IETF Logo Mail Archive

[Teep] Charter strawman proposal

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 28 March 2017 18:44 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C44412941C for <teep@ietfa.amsl.com>; Tue, 28 Mar 2017 11:44:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.698
X-Spam-Level:
X-Spam-Status: No, score=-4.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.796, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YSH0T4Ipamkg for <teep@ietfa.amsl.com>; Tue, 28 Mar 2017 11:44:08 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-eopbgr00072.outbound.protection.outlook.com [40.107.0.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2E1212943B for <teep@ietf.org>; Tue, 28 Mar 2017 11:44:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=MEWNJ4wZEVl0GQ+bKBDAlYp9LVuOt7JBQF8xQErG55k=; b=Xb0TXokGTGvUt7Qz3h7BSfHFtp1p7RONbjKYvkb4hwKO2qlGQ10xTcFc8CZ+jbrYqJetj4tZrnIxrvB2s3HdCEfglQOAjzeW3zDyfrSuswTgWJ71nGguL1kMTfpi8RMCjVaESM/ZWNYkfmk55Ny5IjPe2dDfiUBX3wYA2WZdBp8=
Received: from HE1PR0802MB2475.eurprd08.prod.outlook.com (10.175.34.148) by HE1PR0802MB2473.eurprd08.prod.outlook.com (10.175.34.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.991.14; Tue, 28 Mar 2017 18:44:02 +0000
Received: from HE1PR0802MB2475.eurprd08.prod.outlook.com ([10.175.34.148]) by HE1PR0802MB2475.eurprd08.prod.outlook.com ([10.175.34.148]) with mapi id 15.01.0991.018; Tue, 28 Mar 2017 18:44:03 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "teep@ietf.org" <teep@ietf.org>
Thread-Topic: Charter strawman proposal
Thread-Index: AdKn8psj9vu4dTTCT0CCPMegyCEPAA==
Date: Tue, 28 Mar 2017 18:44:02 +0000
Message-ID: <HE1PR0802MB2475D750A62DFFAB28F1768CFA320@HE1PR0802MB2475.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=arm.com;
x-originating-ip: [31.133.136.32]
x-microsoft-exchange-diagnostics: 1; HE1PR0802MB2473; 7:zDmF0LQMV8PoJ/GLnbm/T0ud1ti3Ryf4lebErmYXjrvkNFH0A2Swbo4noR3vDlShuT9Ogay/ZcZN41E4G5iqgpPkChZcOCXw9FxAwokxEjm9e4vjnQhmQbvw+EXebV/CC6zw9Wm4DPareNBnM2/EIZba1RMUlD3L8ba2UmxOZDQU9esQAFe4ErEopFNTsvcEIeijnSDlo1CCB3/2vI8pqPGdnKrWvY0XjlJQTPSykfZR4HKXXpP1K2GevtDpWpt7hiROYAGOWM3QQuFDIKBhjzK/p7cAkYPQn2f5L0YCmbnzELPmiIwliHbi5obCB4OiIwOhRgFNzgV2PoHbPhFkcQ==
x-ms-office365-filtering-correlation-id: b27ebe2a-1f60-4cb7-b209-08d4760a67e5
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(48565401081)(201703131423064)(201703031133070)(201702281549064); SRVR:HE1PR0802MB2473;
x-microsoft-antispam-prvs: <HE1PR0802MB2473B0145F96C2880C7EA4C5FA320@HE1PR0802MB2473.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(278428928389397)(192374486261705)(17755550239193);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040439)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(6041248)(201703131423064)(201702281528064)(201703061421064)(201703061406064)(20161123560025)(20161123558025)(20161123564025)(20161123562025)(20161123555025)(6072148); SRVR:HE1PR0802MB2473; BCL:0; PCL:0; RULEID:; SRVR:HE1PR0802MB2473;
x-forefront-prvs: 0260457E99
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39450400003)(39400400002)(39850400002)(39410400002)(39840400002)(53754006)(6306002)(6506006)(3480700004)(110136004)(6436002)(77096006)(2900100001)(66066001)(1730700003)(99286003)(5640700003)(8676002)(55016002)(38730400002)(25786009)(81166006)(54356999)(122556002)(86362001)(53936002)(2906002)(50986999)(9686003)(3846002)(3660700001)(305945005)(2351001)(7696004)(33656002)(7736002)(5890100001)(8936002)(74316002)(2501003)(3280700002)(189998001)(102836003)(7116003)(6116002)(5660300001)(6916009); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR0802MB2473; H:HE1PR0802MB2475.eurprd08.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Mar 2017 18:44:02.5154 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0802MB2473
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/2IsYC6Bl_ZoyNrKzEU8QS9e1dOQ>
Subject: [Teep] Charter strawman proposal
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Mar 2017 18:44:15 -0000

Hi all,

I thought I should put a first draft for the agenda together.

In a nutshell I described the scope of the work without going too far into the details. Then, I particularly point out the desire to support different flavours of TEEs and to focus on a public key-based solution only. Then, I go on describing the two main milestones, namely an architecture document and the actual protocol document. Finally, I believe it is important to mention that we will maintain a close relationship with GlobalPlatform.

The milestones list the expected adoption dates, the dates for submission of publication of these documents to the IESG, and also the plan to participate in Hackathons and to do an interop event.

What do others think?

Ciao
Hannes

--------

TEEP -- A Protocol for Dynamic Trusted Execution Environment Enablement Charter

The Trusted Execution Environment (TEE) is a secure area of the main processor. The TEE, as an isolated execution environment, provides security features, such as isolated execution, integrity of Trusted Applications along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security than a "rich" operating system and more functionality than a secure element. Implementations of the TEE concept have been developed by ARM, and Intel using the TrustZone and the SGX technology, respectively.

To programmatically install, update, and delete applications running in the TEE requires a protocol that runs between a client implementation running inside the TEE, a relay application on the rich operating system and a server-side infrastructure maintaining the applications. Since such management tasks are security sensitive where the server side requires information about the device capabilities (in form of attestation), the client-side demands server-side authentication, and privacy considerations have to be taken into account.

This working group aims to develop an application layer protocol providing TEEs with the following functionality,
 * management of trusted applications,
 * attestation, and
 * security domain management (which provides a logical space that contains the service provider's applications).

The solution approach must take a wide range of TEE technologies into account and will focus on the use of public key cryptography.

The group will produce the following deliverables. First, an architecture document describing the involved entities, their relationships, assumptions, the keying framework and relevant use cases. Second, a solution document that describes the above-described functionality. The use of the best possible encoding format will be decided in the working group. The group may document several attestation technologies considering the different hardware capabilities, performance, privacy and operational properties.

The group will maintain a close relationship with the GlobalPlatform to ensure proper use of existing TEE-relevant application layer interfaces and other abstractions used by GlobalPlatform-compliant TEE devices.

Milestones

Aug 2017     Submit "TEEP Architecture" document as WG item.

Oct 2017     Submit "TEEP Protocol" document as WG item.

Nov 2017     Participation in the IETF #100 Hackathon to work on the TEEP Protocol.

Dec 2017     Submit "TEEP Architecture" to the IESG for publication as an Informational RFC.

Mar 2017     Organization of an interoperability event at IETF #101.

Apr 2017     Submit "TEEP Protocol" to the IESG for publication as a Proposed Standard.

[1] Wikipedia, 'Trusted execution environment', URL: https://en.wikipedia.org/wiki/Trusted_execution_environment (March 2017).
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email