| < draft-birkholz-rats-tuda-01.txt | draft-birkholz-rats-tuda-02.txt > | |||
|---|---|---|---|---|
| RATS Working Group A. Fuchs | RATS Working Group A. Fuchs | |||
| Internet-Draft H. Birkholz | Internet-Draft H. Birkholz | |||
| Intended status: Standards Track Fraunhofer SIT | Intended status: Standards Track Fraunhofer SIT | |||
| Expires: March 15, 2020 I. McDonald | Expires: September 10, 2020 I. McDonald | |||
| High North Inc | High North Inc | |||
| C. Bormann | C. Bormann | |||
| Universitaet Bremen TZI | Universitaet Bremen TZI | |||
| September 12, 2019 | March 09, 2020 | |||
| Time-Based Uni-Directional Attestation | Time-Based Uni-Directional Attestation | |||
| draft-birkholz-rats-tuda-01 | draft-birkholz-rats-tuda-02 | |||
| Abstract | Abstract | |||
| This documents defines the method and bindings used to conduct Time- | This documents defines the method and bindings used to conduct Time- | |||
| based Uni-Directional Attestation (TUDA) between two RATS (Remote | based Uni-Directional Attestation (TUDA) between two RATS (Remote | |||
| ATtestation procedureS) Principals over the Internet. TUDA does not | ATtestation procedureS) Principals over the Internet. TUDA does not | |||
| require a challenge-response handshake and thereby does not rely on | require a challenge-response handshake and thereby does not rely on | |||
| the conveyance of a nonce to prove freshness of remote attestation | the conveyance of a nonce to prove freshness of remote attestation | |||
| Evidence. Conversely, TUDA enables the creation of Secure Audit Logs | Evidence. Conversely, TUDA enables the creation of Secure Audit Logs | |||
| that can constitute Evidence about current and past operational | that can constitute Evidence about current and past operational | |||
| skipping to change at page 1, line 44 ¶ | skipping to change at page 1, line 44 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on March 15, 2020. | This Internet-Draft will expire on September 10, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 3, line 15 ¶ | skipping to change at page 3, line 15 ¶ | |||
| Appendix A. REST Realization . . . . . . . . . . . . . . . . . . 24 | Appendix A. REST Realization . . . . . . . . . . . . . . . . . . 24 | |||
| Appendix B. SNMP Realization . . . . . . . . . . . . . . . . . . 24 | Appendix B. SNMP Realization . . . . . . . . . . . . . . . . . . 24 | |||
| B.1. Structure of TUDA MIB . . . . . . . . . . . . . . . . . . 25 | B.1. Structure of TUDA MIB . . . . . . . . . . . . . . . . . . 25 | |||
| B.1.1. Cycle Index . . . . . . . . . . . . . . . . . . . . . 25 | B.1.1. Cycle Index . . . . . . . . . . . . . . . . . . . . . 25 | |||
| B.1.2. Instance Index . . . . . . . . . . . . . . . . . . . 25 | B.1.2. Instance Index . . . . . . . . . . . . . . . . . . . 25 | |||
| B.1.3. Fragment Index . . . . . . . . . . . . . . . . . . . 25 | B.1.3. Fragment Index . . . . . . . . . . . . . . . . . . . 25 | |||
| B.2. Relationship to Host Resources MIB . . . . . . . . . . . 26 | B.2. Relationship to Host Resources MIB . . . . . . . . . . . 26 | |||
| B.3. Relationship to Entity MIB . . . . . . . . . . . . . . . 26 | B.3. Relationship to Entity MIB . . . . . . . . . . . . . . . 26 | |||
| B.4. Relationship to Other MIBs . . . . . . . . . . . . . . . 26 | B.4. Relationship to Other MIBs . . . . . . . . . . . . . . . 26 | |||
| B.5. Definition of TUDA MIB . . . . . . . . . . . . . . . . . 26 | B.5. Definition of TUDA MIB . . . . . . . . . . . . . . . . . 26 | |||
| Appendix C. YANG Realization . . . . . . . . . . . . . . . . . . 42 | Appendix C. YANG Realization . . . . . . . . . . . . . . . . . . 43 | |||
| Appendix D. Realization with TPM functions . . . . . . . . . . . 57 | Appendix D. Realization with TPM functions . . . . . . . . . . . 57 | |||
| D.1. TPM Functions . . . . . . . . . . . . . . . . . . . . . . 57 | D.1. TPM Functions . . . . . . . . . . . . . . . . . . . . . . 57 | |||
| D.1.1. Tick-Session and Tick-Stamp . . . . . . . . . . . . . 57 | D.1.1. Tick-Session and Tick-Stamp . . . . . . . . . . . . . 57 | |||
| D.1.2. Platform Configuration Registers (PCRs) . . . . . . . 58 | D.1.2. Platform Configuration Registers (PCRs) . . . . . . . 58 | |||
| D.1.3. PCR restricted Keys . . . . . . . . . . . . . . . . . 58 | D.1.3. PCR restricted Keys . . . . . . . . . . . . . . . . . 59 | |||
| D.1.4. CertifyInfo . . . . . . . . . . . . . . . . . . . . . 59 | D.1.4. CertifyInfo . . . . . . . . . . . . . . . . . . . . . 59 | |||
| D.2. IE Generation Procedures for TPM 1.2 . . . . . . . . . . 59 | D.2. IE Generation Procedures for TPM 1.2 . . . . . . . . . . 59 | |||
| D.2.1. AIK and AIK Certificate . . . . . . . . . . . . . . . 59 | D.2.1. AIK and AIK Certificate . . . . . . . . . . . . . . . 59 | |||
| D.2.2. Synchronization Token . . . . . . . . . . . . . . . . 60 | D.2.2. Synchronization Token . . . . . . . . . . . . . . . . 60 | |||
| D.2.3. RestrictionInfo . . . . . . . . . . . . . . . . . . . 62 | D.2.3. RestrictionInfo . . . . . . . . . . . . . . . . . . . 62 | |||
| D.2.4. Measurement Log . . . . . . . . . . . . . . . . . . . 64 | D.2.4. Measurement Log . . . . . . . . . . . . . . . . . . . 64 | |||
| D.2.5. Implicit Attestation . . . . . . . . . . . . . . . . 65 | D.2.5. Implicit Attestation . . . . . . . . . . . . . . . . 65 | |||
| D.2.6. Attestation Verification Approach . . . . . . . . . . 66 | D.2.6. Attestation Verification Approach . . . . . . . . . . 66 | |||
| D.3. IE Generation Procedures for TPM 2.0 . . . . . . . . . . 68 | D.3. IE Generation Procedures for TPM 2.0 . . . . . . . . . . 68 | |||
| D.3.1. AIK and AIK Certificate . . . . . . . . . . . . . . . 68 | D.3.1. AIK and AIK Certificate . . . . . . . . . . . . . . . 68 | |||
| skipping to change at page 3, line 45 ¶ | skipping to change at page 3, line 45 ¶ | |||
| Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 71 | Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 71 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 71 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 71 | |||
| 1. Introduction | 1. Introduction | |||
| Remote ATtestation procedureS (RATS) describe the attempt to | Remote ATtestation procedureS (RATS) describe the attempt to | |||
| determine and appraise properties, such as integrity and | determine and appraise properties, such as integrity and | |||
| trustworthiness, of a communication partner - the Attester - over the | trustworthiness, of a communication partner - the Attester - over the | |||
| Internet to another communication parter - the Verifier - without | Internet to another communication parter - the Verifier - without | |||
| direct access. TUDA uses the architectural constituents of the RATS | direct access. TUDA uses the architectural constituents of the RATS | |||
| Architecture [I-D.birkholz-rats-architecture] that defines the Roles | Architecture [I-D.ietf-rats-architecture] that defines the Roles | |||
| Attester and Verifier in detail. The RATS Architecture also defines | Attester and Verifier in detail. The RATS Architecture also defines | |||
| Role Messages. TUDA creates and conveys a specific type of Role | Role Messages. TUDA creates and conveys a specific type of Role | |||
| Message called Evidence, a composition of trustwrthiness Claims | Message called Evidence, a composition of trustwrthiness Claims | |||
| provided by an Attester and consumed by a Verifier (potentially | provided by an Attester and consumed by a Verifier (potentially | |||
| relayed by another RATS Role that is a Relying Party). TUDA - in | relayed by another RATS Role that is a Relying Party). TUDA - in | |||
| contrast to traditional bi-directional challenge-response protocols | contrast to traditional bi-directional challenge-response protocols | |||
| [I-D.birkholz-rats-reference-interaction-model] - enables a uni- | [I-D.birkholz-rats-reference-interaction-model] - enables a uni- | |||
| directional conveyance of attestation Evidence that allows for | directional conveyance of attestation Evidence that allows for | |||
| providing attestation information without solicitation (e.g. as | providing attestation information without solicitation (e.g. as | |||
| skipping to change at page 6, line 35 ¶ | skipping to change at page 6, line 35 ¶ | |||
| on an Attestation Key is called "quote" and is provided by the | on an Attestation Key is called "quote" and is provided by the | |||
| corresponding root of trust for reporting. | corresponding root of trust for reporting. | |||
| 1.4. Remote Attestation Principles | 1.4. Remote Attestation Principles | |||
| In essence, RATS are composed of three base activities. The | In essence, RATS are composed of three base activities. The | |||
| following definitions are derived from the definitions presented in | following definitions are derived from the definitions presented in | |||
| [PRIRA] and [TCGGLOSS], and are a simplified summary of the RATS | [PRIRA] and [TCGGLOSS], and are a simplified summary of the RATS | |||
| Architecture relevant for TUDA. The complete RATS Architecture and | Architecture relevant for TUDA. The complete RATS Architecture and | |||
| every corresponding constituent, message and interaction is defined | every corresponding constituent, message and interaction is defined | |||
| in [I-D.birkholz-rats-architecture]. | in [I-D.ietf-rats-architecture]. | |||
| Attestation: The creation of one ore more claims about the | Attestation: The creation of one ore more claims about the | |||
| trustworthiness properties of an Attester, such that the claims | trustworthiness properties of an Attester, such that the claims | |||
| can be used as Evidence. | can be used as Evidence. | |||
| Conveyance: The transfer of Evidence from the Attester to the | Conveyance: The transfer of Evidence from the Attester to the | |||
| Verifier via an interconnect. | Verifier via an interconnect. | |||
| Verification: The appraisal of Evidence by evaluating it against | Verification: The appraisal of Evidence by evaluating it against | |||
| known-good-values (a type of declarative guidance). | known-good-values (a type of declarative guidance). | |||
| skipping to change at page 19, line 42 ¶ | skipping to change at page 19, line 42 ¶ | |||
| compared with the measurement logs. | compared with the measurement logs. | |||
| 9. Contributors | 9. Contributors | |||
| TBD | TBD | |||
| 10. References | 10. References | |||
| 10.1. Normative References | 10.1. Normative References | |||
| [I-D.birkholz-rats-architecture] | [I-D.ietf-rats-architecture] | |||
| Birkholz, H., Wiseman, M., Tschofenig, H., and N. Smith, | Birkholz, H., Thaler, D., Richardson, M., Smith, N., and | |||
| "Architecture and Reference Terminology for Remote | W. Pan, "Remote Attestation Procedures Architecture", | |||
| Attestation Procedures", draft-birkholz-rats- | draft-ietf-rats-architecture-02 (work in progress), March | |||
| architecture-01 (work in progress), March 2019. | 2020. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| skipping to change at page 20, line 38 ¶ | skipping to change at page 20, line 38 ¶ | |||
| Profile", 2007, <https://www.trustedcomputinggroup.org/wp- | Profile", 2007, <https://www.trustedcomputinggroup.org/wp- | |||
| content/uploads/IWG-Credential_Profiles_V1_R1_14.pdf>. | content/uploads/IWG-Credential_Profiles_V1_R1_14.pdf>. | |||
| [AIK-Enrollment] | [AIK-Enrollment] | |||
| TCG Infrastructure Working Group, "A CMC Profile for AIK | TCG Infrastructure Working Group, "A CMC Profile for AIK | |||
| Certificate Enrollment", 2011, | Certificate Enrollment", 2011, | |||
| <https://www.trustedcomputinggroup.org/wp-content/uploads/ | <https://www.trustedcomputinggroup.org/wp-content/uploads/ | |||
| IWG_CMC_Profile_Cert_Enrollment_v1_r7.pdf>. | IWG_CMC_Profile_Cert_Enrollment_v1_r7.pdf>. | |||
| [I-D.birkholz-rats-reference-interaction-model] | [I-D.birkholz-rats-reference-interaction-model] | |||
| Birkholz, H. and M. Eckel, "Reference Interaction Model | Birkholz, H. and M. Eckel, "Reference Interaction Models | |||
| for Challenge-Response-based Remote Attestation", draft- | for Remote Attestation Procedures", draft-birkholz-rats- | |||
| birkholz-rats-reference-interaction-model-01 (work in | reference-interaction-model-02 (work in progress), January | |||
| progress), July 2019. | 2020. | |||
| [I-D.ietf-core-comi] | [I-D.ietf-core-comi] | |||
| Veillette, M., Stok, P., Pelov, A., Bierman, A., and I. | Veillette, M., Stok, P., Pelov, A., Bierman, A., and I. | |||
| Petrov, "CoAP Management Interface", draft-ietf-core- | Petrov, "CoAP Management Interface", draft-ietf-core- | |||
| comi-07 (work in progress), July 2019. | comi-09 (work in progress), March 2020. | |||
| [I-D.ietf-sacm-coswid] | [I-D.ietf-sacm-coswid] | |||
| Birkholz, H., Fitzgerald-McKay, J., Schmidt, C., and D. | Birkholz, H., Fitzgerald-McKay, J., Schmidt, C., and D. | |||
| Waltermire, "Concise Software Identification Tags", draft- | Waltermire, "Concise Software Identification Tags", draft- | |||
| ietf-sacm-coswid-12 (work in progress), July 2019. | ietf-sacm-coswid-13 (work in progress), November 2019. | |||
| [I-D.ietf-sacm-terminology] | [I-D.ietf-sacm-terminology] | |||
| Birkholz, H., Lu, J., Strassner, J., Cam-Winget, N., and | Birkholz, H., Lu, J., Strassner, J., Cam-Winget, N., and | |||
| A. Montville, "Security Automation and Continuous | A. Montville, "Security Automation and Continuous | |||
| Monitoring (SACM) Terminology", draft-ietf-sacm- | Monitoring (SACM) Terminology", draft-ietf-sacm- | |||
| terminology-16 (work in progress), December 2018. | terminology-16 (work in progress), December 2018. | |||
| [IEEE1609] | [IEEE1609] | |||
| IEEE Computer Society, "1609.4-2016 - IEEE Standard for | IEEE Computer Society, "1609.4-2016 - IEEE Standard for | |||
| Wireless Access in Vehicular Environments (WAVE) -- Multi- | Wireless Access in Vehicular Environments (WAVE) -- Multi- | |||
| skipping to change at page 27, line 4 ¶ | skipping to change at page 27, line 4 ¶ | |||
| IMPORTS | IMPORTS | |||
| MODULE-IDENTITY, OBJECT-TYPE, Integer32, Counter32, | MODULE-IDENTITY, OBJECT-TYPE, Integer32, Counter32, | |||
| enterprises, NOTIFICATION-TYPE | enterprises, NOTIFICATION-TYPE | |||
| FROM SNMPv2-SMI -- RFC 2578 | FROM SNMPv2-SMI -- RFC 2578 | |||
| MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP | MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP | |||
| FROM SNMPv2-CONF -- RFC 2580 | FROM SNMPv2-CONF -- RFC 2580 | |||
| SnmpAdminString | SnmpAdminString | |||
| FROM SNMP-FRAMEWORK-MIB; -- RFC 3411 | FROM SNMP-FRAMEWORK-MIB; -- RFC 3411 | |||
| tudaV1MIB MODULE-IDENTITY | tudaV1MIB MODULE-IDENTITY | |||
| LAST-UPDATED "201903120000Z" -- 12 March 2019 | LAST-UPDATED "202003090000Z" -- 09 March 2020 | |||
| ORGANIZATION | ORGANIZATION | |||
| "Fraunhofer SIT" | "Fraunhofer SIT" | |||
| CONTACT-INFO | CONTACT-INFO | |||
| "Andreas Fuchs | "Andreas Fuchs | |||
| Fraunhofer Institute for Secure Information Technology | Fraunhofer Institute for Secure Information Technology | |||
| Email: andreas.fuchs@sit.fraunhofer.de | Email: andreas.fuchs@sit.fraunhofer.de | |||
| Henk Birkholz | Henk Birkholz | |||
| Fraunhofer Institute for Secure Information Technology | Fraunhofer Institute for Secure Information Technology | |||
| Email: henk.birkholz@sit.fraunhofer.de | Email: henk.birkholz@sit.fraunhofer.de | |||
| skipping to change at page 27, line 29 ¶ | skipping to change at page 27, line 29 ¶ | |||
| Carsten Bormann | Carsten Bormann | |||
| Universitaet Bremen TZI | Universitaet Bremen TZI | |||
| Email: cabo@tzi.org" | Email: cabo@tzi.org" | |||
| DESCRIPTION | DESCRIPTION | |||
| "The MIB module for monitoring of time-based unidirectional | "The MIB module for monitoring of time-based unidirectional | |||
| attestation information from a network endpoint system, | attestation information from a network endpoint system, | |||
| based on the Trusted Computing Group TPM 1.2 definition. | based on the Trusted Computing Group TPM 1.2 definition. | |||
| Copyright (C) High North Inc (2019)." | Copyright (C) High North Inc (2020)." | |||
| REVISION "202003090000Z" -- 09 March 2020 | ||||
| DESCRIPTION | ||||
| "Eighth version, published as draft-birkholz-rats-tuda-02." | ||||
| REVISION "201909110000Z" -- 11 September 2019 | ||||
| DESCRIPTION | ||||
| "Ninth version, published as draft-birkholz-rats-tuda-01." | ||||
| REVISION "201903120000Z" -- 12 March 2019 | REVISION "201903120000Z" -- 12 March 2019 | |||
| DESCRIPTION | DESCRIPTION | |||
| "Eighth version, published as draft-birkholz-rats-tuda-00." | "Eighth version, published as draft-birkholz-rats-tuda-00." | |||
| REVISION "201805030000Z" -- 03 May 2018 | REVISION "201805030000Z" -- 03 May 2018 | |||
| DESCRIPTION | DESCRIPTION | |||
| "Seventh version, published as draft-birkholz-i2nsf-tuda-03." | "Seventh version, published as draft-birkholz-i2nsf-tuda-03." | |||
| REVISION "201805020000Z" -- 02 May 2018 | REVISION "201805020000Z" -- 02 May 2018 | |||
| End of changes. 15 change blocks. | ||||
| 22 lines changed or deleted | 30 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||