Network Device Attestation Workflow
draft-fedorkow-rats-network-device-attestation-00
RATS Working Group G. Fedorkow, Ed.
Internet-Draft Juniper Networks, Inc.
Intended status: Informational J. Fitzgerald-McKay
Expires: January 1, 2020 National Security Agency
June 30, 2019
Network Device Attestation Workflow
draft-fedorkow-rats-network-device-attestation-00
Abstract
This document describes a workflow for network device attestation.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 1, 2020.
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Fedorkow & Fitzgerald-McKExpires January 1, 2020 [Page 1]
Internet-Draft Network Device Attestation Workflow June 2019
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
1.2. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3. Problem Description . . . . . . . . . . . . . . . . . . . 4
1.4. Solution Requirements . . . . . . . . . . . . . . . . . . 6
1.5. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.5.1. Out of Scope . . . . . . . . . . . . . . . . . . . . 8
1.5.2. Why Remote Integrity Verification? . . . . . . . . . 8
1.5.3. Network Device Attestation Challenges . . . . . . . . 8
1.5.4. Why is OS Attestation Different? . . . . . . . . . . 9
2. Solution Outline . . . . . . . . . . . . . . . . . . . . . . 10
2.1. 2.1 RIV Software Configuration Attestation using TPM . . 10
2.2. RIV Keying . . . . . . . . . . . . . . . . . . . . . . . 11
2.3. RIV Information Flow . . . . . . . . . . . . . . . . . . 12
2.4. RIV Simplifying Assumptions . . . . . . . . . . . . . . . 13
2.4.1. DevID Alternatives . . . . . . . . . . . . . . . . . 14
2.4.2. Additional Attestation of Platform Characteristics . 14
2.4.3. Root of Trust for Measurement . . . . . . . . . . . . 15
2.4.4. Reference Integrity Measurements (RIMs) . . . . . . . 15
2.4.5. Attestation Logs . . . . . . . . . . . . . . . . . . 16
3. Standards Components . . . . . . . . . . . . . . . . . . . . 17
3.1. Reference Models . . . . . . . . . . . . . . . . . . . . 17
3.1.1. IETF Reference Model for Challenge-Response Remote
Attestation . . . . . . . . . . . . . . . . . . . . . 17
3.2. RIV Workflow . . . . . . . . . . . . . . . . . . . . . . 18
3.3. Layering Model for Network Equipment Attester and
Verifier . . . . . . . . . . . . . . . . . . . . . . . . 20
4. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . 21
5. Appendix . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.1. Implementation Notes . . . . . . . . . . . . . . . . . . 22
5.2. Comparison with TCG PTS / IETF NEA . . . . . . . . . . . 24
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 25
7. Security Considerations . . . . . . . . . . . . . . . . . . . 26
8. Informative References . . . . . . . . . . . . . . . . . . . 26
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 29
1. Introduction
There are many components to consider in fielding a trusted computing
device, from operating systems to applications. Part of that is a
trusted supply chain, where manufacturers can certify that the
product they intended to build is actually the one that was installed
at a customer's site.
Show full document text