IETF Logo Mail Archive

Re: [Rats] Composite Evidence

Dave Thaler <dthaler@microsoft.com> Thu, 23 January 2020 02:04 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B75E312004E for <rats@ietfa.amsl.com>; Wed, 22 Jan 2020 18:04:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ldQNZgtDe2w6 for <rats@ietfa.amsl.com>; Wed, 22 Jan 2020 18:04:43 -0800 (PST)
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-eopbgr770097.outbound.protection.outlook.com [40.107.77.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75527120018 for <rats@ietf.org>; Wed, 22 Jan 2020 18:04:43 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ktKPVWkss771kuq3zP/SK9IujW3Dop3AKhOFkLFtsbpQr2Sh4fK7mhBFrZiN5vPwFoJJos+w1nNbhcQkVtbapTVBOv14UFve8iSDzWYCONyjAU8VnD++WMAZ8HbhzYaZ/DuThXq5Yy99aPs5UfLxmuHTZEKU6TAclsSx1UruOHavP/qo9bcHU5+mKc0BQvC+ogtorESStlxU2qj5CQb2bm+XuPNmyMpl7JXkxQHffeCjaPdhH828NGvzohn5QRcuFuLZ8QKdxP1Exho1g8qpwWZWThSd7Yks06QyhBhyFvsIAKc/CmKV8AvqcGW+lfymkdpgQSsqJ9ZZIth/PTyl4g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0ER7FRgGqzI7eV24mGVqcNXw4CJDdriNbBaMH/lsqZU=; b=NcunGU/t2SOtR2ZbP73SMhMgj6TFgRRdLoBd0yqesJViCGtIOJIqWgf8csYVKTbRadFXSqD0AfqISH+NkRsabDE1oFLZ6vKa0p/1xoHtD9xcxy1eHfWV9yT9s4YGe1cngnEvMJwM3aJ40N+7NcpWftwD+X+7iPrdVugsiS4/1JdVE5aPAki9uKU+SziYmBBS2JNKQaNs+TdchWI6NQQYTueCPdyvSeh2Ik3AWRhyJply3VFFa6JHh7PJyaWpP17xrMmnTLWZtASBfaRgUuYcJrEbdasA6LgQf/w2/7qjRNdIo1SG4GHm2KN8X96o5btzfIaKIpEhL1Fa1AibB4L9Zg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0ER7FRgGqzI7eV24mGVqcNXw4CJDdriNbBaMH/lsqZU=; b=GXhWfEd5oiURkdqeC5KAfACyfL/pptOuKpZR6H/ZA/r9QawTpKnWvydku/ZBcxN0MYvIRPOxGVyF/abNKLG5QHp5Y/+cwbw5UxK+kJyZaiAicLHTlfd+uzsnSkJgidzfi69/mbKoAZ8WRgIckuBBylVbHMdZXFUulNNszZTvw+s=
Received: from BL0PR2101MB1027.namprd21.prod.outlook.com (52.132.20.161) by BL0PR2101MB1107.namprd21.prod.outlook.com (52.132.24.30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2686.9; Thu, 23 Jan 2020 02:04:41 +0000
Received: from BL0PR2101MB1027.namprd21.prod.outlook.com ([fe80::7937:5b1f:e529:6e1e]) by BL0PR2101MB1027.namprd21.prod.outlook.com ([fe80::7937:5b1f:e529:6e1e%4]) with mapi id 15.20.2686.004; Thu, 23 Jan 2020 02:04:41 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Ned Smith <ned.smith@intel.com>, "Eric Voit (evoit)" <evoit@cisco.com>, "Birkholz, Henk" <henk.birkholz@sit.fraunhofer.de>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: Composite Evidence
Thread-Index: AdXRgB49sEcLGXWTRbyFhaWoEjRAwwAD+4eAAABTccA=
Date: Thu, 23 Jan 2020 02:04:41 +0000
Message-ID: <BL0PR2101MB10278EBC8D834CD28B6BFF4BA30F0@BL0PR2101MB1027.namprd21.prod.outlook.com>
References: <BYAPR11MB2536867559E1A20682A1FC2BA10F0@BYAPR11MB2536.namprd11.prod.outlook.com> <582E844D-48C1-44CA-A94E-3FD4F1F9EDF3@intel.com>
In-Reply-To: <582E844D-48C1-44CA-A94E-3FD4F1F9EDF3@intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=dthaler@ntdev.microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-01-23T02:04:41.5804837Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=f78ab453-bbe8-4b62-9d54-dd2752ed39ae; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic
authentication-results: spf=none (sender IP is ) smtp.mailfrom=dthaler@microsoft.com;
x-originating-ip: [2001:4898:80e8:a:40e9:820e:59d9:7cd7]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 15af98af-aa0a-4f23-0505-08d79fa89c12
x-ms-traffictypediagnostic: BL0PR2101MB1107:|BL0PR2101MB1107:
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-microsoft-antispam-prvs: <BL0PR2101MB1107602992AADD6F89C784F0A30F0@BL0PR2101MB1107.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 029174C036
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(136003)(346002)(376002)(39860400002)(396003)(366004)(189003)(199004)(33656002)(81166006)(76116006)(81156014)(55016002)(4326008)(66946007)(8936002)(9686003)(66476007)(316002)(7116003)(110136005)(86362001)(3480700007)(71200400001)(478600001)(66556008)(8990500004)(64756008)(52536014)(7696005)(2906002)(186003)(53546011)(66446008)(5660300002)(10290500003)(8676002)(6506007); DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR2101MB1107; H:BL0PR2101MB1027.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: kqqe1OZ1O1eO6z9Q6d0+3jwsSGXiRCmHtSsmUzRDgvqYH6DvWcwAB560jsqduJZE9HX0VqZxZ4joviDJ9DcJu1DDIhubWBArIJHZ/lsr+ryDuuMkwseemvusLJZ4BriSYJphEJq4MKTIiZiVDUyt5oy053IOGErEqc9NGL5l3wNTMzcP5KPNvG6lTExP93LwXMTaIe4vOW4ASv0+e4AW1pnnm0rlMhOqf8h+gV3ty9fqbon4kSJtdnnjyVYEDgVVrUM90rvo+bxpoEoNlJEb00CPz4DOZjnd5fTbcfWoz+xjyN46Kni7jHUY1FJOa/8wcE8itq5K84BWDVmfyYL3CnPm4u2OveXiz4i3dVEtrEJnwhvyOZyECb4BYgNa1Ind+qNEQBxce/eNhITKYVqNLkHLsmsv+HDIwQ/L9ySEuoKdEZXegIi4pwu8Wy1nQusm
x-ms-exchange-antispam-messagedata: ANmSRMvyifZTTGYYKtzOJnLpo4jTvl1Mh7JH9i1L89rP1vGLrEKG7BVQH+pI8RzR4m3qhVpaTFqhY9d4IX+Tf5hB5TnE3DTRNA4Z0zPoSovRkHqQjYYS7jR54WRT/DMDJlVOkjcRhGzpSXqereagoy1+Dfb/eM7CwaCgAkmPjISdg2bT3KaWVGaX2dynuAObeG5NAOljvCSrpBH/cuGhmg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BL0PR2101MB10278EBC8D834CD28B6BFF4BA30F0BL0PR2101MB1027_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 15af98af-aa0a-4f23-0505-08d79fa89c12
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jan 2020 02:04:41.6194 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: w0hp3tvh5bsYf2rl2o5DIPXW8+bNrEBGB305/oJCsjMt8ZUijE1WL/SWiX9FX7iiFQzpilJuUqeHJs5PdaZs1vNrbVu30EW9YGgeSdx8NDw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR2101MB1107
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/K6ElQ4kmZK7W2U9vnTEVLOFQImQ>
Subject: Re: [Rats] Composite Evidence
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2020 02:04:47 -0000

Agree with Ned that we should keep composite devices separate from time series snapshots of the same component in terms of concepts.

From: Smith, Ned <ned.smith@intel.com>
Sent: Wednesday, January 22, 2020 5:54 PM
To: Eric Voit (evoit) <evoit@cisco.com>; Birkholz, Henk <henk.birkholz@sit.fraunhofer.de>; Michael Richardson <mcr+ietf@sandelman.ca>; Dave Thaler <dthaler@microsoft.com>
Cc: rats@ietf.org
Subject: Re: Composite Evidence

Eric,
I think there are two types of “composite” things that could be considered (i) decompositions of hardware and software such as a motherboard and the sub-components that could be plugged into it and (ii) time series snapshots of the same component.

You seem to be asserting (ii) where a time series snapshot of the same thing could be considered “composite evidence”.

I think both cases are valid, but maybe it makes sense to use different terms for each as they seem to have distinct properties. (e.g. evidence having multiple entries of a component with the same name  under (i) implies multiple instances of the same type of device – such as two NIC cards. Whereas under (ii) multiple entries implies there is one instance of the NIC sampled over a time interval.

-Ned

From: "Eric Voit (evoit)" <evoit@cisco.com<mailto:evoit@cisco.com>>
Date: Wednesday, January 22, 2020 at 4:04 PM
To: Henk Berkholz <henk.birkholz@sit.fraunhofer.de<mailto:henk.birkholz@sit.fraunhofer.de>>, Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr+ietf@sandelman.ca>>, Dave Thaler <dthaler@microsoft.com<mailto:dthaler@microsoft.com>>, "Smith, Ned" <ned.smith@intel.com<mailto:ned.smith@intel.com>>
Cc: "rats@ietf.org<mailto:rats@ietf.org>" <rats@ietf.org<mailto:rats@ietf.org>>
Subject: Composite Evidence

Henk,         Dave,
Michael,    Ned,

I promised you a definition for Composite Evidence.  You can see my proposed definition directly the text below, but I am not willing yet to place it in a Pull Request. I thought an email thread might be helpful first.

Anyway my strawman definition for Composite Evidence is:  Evidence which includes multiple sub-elements of evidence, more than one of which can be computationally verified to have been generated by a specific Attester Subcomponent or Verifier.

I built this definition considering the passport model, which looks like it will often needs to use composite evidence.  As an example of why I believe this, see the use case below.

    .--------------.
    |  Verifier A  |
    '--------------'
        ^     [2]
        |     Verifier A signed Attestation Results @time(x) (
    evidence(  |  determination, hash(TpmQuote@time(x)))
    TpmQuote   |
    @time(x))  |
       [1]     V
     .-------------.                           .---------------.
     |  Attester   |<------nonce @time(y)---[3]|  Verifier B   |
     |    .-----.  |                           |       /       |
     |    | Tpm |  |[4]-composite evidence ( ->| Relying Party |
     |    '-----'  |      TpmQuote@time(y),    '---------------'
     '-------------'      TpmQuote@time(x),
                          Verifier A signed Attestation Results @time(x) )


In the example above, evidence at time x is generated and signed within a TPM.  This would *not* be composite evidence.   This evidence would be evaluated by Verifier A, signed, and returned as Attestation Results to the Attester.   A subsequent request from a Relying Party at time y could pull three independently signed elements of evidence from the Attester.  These three would comprise the composite evidence which when taken together would allow Verifier B / Relying Party to evaluate the current trustworthiness of the Attester.

Does this definition meet your needs?

Thanks,
Eric

v2.23.0 | Report a Bug | By Email