IETF Logo Mail Archive

Re: [Teep] Scalability of nonce-based freshness

Göran Selander <goran.selander@ericsson.com> Mon, 15 March 2021 07:34 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: teep@ietfa.amsl.com
Delivered-To: teep@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 121B63A0BC2 for <teep@ietfa.amsl.com>; Mon, 15 Mar 2021 00:34:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.349
X-Spam-Level:
X-Spam-Status: No, score=-2.349 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.248, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fa71XwwHy4K6 for <teep@ietfa.amsl.com>; Mon, 15 Mar 2021 00:34:21 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30069.outbound.protection.outlook.com [40.107.3.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 716663A0BC1 for <TEEP@ietf.org>; Mon, 15 Mar 2021 00:34:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=a2JJ32nQcwAPvj747vjrXSNsXqRWEeoymlqERppPOuvWYKsFT8uelRKpNGxBwJzGxZ+AOkpAPnqvYgW7XrGBM1MSbiH4Wp20kbKA9jZ32Hx49VyyFYZ+MYvLeAQJcMd4gxiL2lSpy4DxQSUIwrq9QvMdF+B1NHi6ypdT+iEjdSrzYm+TDogJG3qASLn4nXAtvnGcKIAjr8+DDfdUfs3neuDoRe7EzKUXVgCxkFEzOPt8IhPVDTXIccLoosHidr2Oj85wfSX5F3Zhe/RP5ncivHnACTWNEIn9dd8GKaMwiYbGbS4ZspwSpubnqV0/eG2mm+GoW4v0nLVox/RF7DWH8A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wMBK8E+60MjTxZCNG+Xd3OKTF+DpI/mrZjKJDBRMUfQ=; b=NfGBdJKAoTPte0S0n0GFWGgTQQge1RU+Ir7aVlVB1i1lau2QUhkJTsXe733t3Luhd7L380f9D349He760OaiQOH7xcTTcPKFPvqhnecvKP+0EVZTXclBQqLt2MVJIMrA9uqKV78pPGaypO1jGdkcnX2dt2lP+emGdIw+3LLWc/fLHocuPHVPqAxg5s5TLIEMzAWeGv/G70JWgNjJ36mmjkOdTefoymbq86s6wz0AhTZgJZX16OjWCRergzZ1EvX0coztLIJUiqn3Rcph0zKy8RV5kR1IK5d3PfnkI/nhxdoPe9PX5FjrMX3J2GWT//uWB471PhxN8yBpZ7RptoZw2g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wMBK8E+60MjTxZCNG+Xd3OKTF+DpI/mrZjKJDBRMUfQ=; b=s5t2ZAMUQJ3CDdEmWabH0GkknCCEKI8tXtHllOn2XUf4zw1TMcRvs79MPNnn+nkRo8m6JrL6hLhi1XHPmY/lkZeqKJI7Uqc+NEmWOHXFRa9ctPM/G1mfQcF4ghAxR5J7XbZPmAOZb4lA/+urcUdG+26ZXOsrBMIf6iYldMxkUCo=
Received: from HE1PR0702MB3674.eurprd07.prod.outlook.com (2603:10a6:7:82::14) by HE1PR0701MB2841.eurprd07.prod.outlook.com (2603:10a6:3:4e::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.11; Mon, 15 Mar 2021 07:34:18 +0000
Received: from HE1PR0702MB3674.eurprd07.prod.outlook.com ([fe80::2887:d795:feec:2f59]) by HE1PR0702MB3674.eurprd07.prod.outlook.com ([fe80::2887:d795:feec:2f59%7]) with mapi id 15.20.3955.011; Mon, 15 Mar 2021 07:34:18 +0000
From: Göran Selander <goran.selander@ericsson.com>
To: Thomas Fossati <Thomas.Fossati@arm.com>, "TEEP@ietf.org" <TEEP@ietf.org>, Dave Thaler <dthaler@microsoft.com>
Thread-Topic: [Teep] Scalability of nonce-based freshness
Thread-Index: AQHXF4P+HIop/qsalEeISWuq+4TOqqqEvPGA
Date: Mon, 15 Mar 2021 07:34:18 +0000
Message-ID: <574A6462-E805-4CFD-99F6-67E42C5C7220@ericsson.com>
References: <8B31EDA0-20DB-4611-B5D8-F7A60B390684@arm.com>
In-Reply-To: <8B31EDA0-20DB-4611-B5D8-F7A60B390684@arm.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.48.21030904
authentication-results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [83.249.67.87]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6f841cff-74b2-44aa-de21-08d8e784be49
x-ms-traffictypediagnostic: HE1PR0701MB2841:
x-microsoft-antispam-prvs: <HE1PR0701MB284187831BA41779EC1B853AF46C9@HE1PR0701MB2841.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Dq+vt/kKATR4o62mZer3ZKnT9S0jNrmUpvvS3V+BuounUiMLt2TJECAmTAHcReTBevBNPPuU93HUGDgm6lExJ6NOJh96i4VJTVW0qGyX+VsNQMEISyo+nkiCVoFc9X3xjMftNTBhlyUuvanopbl/1ih7++1/lQ/YTb8ddfTfrzSNFQpWKvFRfTUn6Ro7lUugzC2gYJbRLcQWJ9jg1aGBnh8aaqZhufgD3Xba5nQpXvpieRtsQ0uBRlfMf1yeYqfC0fieOTKASopMaN1kTVcx8GQ12K1UuoKcSb+XOK7srAMIQ0q571SKaGH+hshqngUpzxeTzgkmcFC3MM6w2kxDsr9cvtKcT14N7na7LizJD1mEfdVoNgAlDPz0fSA4jR77wwMRUoQnw884dblV1B5TiRR8BfWhCOsYVAmnBZT+skIFNDkNodVUnrDXEJqG89Rc8BgwaNy7sOwLC/3O370D+0Wd+ymsbL87qbZeJVE7CDGMzk8EmvJ0hJgpPC2rzvdbr3j4BOb6KpRIhpsWKkYHa6lYkvCE8JMsXWMq4ZtC4emDQZSw3lEKRcgJarbi/VlnzU6X2ryOsz3QVRo2C/ML6IO+bPKbxc4e3CI5ygSgWetgl2Mc+tpXUxH57mFbvVXu8NfzZc9xd0G810mN3Gij3inXx0SkaGb8DDZLnxa0mfOTmMTDDNYjoKIQ0oYDLTpV
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3674.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(346002)(376002)(366004)(136003)(39860400002)(86362001)(6506007)(85182001)(53546011)(5660300002)(71200400001)(478600001)(33656002)(83380400001)(66946007)(2906002)(66574015)(186003)(110136005)(64756008)(66556008)(66476007)(966005)(85202003)(6512007)(8676002)(36756003)(316002)(76116006)(26005)(8936002)(66446008)(2616005)(6486002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: /5mVnpm6l0Uv0WfUzTJbMc6l6CQpY1wEjtabwQOuxydXxCKxsG1LTAkp8HmpznSP3zTe0VyMC6SIDPkaYCCjpOOX2lT2aarEs0kAVBh/v/7cyGd+zv3Cb9vHNqYIQ8apQ6tcRzoAwbq25rHMU0giHN+gTligXUdS5yhg4WLkrV/t2OBl+6jGhGi3pOESIFRb5JBQBQ/iktTwGA6UrKeOEY6Y87uzc8AL61Oo+8me0kiVzYup2Fm9Pek0PMWS/4PQ4251O4D3VX9h/wB1NUK9HiTH1wy8NypdjrccMROpV8nAXFhMpXyPOUfXbhq/n3yr5v1uteyFCeIfbs7MLAsmQ8nteRJy+xYhLNeFokkvIeJGhlZxYG1A0PboBfc8oBYmQH3FOed2NctH3nHx2dLeUO4JV0lZRzbPQessR2KR93WwJxg/wrR5K2NaxwTK4AKETl8uxDH8pVLmSswCVPQpN3jyl4j20R5wF1VM6Jrj1P6AfnrsIEeGBfexCPRdSpkpAqItiyMOtFX25Ma55RdedA9nbdJbmZl/QzMuaf14hapvgWozP/8U6F73m+Ay0jZ3cnnZub5T0O9iSIaczaXszFSA2Y9RpRymUoESueauKWHoDM3rjMc6hXViUCPXN8TA9wq+EZysKUubEAGSEMLzDbkWeo0ky3XEo0ZQaZjp5nQ63H2v73YNg9WSc2nkQ63UO93mrb9i2pFOsWFg32qDvofGYukOlQqN5SNAKta3KZ4z0N6M4AfknwokVBPnzWJIS/mYZd6Lo+vx2u7OkoDotoWpmXzvPMwWxifolYapA2vOXyQoIUdNClknHgNITYv2+v93oa8Su7sK/IbTP2z2gWnVFvZBy3/DAzlzlomvK1DZ+4HzsIBhHvySwtRdDwcvkFTLlvEwFAyzS5L4A898C1tZwCrpQUZcUsG5Cdaf8+ziYpmjLtAatFT0lIwgxW/KGaeIhwadqib1Duqof4i25bsqrWXIwUn2qOVE6Fz7ciTQox5I/2L3/7BEiz8gqKO1XOn2TJyU7sjEzegQ7sa7U+rm2In/5JG3XdX2ohb8ELFIiJaEE/QjvzemEnLBketdP4Y3rgIq6psk+Xk24vS//mKQqXkIOhIp3Flew6XRLiKPugldG3jdB6MKRUHoI5suMZ7XytfDrgCDLbMnueFmgS9l206OmyysO281xMzJARoc//QYE4MyTAhRGi8FHBBRIx5DDwAN74xBZt+xdWshW8CyK9wtjJon0j8Rd678pkXorfKLZdbRilKxJIHb2kBAvUFr0f/dxGexCcMWaZU31U1Jbhu4Xs3g3R6kbIajepRQYkrvYpeF1Cvvof/yGTkl
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <624270D98D41EB47912F816D07271745@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3674.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6f841cff-74b2-44aa-de21-08d8e784be49
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Mar 2021 07:34:18.5997 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: zFQtxWiRJJc0nEerz1pyeJzUcrJkGdWH75SKe8jKjAE6v/KV/GsT1o6MKhVazie47Js9MwkBI2eJcl086datw9UCIPb9y47SufIKCg6lXYM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2841
Archived-At: <https://mailarchive.ietf.org/arch/msg/teep/uTUhU0poLUtgwC76zOn9FcBa5vE>
Subject: Re: [Teep] Scalability of nonce-based freshness
X-BeenThere: teep@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A Protocol for Dynamic Trusted Execution Environment Enablement <teep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/teep>, <mailto:teep-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/teep/>
List-Post: <mailto:teep@ietf.org>
List-Help: <mailto:teep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/teep>, <mailto:teep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Mar 2021 07:34:25 -0000

Hi Thomas,

Seems we have the same line of thought :-)

Some more details.

In addition to encryption key, the encryption context typically also requires an initialization vector (a.k.a. "nonce", but using that term would be confusing here) which must only be used once with a given key. This may e.g. involve a counter which is stepped for each encryption. The value of the counter needs to be reproduced at decryption time, e.g. by defining the token nonce to be the counter concatenated with the encrypted time stamp (using same notation as below: n = counter ||  E(t_req, k) ).

While this part is straightforward there are some subtleties as to how the nonces are used which may have an impact on security. 

If only the nonces are tracked (or encryption context cached, in the case of encrypted time stamps) it is not necessarily possible to determine that a particular response is actually matching a request with the same nonce. For example, two colluding attesters who both have received a request from the same verifier could in theory exchange their nonces which would not be noticed. This is not necessarily a problem depending on different things e.g. the policy for expiring nonces: If only freshness is sought, then it is only required that a recently issued nonce is presented, since that restricts the time when the response could have been created. It may not even matter if the same nonce is used by different attesters. In this setting the properties may be similar with nonces taken directly from a PRNG or encrypted time stamps. 

The nonce could also carry information about the request, e.g. encrypting parts of the request, in which case it is possible to verify a stronger binding to a particular request. Or, in the interest of saving bytes on the wire at the expense of caching more about the request, the nonce coule be a MAC over parts of the request. In the ase of a MAC, however, it doesn't make much sense to use encrypted time stamps since they would need to be cached.

Again, not sure how much this matters for this work. Just input to the discussion.

Göran


On 2021-03-12, 22:10, "TEEP on behalf of Thomas Fossati" <teep-bounces@ietf.org on behalf of Thomas.Fossati@arm.com> wrote:

    Hi Göran,

    On 12/03/2021, 19:00, "Göran Selander" <goran.selander@ericsson.com> wrote:
    > Hi Dave, and all,
    >
    > Referring to the TEEP protocol presentation at the WG meeting, there
    > was a discussion about the use of tokens and what method of freshness
    > to apply in TEEP (slides 11-16 in the presentation).
    >
    > If I understood right the main argument against the nonce-based method
    > (slide 15) is the question of scalability: "Receivers have to keep
    > state to remember each nonce supplied until it’s used"
    >
    > If I'm not mistaken, this condition on the receiver could be relaxed
    > by the receiver generating nonces as encrypted time stamps. This would
    > only require the receiver to remember an encryption context used to
    > encrypt/decrypt the time stamps used as nonces. The encryption context
    > can be small (say, less than 50 bytes for key, IV and counter) and
    > doesn't grow with the number of TAs (but would typically be updated
    > for each nonce generated, e.g. stepping the counter).
    >
    > Note that the receiver needs a clock but it need not be synced because
    > the time stamps are only used by receiver; once when nonces are
    > generated, and then again when freshness is determined from the nonce
    > received back in the evidence. Such a clock coincides with the
    > assumption of this method according to slide 15: "Receivers need a
    > clock to “expire” nonces, but need not be synced".
    >
    > Perhaps this should be an input to RATS rather than TEEP. But since
    > this seemed to be the main argument against the nonce-based method I
    > just wanted to share my 2 cents to the discussion.

    I think this is all correct.  (BTW, that's what I meant when I said the
    TAM should make this a verifier problem as there is no need for the
    nonce to be stored at the TAM.)

    With your nonce generation scheme:

    A. Verifier is initialised with secret key k

    B.1: TAM asks Verifier for a nonce;
    B.2: Verifier generates nonce n = E(t_req, k) and sends it to TAM;

    C: TAM runs the challenge-response protocol with the Attester, sending
       N and obtaining Evidence(n) in return;

    D.1: TAM forwards Evidence(n) to Verifier for verification;
    D.2: Verifier extract n and does D(n, k):
      D.2.1: If decryption fails, goto drop;
      D.2.2: If decryption succeeds, extract t_req
    D.3: Verifier checks |now - t_req| < acceptable_recentness_threshold:
      D.3.1: If so, proceed with verification of Evidence;
      D.3.2: If not, return ESTALE

    Note that if B.* is done once every "period", thus avoiding the extra
    round-trip per nonce / attestation session, this scheme falls back to
    the epoch-id based model.

    cheers!






    IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
    _______________________________________________
    TEEP mailing list
    TEEP@ietf.org
    https://www.ietf.org/mailman/listinfo/teep

v2.23.0 | Report a Bug | By Email