Reference Interaction Model for Challenge-Response-based Remote Attestation
draft-birkholz-rats-reference-interaction-model-01
The information below is for an old version of the document.
Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Replaced".
|
|
---|---|---|---|
Authors | Henk Birkholz , Michael Eckel | ||
Last updated | 2019-07-08 (Latest revision 2019-03-11) | ||
Replaces | draft-birkholz-reference-ra-interaction-model | ||
Replaced by | draft-ietf-rats-reference-interaction-models | ||
RFC stream | (None) | ||
Formats | |||
Additional resources | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | I-D Exists | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
draft-birkholz-rats-reference-interaction-model-01
Birkholz & Eckel Expires January 9, 2020 [Page 8] Internet-Draft RAIM July 2019 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>. 11.2. Informative References [I-D.birkholz-rats-architecture] Birkholz, H., Wiseman, M., Tschofenig, H., and N. Smith, "Architecture and Reference Terminology for Remote Attestation Procedures", draft-birkholz-rats- architecture-01 (work in progress), March 2019. Appendix A. CDDL Specification for a simple CoAP Challenge/Response Interaction The following CDDL specification is an examplary proof-of-concept to illustrate a potential implementation of the Reference Interaction Model. The transfer protocol used is CoAP using the FETCH operation. The actual resource operated on can be empty. Both the Challenge Message and the Response Message are exchanged via the FETCH Request and FETCH Response body. In this example, the root-of-trust for reporting primitive operation "quote" is provided by a TPM 2.0. Birkholz & Eckel Expires January 9, 2020 [Page 9] Internet-Draft RAIM July 2019 RAIM-Bodies = CoAP-FETCH-Body / CoAP-FETCH-Response-Body CoAP-FETCH-Body = [ hello: bool, ; if true, the AK-Cert is conveyed nonce: bytes, pcr-selection: [ + [ tcg-hash-alg-id: uint .size 2, ; TPM2_ALG_ID [ + pcr: uint .size 1 ], ] ], ] CoAP-FETCH-Response-Body = [ attestation-evidence: TPMS_ATTEST-quote, tpm-native-signature: bytes, ? ak-cert: bytes, ; attestation key certificate ] TPMS_ATTEST-quote = [ qualifiediSigner: uint .size 2, ;TPM2B_NAME TPMS_CLOCK_INFO, firmwareVersion: uint .size 8 quote-responses: [ * [ pcr: uint .size 1, + [ pcr-value: bytes, ? hash-alg-id: uint .size 2, ], ], ? pcr-digest: bytes, ], ] TPMS_CLOCK_INFO = [ clock: uint .size 8, resetCounter: uint .size 4, restartCounter: uint .size 4, save: bool, ] Authors' Addresses Henk Birkholz Fraunhofer SIT Rheinstrasse 75 Darmstadt 64295 Germany Email: henk.birkholz@sit.fraunhofer.de Birkholz & Eckel Expires January 9, 2020 [Page 10] Internet-Draft RAIM July 2019 Michael Eckel Fraunhofer SIT Rheinstrasse 75 Darmstadt 64295 Germany Email: michael.eckel@sit.fraunhofer.de Birkholz & Eckel Expires January 9, 2020 [Page 11]