Re: [Rats] FIDO TPM attestation
"Fuchs, Andreas" <andreas.fuchs@sit.fraunhofer.de> Thu, 14 November 2019 09:46 UTC
Return-Path: <andreas.fuchs@sit.fraunhofer.de>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D659A120142 for <rats@ietfa.amsl.com>; Thu, 14 Nov 2019 01:46:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eotgE34ue2qM for <rats@ietfa.amsl.com>; Thu, 14 Nov 2019 01:46:15 -0800 (PST)
Received: from mailext.sit.fraunhofer.de (mailext.sit.fraunhofer.de [141.12.72.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88B2712022D for <rats@ietf.org>; Thu, 14 Nov 2019 01:46:14 -0800 (PST)
Received: from mail.sit.fraunhofer.de (mail.sit.fraunhofer.de [141.12.84.171]) by mailext.sit.fraunhofer.de (8.15.2/8.15.2/Debian-10) with ESMTPS id xAE9kA5g010606 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA256 bits=128 verify=NOT); Thu, 14 Nov 2019 10:46:11 +0100
Received: from EXCH2010B.sit.fraunhofer.de ([169.254.2.69]) by EXCH2010CAS2.sit.fraunhofer.de ([141.12.84.171]) with mapi id 14.03.0468.000; Thu, 14 Nov 2019 10:46:05 +0100
From: "Fuchs, Andreas" <andreas.fuchs@sit.fraunhofer.de>
To: Laurence Lundblade <lgl@island-resort.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] FIDO TPM attestation
Thread-Index: AQHVmdgbKKlnQ1ZLsk2cVdcDGcns46eKarF6
Date: Thu, 14 Nov 2019 09:46:04 +0000
Message-ID: <9F48E1A823B03B4790B7E6E69430724D0163BD29CD@EXCH2010B.sit.fraunhofer.de>
References: <62DD1AD3-6F1A-4B2B-8236-10ECCE254443@island-resort.com>
In-Reply-To: <62DD1AD3-6F1A-4B2B-8236-10ECCE254443@island-resort.com>
Accept-Language: en-US, de-DE
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [141.12.89.204]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/dTko9FGOn6gBatENPly-Se1Mi6w>
Subject: Re: [Rats] FIDO TPM attestation
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Nov 2019 09:46:18 -0000
The reason for this is that a TEE is a touring-complete execution environment for arbitrary code, whilst the TPM further has a well-define precise functional logic instead of arbitrary code. Thus only protocols that have the TPM's functional logic in mind can leverage it to the fullest and FIDO unfortunately did not do so. However, this fact that the TPM is well-define and precise proposes the big advantage since it provides a much higher level of assurance. Not only the execution environment (i.e. TEE vs TPM chip) is standardized and CC-evaluated, but the function logic (i.e. TPM command set) as well. The FIDO code running inside a TEE is not standardized (to the level of TPM) and most certainly not CC-evaluated. Therefore, the TPM is the preferred solution for anchoring trust with high assurance levels and it is the duty of attestation protocols to account for its well-defined functional logic in order to establish maximum trust in a device or statement. Best regards, Andreas ________________________________________ From: RATS [rats-bounces@ietf.org] on behalf of Laurence Lundblade [lgl@island-resort.com] Sent: Wednesday, November 13, 2019 05:08 To: rats@ietf.org Subject: [Rats] FIDO TPM attestation Here’s evidence that remote TPM attestation is not just for routers and is used in non-YANG environments: https://fidoalliance.org/specs/fido-v2.0-ps-20150904/fido-key-attestation-v2.0-ps-20150904.html#tpm-attestation. In non-TPM FIDO attestation, the whole attester is in the TEE or such. In TPM FIDO attestation only the key storage and signing is in the TPM. There is reliance on components outside of the TPM for the security of the attestation, so it isn’t the preferred form. This is a reason to consider the TPM Token I’ve mentioned. It would allow remote TPM-based attestation to be used anywhere there is a TPM for use cases beyond routers and YANG. LL _______________________________________________ RATS mailing list RATS@ietf.org https://www.ietf.org/mailman/listinfo/rats
- [Rats] FIDO TPM attestation Laurence Lundblade
- Re: [Rats] FIDO TPM attestation Fuchs, Andreas
- Re: [Rats] FIDO TPM attestation Schönwälder
- Re: [Rats] FIDO TPM attestation Henk Birkholz
- Re: [Rats] FIDO TPM attestation Laurence Lundblade
- Re: [Rats] FIDO TPM attestation Fuchs, Andreas
- Re: [Rats] FIDO TPM attestation Laurence Lundblade
- Re: [Rats] FIDO TPM attestation Smith, Ned
- Re: [Rats] FIDO TPM attestation Henk Birkholz
- Re: [Rats] FIDO TPM attestation Henk Birkholz