Presentation is loading. Please wait.

Presentation is loading. Please wait.

Remote ATtestation ProcedureS (RATS)

Published byOsman Kunter Modified over 5 years ago

Similar presentations

Presentation on theme: "Remote ATtestation ProcedureS (RATS)"— Presentation transcript:

1 Remote ATtestation ProcedureS (RATS)
IETF 103, November 6, Bangkok Henk Birkholz Ned Smith Monty Wiseman Eric Voit

2 Trends in Trust Hosts Communications 100 % Trusted 1970’s 1990’s Today

3 Problem  Need Problem Need
Desire to understand host characteristics of peers to prevent communications with peers of compromised integrity But the integrity of assertions about host characteristics cannot be assured with software-based approaches alone (e.g. Network Endpoint Assessment) Need Assertions about characteristics of peers anchored in hardware roots of trust Means to convey assertions in a timely and secure fashion

4 Host Characteristics Hosts  System Components [RFC4949]
Host Characteristics = Assertions [ITU X.1252] that can be signed

5 Root of Trust (RoT) NIST SP 800-164
“Security primitives composed of hardware, firmware and/or software that provide a set of trusted, security-critical functions. They must always behave in an expected manner because their misbehavior cannot be detected. As such, RoTs need to be secured by their design” “Trusting” a Root of Trust is a decision made by the relying party.

6 Conveyance of Assertions
Network Protocols have to address requirements for secure conveyance of assertions Message Formats (e.g. data models) have to address requirements for secure conveyance of assertions Definition of the demarcation line is part of the work Some requirements: Freshness Integrity Confidentiality Privacy

7 The General Model for Remote Attestation (in ASCII Art)

8 Proposed Remote Attestation Model
Attribute cert provisioned by device vendor Device manufacturer ROT manufacturer Private key and X.509 certificate provisioned by ROT manufacture Obtain CA certificates to chain up attestation & attribute certs to trusted roots. Device Lots of assertions about ROT Nonce ROT Lots of signed assertions about Device Att Key Relying Party / Verifier Measurements Remote Attestation Nonce Assertions… Signed Assertions… Signature Signature and public key verification process Lots of assertions + verification of multiple signatures Risk engine Evidence creation & signing Private keys for signing. Stored securely on ROT.

Download ppt "Remote ATtestation ProcedureS (RATS)"

Similar presentations

Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
DNS-centric PKI Sean Turner Russ Housley Tim Polk.

DNS-centric PKI Sean Turner Russ Housley Tim Polk.
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
14 May 2002© 2000-02 TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.

14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)
Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.

Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Similar presentations

Ads by Google