[Teep] Formal verification of TEEP(+SUIT)
Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de> Thu, 09 November 2023 10:08 UTC
Return-Path: <muhammad_usama.sardar@tu-dresden.de>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E56BAC14CF1D for <teep@ietfa.amsl.com>; Thu, 9 Nov 2023 02:08:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.406
X-Spam-Level:
X-Spam-Status: No, score=-4.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=tu-dresden.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B5K9fYGN2BnF for <teep@ietfa.amsl.com>; Thu, 9 Nov 2023 02:08:31 -0800 (PST)
Received: from mailout4.zih.tu-dresden.de (mailout4.zih.tu-dresden.de [141.30.67.75]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D210AC14CE45 for <teep@ietf.org>; Thu, 9 Nov 2023 02:08:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tu-dresden.de; s=dkim2022; h=To:Subject:From:MIME-Version:Date:Message-ID: Content-Type:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=QezESSQZ8hZtJ9Dw/yWxHVQuwy173h7GzrTEqqnjwlE=; b=xtUAKesJl2qBgaOOT6UYvzAGJq wDXxuMyYIQHWZBXwWTClx8+ChLdEFTnq3tSWZrYw2v5OMnkllnSm9Km/Y0R9neHQfvRy1YKQDHols 2fuC9wbOlDr1hTm0EXvb+h2fsqgXAFqhH053jkRRIFb/PnbDk0IwSZGDBQeRjpJKXpe7bIED5iyST GghB7Y/xbJshNzcwC7/5ljVo3jArMpSj2wppa7yspN+dSPCTPrE/xo6AqZTsGQRzSNnYEm0T4aY36 upAJLIBzKrgRJnZUGaARX+SQCt15B1zBb+ExUfUn7oyALRNKQRpO/ZxGyyxc7qnabWabCRa85tIox 5aR45m4w==;
Received: from [172.26.35.114] (helo=msx.tu-dresden.de) by mailout4.zih.tu-dresden.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <muhammad_usama.sardar@tu-dresden.de>) id 1r11xc-004N9C-Dt for teep@ietf.org; Thu, 09 Nov 2023 11:08:28 +0100
Received: from [192.168.13.71] (77.240.96.213) by MSX-T314.msx.ad.zih.tu-dresden.de (172.26.35.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.34; Thu, 9 Nov 2023 11:08:23 +0100
Content-Type: multipart/alternative; boundary="------------JSm0WxQk00ZYoSigd0e7qWGV"
Message-ID: <0757ad82-c3c3-427e-8c83-10e0482ab747@tu-dresden.de>
Date: Thu, 09 Nov 2023 11:08:22 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
From: Muhammad Usama Sardar <muhammad_usama.sardar@tu-dresden.de>
To: teep@ietf.org
X-ClientProxiedBy: MSX-L311.msx.ad.zih.tu-dresden.de (172.26.34.111) To MSX-T314.msx.ad.zih.tu-dresden.de (172.26.35.114)
X-TUD-Virus-Scanned: mailout4.zih.tu-dresden.de
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/YIVEhsYj4A-B1SXJADeTihpR4s8>
Subject: [Teep] Formal verification of TEEP(+SUIT)
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Nov 2023 10:08:36 -0000
Hi Akira, Okuda, chairs and all,
There are a few reasons for writing this email, including:
* In a meeting with Hannes, Cory and Okuda during Hackathon on Sunday,
I thought we all agreed that the properties are NOT yet verified.
* In the TEEP meeting yesterday, I tried to repeat my concern. TEEP
meeting notes mention that we were arguing but it does not capture
the key technical point of argument.
Despite all above discussions, it somehow bothers me that the repo
(https://github.com/tetsuya-okuda-hco/public-teep-formal-verif#what-is-verified-here)
still says:
* (DONE)
o The authentication of TEEPAgent is verified.
o The secrecy of encrypted payload is verified.
*/My proposed next steps/:*
As I briefly mentioned in the GitHub issue
(https://github.com/tetsuya-okuda-hco/public-teep-formal-verif/issues/1),
I will suggest to follow a systematic methodology for verification,
where the first step is to create:
* an informal protocol description detailing the steps
o for inspiration, see this
https://github.com/CCC-Attestation/formal-spec-TEE/blob/a836b408c385d2fd3961cc9540ee229fc3c681ca/TDX/TDX.pv#L208-L415
* a message sequence diagram mentioning:
o which entities are trusted
o which channels are secure
o what is the pre-knowledge of the entities at the start of the
protocol
+ for inspiration, see this
https://github.com/CCC-Attestation/formal-spec-TEE/blob/main/TDX/TDXFlowv10.pdf
# Untrusted entities are in red
# All channels are labelled secure/insecure
# Pre-knowledge of the entities is shown within the boxes
at the top
This step is an extremely valuable and crucial step as it provides a way
to communicate with those who are not familiar with formal verification,
specially for the designers to understand what you are going to model.
Often the specification in IETF drafts are too vague that there are
several revisions in this step. Once the designers agree that informal
protocol description captures their intent, then you may proceed with
the verification with ProVerif.
The above step will also help me understand what is the actual value of
the proposed TEEP protocol (sorry I will not have the time to read 74
pages draft until tomorrow). From the ProVerif artifacts, I see that at
the beginning of the protocol, both the "TAM_process" and
"TEEP_Agent_process" are already preconfigured with the authentic public
keys of each other. Was this intentional? If yes, isn't it a trivial
verification problem (given that you have marked it as DONE) even if we
set aside the reachability issue?
*/My main concern/ (on properties marked as DONE):*
Regarding "cannot be proved", I will suggest you to have a look at
section 3.3.1 of the ProVerif manual
(https://bblanche.gitlabpages.inria.fr/proverif/manual.pdf). Reproducing
the text here:
RESULT [Query] cannot be proved: This is a “don’t know” answer.
ProVerif could not prove that the query is true and also could not
find an attack that proves that the query is false.
Unless we ensure that the "TEEP_Agent_process" is able to decrypt the
message successfully, it doesn't make much sense to verify the secrecy.
Hence, you should first prove the reachability just after this line
https://github.com/tetsuya-okuda-hco/public-teep-formal-verif/blob/0b831378cd71003eee9788e752b740812912a543/TEEP_20231003_13_1.pv#L198.
Note here that the reachability at Horn clauses level (as you were
showing in Hackathon) is not enough. The reachability should hold at the
applied pi-calculus level. See Chapter 2 of ProVerif manual, in
particular the ending. Reproducing the text here:
*(The authors remark that writing code with unreachable points is a
common source of errors for new users. Advice on avoiding such
pitfalls will be presented in Section 4.3.1.)*
So please read Section 4.3.1 and hopefully my concern should be clear to
you then. Otherwise I am here until tomorrow evening, and will be happy
to discuss further if there is need.
Cheers,
Usama
- [Teep] Formal verification of TEEP(+SUIT) Muhammad Usama Sardar
- Re: [Teep] Formal verification of TEEP(+SUIT) Okuda Tetsuya
- Re: [Teep] Formal verification of TEEP(+SUIT) Muhammad Usama Sardar