| draft-ietf-rats-eat-02.txt | draft-ietf-rats-eat-03.txt | |||
|---|---|---|---|---|
| RATS Working Group G. Mandyam | RATS Working Group G. Mandyam | |||
| Internet-Draft Qualcomm Technologies Inc. | Internet-Draft Qualcomm Technologies Inc. | |||
| Intended status: Standards Track L. Lundblade | Intended status: Standards Track L. Lundblade | |||
| Expires: July 12, 2020 Security Theory LLC | Expires: August 23, 2020 Security Theory LLC | |||
| M. Ballesteros | M. Ballesteros | |||
| J. O'Donoghue | J. O'Donoghue | |||
| Qualcomm Technologies Inc. | Qualcomm Technologies Inc. | |||
| January 09, 2020 | February 20, 2020 | |||
| The Entity Attestation Token (EAT) | The Entity Attestation Token (EAT) | |||
| draft-ietf-rats-eat-02 | draft-ietf-rats-eat-03 | |||
| Abstract | Abstract | |||
| An Entity Attestation Token (EAT) provides a signed (attested) set of | An Entity Attestation Token (EAT) provides a signed (attested) set of | |||
| claims that describe state and characteristics of an entity, | claims that describe state and characteristics of an entity, | |||
| typically a device like a phone or an IoT device. These claims are | typically a device like a phone or an IoT device. These claims are | |||
| used by a relying party to determine how much it wishes to trust the | used by a relying party to determine how much it wishes to trust the | |||
| entity. | entity. | |||
| An EAT is either a CWT or JWT with some attestation-oriented claims. | An EAT is either a CWT or JWT with some attestation-oriented claims. | |||
| skipping to change at page 1, line 45 ¶ | skipping to change at page 1, line 45 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on July 12, 2020. | This Internet-Draft will expire on August 23, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2020 IETF Trust and the persons identified as the | Copyright (c) 2020 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 1.1. CDDL, CWT and JWT . . . . . . . . . . . . . . . . . . . . 4 | 1.1. CDDL, CWT and JWT . . . . . . . . . . . . . . . . . . . . 4 | |||
| 1.2. Entity Overview . . . . . . . . . . . . . . . . . . . . . 4 | 1.2. Entity Overview . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 1.3. EAT Operating Models . . . . . . . . . . . . . . . . . . 5 | 1.3. EAT Operating Models . . . . . . . . . . . . . . . . . . 5 | |||
| 1.4. What is Not Standardized . . . . . . . . . . . . . . . . 6 | 1.4. What is Not Standardized . . . . . . . . . . . . . . . . 6 | |||
| 1.4.1. Transmission Protocol . . . . . . . . . . . . . . . . 6 | 1.4.1. Transmission Protocol . . . . . . . . . . . . . . . . 6 | |||
| 1.4.2. Signing Scheme . . . . . . . . . . . . . . . . . . . 7 | 1.4.2. Signing Scheme . . . . . . . . . . . . . . . . . . . 7 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 3. The Claims Information Model . . . . . . . . . . . . . . . . 8 | 3. The Claims . . . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 3.1. Token ID Claim (cti and jti) . . . . . . . . . . . . . . 8 | 3.1. Token ID Claim (cti and jti) . . . . . . . . . . . . . . 8 | |||
| 3.2. Timestamp claim (iat) . . . . . . . . . . . . . . . . . . 8 | 3.2. Timestamp claim (iat) . . . . . . . . . . . . . . . . . . 9 | |||
| 3.3. Nonce Claim (nonce) . . . . . . . . . . . . . . . . . . . 8 | 3.3. Nonce Claim (nonce) . . . . . . . . . . . . . . . . . . . 9 | |||
| 3.3.1. CDDL . . . . . . . . . . . . . . . . . . . . . . . . 9 | 3.3.1. nonce CDDL . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 3.4. Universal Entity ID Claim (ueid) . . . . . . . . . . . . 9 | 3.4. Universal Entity ID Claim (ueid) . . . . . . . . . . . . 9 | |||
| 3.4.1. CDDL . . . . . . . . . . . . . . . . . . . . . . . . 11 | 3.4.1. ueid CDDL . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 3.5. Origination Claim (origination) . . . . . . . . . . . . . 11 | 3.5. Origination Claim (origination) . . . . . . . . . . . . . 12 | |||
| 3.5.1. CDDL . . . . . . . . . . . . . . . . . . . . . . . . 12 | 3.5.1. origination CDDL . . . . . . . . . . . . . . . . . . 12 | |||
| 3.6. OEM Identification by IEEE (oemid) . . . . . . . . . . . 12 | 3.6. OEM Identification by IEEE (oemid) . . . . . . . . . . . 12 | |||
| 3.6.1. CDDL . . . . . . . . . . . . . . . . . . . . . . . . 12 | 3.6.1. oemid CDDL . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 3.7. The Security Level Claim (security_level) . . . . . . . . 12 | 3.7. The Security Level Claim (security-level) . . . . . . . . 13 | |||
| 3.7.1. CDDL . . . . . . . . . . . . . . . . . . . . . . . . 13 | 3.7.1. security-level CDDL . . . . . . . . . . . . . . . . . 14 | |||
| 3.8. Secure Boot and Debug Enable State Claims (boot_state) . 13 | 3.8. Secure Boot and Debug Enable State Claims (boot-state) . 14 | |||
| 3.8.1. Secure Boot Enabled . . . . . . . . . . . . . . . . . 14 | 3.8.1. Secure Boot Enabled . . . . . . . . . . . . . . . . . 14 | |||
| 3.8.2. Debug Disabled . . . . . . . . . . . . . . . . . . . 14 | 3.8.2. Debug Disabled . . . . . . . . . . . . . . . . . . . 15 | |||
| 3.8.3. Debug Disabled Since Boot . . . . . . . . . . . . . . 14 | 3.8.3. Debug Disabled Since Boot . . . . . . . . . . . . . . 15 | |||
| 3.8.4. Debug Permanent Disable . . . . . . . . . . . . . . . 14 | 3.8.4. Debug Permanent Disable . . . . . . . . . . . . . . . 15 | |||
| 3.8.5. Debug Full Permanent Disable . . . . . . . . . . . . 14 | 3.8.5. Debug Full Permanent Disable . . . . . . . . . . . . 15 | |||
| 3.8.6. CDDL . . . . . . . . . . . . . . . . . . . . . . . . 14 | 3.8.6. boot-state CDDL . . . . . . . . . . . . . . . . . . . 15 | |||
| 3.9. The Location Claim (location) . . . . . . . . . . . . . . 15 | 3.9. The Location Claim (location) . . . . . . . . . . . . . . 15 | |||
| 3.9.1. CDDL . . . . . . . . . . . . . . . . . . . . . . . . 15 | 3.9.1. location CDDL . . . . . . . . . . . . . . . . . . . . 16 | |||
| 3.10. The Age Claim (age) . . . . . . . . . . . . . . . . . . . 15 | 3.10. The Age Claim (age) . . . . . . . . . . . . . . . . . . . 16 | |||
| 3.11. The Uptime Claim (uptime) . . . . . . . . . . . . . . . . 15 | 3.10.1. age CDDL . . . . . . . . . . . . . . . . . . . . . . 16 | |||
| 3.11.1. CDDL . . . . . . . . . . . . . . . . . . . . . . . . 15 | 3.11. The Uptime Claim (uptime) . . . . . . . . . . . . . . . . 16 | |||
| 3.12. Nested EATs, the EAT Claim (nested_eat) . . . . . . . . . 16 | 3.11.1. uptime CDDL . . . . . . . . . . . . . . . . . . . . 16 | |||
| 3.12.1. CDDL . . . . . . . . . . . . . . . . . . . . . . . . 16 | 3.12. The Submods Part of a Token (submods) . . . . . . . . . . 17 | |||
| 3.13. The Submods Claim (submods) . . . . . . . . . . . . . . . 16 | 3.12.1. Two Types of Submodules . . . . . . . . . . . . . . 17 | |||
| 3.13.1. The submod_name Claim . . . . . . . . . . . . . . . 16 | 3.12.1.1. Non-token Submodules . . . . . . . . . . . . . . 17 | |||
| 3.13.2. CDDL . . . . . . . . . . . . . . . . . . . . . . . . 17 | 3.12.1.2. Nested EATs . . . . . . . . . . . . . . . . . . 17 | |||
| 4. Data Model . . . . . . . . . . . . . . . . . . . . . . . . . 17 | 3.12.2. No Inheritance . . . . . . . . . . . . . . . . . . . 18 | |||
| 4.1. Common CDDL Types . . . . . . . . . . . . . . . . . . . . 17 | 3.12.3. Security Levels . . . . . . . . . . . . . . . . . . 18 | |||
| 4.2. CDDL for CWT-defined Claims . . . . . . . . . . . . . . . 17 | 3.12.4. Submodule Names . . . . . . . . . . . . . . . . . . 18 | |||
| 4.3. JSON . . . . . . . . . . . . . . . . . . . . . . . . . . 18 | 3.12.5. submods CDDL . . . . . . . . . . . . . . . . . . . . 18 | |||
| 4.3.1. JSON Labels . . . . . . . . . . . . . . . . . . . . . 18 | 4. Encoding . . . . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 4.3.2. JSON Interoperability . . . . . . . . . . . . . . . . 19 | 4.1. Common CDDL Types . . . . . . . . . . . . . . . . . . . . 19 | |||
| 4.4. CBOR . . . . . . . . . . . . . . . . . . . . . . . . . . 19 | 4.2. CDDL for CWT-defined Claims . . . . . . . . . . . . . . . 19 | |||
| 4.4.1. Labels . . . . . . . . . . . . . . . . . . . . . . . 19 | 4.3. JSON . . . . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 4.4.2. CBOR Interoperability . . . . . . . . . . . . . . . . 20 | 4.3.1. JSON Labels . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 4.5. Collected CDDL . . . . . . . . . . . . . . . . . . . . . 21 | 4.3.2. JSON Interoperability . . . . . . . . . . . . . . . . 20 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 22 | 4.4. CBOR . . . . . . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 5.1. Reuse of CBOR Web Token (CWT) Claims Registry . . . . . . 22 | 4.4.1. CBOR Labels . . . . . . . . . . . . . . . . . . . . . 20 | |||
| 5.1.1. Claims Registered by This Document . . . . . . . . . 22 | 4.4.2. CBOR Interoperability . . . . . . . . . . . . . . . . 21 | |||
| 6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 23 | 4.5. Collected CDDL . . . . . . . . . . . . . . . . . . . . . 22 | |||
| 6.1. UEID Privacy Considerations . . . . . . . . . . . . . . . 23 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 | |||
| 7. Security Considerations . . . . . . . . . . . . . . . . . . . 24 | 5.1. Reuse of CBOR Web Token (CWT) Claims Registry . . . . . . 23 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 24 | 5.1.1. Claims Registered by This Document . . . . . . . . . 23 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . 24 | 6. Privacy Considerations . . . . . . . . . . . . . . . . . . . 24 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 25 | 6.1. UEID Privacy Considerations . . . . . . . . . . . . . . . 24 | |||
| Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 27 | 7. Security Considerations . . . . . . . . . . . . . . . . . . . 25 | |||
| A.1. Very Simple EAT . . . . . . . . . . . . . . . . . . . . . 27 | 7.1. Key Provisioning . . . . . . . . . . . . . . . . . . . . 25 | |||
| A.2. Example with Submodules, Nesting and Security Levels . . 27 | 7.1.1. Transmission of Key Material . . . . . . . . . . . . 25 | |||
| Appendix B. Changes from Previous Drafts . . . . . . . . . . . . 28 | 7.2. Transport Security . . . . . . . . . . . . . . . . . . . 25 | |||
| B.1. From draft-mandyam-rats-eat-00 . . . . . . . . . . . . . 28 | 7.3. Multiple EAT Consumers . . . . . . . . . . . . . . . . . 26 | |||
| B.2. From draft-ietf-rats-eat-01 . . . . . . . . . . . . . . . 28 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 28 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 26 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 28 | ||||
| Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 30 | ||||
| A.1. Very Simple EAT . . . . . . . . . . . . . . . . . . . . . 30 | ||||
| A.2. Example with Submodules, Nesting and Security Levels . . 30 | ||||
| Appendix B. UEID Design Rationale . . . . . . . . . . . . . . . 30 | ||||
| B.1. Collision Probability . . . . . . . . . . . . . . . . . . 30 | ||||
| B.2. No Use of UUID . . . . . . . . . . . . . . . . . . . . . 33 | ||||
| Appendix C. Changes from Previous Drafts . . . . . . . . . . . . 34 | ||||
| C.1. From draft-rats-eat-01 . . . . . . . . . . . . . . . . . 34 | ||||
| C.2. From draft-mandyam-rats-eat-00 . . . . . . . . . . . . . 34 | ||||
| C.3. From draft-ietf-rats-eat-01 . . . . . . . . . . . . . . . 34 | ||||
| C.4. From draft-ietf-rats-eat-02 . . . . . . . . . . . . . . . 34 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 35 | ||||
| 1. Introduction | 1. Introduction | |||
| Remote device attestation is a fundamental service that allows a | Remote device attestation is a fundamental service that allows a | |||
| remote device such as a mobile phone, an Internet-of-Things (IoT) | remote device such as a mobile phone, an Internet-of-Things (IoT) | |||
| device, or other endpoint to prove itself to a relying party, a | device, or other endpoint to prove itself to a relying party, a | |||
| server or a service. This allows the relying party to know some | server or a service. This allows the relying party to know some | |||
| characteristics about the device and decide whether it trusts the | characteristics about the device and decide whether it trusts the | |||
| device. | device. | |||
| skipping to change at page 8, line 8 ¶ | skipping to change at page 8, line 20 ¶ | |||
| CWT Claims Set. The CBOR map or JSON object that contains the claims | CWT Claims Set. The CBOR map or JSON object that contains the claims | |||
| conveyed by the CWT or JWT. | conveyed by the CWT or JWT. | |||
| Attestation Key Material (AKM). The key material used to sign the | Attestation Key Material (AKM). The key material used to sign the | |||
| EAT token. If it is done symmetrically with HMAC, then this is a | EAT token. If it is done symmetrically with HMAC, then this is a | |||
| simple symmetric key. If it is done with ECC, such as an IEEE | simple symmetric key. If it is done with ECC, such as an IEEE | |||
| DevID [IDevID], then this is the private part of the EC key pair. | DevID [IDevID], then this is the private part of the EC key pair. | |||
| If ECDAA is used, (e.g., as used by Enhanced Privacy ID, i.e. | If ECDAA is used, (e.g., as used by Enhanced Privacy ID, i.e. | |||
| EPID) then it is the key material needed for ECDAA. | EPID) then it is the key material needed for ECDAA. | |||
| 3. The Claims Information Model | 3. The Claims | |||
| This section describes new claims defined for attestation. It also | This section describes new claims defined for attestation. It also | |||
| mentions several claims defined by CWT and JWT that are particularly | mentions several claims defined by CWT and JWT that are particularly | |||
| important for EAT. | important for EAT. | |||
| Note also: * Any claim defined for CWT or JWT may be used in an EAT | Note also: * Any claim defined for CWT or JWT may be used in an EAT | |||
| including those in the CWT [IANA.CWT.Claims] and JWT IANA | including those in the CWT [IANA.CWT.Claims] and JWT IANA | |||
| [IANA.JWT.Claims] claims registries. | [IANA.JWT.Claims] claims registries. | |||
| o All claims are optional | o All claims are optional | |||
| o No claims are mandatory | o No claims are mandatory | |||
| o All claims that are not understood by implementations MUST be | o All claims that are not understood by implementations MUST be | |||
| ignored | ignored | |||
| CDDL along with text descriptions is used to define the information | CDDL along with text descriptions is used to define each claim | |||
| model. Each claim is defined as a CDDL group (the group is a general | indepdent of encoding. Each claim is defined as a CDDL group (the | |||
| aggregation and type definition feature of CDDL). In the data model, | group is a general aggregation and type definition feature of CDDL). | |||
| described in the Section 4, the CDDL groups turn into CBOR map | In the encoding section Section 4, the CDDL groups turn into CBOR map | |||
| entries and JSON name/value pairs. | entries and JSON name/value pairs. | |||
| 3.1. Token ID Claim (cti and jti) | 3.1. Token ID Claim (cti and jti) | |||
| CWT defines the "cti" claim. JWT defines the "jti" claim. These are | CWT defines the "cti" claim. JWT defines the "jti" claim. These are | |||
| equivalent to each other in EAT and carry a unique token identifier | equivalent to each other in EAT and carry a unique token identifier | |||
| as they do in JWT and CWT. They may be used to defend against re use | as they do in JWT and CWT. They may be used to defend against re use | |||
| of the token but are distinct from the nonce that is used by the | of the token but are distinct from the nonce that is used by the | |||
| relying party to guarantee freshness and defend against replay. | relying party to guarantee freshness and defend against replay. | |||
| skipping to change at page 9, line 15 ¶ | skipping to change at page 9, line 27 ¶ | |||
| This documents the nonce claim for registration in the IANA CWT | This documents the nonce claim for registration in the IANA CWT | |||
| claims registry. This is equivalent to the JWT nonce claim that is | claims registry. This is equivalent to the JWT nonce claim that is | |||
| already registered. | already registered. | |||
| The nonce must be at least 8 bytes (64 bits) as fewer are unlikely to | The nonce must be at least 8 bytes (64 bits) as fewer are unlikely to | |||
| be secure. A maximum of 64 bytes is set to limit the memory a | be secure. A maximum of 64 bytes is set to limit the memory a | |||
| constrained implementation uses. This size range is not set for the | constrained implementation uses. This size range is not set for the | |||
| already-registered JWT nonce, but it should follow this size | already-registered JWT nonce, but it should follow this size | |||
| recommendation when used in an EAT. | recommendation when used in an EAT. | |||
| 3.3.1. CDDL | Multiple nonces are allowed to accommodate multistage verification | |||
| and consumption. | ||||
| nonce_claim = ( | 3.3.1. nonce CDDL | |||
| nonce => bstr .size (8..64) | ||||
| nonce-type = [ + bstr .size (8..64) ] | ||||
| nonce-claim = ( | ||||
| nonce => nonce-type | ||||
| ) | ) | |||
| 3.4. Universal Entity ID Claim (ueid) | 3.4. Universal Entity ID Claim (ueid) | |||
| UEID's identify individual manufactured entities / devices such as a | UEID's identify individual manufactured entities / devices such as a | |||
| mobile phone, a water meter, a Bluetooth speaker or a networked | mobile phone, a water meter, a Bluetooth speaker or a networked | |||
| security camera. It may identify the entire device or a submodule or | security camera. It may identify the entire device or a submodule or | |||
| subsystem. It does not identify types, models or classes of devices. | subsystem. It does not identify types, models or classes of devices. | |||
| It is akin to a serial number, though it does not have to be | It is akin to a serial number, though it does not have to be | |||
| sequential. | sequential. | |||
| skipping to change at page 9, line 44 ¶ | skipping to change at page 10, line 12 ¶ | |||
| different industries made by two different manufacturers in two | different industries made by two different manufacturers in two | |||
| different countries should have the same UEID (if they are not global | different countries should have the same UEID (if they are not global | |||
| and universal in this way, then relying parties receiving them will | and universal in this way, then relying parties receiving them will | |||
| have to track other characteristics of the device to keep devices | have to track other characteristics of the device to keep devices | |||
| distinct between manufacturers). | distinct between manufacturers). | |||
| There are privacy considerations for UEID's. See Section 6.1. | There are privacy considerations for UEID's. See Section 6.1. | |||
| The UEID should be permanent. It should never change for a given | The UEID should be permanent. It should never change for a given | |||
| device / entity. In addition, it should not be reprogrammable. | device / entity. In addition, it should not be reprogrammable. | |||
| UEID's are variable length. The recommended maximum is 33 bytes (1 | UEID's are variable length. All implementations MUST be able to | |||
| type byte and 256 bits). The recommended minimum is 17 bytes (1 type | receive UEID's that are 33 bytes long (1 type byte and 256 bits). | |||
| and 128 bits) because fewer bytes endanger the universal uniqueness. | The recommended maximum sent is also 33 bytes. | |||
| When the entity constructs the UEID, the first byte is a type and the | When the entity constructs the UEID, the first byte is a type and the | |||
| following bytes the ID for that type. Several types are allowed to | following bytes the ID for that type. Several types are allowed to | |||
| accommodate different industries and different manufacturing | accommodate different industries and different manufacturing | |||
| processes and to give options to avoid paying fees for certain types | processes and to give options to avoid paying fees for certain types | |||
| of manufacturer registrations. | of manufacturer registrations. | |||
| Creation of new types requires a Standards Action [RFC8126]. | Creation of new types requires a Standards Action [RFC8126]. | |||
| +------+--------+---------------------------------------------------+ | +------+------+-----------------------------------------------------+ | |||
| | Type | Type | Specification | | | Type | Type | Specification | | |||
| | Byte | Name | | | | Byte | Name | | | |||
| +------+--------+---------------------------------------------------+ | +------+------+-----------------------------------------------------+ | |||
| | 0x01 | RAND | This is a 128- to 256-bit random number generated | | | 0x01 | RAND | This is a 128, 192 or 256 bit random number | | |||
| | | | once and stored in the device. This may be | | | | | generated once and stored in the device. This may | | |||
| | | | constructed by concatenating enough identifiers | | | | | be constructed by concatenating enough identifiers | | |||
| | | | to be universally unique and then feeding the | | | | | to make up an equivalent number of random bits and | | |||
| | | | concatenation through a cryptographic hash | | | | | then feeding the concatenation through a | | |||
| | | | function. It may also be a cryptographic quality | | | | | cryptographic hash function. It may also be a | | |||
| | | | random number generate once at the beginning of | | | | | cryptographic quality random number generated once | | |||
| | | | the life of the device and stored. | | | | | at the beginning of the life of the device and | | |||
| | 0x02 | IEEE | This makes use of the IEEE company identification | | | | | stored. It may not be smaller than 128 bits. | | |||
| | | EUI | registry. An EUI is made up of an OUI and OUI-36 | | | 0x02 | IEEE | This makes use of the IEEE company identification | | |||
| | | | or a CID, different registered company | | | | EUI | registry. An EUI is either an EUI-48, EUI-60 or | | |||
| | | | identifiers, and some unique per-device | | | | | EUI-64 and made up of an OUI, OUI-36 or a CID, | | |||
| | | | identifier. EUIs are often the same as or similar | | | | | different registered company identifiers, and some | | |||
| | | | to MAC addresses. (Note that while devices with | | | | | unique per-device identifier. EUIs are often the | | |||
| | | | multiple network interfaces may have multiple MAC | | | | | same as or similar to MAC addresses. This type | | |||
| | | | addresses, there is only one UEID for a device) | | | | | includes MAC-48, an obsolete name for EUI-48. (Note | | |||
| | | | TODO: normative references to IEEE. | | | | | that while devices with multiple network interfaces | | |||
| | 0x03 | IMEI | This is a 14-digit identifier consisting of an | | | | | may have multiple MAC addresses, there is only one | | |||
| | | | 8-digit Type Allocation Code and a 6-digit serial | | | | | UEID for a device) [IEEE.802-2001], [OUI.Guide] | | |||
| | | | number allocated by the manufacturer, which SHALL | | | 0x03 | IMEI | This is a 14-digit identifier consisting of an | | |||
| | | | be encoded as a binary integer over 48 bits. The | | | | | 8-digit Type Allocation Code and a 6-digit serial | | |||
| | | | IMEI value encoded SHALL NOT include Luhn | | | | | number allocated by the manufacturer, which SHALL | | |||
| | | | checksum or SVN information. | | | | | be encoded as a binary integer over 48 bits. The | | |||
| | 0x04 | EUI-48 | This is a 48-bit identifier formed by | | | | | IMEI value encoded SHALL NOT include Luhn checksum | | |||
| | | | concatenating the 24-bit OUI with a 24-bit | | | | | or SVN information. [ThreeGPP.IMEI] | | |||
| | | | identifier assigned by the organisation that | | +------+------+-----------------------------------------------------+ | |||
| | | | purchased the OUI. | | ||||
| | 0x05 | EUI-60 | This is a 60-bit identifier formed by | | ||||
| | | | concatenating the 24-bit OUI with a 36-bit | | ||||
| | | | identifier assigned by the organisation that | | ||||
| | | | purchased the OUI. | | ||||
| | 0x06 | EUI-64 | This is a 64-bit identifier formed by | | ||||
| | | | concatenating the 24-bit OUI with a 40-bit | | ||||
| | | | identifier assigned by the organisation that | | ||||
| | | | purchased the OUI. | | ||||
| +------+--------+---------------------------------------------------+ | ||||
| Table 1: UEID Composition Types | Table 1: UEID Composition Types | |||
| UEID's are not designed for direct use by humans (e.g., printing on | UEID's are not designed for direct use by humans (e.g., printing on | |||
| the case of a device), so no textual representation is defined. | the case of a device), so no textual representation is defined. | |||
| The consumer (the relying party) of a UEID MUST treat a UEID as a | The consumer (the relying party) of a UEID MUST treat a UEID as a | |||
| completely opaque string of bytes and not make any use of its | completely opaque string of bytes and not make any use of its | |||
| internal structure. For example, they should not use the OUI part of | internal structure. For example, they should not use the OUI part of | |||
| a type 0x02 UEID to identify the manufacturer of the device. Instead | a type 0x02 UEID to identify the manufacturer of the device. Instead | |||
| they should use the OUI claim that is defined elsewhere. The reasons | they should use the oemid claim that is defined elsewhere. The | |||
| for this are: | reasons for this are: | |||
| o UEIDs types may vary freely from one manufacturer to the next. | o UEIDs types may vary freely from one manufacturer to the next. | |||
| o New types of UEIDs may be created. For example, a type 0x07 UEID | o New types of UEIDs may be created. For example, a type 0x07 UEID | |||
| may be created based on some other manufacturer registration | may be created based on some other manufacturer registration | |||
| scheme. | scheme. | |||
| o Device manufacturers are allowed to change from one type of UEID | o Device manufacturers are allowed to change from one type of UEID | |||
| to another anytime they want. For example, they may find they can | to another anytime they want. For example, they may find they can | |||
| optimize their manufacturing by switching from type 0x01 to type | optimize their manufacturing by switching from type 0x01 to type | |||
| 0x02 or vice versa. The main requirement on the manufacturer is | 0x02 or vice versa. The main requirement on the manufacturer is | |||
| that UEIDs be universally unique. | that UEIDs be universally unique. | |||
| 3.4.1. CDDL | 3.4.1. ueid CDDL | |||
| ueid_claim = ( | ueid-claim = ( | |||
| ueid: bstr ) | ueid => bstr .size (7..33) | |||
| ) | ||||
| 3.5. Origination Claim (origination) | 3.5. Origination Claim (origination) | |||
| This claim describes the parts of the device or entity that are | This claim describes the parts of the device or entity that are | |||
| creating the EAT. Often it will be tied back to the device or chip | creating the EAT. Often it will be tied back to the device or chip | |||
| manufacturer. The following table gives some examples: | manufacturer. The following table gives some examples: | |||
| +-------------------+-----------------------------------------------+ | +-------------------+-----------------------------------------------+ | |||
| | Name | Description | | | Name | Description | | |||
| +-------------------+-----------------------------------------------+ | +-------------------+-----------------------------------------------+ | |||
| skipping to change at page 12, line 5 ¶ | skipping to change at page 12, line 42 ¶ | |||
| | Acme-TA | The EATs are generated in a Trusted | | | Acme-TA | The EATs are generated in a Trusted | | |||
| | | Application (TA) authored by "Acme" | | | | Application (TA) authored by "Acme" | | |||
| +-------------------+-----------------------------------------------+ | +-------------------+-----------------------------------------------+ | |||
| TODO: consider a more structure approach where the name and the URI | TODO: consider a more structure approach where the name and the URI | |||
| and other are in separate fields. | and other are in separate fields. | |||
| TODO: This needs refinement. It is somewhat parallel to issuer claim | TODO: This needs refinement. It is somewhat parallel to issuer claim | |||
| in CWT in that it describes the authority that created the token. | in CWT in that it describes the authority that created the token. | |||
| 3.5.1. CDDL | 3.5.1. origination CDDL | |||
| origination_claim = ( | origination-claim = ( | |||
| origination: string_or_uri ) | origination => string-or-uri | |||
| ) | ||||
| 3.6. OEM Identification by IEEE (oemid) | 3.6. OEM Identification by IEEE (oemid) | |||
| The IEEE operates a global registry for MAC addresses and company | The IEEE operates a global registry for MAC addresses and company | |||
| IDs. This claim uses that database to identify OEMs. The contents | IDs. This claim uses that database to identify OEMs. The contents | |||
| of the claim may be either an IEEE MA-L, MA-M, MA-S or an IEEE CID | of the claim may be either an IEEE MA-L, MA-M, MA-S or an IEEE CID | |||
| [IEEE.RA]. An MA-L, formerly known as an OUI, is a 24-bit value used | [IEEE.RA]. An MA-L, formerly known as an OUI, is a 24-bit value used | |||
| as the first half of a MAC address. MA-M similarly is a 28-bit value | as the first half of a MAC address. MA-M similarly is a 28-bit value | |||
| uses as the first part of a MAC address, and MA-S, formerly known as | uses as the first part of a MAC address, and MA-S, formerly known as | |||
| OUI-36, a 36-bit value. Many companies already have purchased one of | OUI-36, a 36-bit value. Many companies already have purchased one of | |||
| these. A CID is also a 24-bit value from the same space as an MA-L, | these. A CID is also a 24-bit value from the same space as an MA-L, | |||
| but not for use as a MAC address. IEEE has published Guidelines for | but not for use as a MAC address. IEEE has published Guidelines for | |||
| Use of EUI, OUI, and CID [OUI.Guide] and provides a lookup services | Use of EUI, OUI, and CID [OUI.Guide] and provides a lookup services | |||
| [OUI.Lookup] | [OUI.Lookup] | |||
| Companies that have more than one of these IDs or MAC address blocks | Companies that have more than one of these IDs or MAC address blocks | |||
| skipping to change at page 12, line 29 ¶ | skipping to change at page 13, line 19 ¶ | |||
| these. A CID is also a 24-bit value from the same space as an MA-L, | these. A CID is also a 24-bit value from the same space as an MA-L, | |||
| but not for use as a MAC address. IEEE has published Guidelines for | but not for use as a MAC address. IEEE has published Guidelines for | |||
| Use of EUI, OUI, and CID [OUI.Guide] and provides a lookup services | Use of EUI, OUI, and CID [OUI.Guide] and provides a lookup services | |||
| [OUI.Lookup] | [OUI.Lookup] | |||
| Companies that have more than one of these IDs or MAC address blocks | Companies that have more than one of these IDs or MAC address blocks | |||
| should pick one and prefer that for all their devices. | should pick one and prefer that for all their devices. | |||
| Commonly, these are expressed in Hexadecimal Representation | Commonly, these are expressed in Hexadecimal Representation | |||
| [IEEE.802-2001] also called the Canonical format. When this claim is | [IEEE.802-2001] also called the Canonical format. When this claim is | |||
| encoded order of bytes in the bstr are the same as the order in the | encoded the order of bytes in the bstr are the same as the order in | |||
| Hexadecimal Representation. For example, an MA-L like "AC-DE-48" | the Hexadecimal Representation. For example, an MA-L like "AC-DE-48" | |||
| would be encoded in 3 bytes with values 0xAC, 0xDE, 0x48. For JSON | would be encoded in 3 bytes with values 0xAC, 0xDE, 0x48. For JSON | |||
| encoded tokens, this is further base64url encoded. | encoded tokens, this is further base64url encoded. | |||
| 3.6.1. CDDL | 3.6.1. oemid CDDL | |||
| oemid_claim = ( | oemid-claim = ( | |||
| oemid: bstr ) | oemid => bstr | |||
| ) | ||||
| 3.7. The Security Level Claim (security_level) | 3.7. The Security Level Claim (security-level) | |||
| EATs have a claim that roughly characterizes the device / entities | EATs have a claim that roughly characterizes the device / entities | |||
| ability to defend against attacks aimed at capturing the signing key, | ability to defend against attacks aimed at capturing the signing key, | |||
| forging claims and at forging EATs. This is done by roughly defining | forging claims and at forging EATs. This is done by roughly defining | |||
| four security levels as described below. This is similar to the | four security levels as described below. This is similar to the | |||
| security levels defined in the Metadata Service defined by the Fast | security levels defined in the Metadata Service defined by the Fast | |||
| Identity Online (FIDO) Alliance (TODO: reference). | Identity Online (FIDO) Alliance (TODO: reference). | |||
| These claims describe security environment and countermeasures | These claims describe security environment and countermeasures | |||
| available on the end-entity / client device where the attestation key | available on the end-entity / client device where the attestation key | |||
| skipping to change at page 13, line 33 ¶ | skipping to change at page 14, line 22 ¶ | |||
| 4 - Hardware Entities at this level must include substantial defense | 4 - Hardware Entities at this level must include substantial defense | |||
| against physical or electrical attacks against the device itself. | against physical or electrical attacks against the device itself. | |||
| It is assumed any potential attacker has captured the device and | It is assumed any potential attacker has captured the device and | |||
| can disassemble it. Example include TPMs and Secure Elements. | can disassemble it. Example include TPMs and Secure Elements. | |||
| This claim is not intended as a replacement for a proper end-device | This claim is not intended as a replacement for a proper end-device | |||
| security certification schemes such as those based on FIPS (TODO: | security certification schemes such as those based on FIPS (TODO: | |||
| reference) or those based on Common Criteria (TODO: reference). The | reference) or those based on Common Criteria (TODO: reference). The | |||
| claim made here is solely a self-claim made by the Entity Originator. | claim made here is solely a self-claim made by the Entity Originator. | |||
| 3.7.1. CDDL | 3.7.1. security-level CDDL | |||
| security_level_type = ( | security-level-type = &( | |||
| unrestricted: 1, | unrestricted: 1, | |||
| restricted: 2, | restricted: 2, | |||
| secure_restricted: 3, | secure-restricted: 3, | |||
| hardware: 4 | hardware: 4 | |||
| ) | ) | |||
| security_level_claim = ( | security-level-claim = ( | |||
| security_level: security_level_type ) | security-level => security-level-type | |||
| ) | ||||
| 3.8. Secure Boot and Debug Enable State Claims (boot_state) | 3.8. Secure Boot and Debug Enable State Claims (boot-state) | |||
| This claim is an array of five Boolean values indicating the boot and | This claim is an array of five Boolean values indicating the boot and | |||
| debug state of the entity. | debug state of the entity. | |||
| 3.8.1. Secure Boot Enabled | 3.8.1. Secure Boot Enabled | |||
| This indicates whether secure boot is enabled either for an entire | This indicates whether secure boot is enabled either for an entire | |||
| device or an individual submodule. If it appears at the device | device or an individual submodule. If it appears at the device | |||
| level, then this means that secure boot is enabled for all | level, then this means that secure boot is enabled for all | |||
| submodules. Secure boot enablement allows a secure boot loader to | submodules. Secure boot enablement allows a secure boot loader to | |||
| skipping to change at page 14, line 40 ¶ | skipping to change at page 15, line 31 ¶ | |||
| but the end user is not. | but the end user is not. | |||
| 3.8.5. Debug Full Permanent Disable | 3.8.5. Debug Full Permanent Disable | |||
| This claim indicates whether debug capabilities for the entity are | This claim indicates whether debug capabilities for the entity are | |||
| permanently disabled (i.e. value of 'true'). This value can only be | permanently disabled (i.e. value of 'true'). This value can only be | |||
| set to 'true' if no party can enable debug capabilities for the | set to 'true' if no party can enable debug capabilities for the | |||
| entity. Often this is implemented by blowing a fuse on a chip as | entity. Often this is implemented by blowing a fuse on a chip as | |||
| fuses cannot be restored once blown. | fuses cannot be restored once blown. | |||
| 3.8.6. CDDL | 3.8.6. boot-state CDDL | |||
| boot_state_type = [ | boot-state-type = [ | |||
| secure_boot_enabled=> bool, | secure-boot-enabled => bool, | |||
| debug_disabled=> bool, | debug-disabled => bool, | |||
| debug_disabled_since_boot=> bool, | debug-disabled-since-boot => bool, | |||
| debug_permanent_disable=> bool, | debug-permanent-disable => bool, | |||
| debug_full_permanent_disable=> bool | debug-full-permanent-disable => bool | |||
| ] | ] | |||
| boot_state_claim = ( | boot-state-claim = ( | |||
| boot_state: boot_state_type | boot-state => boot-state-type | |||
| ) | ) | |||
| 3.9. The Location Claim (location) | 3.9. The Location Claim (location) | |||
| The location claim is a CBOR-formatted object that describes the | The location claim is a CBOR-formatted object that describes the | |||
| location of the device entity from which the attestation originates. | location of the device entity from which the attestation originates. | |||
| It is comprised of a map of additional sub claims that represent the | It is comprised of a map of additional sub claims that represent the | |||
| actual location coordinates (latitude, longitude and altitude). The | actual location coordinates (latitude, longitude and altitude). The | |||
| location coordinate claims are consistent with the WGS84 coordinate | location coordinate claims are consistent with the WGS84 coordinate | |||
| system [WGS84]. In addition, a sub claim providing the estimated | system [WGS84]. In addition, a sub claim providing the estimated | |||
| accuracy of the location measurement is defined. | accuracy of the location measurement is defined. | |||
| 3.9.1. CDDL | 3.9.1. location CDDL | |||
| location_type = { | location-type = { | |||
| latitude => number, | latitude => number, | |||
| longitude => number, | longitude => number, | |||
| altitude => number, | ? altitude => number, | |||
| accuracy => number, | ? accuracy => number, | |||
| altitude_accuracy => number, | ? altitude-accuracy => number, | |||
| heading => number, | ? heading => number, | |||
| speed => number | ? speed => number | |||
| } | } | |||
| location_claim = ( | location-claim = ( | |||
| location: location_type ) | location => location-type | |||
| ) | ||||
| 3.10. The Age Claim (age) | 3.10. The Age Claim (age) | |||
| The "age" claim contains a value that represents the number of | The "age" claim contains a value that represents the number of | |||
| seconds that have elapsed since the token was created, measurement | seconds that have elapsed since the token was created, measurement | |||
| was made, or location was obtained. Typical attestable values are | was made, or location was obtained. Typical attestable values are | |||
| sent as soon as they are obtained. However, in the case that such a | sent as soon as they are obtained. However, in the case that such a | |||
| value is buffered and sent at a later time and a sufficiently | value is buffered and sent at a later time and a sufficiently | |||
| accurate time reference is unavailable for creation of a timestamp, | accurate time reference is unavailable for creation of a timestamp, | |||
| then the age claim is provided. | then the age claim is provided. | |||
| age_claim = ( | 3.10.1. age CDDL | |||
| age: uint) | ||||
| age-claim = ( | ||||
| age => uint | ||||
| ) | ||||
| 3.11. The Uptime Claim (uptime) | 3.11. The Uptime Claim (uptime) | |||
| The "uptime" claim contains a value that represents the number of | The "uptime" claim contains a value that represents the number of | |||
| seconds that have elapsed since the entity or submod was last booted. | seconds that have elapsed since the entity or submod was last booted. | |||
| 3.11.1. CDDL | 3.11.1. uptime CDDL | |||
| uptime_claim = ( | ||||
| uptime: uint ) | ||||
| 3.12. Nested EATs, the EAT Claim (nested_eat) | ||||
| It is allowed for one EAT to be embedded in another. This is for | ||||
| complex devices that have more than one subsystem capable of | ||||
| generating an EAT. For example, one might be the device-wide EAT | ||||
| that is low to medium security and another from a Secure Element or | ||||
| similar that is high security. | ||||
| The contents of the "nested_eat" claim must be a fully signed, | ||||
| optionally encrypted, EAT token. | ||||
| 3.12.1. CDDL | ||||
| nested_eat_claim = ( | ||||
| nested_eat: nested_eat_type) | ||||
| A nested_eat_type is defined in words rather than CDDL. It is either | uptime-claim = ( | |||
| a full CWT or JWT including the COSE or JOSE signing. | uptime => uint | |||
| ) | ||||
| 3.13. The Submods Claim (submods) | 3.12. The Submods Part of a Token (submods) | |||
| Some devices are complex, having many subsystems or submodules. A | Some devices are complex, having many subsystems or submodules. A | |||
| mobile phone is a good example. It may have several connectivity | mobile phone is a good example. It may have several connectivity | |||
| submodules for communications (e.g., Wi-Fi and cellular). It may | submodules for communications (e.g., Wi-Fi and cellular). It may | |||
| have subsystems for low-power audio and video playback. It may have | have subsystems for low-power audio and video playback. It may have | |||
| one or more security-oriented subsystems like a TEE or a Secure | one or more security-oriented subsystems like a TEE or a Secure | |||
| Element. | Element. | |||
| The claims for each these can be grouped together in a submodule. | The claims for each these can be grouped together in a submodule. | |||
| Specifically, the "submods" claim is an array. Each item in the | The submods part of a token a single map/object with many entries, | |||
| array is a CBOR map containing all the claims for a particular | one per submodule. There is only one submods map in a token. It is | |||
| submodule. | identified by its specific label. It is a peer to other claims, but | |||
| it is not called a claim because it is a container for a claim set | ||||
| rather than an individual claim. This submods part of a token allows | ||||
| what might be called recursion. It allows claim sets inside of claim | ||||
| sets inside of claims sets... | ||||
| The security level of the submod is assumed to be at the same level | 3.12.1. Two Types of Submodules | |||
| as the main entity unless there is a security level claim in that | ||||
| submodule indicating otherwise. The security level of a submodule | ||||
| can never be higher (more secure) than the security level of the EAT | ||||
| it is a part of. | ||||
| 3.13.1. The submod_name Claim | Each entry in the submod map one of two types: | |||
| Each submodule should have a submod_name claim that is descriptive | o A non-token submodule that is a map or object directly containing | |||
| name. This name should be the CBOR txt type. | claims for the submodule. | |||
| 3.13.2. CDDL | o A nested EAT that is a fully-formed, independently signed EAT | |||
| token | ||||
| In the following a generic_claim_type is any CBOR map entry or JSON | 3.12.1.1. Non-token Submodules | |||
| name/value pair. | ||||
| submod_name_type = ( | Essentially this type of submodule, is just a sub-map or sub-object | |||
| submod_name: tstr ) | containing claims. It is recognized from the other type by being a | |||
| data item of type map in CBOR or by being an object in JSON. | ||||
| submods_type = [ * submod_claims ] | The contents are claims about the submodule of types defined in this | |||
| document or anywhere else claims types are defined. | ||||
| submod_claims = { | 3.12.1.2. Nested EATs | |||
| submod_name_type, | ||||
| * generic_claim_type | ||||
| } | ||||
| submods_claim = ( | This type of submodule is a fully formed EAT as described here. In | |||
| submods: submod_type ) | this case the submodule has key material distinct from the containing | |||
| EAT token that allows it to sign on its own. | ||||
| 4. Data Model | When an EAT is nested in another EAT as a submodule the nested EAT | |||
| MUST use the CBOR CWT tag. This clearly distinguishes it from the | ||||
| non-token submodules. | ||||
| This makes use of the types defined in CDDL Appendix D, Standard | 3.12.2. No Inheritance | |||
| Prelude. | ||||
| 4.1. Common CDDL Types | The subordinate modules do not inherit anything from the containing | |||
| token. The subordinate modules must explicitly include all of their | ||||
| claims. This is the case even for claims like the nonce and age. | ||||
| string_or_uri = #6.32(tstr) / tstr; See JSON section below for JSON encoding of string_or_uri | This rule is in place for simplicity. It avoids complex inheritance | |||
| rules that might vary from one type of claim to another. (TODO: fix | ||||
| the boot claim which does have inheritance as currently described). | ||||
| 4.2. CDDL for CWT-defined Claims | 3.12.3. Security Levels | |||
| This section provides CDDL for the claims defined in CWT. It is non- | The security level of the non-token subordinate modules should always | |||
| normative as [RFC8392] is the authoritative definition of these | be less than or equal to that of the containing modules in the case | |||
| claims. | of non-token submodules. It makes no sense for a module of lesser | |||
| security to be signing claims of a module of higher security. An | ||||
| example of this is a TEE signing claims made by the non-TEE parts | ||||
| (e.g. the high-level OS) of the device. | ||||
| cwt_claim = ( | The opposite may be true for the nested tokens. They usually have | |||
| issuer_claim // | their own more secure key material. An example of this is an | |||
| subject_claim // | embedded secure element. | |||
| audience_claim // | ||||
| expiration_claim // | 3.12.4. Submodule Names | |||
| not_before_claim // | ||||
| issued_at_calim // | The label or name for each submodule in the submods map is a text | |||
| cwt_id_claim | string naming the submodule. No submodules may have the same name. | |||
| 3.12.5. submods CDDL | ||||
| submods-type = { + submodule } | ||||
| submodule = ( | ||||
| submod_name => eat-claims / eat-token | ||||
| ) | ) | |||
| issuer_claim = ( | submod_name = tstr / int | |||
| issuer: string_or_uri ) | ||||
| subject_claim = ( | submods-part = ( | |||
| subject: string_or_uri ) | submods => submod-type | |||
| ) | ||||
| audience_claim = ( | 4. Encoding | |||
| audience: string_or_uri ) | ||||
| expiration_claim = ( | This makes use of the types defined in CDDL Appendix D, Standard | |||
| expiration: time ) | Prelude. | |||
| not_before_claim = ( | 4.1. Common CDDL Types | |||
| not_before: time ) | ||||
| issued_at_calim = ( | string-or-uri = uri / tstr; See JSON section below for JSON encoding of string-or-uri | |||
| issued_at: time ) | ||||
| cwt_id_claim = ( | 4.2. CDDL for CWT-defined Claims | |||
| cwt_id: bstr ) | ||||
| This section provides CDDL for the claims defined in CWT. It is non- | ||||
| normative as [RFC8392] is the authoritative definition of these | ||||
| claims. | ||||
| rfc8392-claim //= ( issuer => text ) | ||||
| rfc8392-claim //= ( subject => text ) | ||||
| rfc8392-claim //= ( audience => text ) | ||||
| rfc8392-claim //= ( expiration => time ) | ||||
| rfc8392-claim //= ( not-before => time ) | ||||
| rfc8392-claim //= ( issued-at => time ) | ||||
| rfc8392-claim //= ( cwt-id => bytes ) | ||||
| issuer = 1 | issuer = 1 | |||
| subject = 2 | subject = 2 | |||
| audience = 3 | audience = 3 | |||
| expiration = 4 | expiration = 4 | |||
| not_before = 5 | not-before = 5 | |||
| issued_at = 6 | issued-at = 6 | |||
| cwt_id = 7 | cwt-id = 7 | |||
| cwt-claim = rfc8392-claim | ||||
| 4.3. JSON | 4.3. JSON | |||
| 4.3.1. JSON Labels | 4.3.1. JSON Labels | |||
| ueid = "ueid" | ueid = "ueid" | |||
| origination = "origination" | origination = "origination" | |||
| oemid = "oemid" | oemid = "oemid" | |||
| security_level = "security_level" | security-level = "security-level" | |||
| boot_state = "boot_state" | boot-state = "boot-state" | |||
| location = "location" | location = "location" | |||
| age = "age" | age = "age" | |||
| uptime = "uptime" | uptime = "uptime" | |||
| nested_eat = "nested_eat" | nested-eat = "nested-eat" | |||
| submods = "submods" | submods = "submods" | |||
| latitude = "lat"" | latitude = "lat" | |||
| longitude = "long"" | longitude = "long"" | |||
| altitude = "alt" | altitude = "alt" | |||
| accuracy = "accry" | accuracy = "accry" | |||
| altitude_accuracy = "alt_accry" | altitude-accuracy = "alt-accry" | |||
| heading = "heading" | heading = "heading" | |||
| speed = "speed" | speed = "speed" | |||
| 4.3.2. JSON Interoperability | 4.3.2. JSON Interoperability | |||
| JSON should be encoded per RFC 8610 Appendix E. In addition, the | JSON should be encoded per RFC 8610 Appendix E. In addition, the | |||
| following CDDL types are encoded in JSON as follows: | following CDDL types are encoded in JSON as follows: | |||
| o bstr - must be base64url encoded | o bstr - must be base64url encoded | |||
| o time - must be encoded as NumericDate as described section 2 of | o time - must be encoded as NumericDate as described section 2 of | |||
| [RFC7519]. | [RFC7519]. | |||
| o string_or_uri - must be encoded as StringOrURI as described | o string-or-uri - must be encoded as StringOrURI as described | |||
| section 2 of [RFC7519]. | section 2 of [RFC7519]. | |||
| 4.4. CBOR | 4.4. CBOR | |||
| 4.4.1. Labels | 4.4.1. CBOR Labels | |||
| ueid = 8 | ueid = To_be_assigned | |||
| origination = 9 | origination = To_be_assigned | |||
| oemid = 10 | oemid = To_be_assigned | |||
| security_level = 11 | security-level = To_be_assigned | |||
| boot_state = 12 | boot-state = To_be_assigned | |||
| location = 13 | location = To_be_assigned | |||
| age = 14 | age = To_be_assigned | |||
| uptime = 15 | uptime = To_be_assigned | |||
| nested_eat = 16 | submods = To_be_assigned | |||
| submods = 17 | nonce = To_be_assigned | |||
| submod_name = 18 | ||||
| nonce = 19 | ||||
| latitude = 1 | latitude = 1 | |||
| longitude = 2 | longitude = 2 | |||
| altitude = 3 | altitude = 3 | |||
| accuracy = 4 | accuracy = 4 | |||
| altitude_accuracy = 5 | altitude-accuracy = 5 | |||
| heading = 6 | heading = 6 | |||
| speed = 7 | speed = 7 | |||
| 4.4.2. CBOR Interoperability | 4.4.2. CBOR Interoperability | |||
| Variations in the CBOR serializations supported in CBOR encoding and | Variations in the CBOR serializations supported in CBOR encoding and | |||
| decoding are allowed and suggests that CBOR-based protocols specify | decoding are allowed and suggests that CBOR-based protocols specify | |||
| how this variation is handled. This section specifies what formats | how this variation is handled. This section specifies what formats | |||
| MUST be supported in order to achieve interoperability. | MUST be supported in order to achieve interoperability. | |||
| skipping to change at page 21, line 39 ¶ | skipping to change at page 22, line 36 ¶ | |||
| o Floating Point - The entity may use any floating-point encoding. | o Floating Point - The entity may use any floating-point encoding. | |||
| The relying party must support decoding of all types of floating- | The relying party must support decoding of all types of floating- | |||
| point. | point. | |||
| o Other types - Use of Other types like bignums, regular expressions | o Other types - Use of Other types like bignums, regular expressions | |||
| and such, SHOULD NOT be used. The server MAY support them but is | and such, SHOULD NOT be used. The server MAY support them but is | |||
| not required to so interoperability is not guaranteed. | not required to so interoperability is not guaranteed. | |||
| 4.5. Collected CDDL | 4.5. Collected CDDL | |||
| A generic_claim is any CBOR map entry or JSON name/value pair. | A generic-claim is any CBOR map entry or JSON name/value pair. | |||
| eat_claims = { ; the top-level payload that is signed using COSE or JOSE | eat-claims = { ; the top-level payload that is signed using COSE or JOSE | |||
| * claim | * claim | |||
| } | } | |||
| claim = ( | claim = ( | |||
| ueid_claim // | ueid-claim // | |||
| origination_claim // | origination-claim // | |||
| oemid_claim // | oemid-claim // | |||
| security_level_claim // | security-level-claim // | |||
| boot_state_claim // | boot-state-claim // | |||
| location_claim // | location-claim // | |||
| age_claim // | age-claim // | |||
| uptime_claim // | uptime-claim // | |||
| nested_eat_claim // | submods-part // | |||
| cwt_claim // | cwt-claim // | |||
| generic_claim_type // | generic-claim-type // | |||
| ) | ) | |||
| eat-token ; This is a set of eat-claims signed using COSE | ||||
| TODO: copy the rest of the CDDL here (wait until the CDDL is more | TODO: copy the rest of the CDDL here (wait until the CDDL is more | |||
| settled so as to avoid copying multiple times) | settled so as to avoid copying multiple times) | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| 5.1. Reuse of CBOR Web Token (CWT) Claims Registry | 5.1. Reuse of CBOR Web Token (CWT) Claims Registry | |||
| Claims defined for EAT are compatible with those of CWT so the CWT | Claims defined for EAT are compatible with those of CWT so the CWT | |||
| Claims Registry is re used. No new IANA registry is created. All | Claims Registry is re used. No new IANA registry is created. All | |||
| skipping to change at page 24, line 7 ¶ | skipping to change at page 25, line 7 ¶ | |||
| UEID. | UEID. | |||
| Note that some of these privacy preservation strategies result in | Note that some of these privacy preservation strategies result in | |||
| multiple UEIDs per device. Each UEID is used in a different context, | multiple UEIDs per device. Each UEID is used in a different context, | |||
| use case or system on the device. However, from the view of the | use case or system on the device. However, from the view of the | |||
| relying party, there is just one UEID and it is still globally | relying party, there is just one UEID and it is still globally | |||
| universal across manufacturers. | universal across manufacturers. | |||
| 7. Security Considerations | 7. Security Considerations | |||
| TODO: Perhaps this can be the same as CWT / COSE, but not sure yet | The security considerations provided in Section 8 of [RFC8392] and | |||
| because it involves so much entity / device security that those do | Section 11 of [RFC7519] apply to EAT in its CWT and JWT form, | |||
| not. | respectively. In addition, implementors should consider the | |||
| following. | ||||
| 7.1. Key Provisioning | ||||
| Private key material can be used to sign and/or encrypt the EAT, or | ||||
| can be used to derive the keys used for signing and/or encryption. | ||||
| In some instances, the manufacturer of the entity may create the key | ||||
| material separately and provision the key material in the entity | ||||
| itself. The manfuacturer of any entity that is capable of producing | ||||
| an EAT should take care to ensure that any private key material be | ||||
| suitably protected prior to provisioning the key material in the | ||||
| entity itself. This can require creation of key material in an | ||||
| enclave (see [RFC4949] for definition of "enclave"), secure | ||||
| transmission of the key material from the enclave to the entity using | ||||
| an appropriate protocol, and persistence of the private key material | ||||
| in some form of secure storage to which (preferably) only the entity | ||||
| has access. | ||||
| 7.1.1. Transmission of Key Material | ||||
| Regarding transmission of key material from the enclave to the | ||||
| entity, the key material may pass through one or more intermediaries. | ||||
| Therefore some form of protection ("key wrapping") may be necessary. | ||||
| The transmission itself may be performed electronically, but can also | ||||
| be done by human courier. In the latter case, there should be | ||||
| minimal to no exposure of the key material to the human (e.g. | ||||
| encrypted portable memory). Moreover, the human should transport the | ||||
| key material directly from the secure enclave where it was created to | ||||
| a destination secure enclave where it can be provisioned. | ||||
| 7.2. Transport Security | ||||
| As stated in Section 8 of [RFC8392], "The security of the CWT relies | ||||
| upon on the protections offered by COSE". Similar considerations | ||||
| apply to EAT when sent as a CWT. However, EAT introduces the concept | ||||
| of a nonce to protect against replay. Since an EAT may be created by | ||||
| an entity that may not support the same type of transport security as | ||||
| the consumer of the EAT, intermediaries may be required to bridge | ||||
| communications between the entity and consumer. As a result, it is | ||||
| RECOMMENDED that both the consumer create a nonce, and the entity | ||||
| leverage the nonce along with COSE mechanisms for encryption and/or | ||||
| signing to create the EAT. | ||||
| Similar considerations apply to the use of EAT as a JWT. Although | ||||
| the security of a JWT leverages the JSON Web Encryption (JWE) and | ||||
| JSON Web Signature (JWS) specifications, it is still recommended to | ||||
| make use of the EAT nonce. | ||||
| 7.3. Multiple EAT Consumers | ||||
| In many cases, more than one EAT consumer may be required to fully | ||||
| verify the entity attestation. Examples include individual consumers | ||||
| for nested EATs, or consumers for individual claims with an EAT. | ||||
| When multiple consumers are required for verification of an EAT, it | ||||
| is important to minimize information exposure to each consumer. In | ||||
| addition, the communication between multiple consumers should be | ||||
| secure. | ||||
| For instance, consider the example of an encrypted and signed EAT | ||||
| with multiple claims. A consumer may receive the EAT (denoted as the | ||||
| "receiving consumer"), decrypt its payload, verify its signature, but | ||||
| then pass specific subsets of claims to other consumers for | ||||
| evaluation ("downstream consumers"). Since any COSE encryption will | ||||
| be removed by the receiving consumer, the communication of claim | ||||
| subsets to any downstream consumer should leverage a secure protocol | ||||
| (e.g.one that uses transport-layer security, i.e. TLS), | ||||
| However, assume the EAT of the previous example is hierarchical and | ||||
| each claim subset for a downstream consumer is created in the form of | ||||
| a nested EAT. Then transport security between the receiving and | ||||
| downstream consumers is not strictly required. Nevertheless, | ||||
| downstream consumers of a nested EAT should provide a nonce unique to | ||||
| the EAT they are consuming. | ||||
| 8. References | 8. References | |||
| 8.1. Normative References | 8.1. Normative References | |||
| [IANA.CWT.Claims] | [IANA.CWT.Claims] | |||
| IANA, "CBOR Web Token (CWT) Claims", | IANA, "CBOR Web Token (CWT) Claims", | |||
| <http://www.iana.org/assignments/cwt>. | <http://www.iana.org/assignments/cwt>. | |||
| [IANA.JWT.Claims] | [IANA.JWT.Claims] | |||
| skipping to change at page 25, line 11 ¶ | skipping to change at page 27, line 36 ¶ | |||
| [RFC8392] Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig, | [RFC8392] Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig, | |||
| "CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392, | "CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392, | |||
| May 2018, <https://www.rfc-editor.org/info/rfc8392>. | May 2018, <https://www.rfc-editor.org/info/rfc8392>. | |||
| [RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data | [RFC8610] Birkholz, H., Vigano, C., and C. Bormann, "Concise Data | |||
| Definition Language (CDDL): A Notational Convention to | Definition Language (CDDL): A Notational Convention to | |||
| Express Concise Binary Object Representation (CBOR) and | Express Concise Binary Object Representation (CBOR) and | |||
| JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, | JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610, | |||
| June 2019, <https://www.rfc-editor.org/info/rfc8610>. | June 2019, <https://www.rfc-editor.org/info/rfc8610>. | |||
| [ThreeGPP.IMEI] | ||||
| 3GPP, "3rd Generation Partnership Project; Technical | ||||
| Specification Group Core Network and Terminals; Numbering, | ||||
| addressing and identification", 2019, | ||||
| <https://portal.3gpp.org/desktopmodules/Specifications/ | ||||
| SpecificationDetails.aspx?specificationId=729>. | ||||
| [TIME_T] The Open Group Base Specifications, "Vol. 1: Base | [TIME_T] The Open Group Base Specifications, "Vol. 1: Base | |||
| Definitions, Issue 7", Section 4.15 'Seconds Since the | Definitions, Issue 7", Section 4.15 'Seconds Since the | |||
| Epoch', IEEE Std 1003.1, 2013 Edition, 2013, | Epoch', IEEE Std 1003.1, 2013 Edition, 2013, | |||
| <http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/ | <http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/ | |||
| V1_chap04.html#tag_04_15>. | V1_chap04.html#tag_04_15>. | |||
| [WGS84] National Imagery and Mapping Agency, "National Imagery and | [WGS84] National Imagery and Mapping Agency, "National Imagery and | |||
| Mapping Agency Technical Report 8350.2, Third Edition", | Mapping Agency Technical Report 8350.2, Third Edition", | |||
| 2000, <http://earth- | 2000, <http://earth- | |||
| info.nga.mil/GandG/publications/tr8350.2/wgs84fin.pdf>. | info.nga.mil/GandG/publications/tr8350.2/wgs84fin.pdf>. | |||
| 8.2. Informative References | 8.2. Informative References | |||
| [ASN.1] International Telecommunication Union, "Information | [ASN.1] International Telecommunication Union, "Information | |||
| Technology -- ASN.1 encoding rules: Specification of Basic | Technology -- ASN.1 encoding rules: Specification of Basic | |||
| Encoding Rules (BER), Canonical Encoding Rules (CER) and | Encoding Rules (BER), Canonical Encoding Rules (CER) and | |||
| Distinguished Encoding Rules (DER)", ITU-T Recommendation | Distinguished Encoding Rules (DER)", ITU-T Recommendation | |||
| X.690, 1994. | X.690, 1994. | |||
| [BirthdayAttack] | ||||
| "Birthday attack", | ||||
| <https://en.wikipedia.org/wiki/Birthday_attack.>. | ||||
| [ECMAScript] | [ECMAScript] | |||
| "Ecma International, "ECMAScript Language Specification, | "Ecma International, "ECMAScript Language Specification, | |||
| 5.1 Edition", ECMA Standard 262", June 2011, | 5.1 Edition", ECMA Standard 262", June 2011, | |||
| <http://www.ecma-international.org/ecma-262/5.1/ECMA- | <http://www.ecma-international.org/ecma-262/5.1/ECMA- | |||
| 262.pdf>. | 262.pdf>. | |||
| [IDevID] "IEEE Standard, "IEEE 802.1AR Secure Device Identifier"", | [IDevID] "IEEE Standard, "IEEE 802.1AR Secure Device Identifier"", | |||
| December 2009, <http://standards.ieee.org/findstds/ | December 2009, <http://standards.ieee.org/findstds/ | |||
| standard/802.1AR-2009.html>. | standard/802.1AR-2009.html>. | |||
| skipping to change at page 26, line 17 ¶ | skipping to change at page 28, line 49 ¶ | |||
| Organizationally Unique Identifier (OUI), and Company ID | Organizationally Unique Identifier (OUI), and Company ID | |||
| (CID)", August 2017, | (CID)", August 2017, | |||
| <https://standards.ieee.org/content/dam/ieee- | <https://standards.ieee.org/content/dam/ieee- | |||
| standards/standards/web/documents/tutorials/eui.pdf>. | standards/standards/web/documents/tutorials/eui.pdf>. | |||
| [OUI.Lookup] | [OUI.Lookup] | |||
| "IEEE Registration Authority Assignments", | "IEEE Registration Authority Assignments", | |||
| <https://regauth.standards.ieee.org/standards-ra-web/pub/ | <https://regauth.standards.ieee.org/standards-ra-web/pub/ | |||
| view.html#registries>. | view.html#registries>. | |||
| [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally | ||||
| Unique IDentifier (UUID) URN Namespace", RFC 4122, | ||||
| DOI 10.17487/RFC4122, July 2005, | ||||
| <https://www.rfc-editor.org/info/rfc4122>. | ||||
| [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", | ||||
| FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, | ||||
| <https://www.rfc-editor.org/info/rfc4949>. | ||||
| [Webauthn] | [Webauthn] | |||
| Worldwide Web Consortium, "Web Authentication: A Web API | Worldwide Web Consortium, "Web Authentication: A Web API | |||
| for accessing scoped credentials", 2016. | for accessing scoped credentials", 2016. | |||
| Appendix A. Examples | Appendix A. Examples | |||
| A.1. Very Simple EAT | A.1. Very Simple EAT | |||
| This is shown in CBOR diagnostic form. Only the payload signed by | This is shown in CBOR diagnostic form. Only the payload signed by | |||
| COSE is shown. | COSE is shown. | |||
| { | { | |||
| / nonce (cti) / 7:h'948f8860d13a463e8e', | / nonce / 9:h'948f8860d13a463e8e', | |||
| / UEID / 8:h'0198f50a4ff6c05861c8860d13a638ea4fe2f', | / UEID / 10:h'0198f50a4ff6c05861c8860d13a638ea4fe2f', | |||
| / boot_state / 12:{true, true, true, true, false} | / boot-state / 12:{true, true, true, true, false} | |||
| / time stamp (iat) / 6:1526542894, | / time stamp (iat) / 6:1526542894, | |||
| } | } | |||
| A.2. Example with Submodules, Nesting and Security Levels | A.2. Example with Submodules, Nesting and Security Levels | |||
| { | { | |||
| / nonce / 7:h'948f8860d13a463e8e', | / nonce / 9:h'948f8860d13a463e8e', | |||
| / UEID / 8:h'0198f50a4ff6c05861c8860d13a638ea4fe2f', | / UEID / 10:h'0198f50a4ff6c05861c8860d13a638ea4fe2f', | |||
| / boot_state / 12:{true, true, true, true, false} | / boot-state / 12:{true, true, true, true, false} | |||
| / time stamp (iat) / 6:1526542894, | / time stamp (iat) / 6:1526542894, | |||
| / seclevel / 11:3, / secure restricted OS / | / seclevel / 11:3, / secure restricted OS / | |||
| / submods / 17: | / submods / 17: | |||
| [ | { | |||
| / 1st submod, an Android Application / { | / first submod, an Android Application / "Android App Foo" : { | |||
| / submod_name / 18:'Android App "Foo"', | / seclevel / 11:1, / unrestricted / | |||
| / seclevel / 11:1, / unrestricted / | / app data / -70000:'text string' | |||
| / app data / -70000:'text string' | ||||
| }, | }, | |||
| / 2nd submod, A nested EAT from a secure element / { | / 2nd submod, A nested EAT from a secure element / "Secure Element Eat" : | |||
| / submod_name / 18:'Secure Element EAT', | / eat / 61( 18( | |||
| / eat / 16:61( 18( | / an embedded EAT, bytes of which are not shown / | |||
| / an embedded EAT / [ /...COSE_Sign1 bytes with payload.../ ] | ||||
| )) | )) | |||
| / 3rd submod, information about Linux Android / "Linux Android": { | ||||
| / seclevel / 11:1, / unrestricted / | ||||
| / custom - release / -80000:'8.0.0', | ||||
| / custom - version / -80001:'4.9.51+' | ||||
| } | } | |||
| / 3rd submod, information about Linux Android / { | } | |||
| / submod_name/ 18:'Linux Android', | ||||
| / seclevel / 11:1, / unrestricted / | ||||
| / custom - release / -80000:'8.0.0', | ||||
| / custom - version / -80001:'4.9.51+' | ||||
| } | ||||
| ] | ||||
| } | } | |||
| Appendix B. Changes from Previous Drafts | ||||
| Appendix B. UEID Design Rationale | ||||
| B.1. Collision Probability | ||||
| This calculation is to determine the probability of a collision of | ||||
| UEIDs given the total possible entity population and the number of | ||||
| entities in a particular entity management database. | ||||
| Three different sized databases are considered. The number of | ||||
| devices per person roughly models non-personal devices such as | ||||
| traffic lights, devices in stores they shop in, facilities they work | ||||
| in and so on, even considering individual light bulbs. A device may | ||||
| have individually attested subsystems, for example parts of a car or | ||||
| a mobile phone. It is assumed that the largest database will have at | ||||
| most 10% of the world's population of devices. Note that databases | ||||
| that handle more than a trillion records exist today. | ||||
| The trillion-record database size models an easy-to-imagine reality | ||||
| over the next decades. The quadrillion-record database is roughly at | ||||
| the limit of what is imaginable and should probably be accommodated. | ||||
| The 100 quadrillion datadbase is highly speculative perhaps involving | ||||
| nanorobots for every person, livestock animal and domesticated bird. | ||||
| It is included to round out the analysis. | ||||
| Note that the items counted here certainly do not have IP address and | ||||
| are not individually connected to the network. They may be connected | ||||
| to internal buses, via serial links, Bluetooth and so on. This is | ||||
| not the same problem as sizing IP addresses. | ||||
| +---------+------------+--------------+------------+----------------+ | ||||
| | People | Devices / | Subsystems / | Database | Database Size | | ||||
| | | Person | Device | Portion | | | ||||
| +---------+------------+--------------+------------+----------------+ | ||||
| | 10 | 100 | 10 | 10% | trillion | | ||||
| | billion | | | | (10^12) | | ||||
| | 10 | 100,000 | 10 | 10% | quadrillion | | ||||
| | billion | | | | (10^15) | | ||||
| | 100 | 1,000,000 | 10 | 10% | 100 | | ||||
| | billion | | | | quadrillion | | ||||
| | | | | | (10^17) | | ||||
| +---------+------------+--------------+------------+----------------+ | ||||
| This is conceptually similar to the Birthday Problem where m is the | ||||
| number of possible birthdays, always 365, and k is the number of | ||||
| people. It is also conceptually similar to the Birthday Attack where | ||||
| collisions of the output of hash functions are considered. | ||||
| The proper formula for the collision calculation is | ||||
| p = 1 - e^{-k^2/(2n)} | ||||
| p Collision Probability | ||||
| n Total possible population | ||||
| k Actual population | ||||
| However, for the very large values involved here, this formula | ||||
| requires floating point precision higher than commonly available in | ||||
| calculators and SW so this simple approximation is used. See | ||||
| [BirthdayAttack]. | ||||
| p = k^2 / 2n | ||||
| For this calculation: | ||||
| p Collision Probability | ||||
| n Total population based on number of bits in UEID | ||||
| k Population in a database | ||||
| +----------------------+--------------+--------------+--------------+ | ||||
| | Database Size | 128-bit UEID | 192-bit UEID | 256-bit UEID | | ||||
| +----------------------+--------------+--------------+--------------+ | ||||
| | trillion (10^12) | 2 * 10^-15 | 8 * 10^-35 | 5 * 10^-55 | | ||||
| | quadrillion (10^15) | 2 * 10^-09 | 8 * 10^-29 | 5 * 10^-49 | | ||||
| | 100 quadrillion | 2 * 10^-05 | 8 * 10^-25 | 5 * 10^-45 | | ||||
| | (10^17) | | | | | ||||
| +----------------------+--------------+--------------+--------------+ | ||||
| Next, to calculate the probability of a collision occurring in one | ||||
| year's operation of a database, it is assumed that the database size | ||||
| is in a steady state and that 10% of the database changes per year. | ||||
| For example, a trillion record database would have 100 billion states | ||||
| per year. Each of those states has the above calculated probability | ||||
| of a collision. | ||||
| This assumption is a worst-case since it assumes that each state of | ||||
| the database is completely independent from the previous state. In | ||||
| reality this is unlikely as state changes will be the addition or | ||||
| deletion of a few records. | ||||
| The following tables gives the time interval until there is a | ||||
| probability of a collision based on there being one tenth the number | ||||
| of states per year as the number of records in the database. | ||||
| t = 1 / ((k / 10) * p) | ||||
| t Time until a collision | ||||
| p Collision probability for UEID size | ||||
| k Database size | ||||
| +---------------------+---------------+--------------+--------------+ | ||||
| | Database Size | 128-bit UEID | 192-bit UEID | 256-bit UEID | | ||||
| +---------------------+---------------+--------------+--------------+ | ||||
| | trillion (10^12) | 60,000 years | 10^24 years | 10^44 years | | ||||
| | quadrillion (10^15) | 8 seconds | 10^14 years | 10^34 years | | ||||
| | 100 quadrillion | 8 | 10^11 years | 10^31 years | | ||||
| | (10^17) | microseconds | | | | ||||
| +---------------------+---------------+--------------+--------------+ | ||||
| Clearly, 128 bits is enough for the near future thus the requirement | ||||
| that UEIDs be a minimum of 128 bits. | ||||
| There is no requirement for 256 bits today as quadrillion-record | ||||
| databases are not expected in the near future and because this time- | ||||
| to-collision calculation is a very worst case. A future update of | ||||
| the standard may increase the requirement to 256 bits, so there is a | ||||
| requirement that implementations be able to receive 256-bit UEIDs. | ||||
| B.2. No Use of UUID | ||||
| A UEID is not a UUID [RFC4122] by conscious choice for the following | ||||
| reasons. | ||||
| UUIDs are limited to 128 bits which may not be enough for some future | ||||
| use cases. | ||||
| Today, cryptographic-quality random numbers are available from common | ||||
| CPUs and hardware. This hardware was introduced between 2010 and | ||||
| 2015. Operating systems and cryptographic libraries give access to | ||||
| this hardware. Consequently, there is little need for | ||||
| implementations to construct such random values from multiple sources | ||||
| on their own. | ||||
| Version 4 UUIDs do allow for use of such cryptographic-quality random | ||||
| numbers, but do so by mapping into the overall UUID structure of time | ||||
| and clock values. This structure is of no value here yet adds | ||||
| complexity. It also slightly reduces the number of actual bits with | ||||
| entropy. | ||||
| UUIDs seem to have been designed for scenarios where the implementor | ||||
| does not have full control over the environment and uniqueness has to | ||||
| be constructed from identifiers at hand. UEID takes the view that | ||||
| hardware, software and/or manufacturing process directly implement | ||||
| UEID in a simple and direct way. It takes the view that | ||||
| cryptographic quality random number generators are readily available | ||||
| as they are implemented in commonly used CPU hardware. | ||||
| Appendix C. Changes from Previous Drafts | ||||
| The following is a list of known changes from the previous drafts. | The following is a list of known changes from the previous drafts. | |||
| This list is non-authoritative. It is meant to help reviewers see | This list is non-authoritative. It is meant to help reviewers see | |||
| the significant differences. | the significant differences. | |||
| B.1. From draft-mandyam-rats-eat-00 | C.1. From draft-rats-eat-01 | |||
| o Added UEID design rationale appendix | ||||
| C.2. From draft-mandyam-rats-eat-00 | ||||
| This is a fairly large change in the orientation of the document, but | This is a fairly large change in the orientation of the document, but | |||
| not new claims have been added. | not new claims have been added. | |||
| o Separate information and data model using CDDL. | o Separate information and data model using CDDL. | |||
| o Say an EAT is a CWT or JWT | o Say an EAT is a CWT or JWT | |||
| o Use a map to structure the boot_state and location claims | o Use a map to structure the boot_state and location claims | |||
| B.2. From draft-ietf-rats-eat-01 | C.3. From draft-ietf-rats-eat-01 | |||
| o Clarifications and corrections for OEMID claim | o Clarifications and corrections for OEMID claim | |||
| o Minor spelling and other fixes | o Minor spelling and other fixes | |||
| o Add the nonce claim, clarify jti claim | o Add the nonce claim, clarify jti claim | |||
| C.4. From draft-ietf-rats-eat-02 | ||||
| o Roll all EUIs back into one UEID type | ||||
| o UEIDs can be one of three lengths, 128, 192 and 256. | ||||
| o Added appendix justifying UEID design and size. | ||||
| o Submods part now includes nested eat tokens so they can be named | ||||
| and there can be more tha one of them | ||||
| o Lots of fixes to the CDDL | ||||
| o Added security considerations | ||||
| Authors' Addresses | Authors' Addresses | |||
| Giridhar Mandyam | Giridhar Mandyam | |||
| Qualcomm Technologies Inc. | Qualcomm Technologies Inc. | |||
| 5775 Morehouse Drive | 5775 Morehouse Drive | |||
| San Diego, California | San Diego, California | |||
| USA | USA | |||
| Phone: +1 858 651 7200 | Phone: +1 858 651 7200 | |||
| EMail: mandyam@qti.qualcomm.com | EMail: mandyam@qti.qualcomm.com | |||
| End of changes. 92 change blocks. | ||||
| 294 lines changed or deleted | 573 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||