IETF Logo Mail Archive

Re: [Teep] Formal verification of TEEP(+SUIT)

Okuda Tetsuya <tetsuya.okuda.ietf@gmail.com> Thu, 09 November 2023 16:15 UTC

Return-Path: <tetsuya.okuda.ietf@gmail.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 865B3C17DC06 for <teep@ietfa.amsl.com>; Thu, 9 Nov 2023 08:15:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v6KWeirY2exJ for <teep@ietfa.amsl.com>; Thu, 9 Nov 2023 08:15:47 -0800 (PST)
Received: from mail-yb1-xb30.google.com (mail-yb1-xb30.google.com [IPv6:2607:f8b0:4864:20::b30]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A488AC19846E for <teep@ietf.org>; Thu, 9 Nov 2023 08:15:06 -0800 (PST)
Received: by mail-yb1-xb30.google.com with SMTP id 3f1490d57ef6-d9ca471cf3aso1102718276.2 for <teep@ietf.org>; Thu, 09 Nov 2023 08:15:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699546506; x=1700151306; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=HwtstqF+Wf48F/sDNlps+O1BJBr/OgKffr7DNK57Sso=; b=Al3zlGJCBmjVyuP4KbLmc0SegPBU7h3SaXK9uNrEkf6xC2nqTYRyg1ClFgbjNlydgp 9PSpSKPfykV/SvP1Z1NX2+BX8tylsBgujRlXYiGU9owMd9i9vXp2bhD8ug1JWTxPp/Ol na4hwp4hzEEKoqWCXIRNx1h4XEDdhkdIzqsMHbjW/bhxQ0j7kV2zKwWqj1zFtcatBmTD hUifXVlUIat/WLVYKchU3n1QChZNtM2VqZnL7iTS6xUaxqEXH6VF+bgwXLSK1GpO2Zo1 E3Izvno3urdPnNM26dqhNTp4Pq9Edmx0ngMZFnGzLGrZcvvVr7CHFKl2qmT0qpSQ04rT 7Nfw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699546506; x=1700151306; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=HwtstqF+Wf48F/sDNlps+O1BJBr/OgKffr7DNK57Sso=; b=gW+hUMIaFnyhEvIo3BtAzc0IJKVwZG5MtPx6hYEXtz0/TY5Qb2NH3/yz7fqAZLaT2U vfpPegoRcUgfADJgaGwT2Yju/PE9nAb8aMaUsa6FTL8l/mHzmLJ1am6IIw0tCuXFJsCb M3LKF8SrANWHdl0FwY33ggZdQTCzCXpdueE1thaL+2WJClTcXOVDHN9De70FP6DFpHqw E0FsgSsF4Zkr6juuJHmsOW1pgAkrlPGfj+QYRNvQtU50GwFj4Qtg3CquFkDPOWe7XVoF b0MAnco+Wisjk+zz00CC+vaSdUS9ZWmHRAFw/SaL5rC1UdAP+zikD3xj98gnFGx8mnVk Cwrg==
X-Gm-Message-State: AOJu0YyhmLhLIJv5y8XZfLxKG8fnXy4eUj+SLL0ABLUbRDNL+eYowk8/ N/+qSEvMfbqfoif+7QbBPR0y0XU4bbEgigy2x9s=
X-Google-Smtp-Source: AGHT+IGRvnlk2JU9p0Qd861FA48J7zup1Oa8ZdsyYo/AcyA3TPFgMmTF2Z5HXIJyTv1Rg6GHaOtDDEmVZTX7F7cArzs=
X-Received: by 2002:a25:cfc4:0:b0:da2:c851:ec0 with SMTP id f187-20020a25cfc4000000b00da2c8510ec0mr5531619ybg.22.1699546505647; Thu, 09 Nov 2023 08:15:05 -0800 (PST)
MIME-Version: 1.0
References: <0757ad82-c3c3-427e-8c83-10e0482ab747@tu-dresden.de>
In-Reply-To: <0757ad82-c3c3-427e-8c83-10e0482ab747@tu-dresden.de>
From: Okuda Tetsuya <tetsuya.okuda.ietf@gmail.com>
Date: Fri, 10 Nov 2023 01:14:54 +0900
Message-ID: <CAN-SQ6aBrVP-49h6_HuOkdshZFduuOH2ekbaG+a0aVbd9G8cjw@mail.gmail.com>
To: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
Cc: teep@ietf.org
Content-Type: multipart/alternative; boundary="000000000000bf9c9e0609ba81ac"
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/Alv-AQ5BS9QTz5gKgcyy5kCUBuc>
Subject: Re: [Teep] Formal verification of TEEP(+SUIT)
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Nov 2023 16:23:00 -0000

Dear Usama,

I'm sorry for bothering you due to the delayed response.
I was so busy this week, so I thought I would revise the description
this weekend.
I have just revised the description on the repository in accordance with
the slides.
I have also clarified the status of this project as training.

Yes, I think I should follow the methodologies as you suggested.
In addition, I reconsider the reachability property at the applied
pi-calculus level,
  even if I have examined carefully at the horn-clause level.
Thank you for offering detailed advice.

Best regards,
Okuda Tetsuya

2023年11月9日(木) 19:08 Muhammad Usama Sardar <
muhammad_usama.sardar@tu-dresden.de>:

> Hi Akira, Okuda, chairs and all,
>
> There are a few reasons for writing this email, including:
>
>    - In a meeting with Hannes, Cory and Okuda during Hackathon on Sunday,
>    I thought we all agreed that the properties are NOT yet verified.
>    - In the TEEP meeting yesterday, I tried to repeat my concern. TEEP
>    meeting notes mention that we were arguing but it does not capture the key
>    technical point of argument.
>
> Despite all above discussions, it somehow bothers me that the repo (
> https://github.com/tetsuya-okuda-hco/public-teep-formal-verif#what-is-verified-here)
> still says:
>
>    - (DONE)
>       - The authentication of TEEPAgent is verified.
>       - The secrecy of encrypted payload is verified.
>
> *My proposed next steps:*
>
> As I briefly mentioned in the GitHub issue (
> https://github.com/tetsuya-okuda-hco/public-teep-formal-verif/issues/1),
> I will suggest to follow a systematic methodology for verification, where
> the first step is to create:
>
>    - an informal protocol description detailing the steps
>       - for inspiration, see this
>       https://github.com/CCC-Attestation/formal-spec-TEE/blob/a836b408c385d2fd3961cc9540ee229fc3c681ca/TDX/TDX.pv#L208-L415
>    - a message sequence diagram mentioning:
>       - which entities are trusted
>       - which channels are secure
>       - what is the pre-knowledge of the entities at the start of the
>       protocol
>       - for inspiration, see this
>          https://github.com/CCC-Attestation/formal-spec-TEE/blob/main/TDX/TDXFlowv10.pdf
>             - Untrusted entities are in red
>             - All channels are labelled secure/insecure
>             - Pre-knowledge of the entities is shown within the boxes at
>             the top
>
> This step is an extremely valuable and crucial step as it provides a way
> to communicate with those who are not familiar with formal verification,
> specially for the designers to understand what you are going to model.
> Often the specification in IETF drafts are too vague that there are several
> revisions in this step. Once the designers agree that informal protocol
> description captures their intent, then you may proceed with the
> verification with ProVerif.
>
> The above step will also help me understand what is the actual value of
> the proposed TEEP protocol (sorry I will not have the time to read 74 pages
> draft until tomorrow). From the ProVerif artifacts, I see that at the
> beginning of the protocol, both the "TAM_process" and "TEEP_Agent_process"
> are already preconfigured with the authentic public keys of each other. Was
> this intentional? If yes, isn't it a trivial verification problem (given
> that you have marked it as DONE) even if we set aside the reachability
> issue?
>
> *My main concern (on properties marked as DONE):*
>
> Regarding "cannot be proved", I will suggest you to have a look at section
> 3.3.1 of the ProVerif manual (
> https://bblanche.gitlabpages.inria.fr/proverif/manual.pdf). Reproducing
> the text here:
>
> RESULT [Query] cannot be proved: This is a “don’t know” answer. ProVerif
> could not prove that the query is true and also could not find an attack
> that proves that the query is false.
>
> Unless we ensure that the "TEEP_Agent_process" is able to decrypt the
> message successfully, it doesn't make much sense to verify the secrecy.
> Hence, you should first prove the reachability just after this line
> https://github.com/tetsuya-okuda-hco/public-teep-formal-verif/blob/0b831378cd71003eee9788e752b740812912a543/TEEP_20231003_13_1.pv#L198.
> Note here that the reachability at Horn clauses level (as you were showing
> in Hackathon) is not enough. The reachability should hold at the applied
> pi-calculus level. See Chapter 2 of ProVerif manual, in particular the
> ending. Reproducing the text here:
>
> *(The authors remark that writing code with unreachable points is a common
> source of errors for new users. Advice on avoiding such pitfalls will be
> presented in Section 4.3.1.)*
>
> So please read Section 4.3.1 and hopefully my concern should be clear to
> you then. Otherwise I am here until tomorrow evening, and will be happy to
> discuss further if there is need.
>
>
> Cheers,
>
> Usama
>
> _______________________________________________
> TEEP mailing list
> TEEP@ietf.org
> https://www.ietf.org/mailman/listinfo/teep
>

v2.23.0 | Report a Bug | By Email