpSIqN2mFGcVthojgEx3Co>
Subject: Re: [Rats] Android attestations: Re: draft-richardson-rats-usecases-00 comments
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jun 2019 13:17:11 -0000

On Wed, Jun 19, 2019 at 8:03 AM Anders Rundgren <
anders.rundgren.net@gmail.com> wrote:

> On 2019-06-19 04:31, Michael Richardson wrote:
> >
> > Anders Rundgren <anders.rundgren.net@gmail.com> wrote:
> >      > Here you have another link:
> >      >
> https://developer.android.com/training/articles/security-key-attestation
> >
> >      > As an application developer I find this scheme and the associated
> >      > "AndroidKeyStore" quite impractical.  The recent addition of
> >      > "StrongBox" makes it worse.
> >
> > Interesting. What is it that you find that you can not do?
>
> A mechanism that only attests keys cannot (securely) be used for
> provisioning anything but keys.
>

What else do you wish to provision? Anything other than TAs (addressed
below)?  And how does the addition of StrongBox make keystore worse?


> >      > With a two-level TEE/SE session-key based scheme you only need to
> >      > attest the session permitting you to perform any number of secure
> >      > operations and close the session with a "commit" which in turn
> responds
> >      > with a (session signed) message to the SP that everything went
> right.
> >
> > Or is this what you wish you had?
>
> In the absence of installable TA support, I have implemented this in
> Android as a SW emulator [1]. It is a part of the Saturn [3] payment
> authorization system I'm working on.
>

The Android platform security team considers this an anti-goal.  We're very
concerned that the scope of functionality being installed in TEEs is
exploding to a degree that the TEEs are becoming less trustworthy, not more
(and they haven't been particularly good).  Not only do we not want to
enable field-installation of TAs, we'd like to constrain factory/OTA
installation to smaller sets (some devices ship with upwards of 40 TAs
today), though our ability to do that is very limited.

There's a tension here between enabling more use cases and maintaining /
increasing the security of existing use cases. We recognize that GP and
many others disagree with us on how to balance the issues, and that perhaps
we're wrong, but we have to respond to the Android ecosystem as we see it.


> As I have tried to describe [2], this concept also relieves you from (IMO)
> unwanted/unnecessary dependencies on provisioning protocol formats.


> Anders
> 1]
> https://github.com/cyberphone/webpkisuite-4-android/blob/master/app/src/main/java/org/webpki/mobile/android/sks/AndroidSKSImplementation.java
> 2] https://github.com/ietf-teep/architecture/issues/52
> 3] https://cyberphone.github.io/doc/two-visions-4-mobile-payments.pdf


-- 
Shawn Willden | Staff Software Engineer | swillden@google.com | 720-924-6645

v2.23.0 | Report a Bug | By Email