IETF Logo Mail Archive

Re: [Rats] Android comments on EAT draft

Anders Rundgren <anders.rundgren.net@gmail.com> Thu, 16 May 2019 04:36 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6113A120041 for <rats@ietfa.amsl.com>; Wed, 15 May 2019 21:36:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lYUXmD_2x5-U for <rats@ietfa.amsl.com>; Wed, 15 May 2019 21:36:18 -0700 (PDT)
Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAB3C120091 for <rats@ietf.org>; Wed, 15 May 2019 21:36:17 -0700 (PDT)
Received: by mail-wm1-x332.google.com with SMTP id t5so599838wmh.3 for <rats@ietf.org>; Wed, 15 May 2019 21:36:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=Tiruv/Wutt0LBvyNvpiu28bUAvMLmy8XDyDA47pRhTY=; b=Lw0BTvmjSogixW4zVqDf2Wp+dJjLOAYGqgn77ICtaZCy7olkdfqzLhnuEE9W/uFWfz 0PXt7Vns0Uj6AqFgFU48PHX0/iISyPO1BihwjzZmxVFT1F3o76fjxmMrQFjiNmjEdFlG RbPx28yhXv+XXGoc4bx4AI34GIbLfQwkTLOuOi2y46tykdrCjyaNw2IBOc9AtgXrwdI5 UY7dUGl7nsJ/JhLp2gR7Uo/KAUZDe4dfrP55M3X6wA+JdjLkkww+hCw32M8jlfAtv0vS n/8sTfS1azn6bWmIZnT5RbtEN0AXhIsHt70ZljpYsePWnXSK7fGpKktQwDffz8JY5x6O WroQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=Tiruv/Wutt0LBvyNvpiu28bUAvMLmy8XDyDA47pRhTY=; b=mLWMwoTR6J5cYMJsSrReOcESdstmNAtzFt4MrOk5NOv7cfiP9MZoXDe66OFRSozv9Y Up/iK+1oEiIs0R0VoKVBo0unIR0bo1Qr5k8kBNxFMFSQ71/bdBSAb7AemRwCEAXq1/n9 9secDHEbguMR4BMzTGUyXPx1OzjhPzIrp5d67QaKrthOLDAlC4JzYO/tyhcXfVvCLaqf vgYvHKQ9B44qKtsFfA4Vtz7llrxOspG9EYgMc5US+JjPRBh12uIilHGR3NloNineTaTr fprCQTE4SwkJMpKnhMwvqBkaPTuTFRCZO6XOxAPXy3FCTOSBydw7UbDXGbPelS/Y7DuB 7hgA==
X-Gm-Message-State: APjAAAXCgxqGoJyAiaHoALl93qwk8dSvKlYmK21TRqxXq8x/F7Lsx5HW aStIiGZH2KufrTE98+Qp6s/ZT+Nb2PQ=
X-Google-Smtp-Source: APXvYqxNLgv92VXZzAAx7FPzfikszDe58OxFZnjJMuT2X8EP5OCwPKunO+oQ8C9QiwfZuI8oRS/O0Q==
X-Received: by 2002:a05:600c:254e:: with SMTP id e14mr14920218wma.70.1557981376246; Wed, 15 May 2019 21:36:16 -0700 (PDT)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id m13sm3997562wrs.87.2019.05.15.21.36.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 15 May 2019 21:36:15 -0700 (PDT)
To: Shawn Willden <swillden=40google.com@dmarc.ietf.org>, "rats@ietf.org" <rats@ietf.org>
References: <CAFyqnhVJ-ps4bdhsyQDOHdzHVZsXeK7_kCDXxUVUcuyDzWS3uA@mail.gmail.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <d6494429-342b-1979-373c-c2fe75313fcf@gmail.com>
Date: Thu, 16 May 2019 06:36:11 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <CAFyqnhVJ-ps4bdhsyQDOHdzHVZsXeK7_kCDXxUVUcuyDzWS3uA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/TBaUk-azxL-wXviBPuHG5prd4XM>
Subject: Re: [Rats] Android comments on EAT draft
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 May 2019 04:36:21 -0000

Hi Shawn & RATS,

FWIW, I'm working on another scheme which tries to combine different needs.
In this scheme an attestation (which would contain all applicable device data) creates a shared session key which is subsequently used for provisioning data including creating or importing keys in an atomic session, ending with a "commit" which in turn provides (through the session key) a proof/attest of success to the provisioning service.

The protected API concept was loosely derived from TPM's authorized sessions.

https://github.com/ietf-teep/architecture/issues/52

This scheme also enables the creation of an entirely static "StrongBox" (SE) supporting a three level security architecture OS/TEE/SE.

Note the disclaimer though.

thanx,
Anders


On 2019-05-16 02:43, Shawn Willden wrote:
> Hi all.
> 
> After being invited by Laurence to join this WG some time ago, I have completely dropped the ball. I apologize for that; in the interim period I have expanded my team from one engineer (me) to six, and we all still have more to do than we can accomplish, which gives a good indication of how much I was dropping on the floor.  I think I have now delegated enough that I can begin to put some time into this.
> 
> After reviewing the draft (which I like a lot, in many ways), I notice a crucial divergence of focus between EAT and Android Keystore Attestation.  Perhaps this means that EAT is not applicable for Android; but I'd like to explore the question a bit.
> 
> Specifically, EAT is about attesting to a /device/ while Keystore Attestation is about attesting to a /key/ -- though we also attest to quite a bit about the context of the key, i.e. the device. Indeed, the device information we provide is growing with every release, because there's a strong pent-up demand for device attestation.  So Keystore Attestation is gradually expanding to include the device attestation role, but must also retain its key attestation purpose.  For EAT to be directly applicable, it would have to include claims about a key as well.
> 
> Perhaps another option is that we could use an EAT attestation as a sub-element inside a CBOR structure that attests to a key.  Or maybe there are other ideas about how an EAT attestation may fit into a larger attestation that describes characteristics of entities other than the containing device?
> 
> Another, more tractable, area of difference is that EAT provides Claims for several data items which Android will likely never allow to be attested because of their privacy implications and potential for ecosystem fragmentation (apps choosing which devices they'll run on -- we generally try to deny them the information they'd like to have to make those choices).  These are:
> 
>   * UEID
>   * Origination
>   * Location
> 
> We do allow OEM Identification, though it's a different format and is restricted.
> 
> Some other claims that we have, and think are important, are OS version and patch-level (represented as a date, YYYYMMDD); secure boot verification key digest; secure boot digest (hash of all verified code); application ID (a digest of the requesting app signing key); and secure app version (hmm, don't have a patchlevel, but we should!  I'll see about adding that for R).
> 
> I suppose all of this could be address by registering additional claims.  I'm not sure it would make sense to add a set of claims (or a complex claim) that addresses key attestation, though.  That seems to significantly change the semantics. Or does that sort of extension seem appropriate to folks?
> 
> I also have a set of more detailed comments and questions, plus some editorial suggestions.  I put the draft into a Google Doc and added comments.  I've asked my team to take a pass through it as well, and I'll share it with this mailing list as soon as they've had a chance to weigh in.
> 
> Again, my apologies for jumping in late.  Let me know if you think EAT just isn't appropriate for Android.
> 
> -- 
> Shawn Willden | Staff Software Engineer |swillden@google.com <mailto:swillden@google.com> | 720-924-6645
> 
> _______________________________________________
> RATS mailing list
> RATS@ietf.org
> https://www.ietf.org/mailman/listinfo/rats
>

v2.23.0 | Report a Bug | By Email