Epoch Markers
Fraunhofer SIT
Rheinstrasse 75
Darmstadt
64295
Germany
henk.birkholz@sit.fraunhofer.de
Arm Limited
UK
Thomas.Fossati@arm.com
Huawei Technologies
william.panwei@huawei.com
Universität Bremen TZI
Bibliothekstr. 1
Bremen
D-28359
Germany
+49-421-218-63921
cabo@tzi.org
Security
RATS Working Group
Internet-Draft
Abstract Text
About This Document
Status information for this document may be found at .
Discussion of this document takes place on the
rats Working Group mailing list (),
which is archived at .
Source for this draft and an issue tracker can be found at
.
Introduction
Systems that are required to interact via secure interactions often require a shared understanding of the freshness of conveyed information, especially in the domain of remote attestation procedures.
Establishing a notion of freshness between various involved entities taking on roles that rely on information that is not outdated is not simple.
In general, establishing a shared understanding of freshness in a secure manner is not simple.
The RATS architecture dedicates an extensive appendix solely on the topic of freshness considerations and that fact alone should be considered a telltale sign on how necessary yet complex establishing a trusted and shared understanding of freshness between systems actually is.
This document provides a prominent way to establish a notion of freshness between systems: Epoch Markers.
Epoch Markers are messages that are like time ticks produced and conveyed by a system in a freshness domain: the Epoch Bell.
Systems that receive Epoch Markers do not have to track freshness with their own local understanding of time (e.g., a local real time clock).
Instead, each reception of a specific Epoch Marker rings in a new age of freshness that is shared between all recipients.
In essence, the emissions and corresponding receptions of Epoch Markers are like the ticks of a clock where the ticks are conveyed by the Internet.
The layout of the freshness domain in which Epoch Markers are conveyed like the ticks of a clock, introduces a domain-specific latency -- and therefore a certain uncertainty about tick accuracy.
While all Epoch Markers share the common characteristic of being like clock ticks in a freshness domain, there are various payload types that can make up the content of an Epoch Marker.
These different types of Epoch Marker payloads address several specific use cases and are laid out in this document.
While Epoch Markers are encoded in CBOR and many of the payload types are encoded in CBOR as well, a prominent payload is the Time Stamp Token content as defined by : a DER-encoded TSTInfo value.
Time Stamp Tokens (TST) produced by Time Stamp Authorities (TSA) are conveyed by the Time Stamp Protocol (TSP).
At the time of writing,
TSAs are the most common world-wide implemented secure timestamp token systems.
Reusing the essential TST payload structure as a payload type for CBOR encoded Epoch Markers makes sense with respect to migration paths and general interoperability.
But there is more than one way to represent a signed timestamp and other kinds of freshness ticks that can be used for Epoch Markers.
In this document, basic interaction models on how to convey Epoch Marchers are illustrated as they impact the message design of a generic Epoch Marker.
Then, the structure of Epoch Markers is specified using CDDL and the corresponding payload types are introduced and elaborated on.
To increase the level of trustworthiness in the Epoch Bell and the
system that produces them,
Epoch Markers also provide the option to include (concise) remote attestation evidence or corresponding remote attestation results.
Requirements Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14 when, and only when, they
appear in all capitals, as shown here.
Epoch IDs
The RATS architecture introduces the concept of Epoch IDs that mark certain events during remote attestation procedures ranging from simple handshakes to rather complex interactions including elaborate freshness proofs.
The Epoch Markers defined in this document are a solution that includes the lessons learned from TSAs, the concept of Epoch IDs and provides several means to identify a new freshness epoch. Some of these methods are introduced and discussed in .
Interaction Models
The interaction models illustrated in this section are derived from the RATS Reference Interaction Models.
In general there are three of them:
- ad-hoc requests (e.g., via challenge-response requests addressed at Epoch Bells), corresponding to Section 7.1 in
- unsolicited distribution (e.g., via uni-directional methods, such as broad- or multicasting from Epoch Bells), corresponding to Section 7.2 in
- solicited distribution (e.g., via a subscription to Epoch Bells), corresponding to Section 7.3 in
Epoch Marker CDDL
epoch-marker = [
header,
$payload,
]
header = {
? challenge-response-nonce,
? remote-attestation-evidence, ; could be EAT or Concise Evidence
? remote-attestation-results, ; hopefully EAT with AR4SI Claims
}
challenge-response-nonce = (1: "PLEASE DEFINE")
remote-attestation-evidence = (2: "PLEASE DEFINE")
remote-attestation-results = (3: "PLEASE DEFINE")
;payload types independent on interaction model
$payload /= native-rfc3161-TST-info
$payload /= TST-info-based-on-CBOR-time-tag
$payload /= CBOR-time-tag
$payload /= multi-nonce
$payload /= multi-nonce-list
$payload /= strictly-monotonically-increasing-counter
native-rfc3161-TST-info = bytes ; DER-encoded value of TSTInfo
; ~~~
; ~~~ translation with a few poetic licenses of ASN.1 TSTInfo into CDDL
; ~~~
TST-info-based-on-CBOR-time-tag = {
&(version : 0) => int .default 1 ; obsolete?
&(policy : 1) => oid
&(messageImprint : 2) => MessageImprint
&(serialNumber : 3) => int
&(eTime : 4) => profiled-etime
? &(accuracy : 5) => rfc3161-accuracy
&(ordering : 6) => bool .default false
? &(nonce : 7) => int
? &(tsa : 8) => GeneralName
* $$TSTInfoExtensions
}
; based on COSE_Hash_Find (draft-ietf-cose-hash-algs)
MessageImprint = [
hashAlg : int
hashValue : bstr
]
rfc3161-accuracy = non-empty<{
? &(seconds : 0) => int
? &(millis: 1) => 1..999
? &(micros: 2) => 1..999
}>
; timeMap profiles etime from https://datatracker.ietf.org/doc/html/draft-ietf-cbor-time-tag
profiled-etime = #6.1001(timeMap)
timeMap = {
1 => #6.1(int / float) ; TIME_T
* int => any
}
; Section 11.8 of I-D.ietf-cose-cbor-encoded-cert
GeneralName = [ GeneralNameType : int, GeneralNameValue : any ]
; stuff
oid = #6.111(bstr)
non-empty<M> = (M) .and ({ + any => any })
CBOR-time-tag = [
time-tag,
? nonce
]
time-tag = "PLEASE DEFINE"
nonce = "PLEASE DEFINE"
multi-nonce = tstr / bstr / int
multi-nonce-list = [+ multi-nonce]
strictly-monotonically-increasing-counter = uint ; counter context? per issuer? per indicator?
References
Normative References
Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)
This document describes the format of a request sent to a Time Stamping Authority (TSA) and of the response that is returned. It also establishes several security-relevant requirements for TSA operation, with regards to processing requests to generate responses. [STANDARDS-TRACK]
Key words for use in RFCs to Indicate Requirement Levels
In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.
Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words
RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.
Informative References
Remote Attestation Procedures Architecture
Fraunhofer SIT
Microsoft
Sandelman Software Works
Intel Corporation
Huawei Technologies
In network protocol exchanges it is often useful for one end of a
communication to know whether the other end is in an intended
operating state. This document provides an architectural overview of
the entities involved that make such tests possible through the
process of generating, conveying, and evaluating evidentiary claims.
An attempt is made to provide for a model that is neutral toward
processor architectures, the content of claims, and protocols.
Reference Interaction Models for Remote Attestation Procedures
Fraunhofer SIT
Fraunhofer SIT
Huawei Technologies
Cisco Systems
This document describes interaction models for remote attestation
procedures (RATS). Three conveying mechanisms -- Challenge/Response,
Uni-Directional, and Streaming Remote Attestation -- are illustrated
and defined. Analogously, a general overview about the information
elements typically used by corresponding conveyance protocols are
highlighted.
RFC 3161 TSTInfo
As a reference for the definition of TST-info-based-on-CBOR-time-tag the code block below depicts the original layout of the TSTInfo structure from .
TSTInfo ::= SEQUENCE {
version INTEGER { v1(1) },
policy TSAPolicyId,
messageImprint MessageImprint,
-- MUST have the same value as the similar field in
-- TimeStampReq
serialNumber INTEGER,
-- Time-Stamping users MUST be ready to accommodate integers
-- up to 160 bits.
genTime GeneralizedTime,
accuracy Accuracy OPTIONAL,
ordering BOOLEAN DEFAULT FALSE,
nonce INTEGER OPTIONAL,
-- MUST be present if the similar field was present
-- in TimeStampReq. In that case it MUST have the same value.
tsa [0] GeneralName OPTIONAL,
extensions [1] IMPLICIT Extensions OPTIONAL }