IETF Logo Mail Archive

Re: [Rats] Use cases in draft-ietf-rats-architecture-04

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 09 June 2020 16:44 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17BC23A0991 for <rats@ietfa.amsl.com>; Tue, 9 Jun 2020 09:44:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=gG6Sg96h; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=gG6Sg96h
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D90_Zvr1oi9I for <rats@ietfa.amsl.com>; Tue, 9 Jun 2020 09:44:16 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130088.outbound.protection.outlook.com [40.107.13.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 429F73A098C for <rats@ietf.org>; Tue, 9 Jun 2020 09:44:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=61z5dZR0uIWKgVbplk4SV/tAc1fB69Ik7YpCN8usBP0=; b=gG6Sg96hJdQ0co7JPFn3dNfpaku6XQzo+zeGuvtiIRmYOvuEu8d1IcPb68TDqdHnSJJR67IJxk2WQ2y6NK/Bvr0NIGVNq2VwbGTeZ1eX1SM8jGVQBZtH0JnrEQnK3cy/oMVBqgvO0VLIHH18BMy5o9Im3M0S3xLmc1pnfG/aqMU=
Received: from DB7PR05CA0026.eurprd05.prod.outlook.com (2603:10a6:10:36::39) by AM0PR08MB4196.eurprd08.prod.outlook.com (2603:10a6:208:129::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.18; Tue, 9 Jun 2020 16:44:13 +0000
Received: from DB5EUR03FT022.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:36:cafe::48) by DB7PR05CA0026.outlook.office365.com (2603:10a6:10:36::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3088.18 via Frontend Transport; Tue, 9 Jun 2020 16:44:13 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT022.mail.protection.outlook.com (10.152.20.171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.18 via Frontend Transport; Tue, 9 Jun 2020 16:44:13 +0000
Received: ("Tessian outbound 1145f7a293ca:v59"); Tue, 09 Jun 2020 16:44:13 +0000
X-CR-MTA-TID: 64aa7808
Received: from ccc315cd43a7.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id E1793AB6-CC1D-4125-BEBA-02A79FD693C2.1; Tue, 09 Jun 2020 16:44:08 +0000
Received: from EUR05-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id ccc315cd43a7.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 09 Jun 2020 16:44:08 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S4UeTzPwJfB642wpNjEWreeUx/9uLZX5Ud6EJ+hg7w4j1zkPvKvVUlNyNiZ/+ojY9ZdiqzgOgSJ6Ekw5KAnK1s9i3HvHREesja6h31uUMJyasoJnBogNG7Qjh9fPYbmZUEBVzhswJIsAIXVxZCUczo+ktuTqDuGJLztX4Pr3wLUuuPizJ1rmxFHNMGZP2SJE/kgOGUV7swVaO9q+pDbcF3l9g68jtjzn4fbt5+t/D8HkWYBT6bY+QcZx+u6hc29pZZLXAdnqA++waYfa3Xgm16m3AArquWr8gwa/sAc0sV5MWsAx4eMvadEJQPYrbTQhrNUs9QND5Rq7yLmsrGw/Tw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=61z5dZR0uIWKgVbplk4SV/tAc1fB69Ik7YpCN8usBP0=; b=Dcq1FYqqmYauJS1uvRfJRJ6Nn6WV8c0ttDZ6EHck9pYcy2Fq+v0jUNQX+OLTk8r+LVIPEi8bWDbD+LlmdL6fE2AfELvttChyjUx/DV9YtEAbDeT2eic3fyNBlg29Usk7GJG7zsJ7+3c2nU91hZZojPQkDT3risSSxI0vEPtIazizdsaEFw7tXJZ1rnmaLWIRUSlcMiMdYa703f1WgugHUNYQpSSlJR89+CcY8Pp+q8hlyfYShNF0xukP3bXqauUt4nqp5NZmpCWS1nOCDvoefMdkl7+yfzzyjM8jAz1inwZDTZE2/AA49RfLryuZnMQAItHshXOkbNgaha/+YuOBug==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=61z5dZR0uIWKgVbplk4SV/tAc1fB69Ik7YpCN8usBP0=; b=gG6Sg96hJdQ0co7JPFn3dNfpaku6XQzo+zeGuvtiIRmYOvuEu8d1IcPb68TDqdHnSJJR67IJxk2WQ2y6NK/Bvr0NIGVNq2VwbGTeZ1eX1SM8jGVQBZtH0JnrEQnK3cy/oMVBqgvO0VLIHH18BMy5o9Im3M0S3xLmc1pnfG/aqMU=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM0PR08MB3922.eurprd08.prod.outlook.com (2603:10a6:208:128::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.22; Tue, 9 Jun 2020 16:44:07 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae%7]) with mapi id 15.20.3066.023; Tue, 9 Jun 2020 16:44:06 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] Use cases in draft-ietf-rats-architecture-04
Thread-Index: AdY+KXc/9OPetT3DQgie+zOpSv7ebAAUke4AAAA16CA=
Date: Tue, 09 Jun 2020 16:44:06 +0000
Message-ID: <AM0PR08MB371600C839A2EF18B0B9F374FA820@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <AM0PR08MB3716EF125B7B1B5ECB71C79DFA820@AM0PR08MB3716.eurprd08.prod.outlook.com> <27651.1591720426@localhost>
In-Reply-To: <27651.1591720426@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: dbbab0c8-ed1d-4bcd-94f1-22c2828ab692.1
x-checkrecipientchecked: true
Authentication-Results-Original: sandelman.ca; dkim=none (message not signed) header.d=none; sandelman.ca; dmarc=none action=none header.from=arm.com;
x-originating-ip: [156.67.194.193]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 44587560-64cc-4fc0-d31d-08d80c94574e
x-ms-traffictypediagnostic: AM0PR08MB3922:|AM0PR08MB4196:
X-Microsoft-Antispam-PRVS: <AM0PR08MB41968BFCB46C5E7CB326BB11FA820@AM0PR08MB4196.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 042957ACD7
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: AVkxt/8RMkTna1nDlkJ2Ou59yXfXwvx64SmW0mR0oMDyoKI3tPiE1lq3GHWRomgfl3gn7RiruV8ty2BDfqKN966xXy5cqU1hBbVL67b1A06ZaU2dabSpA6oklB1J1WtuZ/r29Ign9VR3MOE4CCP55H2OVs98QSU/smDw9kw0ZQBve9VxcBiAhilbsrVp9JBQf07ny8f+V2NAel+1yqbbJX4up0i/oMeQ7FPtbl46Cn/cnxkV1h1krP3FsvUadW8S0TuuYxaFcv86mOwBGmN5he6as7I8wCtGm0DAVGB32Mi9PLCgu9ONMNrarYNt+UetTnQao6iXaWXJqv9hzlnv7G8hq8kr9l6N6nzm1kT0F1RfSpzOBWmpw6BnSpBczR7Ul6g6q7F2JnOMzJAz9bcyMA==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(366004)(346002)(376002)(39840400004)(396003)(76116006)(478600001)(6506007)(7696005)(186003)(64756008)(316002)(26005)(66946007)(66556008)(66446008)(8676002)(83380400001)(4326008)(66574014)(55016002)(9686003)(33656002)(66476007)(71200400001)(86362001)(966005)(5660300002)(8936002)(2906002)(52536014); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: tQOkEz/RN/dER0RLz6bG8QTxiWsXY3OeFM20oYk/tyiVLsrOUNRbMKGpdKbpn5Qq3X77Ix57QtjfwWVXXgxNSXQ9PiuWNxVfz6FTLSuFUTe2cGyfZo7C6/GqFUT0ksFFwAnNgra5y7hNwPJbk5wPf2EYf+TlSeXA7VGsEd9ZJQ9FEpTxTZ3mP7ncVRtiRGF5/gLIwm0EMwzijui5nMxUCCYr4bZ+3XVGY5YytxtdALLsK1jP+EyiStp4qd33RkPDVTMebV03IrEXAZ7DpKkymzT+eGPLfMUUgOzCmcfVyq/5bAkW2H1PQAJP1UnUEdhdrFTb51J7UWLYvJYqOl+PoBWW45SWaH244xaupQlTs1H+5vgCVxP6InOANC1AI4rN3aa2qFQxGcNWJdAdZUNnXTT1FNfN+aNsMAom9SYx6QG5dW/7QlgL3hLAcJQrCq+AfHcAudGuD/OHpgtpYXNQ5xpNAgGo8tSZycp4jvpp0Q2fwMSU5Eu0PS2mEVkHm+L0
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3922
Original-Authentication-Results: sandelman.ca; dkim=none (message not signed) header.d=none; sandelman.ca; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT022.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(39840400004)(396003)(346002)(376002)(136003)(46966005)(8936002)(55016002)(5660300002)(9686003)(70206006)(6506007)(86362001)(8676002)(186003)(47076004)(26005)(336012)(70586007)(2906002)(83380400001)(81166007)(6862004)(82310400002)(966005)(4326008)(52536014)(478600001)(33656002)(66574014)(356005)(316002)(7696005); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: 776f7472-8916-49ba-8d7c-08d80c94538e
X-Forefront-PRVS: 042957ACD7
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 6s25DGn5aF++e8RViI+9xLtRPRMjndnYJikJoc7cTD8k5OGorQKaMxaNf5gC+7BYvuMBN6YBtW9sPcutaDWc7ryTpB8jZKuc5r3qhxd9YVdk1eeb20GdEzDmnThj9b0motjFJ4mcqVZqDxo5CV/TdZxRoHRkMxVqpzp9PzVkIwSNkg9/RPezOMLV9HlS08Kkd1b0CyWNlZt3bN2Xi+DxSHvcQ4DN0aYtRpu2v8xgxpZncvNzSYQI9+YMqAjZm87t0D3ePYG3kJitFC2tnDpSDVy3Ol2rkUfIofMVhhZxveY9M+f9KIO9mYfKSIKpsezimF8SNZuKM0HkAcs4wPDm/pbVbMFqA0JQcoOx4O8l9lwOo9iQnXTuX5zh+rl3Y5U1dRlK/C5YxhR1sLXmC2tVZFakYDyzCJTljb5usAo/lJkjRz13YDPLAYBOAnngHIJmbfZeaEPDjd6y32Rf0wOeJcRRezOz7QvNJyjVEO040pw=
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jun 2020 16:44:13.2321 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 44587560-64cc-4fc0-d31d-08d80c94574e
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB4196
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/6eOT34_YirzEotSgdxI7qNBQoj8>
Subject: Re: [Rats] Use cases in draft-ietf-rats-architecture-04
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2020 16:44:19 -0000

Hi Michael

Thanks for the quick response.

Regarding the hardware watchdog I just feel it is a made-up use case. Is this something people actually want to use in practice?
Today's use of hardware watchdogs aim to deal with non-security use cases (mostly dealing with crashing software).

Ciao
Hannes

Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
    > Section 3.6 "Hardware Watchdog" is something I have not heard
    > about. The concept of a watchdog in embedded systems is well-known but
    > it has a different meaning, see
    > https://en.wikipedia.org/wiki/Watchdog_timer Is there a reference to an
    > article or something that indeed confirms that "malware that holds a
    > device hostage and does not allow it to reboot to prevent updates to be
    > applied". Reading through the text makes me feel that you made this
    > up. (FWIW we had a researcher proposing such a remote watchdog but it
    > didn't require attestation. It was never implemented and you can
    > immediately see that there are practical challenges...)

This situation comes from the desktop situation.

The machine has upgraded, and as soon as it would reboot, it would be safe, but the malware keeps clicking "Cancel" on the "reboot now" dialog.
Applications reasonably can and should say, "No, do not reboot now", but there needs to be a limit, and the use of a watchdog in a hardware/firmware TPM module can do that.

It is *exactly* as in the embedded case (keep holding the switch down, or I blow up), but the "reset watchdog" mechanism is no longer just poking some hardware register, but rather, supplying some Attestation Result to it as to health of system.

How can we rewrite this to make this clearer for you?

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -= IPv6 IoT consulting =-
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email