IETF Logo Mail Archive

Re: [Rats] watchdog use case ... RE: Use cases in draft-ietf-rats-architecture-04

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 17 June 2020 12:17 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B03B83A0A4D for <rats@ietfa.amsl.com>; Wed, 17 Jun 2020 05:17:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=3U2qAt8i; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=3U2qAt8i
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OoEjDFdKTR_1 for <rats@ietfa.amsl.com>; Wed, 17 Jun 2020 05:17:11 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150085.outbound.protection.outlook.com [40.107.15.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14EDD3A0A47 for <rats@ietf.org>; Wed, 17 Jun 2020 05:17:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ewFksbx0QR3E4vsphrw0D+1U9hoN9Q3pLzF1jJAMCZA=; b=3U2qAt8ioCLS93tWfPmmb4W8UyXlcEhXXRAMor6nUGnoOsrFzCUMrSWdNyAHjS32H0eONerBeTBO70lGpXXJsksWRd2YVArdINigvZRudijnxhqG0DQ9ztzaHNwfpGUPB4cu/3X1Bq+BF/7YtYsZ1ElC41FpsE7geIXy5QhKW1k=
Received: from MR2P264CA0102.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:33::18) by AM0PR08MB5188.eurprd08.prod.outlook.com (2603:10a6:208:165::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.21; Wed, 17 Jun 2020 12:17:08 +0000
Received: from VE1EUR03FT016.eop-EUR03.prod.protection.outlook.com (2603:10a6:500:33:cafe::86) by MR2P264CA0102.outlook.office365.com (2603:10a6:500:33::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.21 via Frontend Transport; Wed, 17 Jun 2020 12:17:08 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; ietf.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;ietf.org; dmarc=bestguesspass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT016.mail.protection.outlook.com (10.152.18.115) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22 via Frontend Transport; Wed, 17 Jun 2020 12:17:07 +0000
Received: ("Tessian outbound 830790f176a8:v59"); Wed, 17 Jun 2020 12:17:07 +0000
X-CR-MTA-TID: 64aa7808
Received: from 0adebdd1e55a.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 56E05FD9-97F1-4F82-A957-65EA31E4B295.1; Wed, 17 Jun 2020 12:17:02 +0000
Received: from EUR05-AM6-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 0adebdd1e55a.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 17 Jun 2020 12:17:02 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DXMBxl74hqzdGDnT9gOPHZIJH9u4wVGSFc5SB9eXPGJk2CZ4UFgvQHiWV3tr2TzPNjn+dUyrv0mUUcwdo6uMTVf0RnzlR61ekyriIXWsvrltE+yqhSc9iIbpIfPanVSPC/TjpF0LYlp+LT8J6V0mxNc8XmYQ/TDiZ6gOGIx6gkEX7N7aNgelsgjoW1exUvZSePP9rDGoItqP33wudeC3T0y+QUECT/LVzEFxf6CthhT+YOXnKp4rkfSKzyf7k9OnTTrTBA8SDNxSbPmDXQp8SpuMhBcmf2U/qpcoxx2mf6QCeX47kmObhhMo5ORMQEYm8lrvXuxh6wvWV8IhQWEe4Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ewFksbx0QR3E4vsphrw0D+1U9hoN9Q3pLzF1jJAMCZA=; b=XUuILYoeN0u6CgytRDAF2FRMiFUQRxmpjOsmKkWkxPI2fBuEnm1FQ53wlgmUzraovn84XxcGPbe79lxCIHdsnsS9qXwqGLOntjsd+nKrb8WkH8NAAUpMKF6DK0VUtj3iF+WmcB7H9FhqdKo7kZBG4AHbwo2X3R99RQbOhHBcs3L+Dzu8CW+Mnm1v02ydeYV5DLABsfE28nhJVNUlaM2l68AQS8wDVSQjo7EfdZFhe6he/Dzq1Rs5r6u+yeyOQvv6nhNeHO1i7iKb7p/CuwKIIntygDVc9bC5X+pSTw9jfXjnaj1iRATHp9BV2MG0E/MS8IBklwDehuGNtdSQ8amWvA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ewFksbx0QR3E4vsphrw0D+1U9hoN9Q3pLzF1jJAMCZA=; b=3U2qAt8ioCLS93tWfPmmb4W8UyXlcEhXXRAMor6nUGnoOsrFzCUMrSWdNyAHjS32H0eONerBeTBO70lGpXXJsksWRd2YVArdINigvZRudijnxhqG0DQ9ztzaHNwfpGUPB4cu/3X1Bq+BF/7YtYsZ1ElC41FpsE7geIXy5QhKW1k=
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com (2603:10a6:208:106::13) by AM0PR08MB3169.eurprd08.prod.outlook.com (2603:10a6:208:59::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.22; Wed, 17 Jun 2020 12:17:01 +0000
Received: from AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae]) by AM0PR08MB3716.eurprd08.prod.outlook.com ([fe80::39f5:e4d9:51ff:eae%7]) with mapi id 15.20.3109.021; Wed, 17 Jun 2020 12:17:01 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: "Oliver, Ian (Nokia - FI/Espoo)" <ian.oliver@nokia-bell-labs.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: watchdog use case ... RE: [Rats] Use cases in draft-ietf-rats-architecture-04
Thread-Index: AdZDxzg1dMUxu36vSHG7cRcC1apYowAVD54AACALsPA=
Date: Wed, 17 Jun 2020 12:17:00 +0000
Message-ID: <AM0PR08MB3716F8C518E0CDF43FA23D40FA9A0@AM0PR08MB3716.eurprd08.prod.outlook.com>
References: <AM0PR08MB3716A2C59320D3FB8D403FADFA9D0@AM0PR08MB3716.eurprd08.prod.outlook.com> <12088.1592338780@localhost>
In-Reply-To: <12088.1592338780@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: 4953195f-630d-4f44-b9ff-b5de390f35b4.1
x-checkrecipientchecked: true
Authentication-Results-Original: sandelman.ca; dkim=none (message not signed) header.d=none; sandelman.ca; dmarc=none action=none header.from=arm.com;
x-originating-ip: [80.92.122.58]
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-HT: Tenant
X-MS-Office365-Filtering-Correlation-Id: 8b384341-0488-44e6-1d3f-08d812b85abc
x-ms-traffictypediagnostic: AM0PR08MB3169:|AM0PR08MB5188:
X-Microsoft-Antispam-PRVS: <AM0PR08MB518811454CD5DC02923A4794FA9A0@AM0PR08MB5188.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:9508;OLM:10000;
x-forefront-prvs: 04371797A5
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: Qe7aEV7ramHub//w3WRGwqrEErIjujjj/OSP9QOCpnXT97BaBp3U+CjOQ1ppEboEVudR/adubL032Omw6ME2NbcRQDwX5T9uPIU+nqrEGbRS3M5a99YpmdpBh0H0QSxZDyzlMwiDuWHxfQpon+y7rKWUwt/x/oAAw+mEzC8h6AGUYhAeYqPO71kUd8JYTcWkG0+G1dIXCbuRqC0Aq8wr+gHw+RoI+BLA4DNmKskUKbs+vMscTZseu+N9XMg7DgHwoxz3BHROjCgg9FpBAlq9J9ewXmBddZB8UFN4GakYUMej+9AIZwpNB1mr3nMt/HQGmves5NJOxSkRO6TDmzrucA==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR08MB3716.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(346002)(136003)(366004)(39860400002)(376002)(5660300002)(316002)(52536014)(26005)(6506007)(83380400001)(2906002)(53546011)(478600001)(86362001)(8936002)(33656002)(66446008)(66946007)(7696005)(66574015)(186003)(76116006)(4326008)(71200400001)(55016002)(54906003)(66476007)(9686003)(66556008)(8676002)(64756008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 98rcwzXSmvd5hbRluHjQZpOX0RPAgiWS1gpY8SrNPY5wwqXk2jLrgG4LufusT6P749Wa1zaMHp8b8gj6SYZZr+On9W5XIVG0jvcGq3du1gv2hmAe6x1sfdi3+ZLDj8yvUxTfpKdF7AzZ/e37A8ThfqyNc4Sh0PbzwuMqyxGhhBoPDBtMNW9G1ezT4hvlOShrvn4FjUADwPL++W3ksuphNXIkHlYvZctBant2lEcJUEMN5F1bnHb4wZEM1jeSmBgIdjGZw9/etDRE9jvAqVfPwY8ZmfcY7dzaSX8onDtCnvsxtcQVCLEIvRuUpaydf9NWmot1WeCHIo1yOSUqinSr744Sj+hlrCYwmK/P7L7uvTGCY2iRtEE/3fA9UXqGaLMS9Pz2XUfKDqMttz6XbR+ratY4h9ELb9NHUbMGTf9aSIc8ueFlWA5PC9bGgyfMlN1bAyu0whjCN+/5Yai+dnstAoi70inJkA02r8r818iIAoY=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3169
Original-Authentication-Results: sandelman.ca; dkim=none (message not signed) header.d=none; sandelman.ca; dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT016.eop-EUR03.prod.protection.outlook.com
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(396003)(136003)(346002)(39860400002)(376002)(46966005)(33656002)(7696005)(8936002)(8676002)(83380400001)(54906003)(6862004)(86362001)(478600001)(4326008)(55016002)(316002)(52536014)(186003)(26005)(5660300002)(6506007)(356005)(81166007)(47076004)(53546011)(336012)(70586007)(70206006)(82740400003)(66574015)(9686003)(82310400002)(36906005)(2906002); DIR:OUT; SFP:1101;
X-MS-Office365-Filtering-Correlation-Id-Prvs: a94ebb9f-05d0-46dd-f481-08d812b856c3
X-Forefront-PRVS: 04371797A5
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: wfzMCorokGxhRGjDm27HMvSQycn8G7j4YVqLJqFXFO1ztkA6V2HJkfTGbQjUqqi11hEX76tcpX87k9XFfWmAO5sjOtEWhZtDBgHIpenWuiswGyYn0R4gECmu7Liqry7yH4d63gdk6a6Ea9QmOCBmYgoUr6d9d8q7FsHBPXZywuOcrY7jxlOS7O1Dh9dkCM7UPyxK1b95xscgg8zK0E72Lr8MfWRzJFJAReRGV+Po+X/A0U/uH+qluqZQ6bNmW3Fk11IQf/DOxd7h8PyyRS6rQhr4DUlCeDTSlFkmuToT1/B+keVV5L+6XYKj5MySQRKB+uO2q9pbeh2EhBHiRgK28yQ2meGD9lyddduVqJmQTmaMlTu/cuoiZxN8rM14aWmJLrXaZeDasrp/hcPHK9L6sg==
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jun 2020 12:17:07.7325 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 8b384341-0488-44e6-1d3f-08d812b85abc
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB5188
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/k1j_WozTAFrLB8S47fB4Vija_KY>
Subject: Re: [Rats] watchdog use case ... RE: Use cases in draft-ietf-rats-architecture-04
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2020 12:17:14 -0000

Hi Michael,

thanks for the reference to the TCG "Authenticated Countdown Timer" spec. I have not seen that spec before.

It says:

"
A typical example for the use of an ACT is as a watchdog timer that will cause a platform reset when the timer reaches
zero (expires). In a system using an ACT, a periodic platform action outside the TPM indicates that the timeout should
be set anew using TPM2_ACT_SetTimeout(). The most common reason why timeout is not set anew is that the local
system is not behaving properly because of some type of corruption (either inadvertent or malicious). The intent of
the timer is that, in the absence of a properly authorized timeout extension, the platform would be reset, putting it back
into a known state with the expectation that the corruption can be removed.
"

Thanks for the description of a possible message flow. This makes much more sense to me now.

In fact, we have the building blocks to get this working already when you combine the EAT token (for the attestation), the CWT for authorization (as mentioned in the TPM spec above), and SUIT (for the update of the software that is needed to fix the system). When we look at TEEP then we actually see these building blocks combined to get this use case working via a standardized protocol.

Now I am excited about this and maybe someone in the RATS/TEEP group wants to prototype it.

Ciao
Hannes

-----Original Message-----
From: Michael Richardson <mcr+ietf@sandelman.ca>
Sent: Tuesday, June 16, 2020 10:20 PM
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: Oliver, Ian (Nokia - FI/Espoo) <ian.oliver@nokia-bell-labs.com>; rats@ietf.org
Subject: Re: watchdog use case ... RE: [Rats] Use cases in draft-ietf-rats-architecture-04


Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote:
    > Could the authors of the use case explain the watchdog use case a bit
    > more?

Sure.
Dave's reference to the TCG "Authenticated Countdown Timer" is rather detailed, but perhaps misses the forest for the trees.
Perhaps I can be a bit more concise.
Ian, please let us know if this describes your situation as well.

    > I do not understand how this is supposed to work. How is the device
    > allowed to reboot when it sends attestation information to a remote
    > server?

There are usual three parties: Attester, Verifier, Relying Party.

The Attester (secure enclave/TPM/etc.) collects Evidence as to health and sends this to a remote Verifier.

The Verify creates an Attestation Result as normal.

But, in the case, the Relying Party is the Watch Dog timer in the TPM/secure enclave itself.  So the Attestation Results are returned to the PC, and provided to the enclave.

If the watch dog does not receive regular, and fresh, Attestation Results as to the systems' health, then it forces a reboot.

    > If malware prevents the device from rebooting, as the text indicates,
    > why doesn't that malware also prevent the interaction with the
    > attestation server (for example, pretending that network connectivity
    > is down)?

The arrangement is that of a deadman's switch: if the malware were to prevent the communication, then the watch dog would go off.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -= IPv6 IoT consulting =-
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email