IETF Logo Mail Archive

Re: [Rats] Data Attestation (was Re: 3 Use cases)

"Oliver, Ian (Nokia - FI/Espoo)" <ian.oliver@nokia-bell-labs.com> Fri, 01 November 2019 12:02 UTC

Return-Path: <ian.oliver@nokia-bell-labs.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8AD4120091 for <rats@ietfa.amsl.com>; Fri, 1 Nov 2019 05:02:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N9WkdhnbLeYc for <rats@ietfa.amsl.com>; Fri, 1 Nov 2019 05:02:03 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50107.outbound.protection.outlook.com [40.107.5.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0330F12002E for <rats@ietf.org>; Fri, 1 Nov 2019 05:02:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UvSPo1Urrh2U7aUu5n/bcM4iEtPez3iFn45qHfdza7Ziwq6oOCifrrDd/xaIc7vX9OiCS/qhuULBbUpSkEGQ2rhG6QhT03LAl2fGrRil2gxF1XpLFkvxaX4nvG6QW6IwQlAsWA5dxsDjUBeX1s3m6EHe3xthZdS+MF4L9xYUqjJAlH3EvHfWIc0OrPcCkTGYB+NukyrJrxint0jRz0GIkYXgcBToyu693n/HU2g2T0usrwo2qzfHkWPl9thMuGJHFuTcOKwjA+aYMgYSezl/ZqWFZsFfZGo6YNC8LJ704TFkJLPUxuGZ9PyQxXYrUr7kLDjZ/pBqUKxSPrQ6hXY+wQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pYw7f9Siq/mfL6tWBg2kyqwwsnKgbxzsOyRDPFWGnWk=; b=W4OP1rKO0xLGmkmOWyA8Zd6O/x7WwaEIsgfhiGqKmYak1YVh8X7AHXuiyXwGRkV18XqaMh+ZtWTRq6Y5k2cfmdwPp/q5p6tiHslAW09/5QKY2J96OErCpxyMp/hesii6w7/lmgAItTft5s08SSCgLlNzxT7ao+yuICMaeHuL8KhEbqegZ1iHN365Cs5HyHqGuxprmKSifhc7NsBGZNhST4x+1r/XH0PFKd/evWU85X14nH6htNe1G24ueLpPxAWy2ZII/zV1tgWrsn8TAFHoS94veXQRSmfo1iyqYV7gmZTTuaNTnEETyeZg1nZrg08j9uCCkE4xX4Dxd6oR73KaPA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia-bell-labs.com; dmarc=pass action=none header.from=nokia-bell-labs.com; dkim=pass header.d=nokia-bell-labs.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pYw7f9Siq/mfL6tWBg2kyqwwsnKgbxzsOyRDPFWGnWk=; b=la848epR74Jb/s8ov0jxHtmOGF6XXezzj+3yld6XeudB7p4Qld3f6QFyDVmYuTiNqRodZ6tCqiD0Bd+GAWNSzRK4QnpbOoAfd+LPmMSJforw2ESWl872yX4nigJvOtIJoo4yoqBlaWXwSqucYk0XOt5Z0v4PumMyz0a7nptsugA=
Received: from AM0PR0702MB3746.eurprd07.prod.outlook.com (52.133.46.159) by AM0PR0702MB3586.eurprd07.prod.outlook.com (52.133.50.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Fri, 1 Nov 2019 12:02:00 +0000
Received: from AM0PR0702MB3746.eurprd07.prod.outlook.com ([fe80::40b2:509f:ad68:932a]) by AM0PR0702MB3746.eurprd07.prod.outlook.com ([fe80::40b2:509f:ad68:932a%5]) with mapi id 15.20.2387.030; Fri, 1 Nov 2019 12:02:00 +0000
From: "Oliver, Ian (Nokia - FI/Espoo)" <ian.oliver@nokia-bell-labs.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: Data Attestation (was Re: [Rats] 3 Use cases)
Thread-Index: AQHVkKv+XyC16AD9kkyupJL/i4K1YA==
Date: Fri, 01 Nov 2019 12:02:00 +0000
Message-ID: <AM0PR0702MB3746FC1C2A9200D26C0B113E8F620@AM0PR0702MB3746.eurprd07.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=ian.oliver@nokia-bell-labs.com;
x-originating-ip: [131.228.2.10]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: f0cf9ec6-85d6-4a8d-d487-08d75ec34d2b
x-ms-traffictypediagnostic: AM0PR0702MB3586:
x-ms-exchange-purlcount: 1
x-microsoft-antispam-prvs: <AM0PR0702MB35866DA5D3D9B8639BF0A3038F620@AM0PR0702MB3586.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 020877E0CB
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(136003)(396003)(346002)(366004)(39860400002)(199004)(189003)(66446008)(66066001)(7736002)(2906002)(71190400001)(105004)(71200400001)(186003)(52536014)(74316002)(3846002)(6116002)(33656002)(476003)(14444005)(256004)(19627405001)(86362001)(486006)(5660300002)(64756008)(14454004)(6246003)(606006)(25786009)(8676002)(81156014)(81166006)(229853002)(478600001)(6436002)(236005)(966005)(316002)(55016002)(7696005)(6506007)(53546011)(102836004)(6306002)(54896002)(8936002)(26005)(76116006)(66946007)(66556008)(66476007)(9686003)(99286004)(4326008); DIR:OUT; SFP:1102; SCL:1; SRVR:AM0PR0702MB3586; H:AM0PR0702MB3746.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:0; MX:1;
received-spf: None (protection.outlook.com: nokia-bell-labs.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: CB+0VlWVMRlOHF9YeMxD+dtFZOhvhFDHspG2d6xYRqvKjfvGEDpBtDEdG4w/dv+minuJfaZs7m6nxTKztX3Zf3gsSC8GSup0H0hT9e4rX40rUPKJ9/IfnoN42zCklqxzEzTzmN6CjpeFeqnWMGd+IYpQ7nn8Gqwx/kJTGYOFGxcRTQl0FxF7T34eCei29+gQtmN8kmZNEDK7K44D8LjQkmpKKnrIDZteqOFwA2sHrPFVdVoq4en03Yv/OQN1KBrWJmCL6T9c2DjJaM7Ud2PSQFUHxHv1YG5NxGyRQUuyOQY4aeDecA+DKRWJqrcAIJWcnq4GYVfViFmvo3fRiv18ysqp9lqZ+Y9jovwvaLl9sI6RdwkMFUw7fWFMpnzvTIxvA7aHhODdctXcPOf9TaeSc2IdHuFY1KKRvE2zrktuwlo7uTfnoQwjDfbBub3yB1euBvACAvLwUHR1RnEVO2MQbkfOxExArEevyy0MTwWib8g=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM0PR0702MB3746FC1C2A9200D26C0B113E8F620AM0PR0702MB3746_"
MIME-Version: 1.0
X-OriginatorOrg: nokia-bell-labs.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f0cf9ec6-85d6-4a8d-d487-08d75ec34d2b
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Nov 2019 12:02:00.1306 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: SFoGwN1g/bbnujmgYhGh6YQp/IYhuFGeAkL2BxhtGQWirHGqibanTX4LV8NCVQmrT8sLYmjAJGjh13Z8Ik60BzCPNIL1y/CK7caRFxwsfx4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR0702MB3586
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/kWYhVdUEJ1ztSt7_WUzYdhe-5hI>
Subject: Re: [Rats] Data Attestation (was Re: 3 Use cases)
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2019 12:02:06 -0000

   Use case name:  Data Attestation and Provenance
   Who will use it:    End users (though in a hidden manner)
   Attesting Party:   ?
   Relying Party:    ?
   Attestation type:  Passport or Background Check.... yes
   Claims used:
   Description:

        When data is received from a device, it is not only signed by that device (cf: JWT) but also contains information about the state of the device,. For example, the data structure might be:

    {      data: {     DATA,  QUOTE },   hash(data),  signature(hash(data)  }

Ian


--

Dr. Ian Oliver

Cybersecurity Research

Distinguished Member of Technical Staff

Nokia Bell Labs

+358 50 483 6237

________________________________
From: Michael Richardson
Sent: Monday, 07 October 2019 14:39
To: Oliver, Ian (Nokia - FI/Espoo)
Cc: rats@ietf.org
Subject: Data Attestation (was Re: [Rats] 3 Use cases)


Oliver, Ian (Nokia - FI/Espoo) <ian.oliver@nokia-bell-labs.com> wrote:
    > Data Attestation

    > A piece of data received from a trusted element may itself contain
    > information about the configuration of that device when that data was
    > received. This might be a single measurement or a combination of
    > measurements over time bounded by a session or transacition.

    > In this use case we continue the chain-of-trust up from the device
    > firmware/operating environment to the data. This enables that once a
    > data packet is received, it's integrity can be checked (cf: JWT) and
    > this information also be traced to the device that produced that
    > data. The data and device then can be attested together.

This use case seems similar to the the geographic cases, but also to the FIDO
use cases, where one needs to know the state of the device that took the
biometric reading in order to know if the biometric is useful.

Can I ask you to fill in my template:

   Use case name:
   Who will use it:
   Attesting Party:
   Relying Party:
   Attestation type:  Passport or Background Check
   Claims used:
   Description:

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

v2.23.0 | Report a Bug | By Email