--- 1/draft-ietf-rats-tpm-based-network-device-attest-12.txt 2022-03-01 12:13:10.911791374 -0800 +++ 2/draft-ietf-rats-tpm-based-network-device-attest-13.txt 2022-03-01 12:13:11.007793780 -0800 @@ -1,104 +1,107 @@ RATS Working Group G. C. Fedorkow, Ed. Internet-Draft Juniper Networks, Inc. Intended status: Informational E. Voit -Expires: 27 August 2022 Cisco +Expires: 2 September 2022 Cisco J. Fitzgerald-McKay National Security Agency - 23 February 2022 + 1 March 2022 TPM-based Network Device Remote Integrity Verification - draft-ietf-rats-tpm-based-network-device-attest-12 + draft-ietf-rats-tpm-based-network-device-attest-13 Abstract This document describes a workflow for remote attestation of the integrity of firmware and software installed on network devices that contain Trusted Platform Modules [TPM1.2], [TPM2.0], as defined by - the Trusted Computing Group (TCG). + the Trusted Computing Group (TCG)), or equivalent hardware + implementations that include the protected capabilities, as provided + by TPMs. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on 27 August 2022. + This Internet-Draft will expire on 2 September 2022. Copyright Notice Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3 - 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 + 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.3. Document Organization . . . . . . . . . . . . . . . . . . 5 1.4. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.5. Description of Remote Integrity Verification (RIV) . . . 6 1.6. Solution Requirements . . . . . . . . . . . . . . . . . . 8 - 1.7. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 9 + 1.7. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.7.1. Out of Scope . . . . . . . . . . . . . . . . . . . . 9 - 2. Solution Overview . . . . . . . . . . . . . . . . . . . . . . 10 - 2.1. RIV Software Configuration Attestation using TPM . . . . 10 - 2.1.1. What Does RIV Attest? . . . . . . . . . . . . . . . . 12 + 2. Solution Overview . . . . . . . . . . . . . . . . . . . . . . 9 + 2.1. RIV Software Configuration Attestation using TPM . . . . 9 + 2.1.1. What Does RIV Attest? . . . . . . . . . . . . . . . . 11 2.1.2. Notes on PCR Allocations . . . . . . . . . . . . . . 13 2.2. RIV Keying . . . . . . . . . . . . . . . . . . . . . . . 15 2.3. RIV Information Flow . . . . . . . . . . . . . . . . . . 16 2.4. RIV Simplifying Assumptions . . . . . . . . . . . . . . . 18 - 2.4.1. Reference Integrity Manifests (RIMs) . . . . . . . . 19 + 2.4.1. Reference Integrity Manifests (RIMs) . . . . . . . . 18 2.4.2. Attestation Logs . . . . . . . . . . . . . . . . . . 20 - 3. Standards Components . . . . . . . . . . . . . . . . . . . . 21 - 3.1. Prerequisites for RIV . . . . . . . . . . . . . . . . . . 21 - 3.1.1. Unique Device Identity . . . . . . . . . . . . . . . 21 + 3. Standards Components . . . . . . . . . . . . . . . . . . . . 20 + 3.1. Prerequisites for RIV . . . . . . . . . . . . . . . . . . 20 + 3.1.1. Unique Device Identity . . . . . . . . . . . . . . . 20 3.1.2. Keys . . . . . . . . . . . . . . . . . . . . . . . . 21 3.1.3. Appraisal Policy for Evidence . . . . . . . . . . . . 21 - 3.2. Reference Model for Challenge-Response . . . . . . . . . 22 - 3.2.1. Transport and Encoding . . . . . . . . . . . . . . . 24 + 3.2. Reference Model for Challenge-Response . . . . . . . . . 21 + 3.2.1. Transport and Encoding . . . . . . . . . . . . . . . 23 3.3. Centralized vs Peer-to-Peer . . . . . . . . . . . . . . . 24 4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 25 5. Security Considerations . . . . . . . . . . . . . . . . . . . 26 - 5.1. Keys Used in RIV . . . . . . . . . . . . . . . . . . . . 27 + 5.1. Keys Used in RIV . . . . . . . . . . . . . . . . . . . . 26 5.2. Prevention of Spoofing and Person-in-the-Middle - Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 29 - 5.3. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 30 + Attacks . . . . . . . . . . . . . . . . . . . . . . . . . 28 + 5.3. Replay Attacks . . . . . . . . . . . . . . . . . . . . . 29 5.4. Owner-Signed Keys . . . . . . . . . . . . . . . . . . . . 30 - 5.5. Other Factors for Trustworthy Operation . . . . . . . . . 31 - 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 33 - 7. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 33 - 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 33 - 9. Appendix . . . . . . . . . . . . . . . . . . . . . . . . . . 33 - 9.1. Using a TPM for Attestation . . . . . . . . . . . . . . . 33 - 9.2. Root of Trust for Measurement . . . . . . . . . . . . . . 35 + 5.5. Other Factors for Trustworthy Operation . . . . . . . . . 30 + 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 + 7. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 32 + 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 32 + 9. Appendix . . . . . . . . . . . . . . . . . . . . . . . . . . 32 + 9.1. Using a TPM for Attestation . . . . . . . . . . . . . . . 32 + 9.2. Root of Trust for Measurement . . . . . . . . . . . . . . 34 9.3. Layering Model for Network Equipment Attester and - Verifier . . . . . . . . . . . . . . . . . . . . . . . . 36 + Verifier . . . . . . . . . . . . . . . . . . . . . . . . 35 + 9.4. Implementation Notes . . . . . . . . . . . . . . . . . . 37 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 38 10.1. Normative References . . . . . . . . . . . . . . . . . . 38 10.2. Informative References . . . . . . . . . . . . . . . . . 41 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 44 1. Introduction There are many aspects to consider in fielding a trusted computing device, from operating systems to applications. Mechanisms to prove @@ -114,21 +117,21 @@ [I-D.richardson-rats-usecases]. However, these documents do not provide sufficient guidance for network equipment vendors and operators to design, build, and deploy interoperable devices. The intent of this document is to provide such guidance. It does this by outlining the Remote Integrity Verification (RIV) problem, and then identifies elements that are necessary to get the complete, scalable attestation procedure working with commercial networking products such as routers, switches and firewalls. An underlying assumption will be the availability within the device of a Trusted - Platform Module [TPM1.2], [TPM2.0] compliant cryptoprocessor to + Platform Module [TPM1.2], [TPM2.0] compatible cryptoprocessor to enable the trustworthy remote assessment of the device's software and hardware. 1.1. Requirements notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. @@ -372,22 +376,22 @@ * This solution is for use in non-privacy-preserving applications (for example, networking, Industrial IoT), avoiding the need for a Privacy Certificate Authority (also called an Attestation CA) for attestation keys [AK-Enrollment] or TCG Platform Certificates [Platform-Certificates]. * This document assumes network protocols that are common in network equipment such as YANG [RFC7950] and NETCONF [RFC6241], but not generally used in other applications. - * The approach outlined in this document mandates the use of a - compliant TPM [TPM1.2], [TPM2.0]. + * The approach outlined in this document mandates the use of a TPM + [TPM1.2], [TPM2.0], or a compatible cryptoprocessor. 1.7.1. Out of Scope * Run-Time Attestation: The Linux Integrity Measurement Architecture [IMA] attests each process launched after a device is started (and is in scope for RIV in general), but continuous run-time attestation of Linux or other multi-threaded operating system processes after the OS has started considerably expands the scope of the problem. Many researchers are working on that problem, but this document defers the problem of continuous, in-memory run-time @@ -1717,76 +1723,77 @@ | results and figure out what it means. | | -------------------------------------------------------------------- Figure 7: Component Status 10. References 10.1. Normative References [Canonical-Event-Log] - Trusted Computing Group, "DRAFT Canonical Event Log Format - Version: 1.0, Revision: .30", December 2020, - . + Trusted Computing Group, "Canonical Event Log Format + Version 1.0 Revision .41, February 25, 2022", December + 2020, . [I-D.ietf-rats-architecture] Birkholz, H., Thaler, D., Richardson, M., Smith, N., and W. Pan, "Remote Attestation Procedures Architecture", Work in Progress, Internet-Draft, draft-ietf-rats-architecture- 15, 8 February 2022, . [I-D.ietf-rats-yang-tpm-charra] Birkholz, H., Eckel, M., Bhandari, S., Voit, E., Sulzen, B., (Frank), L. X., Laffey, T., and G. C. Fedorkow, "A YANG Data Model for Challenge-Response-based Remote Attestation Procedures using TPMs", Work in Progress, - Internet-Draft, draft-ietf-rats-yang-tpm-charra-13, 2 + Internet-Draft, draft-ietf-rats-yang-tpm-charra-15, 28 February 2022, . + ietf-rats-yang-tpm-charra-15.txt>. [I-D.ietf-sacm-coswid] Birkholz, H., Fitzgerald-McKay, J., Schmidt, C., and D. Waltermire, "Concise Software Identification Tags", Work in Progress, Internet-Draft, draft-ietf-sacm-coswid-20, 26 January 2022, . [IEEE-802-1AR] Seaman, M., "802.1AR-2018 - IEEE Standard for Local and Metropolitan Area Networks - Secure Device Identity, IEEE Computer Society", August 2018. [IMA] dsafford, kds_etu, mzohar, reinersailer, and serge_hallyn, "Integrity Measurement Architecture", June 2019, . [PC-Client-BIOS-TPM-2.0] Trusted Computing Group, "PC Client Specific Platform Firmware Profile Specification Family "2.0", Level 00 - Revision 1.05", May 2021, - . + Revision 1.05 Revision 23, May 7, 2021", May 2021, + . [PC-Client-EFI-TPM-1.2] Trusted Computing Group, "TCG EFI Platform Specification for TPM Family 1.1 or 1.2, Specification Version 1.22, Revision 15", January 2014, . [PC-Client-RIM] Trusted Computing Group, "TCG PC Client Reference - Integrity Manifest Specification, v1.04", December 2019, - . + Integrity Manifest Specification, v1.04, Nov 4, 2020", + December 2019, + . [Platform-DevID-TPM-2.0] Trusted Computing Group, "TPM 2.0 Keys for Device Identity and Attestation, Specification Version 1.0, Revision 2", September 2020, . [Platform-ID-TPM-1.2] Trusted Computing Group, "TPM Keys for Platform Identity @@ -1816,23 +1823,24 @@ [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, . [RIM] Trusted Computing Group, "TCG Reference Integrity Manifest - (RIM) Information Model, v1.0, r0.16", June 2019, - . + (RIM) Information Model, v1.0, Revision 0.16, Nov 12, + 2020", June 2019, + . [SWID] The International Organization for Standardization/ International Electrotechnical Commission, "Information Technology Software Asset Management Part 2: Software Identification Tag, ISO/IEC 19770-2", October 2015, . [TAP] Trusted Computing Group, "TCG Trusted Attestation Protocol (TAP) Information Model for TPM Families 1.2 and 2.0 and DICE Family 1.0, Version 1.0, Revision 0.36", October @@ -1867,23 +1875,23 @@ [I-D.birkholz-rats-tuda] Fuchs, A., Birkholz, H., McDonald, I. E., and C. Bormann, "Time-Based Uni-Directional Attestation", Work in Progress, Internet-Draft, draft-birkholz-rats-tuda-06, 12 January 2022, . [I-D.ietf-rats-eat] Lundblade, L., Mandyam, G., and J. O'Donoghue, "The Entity Attestation Token (EAT)", Work in Progress, Internet- - Draft, draft-ietf-rats-eat-11, 24 October 2021, + Draft, draft-ietf-rats-eat-12, 24 February 2022, . + 12.txt>. [I-D.richardson-rats-usecases] Richardson, M., Wallace, C., and W. Pan, "Use cases for Remote Attestation common encodings", Work in Progress, Internet-Draft, draft-richardson-rats-usecases-08, 2 November 2020, . [IEEE-802.1AE] Seaman, M., "802.1AE MAC Security (MACsec)", 2018,