[Rats] watchdog use case ... RE: Use cases in draft-ietf-rats-architecture-04

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 16 June 2020 10:25 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 280B33A117B for <rats@ietfa.amsl.com>; Tue, 16 Jun 2020 03:25:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=1G8ZJ8Uh; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=1G8ZJ8Uh
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VMiCt9XgpJSA for <rats@ietfa.amsl.com>; Tue, 16 Jun 2020 03:25:48 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80052.outbound.protection.outlook.com [40.107.8.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 812523A0C7E for <rats@ietf.org>; Tue, 16 Jun 2020 03:25:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9cjqxAa4Mt/nw67Y2EuAZd+AxWsKJg/g1REwNYaVVNw=; b=1G8ZJ8UhHmVb/SscgcPi0JQ0sCW+Fo6cqD+rHX3tY13/DzN++Pfk6V+jR1MrNaoMkmY2uc/ivq//qjMZOZ81jMMxnt/EEhNVTuWcnsf8GxK5AMeIUMdbcR3DPz7GA6PfnBG8TaDhuFpv0x4pkACf58hyIoQfbSZYUqvbVUI/aq4=
Received: from AM5PR0502CA0007.eurprd05.prod.outlook.com (2603:10a6:203:91::17) by AM0PR08MB3010.eurprd08.prod.outlook.com (2603:10a6:208:56::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3088.19; Tue, 16 Jun 2020 10:25:43 +0000
Received: from AM5EUR03FT014.eop-EUR03.prod.protection.outlook.com (2603:10a6:203:91:cafe::f5) by AM5PR0502CA0007.outlook.office365.com (2603:10a6:203:91::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3088.18 via Frontend Transport; Tue, 16 Jun 2020 10:25:43 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT014.mail.protection.outlook.com (10.152.16.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3088.18 via Frontend Transport; Tue, 16 Jun 2020 10:25:43 +0000
Received: ("Tessian outbound 299e58e1e4d2:v59"); Tue, 16 Jun 2020 10:25:43 +0000
X-CR-MTA-TID: 64aa7808
Received: from babf3e5b8cec.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 61D15ED7-8B30-499C-B726-23A776EAA036.1; Tue, 16 Jun 2020 10:25:38 +0000
Received: from EUR05-AM6-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id babf3e5b8cec.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 16 Jun 2020 10:25:38 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TkSKWhqjoOoUJ7sQDeLArM1a/8/32uXkwd9dtzWQGVcmV3Z9hTnpYp2+LC4sDcdkUFsOow2Y6EiK3GPWGCczCLMtPK3zmv9wrhAeqgCQVoAZZiaLr0oOhk4GWG8tsIWUfDY+0CSBp0rdeNiXncHWt8AeJecR3MIsax4LaL/aiotiHhK8a2V3rOKdrSX/bzPkTxt+6xF8JWVP+x9Y30LKtsdu66eMLeh60TzfPXX+3u1UXHcQc50fPwg5kSPcxAt5x8/WUF8OLTLxTZE/PPOpWu+Ap8bkibWAQa0r3OOhtYvPcTAVRUnjdYH3aBFLVnrXPlvGo9PvdBZ9ZWGaiv3mIA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9cjqxAa4Mt/nw67Y2EuAZd+AxWsKJg/g1REwNYaVVNw=; b=XgbM1BFXZ5TiUUk9nxX4Ztz66500VFsaGmLs7ttjnVO+6I4ZPevBm0elNJNZZ0aC11Xw4iWkRoNO2efVM5H9oqV0FRPyqFrVieess1+/PLJ2nobC7wiklFQNdSR3PfjVo1vB7ntV96JHBWtcWrnvQ8c8uQ97CzJyMq128ZJ7/QBEczJjTjuAnmJtWE4OKqeVqLZKKmeiGIvLxlTMK3hW75MLRXBuGUgDHPRYdLGZkkaLfWeQP+xhL+ELJIGP/1JaGaAVwhuMtKDYkpwhCTWNBXgfvEZsir5pfgDWfz8cd/hbns2/zAEwAHwy6cAxgmM/WE3jrJFXcdkmAFTbHrP5KQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9cjqxAa4Mt/nw67Y2EuAZd+AxWsKJg/g1REwNYaVVNw=; b=1G8ZJ8UhHmVb/SscgcPi0JQ0sCW+Fo6cqD+rHX3tY13/DzN++Pfk6V+jR1MrNaoMkmY2uc/ivq//qjMZOZ81jMMxnt/EEhNVTuWcnsf8GxK5AMeIUMdbcR3DPz7GA6PfnBG8TaDhuFpv0x4pkACf58hyIoQfbSZYUqvbVUI/aq4=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM0PR08MB3153.eurprd08.prod.outlook.com (2603:10a6:208:59::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3088.22; Tue, 16 Jun 2020 10:25:36 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae%7]) with mapi id 15.20.3088.029; Tue, 16 Jun 2020 10:25:36 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>, "Oliver, Ian (Nokia - FI/Espoo)" <ian.oliver@nokia-bell-labs.com>, Michael Richardson <mcr+ietf@sandelman.ca>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: watchdog use case ... RE: [Rats] Use cases in draft-ietf-rats-architecture-04
Thread-Index: AdZDxzg1dMUxu36vSHG7cRcC1apYow==
Date: Tue, 16 Jun 2020 10:25:36 +0000
Message-ID: <AM0PR08MB3716A2C59320D3FB8D403FADFA9D0@AM0PR08MB3716.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 867ea5c6-1f3d-48fb-a019-58d471ae93fc.0
x-checkrecipientchecked: true
Authentication-Results-Original: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [156.67.194.193]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 9376993e-6b97-4049-93d7-08d811dfa062
x-ms-traffictypediagnostic: AM0PR08MB3153:|AM0PR08MB3010:
x-ms-exchange-transport-forked: True
X-Microsoft-Antispam-PRVS: <AM0PR08MB3010ABB161D82EE28C09FF64FA9D0@AM0PR08MB3010.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
x-forefront-prvs: 04362AC73B
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: /wjTGr0sYTb5fcE+taFXr/CVhSMSXcwGrG2g//zLJGMcQVEP/FNBgoCuHYZbVeKimaWyYAX150jkRYEIuMH4Rngv9FjNEDHJtVGiaP3QVfO2UhIDE2GWzF5ZrlD/UYJO7UazVEthSjaZBZF+i4dPa+0nFSAeIOUzExeHZzEYtn8V5Sn46qeJPJsHHmWCbphBsANIuWnzTyxJ6IrfNfuCAVWSnQrvuClJ0IxKUE7DLz24WqTcSMVhf9a/qRsUDRBoMFAqmwCTpE9VKXvHpfS0tzynBfVtk1OLipqXBjKpB0x1B7ypGg7VY5gZuVdKVJCBbqYd8sUEEalES33IqXjm0Q==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(39860400002)(396003)(346002)(366004)(376002)(5660300002)(110136005)(33656002)(9686003)(2906002)(53546011)(66574015)(86362001)(4326008)(8936002)(8676002)(6506007)(7696005)(55016002)(478600001)(71200400001)(316002)(186003)(26005)(66946007)(64756008)(76116006)(52536014)(66476007)(66446008)(66556008)(83380400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: tzMfk7NrlPdMTxHnaugSd1tQGjpRFP85M4EwXTVkqXw4QjJLmBpPjygPvoMq8DR+HDaFvXJgj+MF7LZLnG6a4OxFYQCQVGtRpxn13V5DUpCsJwQ5/KqpiI5iNTvYWlNloVDIVS8ab9Dx/5Nxl99CuJaSDJABYeCbUTbCIr3OZYmQl2H/duQpFXMcp62Dkh/MGbFNG1ksCdSvfG2mGWJo7wpEtYtEoagode/CbDrKwNi8kQprdqJravra3pc0m6kPwak1SmBLrhVwUS2Vi0z5OfeLnr6s4JV28l2E/wqT4P7GbGvbmLzCFHaysgkQ6zu6SRvFtuHONNOhKCknFFwsZp3n2UK0XPFXT9QghM3lks5krgQ9evlfKDFSzuf78uhlqW6JNCLIRu4iH9QemStj0cyX0BHITGNsP0/UvgQBlAX0NaRm5Z+w6OYArSlMxgkCkKwhmF0ok2L+nqw97h8FsOACbkaN7wEvDn02oL0f2N3wUBEMWNBePg/DyPmGho//
Content-Type: multipart/alternative; boundary="_000_AM0PR08MB3716A2C59320D3FB8D403FADFA9D0AM0PR08MB3716eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3153
Original-Authentication-Results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT014.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(396003)(39860400002)(136003)(346002)(376002)(46966005)(70206006)(8936002)(2906002)(8676002)(86362001)(478600001)(82740400003)(4326008)(336012)(82310400002)(47076004)(9686003)(83380400001)(55016002)(70586007)(356005)(52536014)(5660300002)(33656002)(6506007)(110136005)(316002)(7696005)(26005)(186003)(81166007)(36906005)(66574015)(53546011); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: c41fcc55-7e8f-47fe-3761-08d811df9bfe
X-Forefront-PRVS: 04362AC73B
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: iwAjtgcmQFWzQIw4IEfpYX7KKlM4TBirXo9/LMlKd3PVO9offzxG/CXuMrn0SQBihji1PA7ZboXRCSk1dldcxYwXGLDRdAL3z4I+fiT+FgRgyiXsAw7Kl91u6dm+/HJzJd+bZuV8IIP8ISoDiLDempACb+u/5zVJ447IY5kZFADGehafJ/jVQApCnkF+mjaVGe3cXIIIi6Mc7LpqqWOjAd2WSeW9tY9BnBsSX/VqRakpEmOIbfP254OUF4cURoZA5KG4ZBLo4lC+FIAwVEfZZ1IYbYd63zLpA3wWiqCyAzYlDMF00+viUSt2EcH6h05xANzXXoQRIGkzVVGWAaTqO7r8J2MqJLKmthqcOgFtCGh9qK8S76qyKQ71XsL8bywfOysIF5hq0bkNekotqiFG7w==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jun 2020 10:25:43.8330 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 9376993e-6b97-4049-93d7-08d811dfa062
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3010
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/4hpYsNe2ZIWqNitrHGvm31VMcvU>
Subject: [Rats] watchdog use case ... RE: Use cases in draft-ietf-rats-architecture-04
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jun 2020 10:25:50 -0000

Hi RATS architecture authors,

Could the authors of the use case explain the watchdog use case a bit more?

I do not understand how this is supposed to work. How is the device allowed to reboot when it sends attestation information to a remote server?
If malware prevents the device from rebooting, as the text indicates, why doesn't that malware also prevent the interaction with the attestation server (for example, pretending that network connectivity is down)?

Ciao
Hannes

From: RATS <rats-bounces@ietf.org> On Behalf Of Hannes Tschofenig
Sent: Tuesday, June 9, 2020 9:31 PM
To: Oliver, Ian (Nokia - FI/Espoo) <ian.oliver@nokia-bell-labs.com>om>; Michael Richardson <mcr+ietf@sandelman.ca>
Cc: rats@ietf.org
Subject: Re: [Rats] Use cases in draft-ietf-rats-architecture-04

Hi Ian,

can you provide a bit more details about what your domain is?

Ciao
Hannes

From: Oliver, Ian (Nokia - FI/Espoo) <ian.oliver@nokia-bell-labs.com<mailto:ian.oliver@nokia-bell-labs.com>>
Sent: Tuesday, June 9, 2020 9:27 PM
To: Michael Richardson <mcr+ietf@sandelman.ca<mailto:mcr+ietf@sandelman.ca>>; Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>>
Cc: rats@ietf.org<mailto:rats@ietf.org>
Subject: Re: [Rats] Use cases in draft-ietf-rats-architecture-04

Just to add to that, the watchdog case is relevant in our domain

Ian


--

Dr. Ian Oliver

Cybersecurity Research

Distinguished Member of Technical Staff

Nokia Bell Labs

+358 50 483 6237

________________________________
From: Michael Richardson
Sent: Tuesday, June 09, 2020 22:00
To: Hannes Tschofenig
Cc: rats@ietf.org<mailto:rats@ietf.org>
Subject: Re: [Rats] Use cases in draft-ietf-rats-architecture-04


Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> wrote:
    > Regarding the hardware watchdog I just feel it is a made-up use
    > case. Is this something people actually want to use in practice?
    > Today's use of hardware watchdogs aim to deal with non-security use
    > cases (mostly dealing with crashing software).

We've heard from Enterprise people that this is important.
It's not a constrained case.

--
Michael Richardson <mcr+IETF@sandelman.ca<mailto:mcr+IETF@sandelman.ca>>, Sandelman Software Works
 -= IPv6 IoT consulting =-
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.