Re: [Rats] Android comments on EAT draft

[Thomas Fossati <Thomas.Fossati@arm.com>]

Jeremy: thanks for taking the time to elaborate, very much appreciated.

On 17/05/2019, 12:21, "RATS on behalf of Jeremy O'Donoghue" <rats-bounces@ietf.org on behalf of jodonogh@qti.qualcomm.com> wrote:

    Hi Thomas,


    Please see inline


    On 17 May 2019, at 10:08, Thomas Fossati <Thomas.Fossati@arm.com> wrote:

    Hi Jeremy,

    Thanks for the insights into GlobalPlatform.

    I have a few questions inline.

    On 17/05/2019, 08:53, Jeremy O'Donoghue wrote:

    This specific point is one for which GlobalPlatform has a solution in
    our TEE/SE related claim definitions. It is possible that this
    solution may be more general, although it had not previously occurred
    to me that this could be the case.

    [...]

    The Digital Letter of Approval is a published specification, available
    for free (of charge) download behind a click-through license at
    https://globalplatform.org/specs-library/?filter-committee=tps.  I am
    aware that some RATS participants may be unable/unwilling to access
    this document, so I paste the outline DLOA format information below:

    The Digital Letter of Approval (DLOA) is an XML file containing the
    minimum fields required to:

    * Identify the platform – the combination of the application and the
     platform – this DLOA corresponds to



    It is not completely clear to me what is meant by platform in this
    context?  Is it the TEE/SE only or is it the whole device or something
    else?






    Today the "platform" is a unique identifier, normally chosen by the manufacturer, that identifies the hardware and any software relevant to the Target of Evaluation described in a Security Target document - in GlobalPlatform terms this is the TEE or SE,
     but it is really dependent on the chosen Protection Profile.


    There is nothing inherently preventing this from being an entire device although there are, to my knowledge, few certifications that operate at the device level. I do expect this to change.



    Also when you mention the "platform identifier" a few paragraphs below,
    what kind of identifier is this?  And who has authority to mint these
    IDs?


    * Identify the Authority that issued the corresponding Letter of
     Approval








    * Provide the expiration date of the corresponding Letter of
     Approval

    * Identify the Letter of Approval from which this DLOA has been
     generated (i.e. include the identifier of the Letter of Approval
     issued by the Authority)

    * Ensure authenticity and integrity of the DLOA thanks to a digital
     signature computed by the Authority

    * Provide additional information such as the date of issuance of the
     corresponding Letter of Approval or a URL where the original Letter of
     Approval can be retrieved








    All of these would be issued by a Conformance Assessment Body (CAB).


    In most cases the CAB approves test laboratories to perform the testing on behalf of a device manufacturer and submit reports to the CAB for assessment. Labs may choose to participate in multiple schemes, both commercial and/or government run.


    In general, we can consider several types of Conformance Assessment Body.



    * Commercial CAB schemes such as GlobalPlatform, EMVCo, FIDO, China UnionPay
    * Government-run / Supra-national schemes such as ANSSI, BSI, SOG-IS mutual recognition, probably ENISA in future,




    In principle, anyone can set up such a scheme. In practice a degree of credibility is needed to assure relying parties of the value of a certification. Commercial CABs face challenges here and usually go to considerable lengths to show that certifications
     are meaningful (e.g. GlobalPlatform went to ANSSI for assessment of the TEE Protection Profile.


    I expect two general changes in the use of certification over the next couple of years that might affect how we think of attesting certifications:



    * Regulation at the national or supra-national level. It may be that certifications from selected "trusted" CABs are required for some device classes.
    * Creation of meaningful certifications at the whole device level. As an example, a device may have some components that are certified at high levels of assurance (e.g. a Secure Element or TPM / EAL4+), others at a lower ("substantial" / EAL2+) level
     and some without more than simple functional compliance (e.g. a WiFi subsystem). Such certification will certify a complete device as fit for purpose as some level, depending on the Security Functional Requirements for that device class.




    The general concept behind DLOA is flexible enough to adapt to these.




    The work to incorporate this in an EAT is ongoing, and will be shared
    at Public Review time, but basically you need two claims: one is a
    platform identifier and the second is the URL of a web service where
    certification details can be retrieved.

    The web service is generally operated by a Certification Body
    (GlobalPlatform in the case of GlobalPlatform compliance secretariat)
    and allows retrieval of complete certification information which is
    valid at the time of retrieval.

    If an approach based on an external registrar service is of more
    general interest, I can arrange a more detailed explanation.



    That would be fantastic.

    Cheers, t


    IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose,
     or store or copy the information in any medium. Thank you.








IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.