Internet DRAFT - draft-fft-rats-eat-measured-component

draft-fft-rats-eat-measured-component







Remote ATtestation ProcedureS                                   S. Frost
Internet-Draft                                                       Arm
Intended status: Standards Track                              T. Fossati
Expires: 4 September 2024                                         Linaro
                                                           H. Tschofenig
                                                                 Siemens
                                                            3 March 2024


                         EAT Measured Component
                draft-fft-rats-eat-measured-component-02

Abstract

   This document defines a "measured components" format that can be used
   with the EAT Measurements claim.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 4 September 2024.

Copyright Notice

   Copyright (c) 2024 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.




Frost, et al.           Expires 4 September 2024                [Page 1]

Internet-Draft           EAT Measured Component               March 2024


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions and Definitions . . . . . . . . . . . . . . . . .   3
   3.  Information Model . . . . . . . . . . . . . . . . . . . . . .   3
   4.  Data Model  . . . . . . . . . . . . . . . . . . . . . . . . .   4
     4.1.  CDDL  . . . . . . . . . . . . . . . . . . . . . . . . . .   5
       4.1.1.  CWT . . . . . . . . . . . . . . . . . . . . . . . . .   6
       4.1.2.  JWT . . . . . . . . . . . . . . . . . . . . . . . . .   6
   5.  Examples  . . . . . . . . . . . . . . . . . . . . . . . . . .   6
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   8
     7.1.  Media Types Registrations . . . . . . . . . . . . . . . .   8
       7.1.1.  application/measured-component+cbor . . . . . . . . .   9
       7.1.2.  application/measured-component+json . . . . . . . . .   9
     7.2.  Measured Component Content-Format Registrations . . . . .  10
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  10
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  10
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  12
   Appendix A.  Collected CDDL . . . . . . . . . . . . . . . . . . .  12
   Appendix B.  Open Issues  . . . . . . . . . . . . . . . . . . . .  12
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  12
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  12

1.  Introduction

   Section 4.2.16 of [I-D.ietf-rats-eat] defines a Measurements claim
   that:

      "[c]ontains descriptions, lists, evidence or measurements of the
      software that exists on the entity or any other measurable
      subsystem of the entity."

   This claim allows for different measurement formats, each identified
   by a different CoAP Content-Format (Section 12.3 of [RFC7252]).
   Initially, the only specified format is CoSWID of type "evidence", as
   per Section 2.9.4 of [RFC9393].

   This document introduces the "measured components" format that can be
   used with the EAT Measurements claim in addition or as an alternative
   to CoSWID.










Frost, et al.           Expires 4 September 2024                [Page 2]

Internet-Draft           EAT Measured Component               March 2024


2.  Conventions and Definitions

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

   In this document, CDDL [RFC8610] [RFC9165]
   [I-D.ietf-cbor-cddl-modules] [I-D.ietf-cbor-cddl-more-control] is
   used to describe the data formats.

3.  Information Model

   A measured component information element includes the computed digest
   on the software or configuration payload, along with metadata that
   helps in identifying the measurement and the authorizing entity for
   component installation.

   Table 1 describes the information model of a measured component.































Frost, et al.           Expires 4 September 2024                [Page 3]

Internet-Draft           EAT Measured Component               March 2024


    +================+==================================+=============+
    | IE             | Description                      | Requirement |
    |                |                                  | Level       |
    +================+==================================+=============+
    | Component Name | The name given to a measured     | REQUIRED    |
    |                | component.  It is important that |             |
    |                | this name remains consistent     |             |
    |                | across different releases to     |             |
    |                | allow for better tracking of the |             |
    |                | same measured item across        |             |
    |                | updates.  When combined with a   |             |
    |                | consistent versioning scheme, it |             |
    |                | enables better signaling from    |             |
    |                | the appraisal procedure to the   |             |
    |                | relying parties.                 |             |
    +----------------+----------------------------------+-------------+
    | Component      | A value representing the         | OPTIONAL    |
    | Version        | specific release or development  |             |
    |                | version of the measured          |             |
    |                | component.  Using Semantic       |             |
    |                | Versioning is RECOMMENDED.       |             |
    +----------------+----------------------------------+-------------+
    | Digest Value   | Hash of the invariant part of    | REQUIRED    |
    |                | the component that is loaded in  |             |
    |                | memory at startup time.          |             |
    +----------------+----------------------------------+-------------+
    | Digest         | Hash algorithm used to compute   | REQUIRED    |
    | Algorithm      | the Digest Value.                |             |
    +----------------+----------------------------------+-------------+
    | Signer         | A unique identifier of the       | REQUIRED    |
    |                | entity authorizing installation  |             |
    |                | of the measured component.       |             |
    +----------------+----------------------------------+-------------+
    | Countersigners | One or more unique identifiers   | OPTIONAL    |
    |                | of further authorizing entities  |             |
    |                | for component installation       |             |
    +----------------+----------------------------------+-------------+

              Table 1: Measured Component Information Elements

4.  Data Model

   The data model is inspired by the "PSA software component" claim
   (Section 4.4.1 of [I-D.tschofenig-rats-psa-token]), which has been
   slightly refactored to take into account the recommendations about
   new EAT claims design in Appendix E of [I-D.ietf-rats-eat].

   The following types and semantics have been reused:



Frost, et al.           Expires 4 September 2024                [Page 4]

Internet-Draft           EAT Measured Component               March 2024


   *  COSE Key Thumbprint [I-D.ietf-cose-key-thumbprint], for signer and
      countersigners;

   *  CoSWID software name and version [RFC9393], for component name and
      version;

   *  CoRIM digest [I-D.ietf-rats-corim], for digest value and
      algorithm.

4.1.  CDDL

   The measured-component data item:

   measured-component = [
     id:               component-id
     measurement:      corim.digest
     signer:           ckt
     ? countersigners: [ + ckt ]
   ]

   ; COSE Key Thumbprint
   ckt = bytes

   component-id = [
     name:      text
     ? version: version
   ]

   ;# import $version-scheme from rfc9393 as coswid

   version = [
     val:      text
     ? scheme: coswid.$version-scheme
   ]

   ; eventually: ";#import digest from rfcxxxx as corim"

   corim.digest = [
     alg: (int / text)
     val: bytes
   ]

   The CDDL extending the EAT Measurements format:








Frost, et al.           Expires 4 September 2024                [Page 5]

Internet-Draft           EAT Measured Component               March 2024


   mc-cbor = bstr .cbor measured-component
   mc-json = tstr .json measured-component

   ; EAT CBOR (`.feature "cbor"`)
   $measurements-body-cbor /= mc-cbor            ; native
   $measurements-body-cbor /= tstr .b64u mc-json ; tunnel

   ; EAT JSON (`.feature "json"`)
   $measurements-body-json /= mc-json            ; native
   $measurements-body-json /= tstr .b64u mc-cbor ; tunnel

4.1.1.  CWT

       +=====================================+====================+
       | content-type (CoAP C-F equivalent)  | content-format     |
       +=====================================+====================+
       | application/measured-component+cbor | mc-cbor            |
       +-------------------------------------+--------------------+
       | application/measured-component+json | tstr .b64u mc-json |
       +-------------------------------------+--------------------+

                                 Table 2

4.1.2.  JWT

       +=====================================+====================+
       | content-type (CoAP C-F equivalent)  | content-format     |
       +=====================================+====================+
       | application/measured-component+json | mc-json            |
       +-------------------------------------+--------------------+
       | application/measured-component+cbor | tstr .b64u mc-cbor |
       +-------------------------------------+--------------------+

                                 Table 3

5.  Examples

   (The examples are CBOR only.  JSON examples will be added in a future
   version of this document.)

   The example in Figure 1 is a measured component with all the fields
   populated.









Frost, et al.           Expires 4 September 2024                [Page 6]

Internet-Draft           EAT Measured Component               March 2024


   [
     / id / [
       / name / "boot loader X",
       / version / [
         "1.2.3rc2",
         16384 / semver /
       ]
     ],
     / measurement / [
       / alg / "sha-256",
       / val / h'3996003d486fb91ffb056f7d03f2b2992b215b31dbe7af4b37
                 3431fc7d319da3'
     ],
     / signer / h'492e9b676c21f6012b1ceeb9032feb4141a880797355f6675
                 015ec59c51ca1ec',
     / countersigners / [
       h'4277bb97ba7b51577a0d38151d3e08b40bdf946753f5b5bdeb814d6ff5
         7a8a5e'
     ]
   ]

                   Figure 1: Complete Measured Component

   The example in Figure 2 is the same measured component as above but
   used as the format of a measurements claim in a EAT claims-set.

   Note that the example uses a CoAP Content-Format value from the
   experimental range (65000), which will change to the value assigned
   by IANA for the application/measured-component+cbor Content-Format.

   Note also that the array contains only one measured component, but
   additional entries could be added if the measured TCB is made of
   multiple, individually measured components.


















Frost, et al.           Expires 4 September 2024                [Page 7]

Internet-Draft           EAT Measured Component               March 2024


   {
     273: [
       [
         65000, / using a CoAP C-F from the experimental range /
         <<
           [
             / id / [
               / name / "boot loader X",
               / version / [
                 "1.2.3rc2",
                 16384 / semver /
               ]
             ],
             / measurement / [
               / alg / "sha-256",
               / val / h'3996003d486fb91ffb056f7d03f2b2992b215b31db
                         e7af4b373431fc7d319da3'
             ],
             / signer / h'492e9b676c21f6012b1ceeb9032feb4141a880797
                         355f6675015ec59c51ca1ec',
             / countersigners / [
               h'4277bb97ba7b51577a0d38151d3e08b40bdf946753f5b5bdeb
                 814d6ff57a8a5e'
             ]
           ]
         >>
       ]
     ]
   }

        Figure 2: EAT Measurements Claim using a Measured Component

6.  Security Considerations

   TODO

7.  IANA Considerations


   // RFC Editor: replace "RFCthis" with the RFC number assigned to this
   document.

7.1.  Media Types Registrations

   IANA is requested to add the following media types to the "Media
   Types" registry [IANA.media-types].





Frost, et al.           Expires 4 September 2024                [Page 8]

Internet-Draft           EAT Measured Component               March 2024


       +=========+=====================================+===========+
       | Name    | Template                            | Reference |
       +=========+=====================================+===========+
       | mc+cbor | application/measured-component+cbor | RFCthis   |
       +---------+-------------------------------------+-----------+
       | mc+json | application/measured-component+json | RFCthis   |
       +---------+-------------------------------------+-----------+

                  Table 4: Measured Component Media Types

7.1.1.  application/measured-component+cbor

   Type name:  application
   Subtype name:  measured-component+cbor
   Required parameters:  n/a
   Optional parameters:  n/a
   Encoding considerations:  binary (CBOR)
   Security considerations:  Section 6 of RFCthis
   Interoperability considerations:  n/a
   Published specification:  RFCthis
   Applications that use this media type:  Attesters, Verifiers and
      Relying Parties
   Fragment identifier considerations:  The syntax and semantics of
      fragment identifiers are as specified for "application/cbor".  (No
      fragment identification syntax is currently defined for
      "application/cbor".)
   Person & email address to contact for further information:  RATS WG
      mailing list (rats@ietf.org)
   Intended usage:  COMMON
   Restrictions on usage:  none
   Author/Change controller:  IETF
   Provisional registration:  no

7.1.2.  application/measured-component+json

   Type name:  application
   Subtype name:  measured-component+json
   Required parameters:  n/a
   Optional parameters:  n/a
   Encoding considerations:  binary (JSON is UTF-8-encoded text)
   Security considerations:  Section 6 of RFCthis
   Interoperability considerations:  n/a
   Published specification:  RFCthis
   Applications that use this media type:  Attesters, Verifiers and
      Relying Parties
   Fragment identifier considerations:  The syntax and semantics of





Frost, et al.           Expires 4 September 2024                [Page 9]

Internet-Draft           EAT Measured Component               March 2024


      fragment identifiers are as specified for "application/json".  (No
      fragment identification syntax is currently defined for
      "application/json".)
   Person & email address to contact for further information:  RATS WG
      mailing list (rats@ietf.org)
   Intended usage:  COMMON
   Restrictions on usage:  none
   Author/Change controller:  IETF
   Provisional registration:  no

7.2.  Measured Component Content-Format Registrations

   IANA is requested to register two Content-Format numbers in the "CoAP
   Content-Formats" sub-registry, within the "Constrained RESTful
   Environments (CoRE) Parameters" Registry [IANA.core-parameters], as
   follows:

      +=========================+================+======+===========+
      | Content-Type            | Content Coding | ID   | Reference |
      +=========================+================+======+===========+
      | application/measured-   | -              | TBD1 | RFCthis   |
      | component+cbor          |                |      |           |
      +-------------------------+----------------+------+-----------+
      | application/measured-   | -              | TBD2 | RFCthis   |
      | component+json          |                |      |           |
      +-------------------------+----------------+------+-----------+

                                  Table 5

8.  References

8.1.  Normative References

   [I-D.ietf-cbor-cddl-modules]
              Bormann, C., "CDDL Module Structure", Work in Progress,
              Internet-Draft, draft-ietf-cbor-cddl-modules-01, 18
              December 2023, <https://datatracker.ietf.org/doc/html/
              draft-ietf-cbor-cddl-modules-01>.

   [I-D.ietf-cbor-cddl-more-control]
              Bormann, C., "More Control Operators for CDDL", Work in
              Progress, Internet-Draft, draft-ietf-cbor-cddl-more-
              control-03, 26 February 2024,
              <https://datatracker.ietf.org/doc/html/draft-ietf-cbor-
              cddl-more-control-03>.






Frost, et al.           Expires 4 September 2024               [Page 10]

Internet-Draft           EAT Measured Component               March 2024


   [I-D.ietf-cose-key-thumbprint]
              Isobe, K., Tschofenig, H., and O. Steele, "CBOR Object
              Signing and Encryption (COSE) Key Thumbprint", Work in
              Progress, Internet-Draft, draft-ietf-cose-key-thumbprint-
              04, 23 October 2023,
              <https://datatracker.ietf.org/doc/html/draft-ietf-cose-
              key-thumbprint-04>.

   [I-D.ietf-rats-corim]
              Birkholz, H., Fossati, T., Deshpande, Y., Smith, N., and
              W. Pan, "Concise Reference Integrity Manifest", Work in
              Progress, Internet-Draft, draft-ietf-rats-corim-03, 23
              October 2023, <https://datatracker.ietf.org/doc/html/
              draft-ietf-rats-corim-03>.

   [I-D.ietf-rats-eat]
              Lundblade, L., Mandyam, G., O'Donoghue, J., and C.
              Wallace, "The Entity Attestation Token (EAT)", Work in
              Progress, Internet-Draft, draft-ietf-rats-eat-25, 15
              January 2024, <https://datatracker.ietf.org/doc/html/
              draft-ietf-rats-eat-25>.

   [IANA.core-parameters]
              IANA, "Constrained RESTful Environments (CoRE)
              Parameters",
              <https://www.iana.org/assignments/core-parameters>.

   [IANA.media-types]
              IANA, "Media Types",
              <https://www.iana.org/assignments/media-types>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/rfc/rfc2119>.

   [RFC7252]  Shelby, Z., Hartke, K., and C. Bormann, "The Constrained
              Application Protocol (CoAP)", RFC 7252,
              DOI 10.17487/RFC7252, June 2014,
              <https://www.rfc-editor.org/rfc/rfc7252>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.







Frost, et al.           Expires 4 September 2024               [Page 11]

Internet-Draft           EAT Measured Component               March 2024


   [RFC8610]  Birkholz, H., Vigano, C., and C. Bormann, "Concise Data
              Definition Language (CDDL): A Notational Convention to
              Express Concise Binary Object Representation (CBOR) and
              JSON Data Structures", RFC 8610, DOI 10.17487/RFC8610,
              June 2019, <https://www.rfc-editor.org/rfc/rfc8610>.

   [RFC9165]  Bormann, C., "Additional Control Operators for the Concise
              Data Definition Language (CDDL)", RFC 9165,
              DOI 10.17487/RFC9165, December 2021,
              <https://www.rfc-editor.org/rfc/rfc9165>.

   [RFC9393]  Birkholz, H., Fitzgerald-McKay, J., Schmidt, C., and D.
              Waltermire, "Concise Software Identification Tags",
              RFC 9393, DOI 10.17487/RFC9393, June 2023,
              <https://www.rfc-editor.org/rfc/rfc9393>.

8.2.  Informative References

   [I-D.tschofenig-rats-psa-token]
              Tschofenig, H., Frost, S., Brossard, M., Shaw, A. L., and
              T. Fossati, "Arm's Platform Security Architecture (PSA)
              Attestation Token", Work in Progress, Internet-Draft,
              draft-tschofenig-rats-psa-token-22, 21 February 2024,
              <https://datatracker.ietf.org/doc/html/draft-tschofenig-
              rats-psa-token-22>.

Appendix A.  Collected CDDL

   TODO

Appendix B.  Open Issues

   The list of currently open issues for this documents can be found at
   https://github.com/thomas-fossati/draft-fft-rats-eat-measured-
   component/issues.


   // Note to RFC Editor: please remove before publication.

Acknowledgments

   The authors would like to thank Carsten Bormann for comments, reviews
   and suggestions.

Authors' Addresses

   Simon Frost
   Arm



Frost, et al.           Expires 4 September 2024               [Page 12]

Internet-Draft           EAT Measured Component               March 2024


   Email: Simon.Frost@arm.com


   Thomas Fossati
   Linaro
   Email: Thomas.Fossati@linaro.org


   Hannes Tschofenig
   Siemens
   Email: Hannes.Tschofenig@siemens.com








































Frost, et al.           Expires 4 September 2024               [Page 13]