IETF Logo Mail Archive

Re: [Rats] Android attestations: Re: draft-richardson-rats-usecases-00 comments

Carl Wallace <carl@redhoundsoftware.com> Fri, 05 July 2019 19:19 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AC8A120105 for <rats@ietfa.amsl.com>; Fri, 5 Jul 2019 12:19:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nbMy8MCuhPFO for <rats@ietfa.amsl.com>; Fri, 5 Jul 2019 12:19:40 -0700 (PDT)
Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61C551201B3 for <rats@ietf.org>; Fri, 5 Jul 2019 12:19:36 -0700 (PDT)
Received: by mail-qk1-x736.google.com with SMTP id i125so8644280qkd.6 for <rats@ietf.org>; Fri, 05 Jul 2019 12:19:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aV5YA1LcsoM66lITgadGi0A5jPlm4RJ0J986/jlrjFI=; b=SUPFd2AURTvBgDDD0QefGA7+/vhLmAzqiYqkzs8E7vKJZ62sicOEnO+aZNdrJ+aS5G +O/pKvO7J4kFCfP39OC8JsChizaen2ysmYcGLOYUOHI8rjYqW1B4H8Lu/J5PU9abA6Mt Hqni7I596JqfNig8kKiTfkcnvJugbzxZtN+Fg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aV5YA1LcsoM66lITgadGi0A5jPlm4RJ0J986/jlrjFI=; b=fGoa96hKQk+ugFUxBaGaE8icFJmnGwX6dtm329ZeGwQq8xTnK82QJuGMwatFRyoaxQ /JuMky3pGtNxoNBxtvfLmOyDvjOTlx7ZhVzecabPPZrR4Pjl2CRgOkcRS4ro8CS/ljWV CWNf/SZtG/xzsHBwui3CKAE1s4XJMcbPf81FUHqHuy+6NjHqRqnAlr3hcGmj+WUY+NqA uTodwFl4gRk+PTND4qMVB/v2PqanQaxpZAsbn381Hgkumn//Vh1c797Ey9PhvOkXds9u j4YUdRqdn6dax+k/NXoRoUQy7UFGp8BpNQ7NMZcLGn5HS7+TSPSrbXAbKVc34Md8Mcbl Nw8A==
X-Gm-Message-State: APjAAAUwj+ktjNZprwawi82LjvSLoftw92ffGfM3+SRW3oKsIjYftZ9D 1XkMD/rGIfJkasZAuLeVfIF3sQEg9qLtDWbfaUfB3Ewj
X-Google-Smtp-Source: APXvYqyafBLgyV/Us2dvGVwdMtbZaZZ2kU6FOlBk36JFFhFZ+8VMW9+FtTju6emNWsnSPyDv2zDzs7tC8KLJgkb7hfs=
X-Received: by 2002:a37:5d07:: with SMTP id r7mr4358051qkb.4.1562354375450; Fri, 05 Jul 2019 12:19:35 -0700 (PDT)
MIME-Version: 1.0
References: <MW2PR00MB03963ABEB87211AD28A16240A6490@MW2PR00MB0396.namprd00.prod.outlook.com> <12503.1552447661@localhost> <219648D6-188A-429D-A13F-ED6155DE9016@island-resort.com> <14288.1553710783@dooku.sandelman.ca> <4EB6FF13-2DAF-4BDC-AC90-C46720D61AF0@arm.com> <bf003513-209a-7d5f-a9a5-58ade6c23545@gmail.com> <21417.1560911502@dooku.sandelman.ca> <fbc05f84-232b-7ca6-47c1-9b23d73e47ca@gmail.com> <CAFyqnhUkVaYMtjpB9wa4h6hEwd=h3hXHkCr9w8bd8LSXEo0ckA@mail.gmail.com> <D93100A6.E0A23%carl@redhoundsoftware.com> <2294.1562352434@localhost>
In-Reply-To: <2294.1562352434@localhost>
From: Carl Wallace <carl@redhoundsoftware.com>
Date: Fri, 05 Jul 2019 15:19:25 -0400
Message-ID: <CAGNP4BmSwTvyQ7xVPEC=LizDbRfeG9PQsZGfmBuuq6Ewu52-kA@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: "rats@ietf.org" <rats@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008ff7b7058cf3f9ad"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/mRYwxyI0S4Wc8f-Wa1mwQ8TZ5Mw>
Subject: Re: [Rats] Android attestations: Re: draft-richardson-rats-usecases-00 comments
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jul 2019 19:19:54 -0000

inline...

On Fri, Jul 5, 2019 at 2:47 PM Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> Carl Wallace <carl@redhoundsoftware.com> wrote:
>     >> There's a tension here between enabling more use cases and
> maintaining
>     >> increasing the security of existing use cases. We recognize that GP
>     >> and many  others disagree with us on how to balance the issues, and
>     >> that perhaps we're wrong, but we have to respond to the Android
>     >> ecosystem as we see it.
>
>     > Re: more use cases, the ability to encrypt a key attestation in
> TEE/SE
>     > for a specific provisioning end point would be nice to have (to
> conceal
>     > a challenge password while in transit, for example).
>
> You have asked for a specific ability/feature: the ability to encrypt
> a claim using trusted code.  I don't know if that's a symmetric or
> asymmetric encryption.  I don't know who you need to hide the claim from.
> It
> seems that it can't be done by an app.
>

> Can you explain this in terms of the problem that you are trying to solve,
> or the threat you are trying to mitiate rather than a solution?
>
[CW] The problem that motivated the question is establishment of trust in a
public key associated with a specific device (i.e., the device in my hand
not any authentic XYZ device). The suggestion is to use an attestation
encrypted for a given relying party to convey something the relying party
can verify (i.e., a challenge password or TOTP value) along with the key
attestation. This could establish trust more conveniently than more manual
mechanisms like verifying hashes. An app could certainly perform this
function given an attestation but there may be value in performing this
step at a lower level, depending on whether the lower level validated the
key at all (else just doing encryption in the app would be equivalent).


>
> When you say challenge password, I think you mean some kind of nonce
> a relying party might send to the device in order to maintain freshness.
> That also seems like a solution to a problem, the nature of which I'm
> unclear
> about.

[CW] In the solution that motivated the question two TOTP values are used
to establish trust in a device key. The first used to present a fresh key
to a portal, the second used to capture affirmation of a person that the
hash check was performed and the device key is trusted. If the first OTP
was encrypted with an attestation, the second is potentially unnecessary.




> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
>
>
>
>

v2.23.0 | Report a Bug | By Email