Re: [Teep] My BoF impression
Tero Kivinen <kivinen@iki.fi> Wed, 05 April 2017 12:01 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44A4A124B0A for <teep@ietfa.amsl.com>; Wed, 5 Apr 2017 05:01:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.121
X-Spam-Level:
X-Spam-Status: No, score=-1.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Jsau_AG0a2s for <teep@ietfa.amsl.com>; Wed, 5 Apr 2017 05:01:38 -0700 (PDT)
Received: from mail.kivinen.iki.fi (fireball.acr.fi [83.145.195.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB2231242EA for <teep@ietf.org>; Wed, 5 Apr 2017 05:01:37 -0700 (PDT)
Received: from fireball.acr.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.15.2/8.15.2) with ESMTPS id v35C1UY5029490 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 5 Apr 2017 15:01:30 +0300 (EEST)
Received: (from kivinen@localhost) by fireball.acr.fi (8.15.2/8.14.8/Submit) id v35C1TgU002489; Wed, 5 Apr 2017 15:01:29 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <22756.56473.620993.718007@fireball.acr.fi>
Date: Wed, 05 Apr 2017 15:01:29 +0300
From: Tero Kivinen <kivinen@iki.fi>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: teep <teep@ietf.org>
In-Reply-To: <12099.1491314086@obiwan.sandelman.ca>
References: <HE1PR0802MB2475515770704882F9CFBDBCFA080@HE1PR0802MB2475.eurprd08.prod.outlook.com> <22755.33183.740819.743679@fireball.acr.fi> <12099.1491314086@obiwan.sandelman.ca>
X-Mailer: VM 8.2.0b under 25.1.1 (x86_64--netbsd)
X-Edit-Time: 10 min
X-Total-Time: 10 min
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/XRCGG2Pu_cLRfMBIhVVwsxqxhKQ>
Subject: Re: [Teep] My BoF impression
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Apr 2017 12:01:41 -0000
Michael Richardson writes: > > 3) The Secure trusted application marketplace can then encrypt > > the trusted application with TEE specific key, so that nobody > > else than TEE can decrypt and install it. This will prevent > > leaking out confidential material inside the application. > > Trusted application instlal package might also be personalized > > for the specific TEE. Secure trusted application marketplace > > will also sign the trusted application install package, so TEE > > can verify it is authentic. > > And yet, this can mean that end-user and even app-writers can not > verify what code they are actually running. The end-user and app-writers already both trust the marketplace provided by the operating system and trusts them. I.e. if marketplace owner decides to add malware to each application they send to the customers who would notice that? The connection between the device and markplace is already encrypted, the software which downloads it from the OS marketplace is provided by the OS, and they do verify that you need to log in with your credentials before you can load anything. And marketplace can provide different versions to different users, so developer migth always get clean copy of their own app, but other users could get modified version. Operating system on different devices sometimes already protects apps from each other, and so on. So if you do not trust the device OS, and marketplace provided by the OS, there is nothing you can do. Have you ever tried to verify for example that the application in your iPhone is really same as what was given to the apple app store? Can you even do that in iOS environment? > I think we need to very carefully seperate signed (and auditable) > code from encrypted data. And said encrypted data has to be > non-executable, and the auditable code has to be verified to not > include a Turing machine.... no (encrypted) data driven programming > allowed. That would be another good option. On the other hand, I do think application developers would like to encrypt the executable also in some cases. Perhaps this just means that we would need two containers we are sending from the trusted marketplace to the TEE, one for code and one for data, and data would always be encrypted, but code only if requested by the trusted app itself. -- kivinen@iki.fi
- Re: [Teep] [EXT] Re: My BoF impression Nick Cook
- Re: [Teep] [EXT] Re: My BoF impression Jeremy O'Donoghue
- Re: [Teep] [EXT] Re: My BoF impression Nick Cook
- Re: [Teep] [EXT] Re: My BoF impression Erik Nordmark
- Re: [Teep] [EXT] Re: My BoF impression Nick Cook
- [Teep] My BoF impression Hannes Tschofenig
- Re: [Teep] My BoF impression Michael Richardson
- Re: [Teep] My BoF impression Kathleen Moriarty
- [Teep] My BoF impression Tero Kivinen
- Re: [Teep] My BoF impression Michael Richardson
- Re: [Teep] My BoF impression Jeremy O'Donoghue
- Re: [Teep] My BoF impression Tero Kivinen
- Re: [Teep] My BoF impression Michael Richardson
- Re: [Teep] My BoF impression Michael Richardson
- Re: [Teep] My BoF impression Wheeler, David M
- Re: [Teep] [EXT] Re: My BoF impression Brian Witten