IETF Logo Mail Archive

Re: [Rats] Android attestations: Re: draft-richardson-rats-usecases-00 comments

Anders Rundgren <anders.rundgren.net@gmail.com> Thu, 20 June 2019 15:15 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 243281200DE for <rats@ietfa.amsl.com>; Thu, 20 Jun 2019 08:15:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FUYlaMoNFp_0 for <rats@ietfa.amsl.com>; Thu, 20 Jun 2019 08:15:20 -0700 (PDT)
Received: from mail-wm1-x32a.google.com (mail-wm1-x32a.google.com [IPv6:2a00:1450:4864:20::32a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EB6F1200CE for <rats@ietf.org>; Thu, 20 Jun 2019 08:15:19 -0700 (PDT)
Received: by mail-wm1-x32a.google.com with SMTP id c6so3587166wml.0 for <rats@ietf.org>; Thu, 20 Jun 2019 08:15:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=7FRYBh+5evKYl8jsGacSJItoJxv7LsIXtN0X9qiKEpM=; b=n0JiMdLgQl252Qu0rwOFDLoZp1XI/FKUVUaazZbuPXCaNSrHfJlbCyL0Ar0lI41Dbl pdc8AcV+Dz0HccS+GlYLzUGeTcVuTSiIxosRdO7rGvVPyzX3X/t/oJG5R6m0TZEDgas0 GEI/t8hC7bKkIPiBN8HAFt3mxVePYMAEJ+oW/z232PUEN9c5wCPtwZ2gC/SCooaZrJIC fjYyxHNZZ1alvR/eaJmdOim9CZZ1wCf75DE0euZuglQHCaP/ITuOH/vSAah0ajiOH5ez V3qTHbCjpggszjo9MAn+eZbxD7BQCg57owt3LudmHMtZIxZLbAZkoOJPfbs3WbTFiN9Z 53zA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=7FRYBh+5evKYl8jsGacSJItoJxv7LsIXtN0X9qiKEpM=; b=ZLAeVbMc8SP8djXBO2DRWeRvvfU4Uj7PGRT+qvBJR1t0XsXDMpzx5lP+xr3eW+2m6E 6AgqUrUmBTk5xyaIUgtg+hkg1KuW2CGsVhwhjgLA82OCFcMHS/GjgxDRRdTZaMpP4kJG bSh9QA2Zz/zJas3odRZp0+g8obBVZihNVmnhIsKugn+FgD6o9M9zpw7R2gizw5N7TclX vJBBjxwwcCik4UyiMtdeDxhl9tZkO2aVwU47nKb8YjGlsDB1ziF/KuUb2IZ7LFA7U9fp g63G68YyntnCvTyDj9QNYGQiEvZ5EUV31TR5Y/Nq3ofV7po1xble6XLcHAQXj5y8esBj NmIg==
X-Gm-Message-State: APjAAAVCRlFHK7CbaXAmaiyub9sDM9KpFkVbtqNVQfxb6mKsK35gYQyM GL9mzE6KGO6ZoUwbw7G6iPg=
X-Google-Smtp-Source: APXvYqwqaSmFDJxVBLFySuhRxmtv4xltrm2XL7R8XVye+4/+JvCdlSFynEr57kOblT8nWycDDf+6jA==
X-Received: by 2002:a1c:23c4:: with SMTP id j187mr107238wmj.176.1561043717751; Thu, 20 Jun 2019 08:15:17 -0700 (PDT)
Received: from [192.168.1.79] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id h14sm17827020wrs.66.2019.06.20.08.15.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Jun 2019 08:15:17 -0700 (PDT)
To: Shawn Willden <swillden@google.com>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, "rats@ietf.org" <rats@ietf.org>, Anthony Nadalin <tonynad=40microsoft.com@dmarc.ietf.org>, Thomas Fossati <Thomas.Fossati@arm.com>, Laurence Lundblade <lgl@island-resort.com>
References: <MW2PR00MB03963ABEB87211AD28A16240A6490@MW2PR00MB0396.namprd00.prod.outlook.com> <12503.1552447661@localhost> <219648D6-188A-429D-A13F-ED6155DE9016@island-resort.com> <14288.1553710783@dooku.sandelman.ca> <4EB6FF13-2DAF-4BDC-AC90-C46720D61AF0@arm.com> <bf003513-209a-7d5f-a9a5-58ade6c23545@gmail.com> <21417.1560911502@dooku.sandelman.ca> <fbc05f84-232b-7ca6-47c1-9b23d73e47ca@gmail.com> <CAFyqnhUkVaYMtjpB9wa4h6hEwd=h3hXHkCr9w8bd8LSXEo0ckA@mail.gmail.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <50dc4fad-2a57-0daa-6c13-87557ebb050b@gmail.com>
Date: Thu, 20 Jun 2019 17:15:15 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.1
MIME-Version: 1.0
In-Reply-To: <CAFyqnhUkVaYMtjpB9wa4h6hEwd=h3hXHkCr9w8bd8LSXEo0ckA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/pIdBCBPQJTFf9iZgCyx3UXUcw-g>
Subject: Re: [Rats] Android attestations: Re: draft-richardson-rats-usecases-00 comments
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote Attestation Procedures <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jun 2019 15:15:22 -0000

On 2019-06-20 15:16, Shawn Willden wrote:
> On Wed, Jun 19, 2019 at 8:03 AM Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
> 
>     On 2019-06-19 04:31, Michael Richardson wrote:
>      >
>      > Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>      >      > Here you have another link:
>      >      > https://developer.android.com/training/articles/security-key-attestation
>      >
>      >      > As an application developer I find this scheme and the associated
>      >      > "AndroidKeyStore" quite impractical.  The recent addition of
>      >      > "StrongBox" makes it worse.
>      >
>      > Interesting. What is it that you find that you can not do?
> 
>     A mechanism that only attests keys cannot (securely) be used for provisioning anything but keys.
> 
> 
> What else do you wish to provision? Anything other than TAs (addressed below)?

Most of all I wanted to provision "stuff" in an *atomic fashion* which was the initial motive for the session based attestation scheme.
In my particular case "stuff" also includes various key meta data like payment credential images.

And how does the addition of StrongBox make keystore worse?

I don't have much data on StrongBox so maybe I was out of line there, but the idea I had was that keys would not be stored in secure silicon, but rather encrypted in the TEE or RE environment.  In that case StrongBox would be a crypto processor with embedded keys which also would be used for provisioning/attestation:
https://github.com/ietf-teep/architecture/issues/52#issuecomment-486929941

Anders

> 
>      >      > With a two-level TEE/SE session-key based scheme you only need to
>      >      > attest the session permitting you to perform any number of secure
>      >      > operations and close the session with a "commit" which in turn responds
>      >      > with a (session signed) message to the SP that everything went right.
>      >
>      > Or is this what you wish you had?
> 
>     In the absence of installable TA support, I have implemented this in Android as a SW emulator [1]. It is a part of the Saturn [3] payment authorization system I'm working on.
> 
> 
> The Android platform security team considers this an anti-goal.  We're very concerned that the scope of functionality being installed in TEEs is exploding to a degree that the TEEs are becoming less trustworthy, not more (and they haven't been particularly good).  Not only do we not want to enable field-installation of TAs, we'd like to constrain factory/OTA installation to smaller sets (some devices ship with upwards of 40 TAs today), though our ability to do that is very limited.
> 
> There's a tension here between enabling more use cases and maintaining / increasing the security of existing use cases. We recognize that GP and many others disagree with us on how to balance the issues, and that perhaps we're wrong, but we have to respond to the Android ecosystem as we see it.
> 
>     As I have tried to describe [2], this concept also relieves you from (IMO) unwanted/unnecessary dependencies on provisioning protocol formats. 
> 
> 
>     Anders
>     1] https://github.com/cyberphone/webpkisuite-4-android/blob/master/app/src/main/java/org/webpki/mobile/android/sks/AndroidSKSImplementation.java
>     2] https://github.com/ietf-teep/architecture/issues/52
>     3] https://cyberphone.github.io/doc/two-visions-4-mobile-payments.pdf
> 
> -- 
> Shawn Willden | Staff Software Engineer |swillden@google.com <mailto:swillden@google.com> | 720-924-6645

v2.23.0 | Report a Bug | By Email