IETF Logo Mail Archive

Re: [Rats] [ietf-rats-wg/eat] please get Google Android team review of Location Claim (Issue #292)

Giridhar Mandyam <mandyam@qti.qualcomm.com> Tue, 20 September 2022 12:54 UTC

Return-Path: <mandyam@qti.qualcomm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 167DBC159A25 for <rats@ietfa.amsl.com>; Tue, 20 Sep 2022 05:54:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.706
X-Spam-Level:
X-Spam-Status: No, score=-2.706 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=qualcomm.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YXosG2T03hZV for <rats@ietfa.amsl.com>; Tue, 20 Sep 2022 05:54:18 -0700 (PDT)
Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48DF2C159A24 for <rats@ietf.org>; Tue, 20 Sep 2022 05:54:18 -0700 (PDT)
Received: from pps.filterd (m0279866.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28KBmTt8010321; Tue, 20 Sep 2022 12:54:17 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qualcomm.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=qcppdkim1; bh=MwmcnP5eQRdT9+XdBjRRTht0x1a+Hfbx1U6LRSzauOQ=; b=P+ufcf+qrCIoqypPwn4Nr0op4Cbv17k8xCppsew8vau2mKcpgX6rIf04klmaUJqEX5oQ QzWQVKXc0vQyPhOvDgfTyxssTxknW/5npMCv9STGXKiGMkcHPyJazHfktnQ/qBQ/7SCK V2tRHV5mPejTa5w2XTgcdteqh++1VZ8u++NMJbfBq2QSSg5lHRQ2w1kTu6q76sTa33WD 2vNWoyd692nDK07nMH+IlHoRYlu1iV/aHaswmc2psCNOLYBTHVCPUKbKHrApkaObSCTL qp5zs01Qa9NF8y4vKEJL+3bO0zgEjEeQ1vwcO44vsQoaTcooHpHc0tsNozixm0pL7EXm Nw==
Received: from nam12-bn8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2173.outbound.protection.outlook.com [104.47.55.173]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3jq7321n6q-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 20 Sep 2022 12:54:17 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DTs5YjkwQ+t3gjb8sSi2d6asYjJ3QSFIWdJeGBuR/x+BZbScbjMwxB45cU5XqeR6smEz8s8x5JwPWTXkdVSwFZT6Ms3oO64/4X1w6UcYd5MA7PDllUzqNlzAmNspQZVZCm01iiWYC/jThEXPb+BIpNn3BQGa7hO9TK83Zf/xtnBpcEDVPd2UZ2pJIuynCfiJ3ZwS1BLQWrIOhukvSwzPVbgeg6/38/FwWywikm0oqZProUSrMZ8UhnWyeejSOiO4W7gDWWI6yWgiVWJ2Tki0DPEVpmAz1a5A3HtfpC4YnHLWpyQPDAtJN9EKd0vZmdFnSzvg2McVDamw7m9AhMVIZg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=MwmcnP5eQRdT9+XdBjRRTht0x1a+Hfbx1U6LRSzauOQ=; b=BnqCQuwrFQCVCO4Y8ceGsJewqeqevLCBgPELnjf9WSjQppBSp6sVSccq1U3RElYNdkUcrD/HODOKU69E7a4tXAXv5IXKyqemN3QfenQ4zTRHbvkWbas3ph/bG/tBs4kw4u62qGpZEal5r4uizt/3sxeZcG884KyadcNir6jftJoxu+rtJnrnieL2WXysYsUmXQvJOmSuTmCK/2Vq2KOSrFIfCD0YpYknFwrF9qFJ5+Be+Eh6pLLe1EQ82xyUVSBWEUADFTkksv6UeoNUBnnysjv/KLSYlwbTAFlNzbnlS3A19YQEN+cX9HFM9Wiv+jIkl7QGwdpJHHYGGNX3lGo5nA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=qti.qualcomm.com; dmarc=pass action=none header.from=qti.qualcomm.com; dkim=pass header.d=qti.qualcomm.com; arc=none
Received: from SJ0PR02MB8353.namprd02.prod.outlook.com (2603:10b6:a03:3e4::7) by CH0PR02MB7946.namprd02.prod.outlook.com (2603:10b6:610:103::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5654.14; Tue, 20 Sep 2022 12:54:15 +0000
Received: from SJ0PR02MB8353.namprd02.prod.outlook.com ([fe80::e199:3741:f31:a3a1]) by SJ0PR02MB8353.namprd02.prod.outlook.com ([fe80::e199:3741:f31:a3a1%9]) with mapi id 15.20.5632.021; Tue, 20 Sep 2022 12:54:14 +0000
From: Giridhar Mandyam <mandyam@qti.qualcomm.com>
To: Laurence Lundblade <lgl@island-resort.com>, rats <rats@ietf.org>
CC: Michael Richardson <mcr+ietf@sandelman.ca>, "Smith, Ned" <ned.smith@intel.com>
Thread-Topic: [ietf-rats-wg/eat] please get Google Android team review of Location Claim (Issue #292)
Thread-Index: AQHYzDy1dXxFVwe/4ESqtKTBoclWlq3nDm0AgAE1c7A=
Date: Tue, 20 Sep 2022 12:54:14 +0000
Message-ID: <SJ0PR02MB8353FB4F17FB159D5E55D3D5814C9@SJ0PR02MB8353.namprd02.prod.outlook.com>
References: <ietf-rats-wg/eat/issues/292@github.com> <ietf-rats-wg/eat/issues/292/1251183077@github.com> <03F38278-C389-4FCE-B31E-0AC5F208DD33@island-resort.com>
In-Reply-To: <03F38278-C389-4FCE-B31E-0AC5F208DD33@island-resort.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR02MB8353:EE_|CH0PR02MB7946:EE_
x-ms-office365-filtering-correlation-id: b5b3823f-e195-4f48-0faa-08da9b0738ee
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: wF84TaIfuszeKIXwwkX7ytbZL8wBE+P9bhFTE2xBM2V1aP/l8S531I4WRnzmdJRnz3AiHiDZk/rz4EDiYEollzFJ0xLxQb+8B2xIRpkZhKCUa4nsf/o2+onUtn7toMmjBC0g9/bGVfJNQQCsVgzTYNKoc04S7uYMHo1WraudLNe0U8V9E1CGCiwUNrSum9oI8GHCwGSK5sET6rXO9ECMPmcOtYVmnAiBrWA5MweaRFSoz1zP2djWU72rJuQWsS60kpT8GfHtxmO+VzEXjjcIrdBXamBviyPy1vQJEnsI5CNuntWocQp4sjbZEoBI3l30pa9iwIntmsLmXfGQMczWUN/N1wGV5vogLr0hVWWOmj7I2i3WSE5P0+NgIe++H36Y97GOESIusZ33H4nfqsENfhmVh1VkkGKuOze7gr0cFkUZ4fwM0aXm0I13yr158ChtRJabGZERzN7WIL+Sf4Tguw6JKXrwksq+ky5ANGQ9JAtGg6cXI2x8GSPZPlMLUYakWUjEfTy7Na8ewlNT5HNN3J7+VJt2/5xJA9AtQB+jeSLtlbuMH8sO7iTpUkDj+igTAFGIMSucglONzL2RxTLsArH4Li6lYe9oiJFcp0a03HQYO+ynjDEzojBQFpwSLniyIjpohTNrvaK0ut2wXV0BTOLjx0sesOAcnbykpBbVDn4LieTPjemnOtadj9yhvG/RdXqNqtUWED16FD6inA5762QLiSGxJdRF/kzA/Ocl30rvzGg9PdugyN/F4ygY8fD6TY5O4xReUywtUM0AWx5R3A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR02MB8353.namprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(39860400002)(366004)(136003)(346002)(376002)(396003)(451199015)(478600001)(41300700001)(71200400001)(86362001)(5660300002)(76116006)(4326008)(8676002)(55016003)(66446008)(64756008)(66556008)(66476007)(66946007)(52536014)(8936002)(38070700005)(2906002)(33656002)(38100700002)(122000001)(110136005)(54906003)(316002)(186003)(9686003)(26005)(83380400001)(7696005)(53546011)(6506007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: D7nedBpKCYfo54nuFyCDJKJFz1DQz5uUh/mLMnoQZpAxC8unMaklmgNCLnCs0l5LkvI576pZzPJqf32wN3inQjUhQgylMIW6rAwN/B7K/xX7xykPMt7mqUFpWD/TF0w+GSlG00EHLgm4Hlkuyvpi9YTIljcdo7ptbu6TaeldW2qDjENB410AaDXmS7Q6gvwCf2zH6rfSg1wORBWeGhl+zaNlFpubH60mHh1Qj4uKbtgJcgwW65/jSXCTW++wOkMRjjOYEIeNEQsXusTez7TnxPQmG8VnRNNtaWSQsDtSafojnZYxnHm9+VkpqMGhcC8F4Em1lmvk24ZjMqcG/LVOG65wCpwMcmXo+uw5/zzOw42PNYKfkubAxa6X8CRVaawRPk3NNe2hS7X+q9Hkzx3c1mokur+JmaMkO/k7r1w+RuJLGNqYG7aXC7M9SmDkVqGWllRIUrR4EGhtg8a2kk16pV7F/g3CT+h/S8z5XRWupYnIXLYS9PDZc2rcm/EysrBlsNhz+j+CIszIEn9QBkVveCJZ3jQEFZR+X4yOCmQ05aZ4gFDSVLT2DYEj3SxSy4oKNHDIEfi8j59Aq4EniEJ2uUHOh+pNogjbwyq4qbutDLedolgvl64+m+YtX26edTve8U0hHCrR2yjXey7aGn557aeYPZsHQb5xI4v/ysJvpeSNPEzz804NiRIi0KQ7AwP2eOq6qFC58OkLBco7d2CmeBiblZlfOBD6EyKdtoDFTtkY0a2kx5/7H+q1Cubm8D+ip+zZKFHSkiA31RprisqsUy8K6pDs+unEaoswz29gmBoLmLgU613EiWL2wgCjK8jP1sXxKzjZFSI3YWKusnpkoqgVRjx9hBbLIFp/brINHeaNjy4Rc7gq1Wx1P5vhJPJWpkWK7e5t6GTJ8+Oz60rajkKHvHUBNfWfnn/GbTV4BHzMetcCjJXTP9gb2afH5TzmjVQtM0fw7qw0P4FbKN5Hrvyam+ezPXq0q04PKF6wOXL9rbbjy7X6lDUO+fE2EGisSQsXMqZAhdGhB1LwLHV+V0pJzhCXBfrAO2B/zpJeMQSix5VOsiiLY5/L81jW12LPOFNxMfjMPAhD4u+/iqZRf/G1jrhdVzWuDDMNAAQZ1DPffHc3icxWfUoEYVR/yP3/dLSZZgnBuG9jG00/Bw3EOe04rG4FyuA95B/hciuCFaNvRv3Ol5zkL5wnRK2eMoguf+tVaAlh2yxbPKfTJZfh+7bmPnXoObYftqbTcHxigqI8I0c4MIdNDPg4M4KaHHGfLfzoZVL4Jc8AIBaKOuHgGTh8rJO1fpsYoYy1PMKow6Uzf7s5PkL0e8TG3on60hcZMzlbsGVNB40wg3xxsjayDJrtvjlqEPZneulATu/ZTWKM4tPfhCZ8Cr8K2QzWOqbjNMXAgbHrHjtnZjH7+++oaKObv5A+t/tKVsRH9Hs9RtMlvHWcoL7I3FAb0LmE6GuzhFrfW+RQsEYi4nUSY/riUVCgO62l4RYJnsqSdNuD5RdQzx9YEPeHJYQPMmB8fD1LTVihcrr+4AYCCmxge14sYsmbh0ugWzSbpPLm69WTPcq0FVtNm6m+zLPvdqI1F4x0
Content-Type: multipart/alternative; boundary="_000_SJ0PR02MB8353FB4F17FB159D5E55D3D5814C9SJ0PR02MB8353namp_"
MIME-Version: 1.0
X-OriginatorOrg: qti.qualcomm.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB8353.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b5b3823f-e195-4f48-0faa-08da9b0738ee
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Sep 2022 12:54:14.8079 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 98e9ba89-e1a1-4e38-9007-8bdabc25de1d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: xAEJt95RKrSskbsiEQiLqxcxuJB+ysIGFgedPnIatPbmr5gLFR03Gl2JlNmYArrfIt8Tg+5O+Kqu2Q5hzg0Fq9BqffBoUGoroAMV9EqKSco=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR02MB7946
X-Proofpoint-ORIG-GUID: ll-rSFOpCxXCEkXgGNju2BsVylHDFgA4
X-Proofpoint-GUID: ll-rSFOpCxXCEkXgGNju2BsVylHDFgA4
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-20_04,2022-09-20_02,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 suspectscore=0 adultscore=0 mlxlogscore=999 spamscore=0 phishscore=0 impostorscore=0 lowpriorityscore=0 priorityscore=1501 bulkscore=0 clxscore=1011 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000 definitions=main-2209200076
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/TTftCMbAWBRASfK8ak01rGzXj1c>
Subject: Re: [Rats] [ietf-rats-wg/eat] please get Google Android team review of Location Claim (Issue #292)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Sep 2022 12:54:22 -0000

Agree with below.

Moreover, sensor data is rarely fully self-contained within the security boundary of the attester.  An example is biometrics, which should have their own built-in defenses against spoofed data (e.g. latex fingerprints, still imagery presented for facial recognition, etc.).   The FIDO Alliance’s biometric certification program as a result validates the biometric’s performance with respect to spoofed data, and FIDO standards define how to attest to a biometric authenticator.

Given that location can be determined via a detection of an externally-originated signal (e.g. GPS satellite emission, although this isn’t strictly required in most GNSS engines of which I am aware) then presumably such signals are subject to spoofing.  The GNSS engine can provide information on spoof detection to the attester, which in turn can determine whether to include the location data in an attested claim or not.  I don’t think EAT should be prescriptive on how location data is determined, because there are many possible implementations (including unfortunately GNSS engines that do not detect spoofed satellite signals or detect them with poor confidence).

I am not sure what the security guidance text should look like except for stating that determination of trustworthiness of sensed data is beyond scope of the EAT specification.

-Giri

From: Laurence Lundblade <lgl@island-resort.com>
Sent: Monday, September 19, 2022 11:13 AM
To: rats <rats@ietf.org>
Cc: Giridhar Mandyam <mandyam@qti.qualcomm.com>; Michael Richardson <mcr+ietf@sandelman.ca>; Smith, Ned <ned.smith@intel.com>
Subject: Re: [ietf-rats-wg/eat] please get Google Android team review of Location Claim (Issue #292)


WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.
Bringing this to the mailing list from the GitHub issues.

I don’t think we can specify trustworthiness or security of any claim. If we try, we’ll be here forever. Security-level is the poster child. :-)

For example, we do say that UEID is a permanent identifier, but we don’t say how well defended against attacks to change it must be. (iDevID on the other hand does specify this, but iDevID is an implementation specification targeting a specific security level, not a broad message/protocol specification).

Thus claim definitions are really about semantics, not security and trustworthiness. Pretty sure all the claim definitions in EAT are about semantics only.

I think it would be reasonable to say this in the security considerations section, perhaps making an example out of location. It can say that the relying party must come to know how secure a particular EAT and the claims in it are by getting information from the attester vendor and/or the verifier operator.


On Sep 19, 2022, at 8:30 AM, Ned Smith <notifications@github.com<mailto:notifications@github.com>> wrote:
It should be noted that location depends on external entities (satellites) for its values which an Attesting Environment can't be certain are correct (as a jamming attack could alter geo-coordinates).
Yes, noting this security considerations is probably a good idea.


The RATS architecture expects the Attesting Environment is design in such a way that the Target Environment can't lie about the measurement produced.
This is not true for EAT. It intentionally has no security design requirements. Pretty sure this is true for RATS architecture too.

In the case of location claim, these exceptions should be noted.
Yes, but they are not exceptions.

LL



To go on a little about how location works

The location system in a phone these days combines many sources — satellites (maybe more than one), WiFi, cell tower and inertia. My iPhone even asked me to hold the camera up so it could see buildings in downtown San Francisco to figure out where it was. There is probably some defense against spoofing in all this, but it is probably pretty complicated and beyond our ability to specify.

The location system in a Qualcomm Snapdragon is what does all this. It’s not a part of Android. (at least that was the architecture a few years ago)

Probably different use cases care about different sorts of attacks, accuracy, altitude, speed and such. Too difficult to analyze and characterize all that.

As of a few years ago, Android definitely had a debug feature that allowed location spoofing, presumably necessary for developing apps, but not so good if really wanted location of security reasons. Qualcomm had an EAT-like product that provided location that couldn’t be manipulated like that.

I suspect the Android team would just confirm this and that Qualcomm might be the one to say how well the location information holds up to spoofing attacks. I don’t see that it is necessary to talk to them as I don’t think we can make any statements about location trustworthiness in EAT.

v2.23.0 | Report a Bug | By Email