[Rats] Debugging remote attestation with a phone
Kerneis Gabriel <Gabriel.Kerneis@ssi.gouv.fr> Tue, 01 February 2022 13:17 UTC
Return-Path: <Gabriel.Kerneis@ssi.gouv.fr>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 076FF3A0BE0 for <rats@ietfa.amsl.com>; Tue, 1 Feb 2022 05:17:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.675
X-Spam-Level:
X-Spam-Status: No, score=-2.675 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ssi.gouv.fr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id thLYG3XiKv7l for <rats@ietfa.amsl.com>; Tue, 1 Feb 2022 05:17:53 -0800 (PST)
Received: from smtp-out-1a.sgdsn.gouv.fr (smtp-out-1b.sgdsn.gouv.fr [143.126.255.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1947D3A0BDD for <rats@ietf.org>; Tue, 1 Feb 2022 05:17:48 -0800 (PST)
Received: from smtp-out.ssi.gouv.fr (localhost [127.0.0.1]) by smtp-out.ssi.gouv.fr (Postfix) with ESMTP id 6CA78D0009B for <rats@ietf.org>; Tue, 1 Feb 2022 14:17:24 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ssi.gouv.fr; s=20160407; t=1643721444; bh=esv8Sa8wfemZ2Sa8asXQsxeGzPvQOZsgDqHJZiJ3cYg=; h=From:To:Subject:Date:From:Subject; b=ojrzAeQVxxJctz1pwMJPcq0zPz4nBlVvZPIspizvNTh0cxyG7dL99liKlo5ujX+i5 hoDvu6xDYnyLhJhtjYP770GWDDdnT/7Hc0IwuZpEmKZxYxLjPRGXc00N1NXdymSwQB 0MXUjt2BuEdT8O/spwS9sl+KO5Gz76rslHnWoUk1LQcqgzQahgmS09FW7tfFKcL+Dh CaUkibUV45+zmOpBl5a3/a5U/+YPxAAIOMc8YkJQmcfb6S5IlvnpcdWu6M1Tw3sfMa nAiycwOckycClo8g8P6nzoBPspEDGr5KTF1Gz33pAKjDHw//Vf4gr985+xsrP2913O pU/qqtdHoce3w==
From: Kerneis Gabriel <Gabriel.Kerneis@ssi.gouv.fr>
To: rats <rats@ietf.org>
Thread-Topic: Debugging remote attestation with a phone
Thread-Index: AQHYF2u1Oj3HfEFT1U63fzcZKswU3g==
Date: Tue, 01 Feb 2022 13:17:23 +0000
Message-ID: <1643721443531.80249@ssi.gouv.fr>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
Content-Type: multipart/alternative; boundary="_000_164372144353180249ssigouvfr_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/s9ET1BZSQGSc1kUkK0oCcKQRioM>
Subject: [Rats] Debugging remote attestation with a phone
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Feb 2022 13:17:59 -0000
Dear all, TL;DR: looking for feedback and advice implementing TPM remote attestation over bluetooth; offering to attempt independent implementation of relevant RFC drafts as a way to contribute to this WG's interests. I have followed this group for a couple months now, but didn't introduce myself before. I am a security researcher at ANSSI<http://ssi.gouv.fr>, the French cybersecurity agency, working on firmware (and related OS) security. Starting in a couple of weeks, we'll be hosting an intern for 6 months with the aim of implementing a phone application acting as a remote attestation server over Bluetooth. We envision it as a user-friendly, versatile tool to help debugging secure/measured boot issues as well as (potentially) a second-factor delivering secrets to the laptop. I wrote a blog post to summarise my understanding of the state-of-the-art, including how it relates to RATS (that I was just discovering at the time): TPM remote attestation over Bluetooth<https://gabriel.kerneis.info/2021/11/local_attestation/>. We consider implementing the CoAP protocol described in ?appendix A of RIM<https://datatracker.ietf.org/doc/html/draft-ietf-rats-reference-interaction-models#appendix-A>, but could go in other directions (eg. the attestation protocol used by safeboot.net<http://safeboot.net>). The topic is broad and our goal is to end up with a tool useful to practitioners. If you have any advice or feedback, if you want us to try and interoperate with one of your tools: please let us know, either on this list or privately. Best regards, -- Gabriel Kerneis Les données à caractère personnel recueillies et traitées dans le cadre de cet échange, le sont à seule fin d'exécution d'une relation professionnelle et s'opèrent dans cette seule finalité et pour la durée nécessaire à cette relation. Si vous souhaitez faire usage de vos droits de consultation, de rectification et de suppression de vos données, veuillez contacter contact.rgpd@sgdsn.gouv.fr. Si vous avez reçu ce message par erreur, nous vous remercions d'en informer l'expéditeur et de détruire le message. The personal data collected and processed during this exchange aims solely at completing a business relationship and is limited to the necessary duration of that relationship. If you wish to use your rights of consultation, rectification and deletion of your data, please contact: contact.rgpd@sgdsn.gouv.fr. If you have received this message in error, we thank you for informing the sender and destroying the message.
- [Rats] Debugging remote attestation with a phone Kerneis Gabriel
- Re: [Rats] Debugging remote attestation with a ph… Michael Eckel