-
Notifications
You must be signed in to change notification settings - Fork 0
/
trust enhanced i2nsf
1061 lines (1002 loc) · 51.6 KB
/
trust enhanced i2nsf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?xml version="1.0" encoding="US-ASCII"?>
<!-- This template is for creating an Internet Draft using xml2rfc,
which is available here: http://xml2rfc.tools.ietf.org. -->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!-- One method to get references from the online citation libraries.
There has to be one entity for each item to be referenced.
An alternate method (rfc include) is described in the references. -->
<!ENTITY RFC8329 SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8329.xml">
<!ENTITY RFC8392 SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8392.xml">
<!ENTITY RFC7519 SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7519.xml">
<!ENTITY RFC3688 SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.3688.xml">
<!ENTITY RFC7950 SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.7950.xml">
<!ENTITY RFC8525 SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8525.xml">
<!ENTITY RFC2119 SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml">
<!ENTITY I-D.ietf-rats-architecture SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-rats-architecture.xml">
<!ENTITY I-D.ietf-rats-tpm-based-network-device-attest SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-rats-tpm-based-network-device-attest.xml">
<!ENTITY I-D.ietf-i2nsf-nsf-monitoring-data-model SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-i2nsf-nsf-monitoring-data-model.xml">
<!ENTITY I-D.ietf-rats-yang-tpm-charra SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-rats-yang-tpm-charra.xml">
<!ENTITY I-D.ietf-rats-eat SYSTEM "http://xml2rfc.tools.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-rats-eat.xml">
]>
<?xml-stylesheet type='text/xsl' href='rfc2629.xslt' ?>
<!-- used by XSLT processors -->
<!-- For a complete list and description of processing instructions (PIs),
please see http://xml2rfc.tools.ietf.org/authoring/README.html. -->
<!-- Below are generally applicable Processing Instructions (PIs) that most I-Ds might want to use.
(Here they are set differently than their defaults in xml2rfc v1.32) -->
<?rfc strict="yes" ?>
<!-- give errors regarding ID-nits and DTD validation -->
<!-- control the table of contents (ToC) -->
<?rfc toc="yes"?>
<!-- generate a ToC -->
<?rfc tocdepth="4"?>
<!-- the number of levels of subsections in ToC. default: 3 -->
<!-- control references -->
<?rfc symrefs="yes"?>
<!-- use symbolic references tags, i.e, [RFC2119] instead of [1] -->
<?rfc sortrefs="yes" ?>
<!-- sort the reference entries alphabetically -->
<!-- control vertical white space
(using these PIs as follows is recommended by the RFC Editor) -->
<?rfc compact="yes" ?>
<!-- do not start each main section on a new page -->
<?rfc subcompact="no" ?>
<!-- keep one blank line between list items -->
<!-- end of list of popular I-D processing instructions -->
<rfc category="info" docName="draft-yang-i2nsf-trust-enhanced-i2nsf-00" ipr="trust200902">
<!-- category values: std, bcp, info, exp, and historic
ipr values: full3667, noModification3667, noDerivatives3667
you can add the attributes updates="NNNN" and obsoletes="NNNN"
they will automatically be output with "(if approved)" -->
<!-- ***** FRONT MATTER ***** -->
<front>
<!-- The abbreviated title is used in the page header - it is only necessary if the
full title is longer than 39 characters -->
<title abbrev="Trust Enhanced I2NSF">Trust Enhanced I2NSF</title>
<!-- add 'role="editor"' below for the editors if appropriate -->
<!-- Another author who claims to be an editor -->
<author fullname="Penglin Yang" initials="P." role="editor" surname="Yang">
<organization>China Mobile</organization>
<address>
<postal>
<street>32 Xuanwumen West Street, Xicheng District</street>
<!-- Reorder these if your country does things differently -->
<city>Beijing</city>
<region></region>
<code>100053</code>
<country>China</country>
</postal>
<phone></phone>
<email>[email protected]</email>
<!-- uri and facsimile elements may also be added -->
</address>
</author>
<author fullname="Meiling Chen" initials="M." role="editor" surname="Chen">
<organization>China Mobile</organization>
<address>
<postal>
<street>32 Xuanwumen West Street, Xicheng District</street>
<!-- Reorder these if your country does things differently -->
<city>Beijing</city>
<region></region>
<code>100053</code>
<country>China</country>
</postal>
<phone></phone>
<email>[email protected]</email>
<!-- uri and facsimile elements may also be added -->
</address>
</author>
<author fullname="Li Su" initials="L." role="editor" surname="Su">
<organization>China Mobile</organization>
<address>
<postal>
<street>32 Xuanwumen West Street, Xicheng District</street>
<!-- Reorder these if your country does things differently -->
<city>Beijing</city>
<region></region>
<code>100053</code>
<country>China</country>
</postal>
<phone></phone>
<email>[email protected]</email>
<!-- uri and facsimile elements may also be added -->
</address>
</author>
<author fullname="Diego Lopiz" initials="" role="editor" surname="">
<organization>Telofonica</organization>
</author >
<author fullname="Jaehoon Paul Jeong" initials="" role="editor" surname="">
<organization>University</organization>
</author>
<date month="January" year="2022" />
<!-- If the month and year are both specified and are the current ones, xml2rfc will fill
in the current day for you. If only the current year is specified, xml2rfc will fill
in the current day and month for you. If the year is not the current one, it is
necessary to specify at least a month (xml2rfc assumes day="1" if not specified for the
purpose of calculating the expiry date). With drafts it is normally sufficient to
specify just the year. -->
<!-- Meta-data Declarations -->
<area>General</area>
<workgroup>I2NSF Working Group</workgroup>
<!-- WG name at the upperleft corner of the doc,
IETF is fine for individual submissions.
If this element is not present, the default is "Network Working Group",
which is used by the RFC Editor as a nod to the history of the IETF. -->
<keyword>trust enhanced I2NSF, remote attestation</keyword>
<!-- Keywords will be incorporated into HTML output
files in a meta tag but they have no effect on text or nroff
output. If you submit your draft to the RFC Editor, the
keywords will be used for the search engine. -->
<abstract>
<t>This document describes the architecture and interfaces of Trust Enhanced I2NSF. In this architecture remote attestation procedure will be used to appraise the NSF system and finally enhance the trustworthiness of NSF. Specific architecutre of trust enhanced I2NSF and interfaces will be designed to fit into the existing I2NSF architecture.</t>
</abstract>
</front>
<middle>
<section anchor="intro" title="Introduction">
<t>NSF is always used in remote scenarios, in which it is hard to guarantee if the deployment environment is security and the NSF is properly deployed. If the deploy environment or the NSF is compromised, the behavior and the feedback of NSF cannot be trusted.</t>
<t>Remote attestation procedure <xref target="I-D.ietf-rats-architecture"></xref> provides an efficient mechanism that a relying party like NSF security controller could appraise if the NSF and the basic platform are trusted. The general remote attestation procedure has been defined by RATs group, however specific interfaces and implementation still need to be determined in I2NSF. This draft aims to create a unified trust enhanced I2NSF architecture to enable remote attestation and promote the security of NSF.
</t>
<t>This document will follow the definition of I2NSF <xref target="RFC8329"></xref> and I2NSF NSF Monitoring Interface YANG Data Model <xref target="I-D.ietf-i2nsf-nsf-monitoring-data-model"></xref>, and will also keep align with RATs architecture.</t>
</section>
<section anchor="term" title="Terminology">
<section title="Terms">
<t>RATs: Remote Attestation Procedure</t>
<t>RoT: Root of Trust</t>
<t>TPM: Trusted platform module</t>
<t>TEE: Trust Execution Environment</t>
<t>RVP: Reference Value Provider</t>
<t>TENMI: Trust Enhanced Network Monitoring Interface</t>
<t>TERI: Trust Enhanced Registration Interface</t>
</section>
<section title="Requirements Language">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <xref
target="RFC2119">RFC 2119</xref>.</t>
</section>
</section>
<section anchor="scope" title="Scope and Motivation">
<section title="Scope">
<t>The scope of this document mainly focuses on the architecture and expanded interfaces of trust enhanced I2NSF. The specific of how to implement measurement or how to make remote attestation evidence is out of scope.</t>
</section>
<section title="Motivation">
<t>The architecture of I2NSF aims to provide network security functions to network users. Often, the users are in remote environment and the platform to deploy these network security functions may not be trusted. As a consequence, this will bring several severe threats to the NSF.
The first threat is malfunction of NSF. The inappropriate deployment of NSF or the defective platform in wheree runs NSF will affect the behaviour of NSF directly.
The second threat is the leak of digital asset like policy rules and security intelligence, which is provided from the security controller. If the remote environment is malicious, it will be hard to prevent the leakage. Consider a secuiry company provides NSF in where contains lots of policy rules such as DDoS prevention, traffic filter, AI module, etc. If the platform who carrys the NSF is malicious, it could steal this digital asset for other rivals or attackers.
The third threat is the potential spoofing attack to the NSF architecture. Adversary could use the compromised NSF to feedback spoofing information or other attacking information to attack or penetrate the NSF architecture. The attackers in platfom could also disturb the action of NSF, and feedback the fake notification or event to security controller.</t>
<t>The solution of these threats is also straight, which is using remote attestation to make sure the remote platform is trusted and the NSF is well deployed. While it is true that any environment is vulnerable to malicious activity with full physical access (and this is obviously beyond the scope of this document), the application of attestation mechanisms raises the degree of physical control necessary to perform an untraceable malicious modification of the environment.</t>
<t>When designing trust enhanced I2NSF, three aspects need to be considered. First, determine the trsut enhanced architecture. Second, refer to the appropriate specifications defined in RATs to create trust enhanced NSF interfaces. Third, cover the heterogeneity architecture of specific trust architecture like TPM and TEE.</t>
</section>
</section>
<section anchor="information_model" title="Information Model">
<section title="Architecture of Trust Enhanced I2NSF">
<figure align="center" anchor="architecture" title="architecture of Trust Enhanced I2NSF">
<artwork align="center"><![CDATA[
+------------+ +------------+
| | | |
| NSF User | +---------+ Endorser |
| | | | |
+---+--------+ | +------------+
| |
| +---------+
| |
+---+------+---+ +--------------+
| | | |
| Security +--------------+ Developer's |
| Controller | | Mgmt System |
+-+----------+-+ +-+----------+-+
| Verifier/| | Reference|
| Relying | | Value |
| Party | | Provider/|
+----+-----+ | Interface|
| +----------+
+---------------------+
| |
+------+-------+ +------+-------+
| | | |
| NSF1 + | NSFn |
| | | |
+--+--------+--+ +--+--------+--+
| RoT | | RoT |
+--------+ +--------+
]]></artwork>
</figure>
<t>As shown in figure one is the trust enhanced I2NSF architecture. In this architecture, several new components are introduced to NSF. The first component is RoT which is deployed in the basic platform of NSF as a hardware. The second component is Verifier/Relying Party, which is deployed as part of Security Controller. This component is in charge of verifying if the attestation evidence is complied with the reference value. The third component is the Reference Value Provider, which will bring the reference value of NSF image and deployment environment to Security Controller. In some conditions, the RVP could be some other venders like a blockchain, a third parity security provider. So the RVP component may be an interface that receive RVP form the third party. And this interface is out of scope of this document. The fourth component is Endorser, which will provie the endorsement of RoT. And the verifier could use Endorser to verify the endorsement status of RoT.</t>
</section>
<section title="Root of Trust">
<t>Root of Trust is a hardware-based component that could provide endorsement information and relevant functions that cannot be stolen, tampered, or repudiated. RoT MUST be deployed in the basic hardware platform of NSF. Technologies like <xref target="TCGRoT"></xref> and <xref target="TEE"></xref> could act as RoT.</t>
<t>The architecture of specific RoT is out of scope of this document. But in order to elaborate RoT more clearly, the following segment uses TPM <xref target="tpm12"></xref><xref target="tpm20"></xref> as an example to illustrate. TPM keeps EK(Endorsement Key) to identify its identity. EK is an asymmetric key pair, which will never expose its secret key to public. TPM also derives certain AIKs(Attestation Identity Key) from EK to avoid the exposure of TPM's real identity(EK) during remote attestation. During the booting period, the TPM will record the Hash of measurement of bootloader, OS kernel and applications to a series of PCRs (Platform Configuration Registers), which cannot be tampered. If a remote attestation procedure is initiated, the PCR value will be signed by AIK and send to the verifier for appraising. The specific procedures are based on<xref target="I-D.ietf-rats-tpm-based-network-device-attest"></xref>, which illustrates how integrity verification works inside a network device.</t>
</section>
<section title="Verifier/Relying Party">
<t>The Verifier/Relying Party is deployed in Security Controller. In the original architecture of RATs, Verifier and Relying Party could be different components. Verifier is in charge of verifying the remote attestation evidence from attester. The Relying Party is in charge of appraising the attestation result from Verifier. This indicates that the Relying Party does not have to know the detail of remote attestation evidence and could only focus on the final attestation result and make policies. While in NSF, both the role of Verifier and Relying Party will be included in Security Controller to reduce the redundancy of system.</t>
</section>
<section title="Reference Value Provider">
<t>The Developer's Mgmt System is in charge of providing reference value of NSF and the deployment platform. The reference value will be conveyed to Security Controller as the benchmark when verifying remote attestation evidence from attester. When the reference value needs to be collected by third party, the Reference Value Interface or other out-of-band methods in Developer's Mgmt System will be used.</t>
</section>
<section title="Endorser">
<t>The Endorser is in charge of providing endorsement to RoT. For example, both EK and AIK in TPM are endorsed by Endorser. The communication between RoT and Endorser is based on specific RoT hardware, and usually has been setup during manufactureing. The Security Controller also needs to communicate with Endorser to get the endorsement of RoT before appraising attestation evidence.</t>
</section>
</section>
<section anchor="data_model" title="Data Model of Trust Enhanced I2NSF">
<t>Based on the trust enhanced architecture, the relevant interfaces are TENMI (Trust Enhanced NSF Monitoring Interface) and TERI (Trust Enhanced Registration Interface). The following document will depicit the Yang tree diagram and Yang data model of these two interfaces.</t>
<section title="Trust Enhanced NSF Monitoring Interface">
<t>The NSF Monitoring Interface is used to transfer extended monitoring information about the nsf and the hardware platform, like the system event, NSF event, etc. Remote attestation evidence in NSF could also be treated as an extended monitoring information.
And the TENMI focuses on the remote attestation procedure between NSF and security controller. This interface will be an extended feature of NSF Monitoring Interface <xref target="I-D.ietf-i2nsf-nsf-monitoring-data-model"></xref> and will fully comply with it.
Based on the NSF Monitoring Interface event type, the TENMI defines three Yang types for remote attestation: system events, system logs and RPC. The system event is representative of the events that will trigger the remote attestation of NSF, like platform booting, measurement result change, NSF deploy, etc. The system logs is representative of the periodic remote attestation activity. The third type is RPC in where the Verifier (Security Controller) will initiatively challenge the attester (NSF) for its trustworthiness. </t>
<t>At present, the RoT type now have two categories, one is TPM-based and the other is general TEE-based like Trust Zone. It can be expected that other trsuted computing architectures like Intel SGX <xref target="SGX"></xref> may also be involved in the near future. And also the TPM-based RoT is split in TPM12 and TPM20 versions respectively. When design this interface with TPM-based RoT, this document tries to refer to the existing document<xref target="I-D.ietf-rats-yang-tpm-charra"></xref> as much as possible to avoid unnecessary alignment work. And about the general TEE-based RoT, this document refers to the EAT document<xref target="I-D.ietf-rats-eat"></xref> and uses string format to express JWT<xref target="RFC7519"></xref>or CWT <xref target="RFC8392"></xref>.</t>
<section title="Yang Tree Diagram of Trust Enhanced NSF Monitoring Interface">
<t>The Yang tree of Trust Enhanced NSF Monitoring Interface is shown below.</t>
<figure>
<artwork><![CDATA[
module: ietf-i2nsf-nsf-trust-enhanced-monitoring
rpcs:
+---x nsf-challenge-response-attestation
+---w input
| +---w (RoT-type)?
| +--:(TPM12)
| | +---w tpm12-rpc
| | +---w pcr-index* pcr
| | +---w nonce-value binary
| | +---w certificate-name* tpm:certificate-name-ref {tpm:tpms}?
| +--:(TPM20)
| | +---w tpm20-pcr
| | +---w nonce-value binary
| | +---w tpm20-pcr-selection* []
| | | +---w tpm20-hash-algo? identityref
| | | +---w pcr-index* pcr
| | +---w certificate-name* tpm:certificate-name-ref {tpm:tpms}?
| +--:(TEE-general)
| +---w nonce? binary
| +---w certificate-name? string
+--ro output
+--ro (RoT-type)?
+--:(TPM12)
| +--ro tpm12-log
| +--ro name? string
| +--ro up-time? uint32
| +--ro (attested_event_log_type)
| +--:(bios) {bios}?
| | +--ro bios-event-logs
| | +--ro bios-event-entry* [event-number]
| | +--ro event-number uint32
| | +--ro event-type? uint32
| | +--ro pcr-index? pcr
| | +--ro digest-list* [hash-alog]
| | | +--ro hash-algo? identityref
| | | +--ro digest* binary
| | +--ro event-size? uint32
| | +--ro event-data* uint8
| +--:(ima) {ima}?
| | +--ro ima-event-logs
| | +--ro ima-event-entry* [event-number]
| | +--ro event-number uint64
| | +--ro ima-template? string
| | +--ro filename-hint? string
| | +--ro filedata-hash? binary
| | +--ro filedata-hash-algorithm? string
| | +--ro template-hash-algorithm? string
| | +--ro template-hash? binary
| | +--ro pcr-index? pcr
| | +--ro signature? binary
| +--:(netequip_boot) {netequip_boot}?
| +--ro boot-event-logs
| +--ro boot-event-entry* [event-number]
| +--ro event-number uint64
| +--ro ima-template? string
| +--ro filename-hint? string
| +--ro filedata-hash? binary
| +--ro filedata-hash-algorithm? string
| +--ro template-hash-algorithm? string
| +--ro template-hash? binary
| +--ro pcr-index? pcr
| +--ro signature? binary
+--:(TPM20)
| +--ro tpm20-log
| +--ro name? string
| +--ro up-time? uint32
| +--ro (attested_event_log_type)
| +--:(bios) {bios}?
| | +--ro bios-event-logs
| | +--ro bios-event-entry* [event-number]
| | +--ro event-number uint32
| | +--ro event-type? uint32
| | +--ro pcr-index? pcr
| | +--ro digest-list* [hash-alog]
| | | +--ro hash-algo? identityref
| | | +--ro digest* binary
| | +--ro event-size? uint32
| | +--ro event-data* uint8
| +--:(ima) {ima}?
| | +--ro ima-event-logs
| | +--ro ima-event-entry* [event-number]
| | +--ro event-number uint64
| | +--ro ima-template? string
| | +--ro filename-hint? string
| | +--ro filedata-hash? binary
| | +--ro filedata-hash-algorithm? string
| | +--ro template-hash-algorithm? string
| | +--ro template-hash? binary
| | +--ro pcr-index? pcr
| | +--ro signature? binary
| +--:(netequip_boot) {netequip_boot}?
| +--ro boot-event-logs
| +--ro boot-event-entry* [event-number]
| +--ro event-number uint64
| +--ro ima-template? string
| +--ro filename-hint? string
| +--ro filedata-hash? binary
| +--ro filedata-hash-algorithm? string
| +--ro template-hash-algorithm? string
| +--ro template-hash? binary
| +--ro pcr-index? pcr
| +--ro signature? binary
+--:(TEE-general)
+--ro (token-type)?
+--:(cwt)
| +--ro eat-header-cwt? string
| +--ro eat-payload-cwt? string
| +--ro eat-signature-cwt? string
+--:(jwt)
+--ro eat-header-jwt? string
+--ro eat-payload-jwt? string
+--ro eat-signature-jwt? string
notifications:
+---n i2nsf-trust-enhanced-event
| +--ro hardware-type string
| +--ro operating-system-type string
| +--ro acquisition-method? identityref
| +--ro emission-type? identityref
| +--ro dampening-type? identityref
| +--ro user string
| +--ro group* string
| +--ro ip-address inet:ip-address
| +--ro authentication? identityref
| +--ro message? string
| +--ro vendor-name? string
| +--ro nsf-name? union
| +--ro severity? severity
| +--ro (RoT-type)?
| +--:(TPM12)
| | +--ro tpm12-nsf-rats {taa:tpm12}?
| | +--ro certificate-name certificate-name-ref
| | +--ro up-time? uint32
| | +--ro TPM_QUOTE2? binary
| +--:(TPM20)
| | +--ro tpm20-nsf-rats {taa:tpm20}?
| | +--ro certificate-name certificate-name-ref
| | +--ro TPMS_QUOTE_INFO binary
| | +--ro quote-signature? binary
| | +--ro up-time? uint32
| | +--ro unsigned-pcr-values* []
| | +--ro tpm20-hash-algo? identityref
| | +--ro pcr-values* [pcr-index]
| | +--ro pcr-index pcr
| | +--ro pcr-value? binary
| +--:(TEE-general)
| +--ro (token-type)?
| +--:(cwt)
| | +--ro eat-header-cwt? string
| | +--ro eat-payload-cwt? string
| | +--ro eat-signature-cwt? string
| +--:(jwt)
| +--ro eat-header-jwt? string
| +--ro eat-payload-jwt? string
| +--ro eat-signature-jwt? string
+---n i2nsf-trsut-enhanced-log
+--ro message? string
+--ro vendor-name? string
+--ro nsf-name? union
+--ro severity? severity
+--ro (RoT-type)?
+--:(TPM12)
| +--ro tpm12-log
| +--ro name? string
| +--ro up-time? uint32
| +--ro (attested_event_log_type)
| +--:(bios) {bios}?
| | +--ro bios-event-logs
| | +--ro bios-event-entry* [event-number]
| | +--ro event-number uint32
| | +--ro event-type? uint32
| | +--ro pcr-index? pcr
| | +--ro digest-list* [hash-alog]
| | | +--ro hash-algo? identityref
| | | +--ro digest* binary
| | +--ro event-size? uint32
| | +--ro event-data* uint8
| +--:(ima) {ima}?
| | +--ro ima-event-logs
| | +--ro ima-event-entry* [event-number]
| | +--ro event-number uint64
| | +--ro ima-template? string
| | +--ro filename-hint? string
| | +--ro filedata-hash? binary
| | +--ro filedata-hash-algorithm? string
| | +--ro template-hash-algorithm? string
| | +--ro template-hash? binary
| | +--ro pcr-index? pcr
| | +--ro signature? binary
| +--:(netequip_boot) {netequip_boot}?
| +--ro boot-event-logs
| +--ro boot-event-entry* [event-number]
| +--ro event-number uint64
| +--ro ima-template? string
| +--ro filename-hint? string
| +--ro filedata-hash? binary
| +--ro filedata-hash-algorithm? string
| +--ro template-hash-algorithm? string
| +--ro template-hash? binary
| +--ro pcr-index? pcr
| +--ro signature? binary
+--:(TPM20)
| +--ro tpm20-log
| +--ro name? string
| +--ro up-time? uint32
| +--ro (attested_event_log_type)
| +--:(bios) {bios}?
| | +--ro bios-event-logs
| | +--ro bios-event-entry* [event-number]
| | +--ro event-number uint32
| | +--ro event-type? uint32
| | +--ro pcr-index? pcr
| | +--ro digest-list* [hash-alog]
| | | +--ro hash-algo? identityref
| | | +--ro digest* binary
| | +--ro event-size? uint32
| | +--ro event-data* uint8
| +--:(ima) {ima}?
| | +--ro ima-event-logs
| | +--ro ima-event-entry* [event-number]
| | +--ro event-number uint64
| | +--ro ima-template? string
| | +--ro filename-hint? string
| | +--ro filedata-hash? binary
| | +--ro filedata-hash-algorithm? string
| | +--ro template-hash-algorithm? string
| | +--ro template-hash? binary
| | +--ro pcr-index? pcr
| | +--ro signature? binary
| +--:(netequip_boot) {netequip_boot}?
| +--ro boot-event-logs
| +--ro boot-event-entry* [event-number]
| +--ro event-number uint64
| +--ro ima-template? string
| +--ro filename-hint? string
| +--ro filedata-hash? binary
| +--ro filedata-hash-algorithm? string
| +--ro template-hash-algorithm? string
| +--ro template-hash? binary
| +--ro pcr-index? pcr
| +--ro signature? binary
+--:(TEE-general)
+--ro (token-type)?
+--:(cwt)
| +--ro eat-header-cwt? string
| +--ro eat-payload-cwt? string
| +--ro eat-signature-cwt? string
+--:(jwt)
+--ro eat-header-jwt? string
+--ro eat-payload-jwt? string
+--ro eat-signature-jwt? string
]]></artwork>
</figure>
</section>
<section title="Yang Data Model of Trust Enhanced NSF Monitoring Interface">
<t>The Yang Model of Trust Enhanced NSF Monitoring Interface is shown below.</t>
<figure>
<artwork><![CDATA[
module ietf-i2nsf-nsf-trust-enhanced-monitoring{
yang-version 1.1;
namespace
"urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-trust-enhanced-monitoring";
prefix
nsftemi;
import ietf-i2nsf-nsf-monitoring{
prefix nsfmi;
reference
"reference of nsf monitoring interface";
}
import ietf-tcg-algs{
prefix taa;
}
import ietf-tpm-remote-attestation{
prefix tpm;
}
organization
"IETF I2NSF (Interface to Network Security Functions) Working Group";
contact
"WG Web: <http://tools.ietf.org/wg/i2nsf>
WG List: <mailto:[email protected]>
Editor: Penglin Yang
<mailto:[email protected]>";
description
"This module is a YANG module for I2NSF NSF Trust Enhanced Monitoring Interface.";
identity RoT-type{
description
"RoT have different types, like TPM, TEE, SGX, etc.";
}
identity certificate-name-ref{
description
"TPM based variant";
}
identity TPM12{
description
"RoT type is TPM1.2";
}
identity TPM20{
description
"RoT type is TPM2.0";
}
identity TEE-general{
description
"RoT type is TEE";
}
identity cwt{
description
"cbor web token for remote attestation";
}
identity jwt{
description
"json web token for remote attestation";
}
grouping nsf-remote-attestation{
choice RoT-type{
case TPM12{
container tpm12-nsf-rats{
if-feature "taa:tpm12";
description
"since this message was triggered by event, there is no input
from RPC. The pcr value is provided by device automatically, the
nonce value NEED to be replaced by the event time";
uses tpm:certificate-name-ref;
uses tpm:tpm12-attestation;
}
}
case TPM20{
container tpm20-nsf-rats{
if-feature "taa:tpm20";
description
"since this message was triggered by event, there is no input
from RPC. The pcr value is provided by device automatically, the
nonce value NEED to be repalced by the event time";
uses tpm:certificate-name-ref;
uses tpm:tpm20-attestation;
}
}
case TEE-general{
description
"if the RoT is TEE, then uses EAT as the reference of the attestation
result. The information includes: token-id; time-stamp; nonce;
hardware-version; software-description-version; security-level-claim;
secure-boot-claim; including-keys; location-claim; uptime-claim;
boot-seed-claim; intended-use-claim; profile-claim; software-manifest-claim;
software-evidence-claim";
//how describe cwt or jwt in Yang, string?
choice token-type{
case cwt{
leaf eat-header-cwt{
type string;
}
leaf eat-payload-cwt{
type string;
}
leaf eat-signature-cwt{
type string;
}
}
case jwt{
leaf eat-header-jwt{
type string;
}
leaf eat-payload-jwt{
type string;
}
leaf eat-signature-jwt{
type string;
}
}
}
}
}
}
grouping TEE-general-log{
description
"describe the TEE general log.";
choice token-type{
case cwt{
leaf eat-header-cwt{
type string;
}
leaf eat-payload-cwt{
type string;
}
leaf eat-signature-cwt{
type string;
}
}
case jwt{
leaf eat-header-jwt{
type string;
}
leaf eat-payload-jwt{
type string;
}
leaf eat-signature-jwt{
type string;
}
}
}
}
grouping remote-attestation-log{
description
"describe different kind of log";
choice RoT-type{
case TPM12{
description
"log recorded under the rule of TPM12";
container tpm12-log{
uses tpm:tpm-name;
uses tpm:node-uptime;
uses tpm:event-logs;
}
}
case TPM20{
description
"log recorded under the rule of TPM20";
container tpm20-log{
uses tpm:tpm-name;
uses tpm:node-uptime;
uses tpm:event-logs;
}
}
case TEE-general{
description
"log recorded under the rule of EAT";
uses TEE-general-log;
}
}
}
notification i2nsf-trust-enhanced-event{
description
"Notification for I2NSF trust enhanced Event.";
leaf hardware-type{
mandatory true;
type string;
}
leaf operating-system-type{
mandatory true;
type string;
}
uses nsfmi:characteristics;
uses nsfmi:i2nsf-system-event-type-content;
uses nsfmi:common-monitoring-data;
uses nsftemi:nsf-remote-attestation;
}
notification i2nsf-trsut-enhanced-log{
description
"This notification is for integrity measurement log,
which does not have to be responsed immediately";
uses nsfmi:common-monitoring-data;
uses remote-attestation-log;
}
rpc nsf-challenge-response-attestation{
description
"this is the unified rpc for trust enhanced nsf";
input{
choice RoT-type{
case TPM12{
container tpm12-rpc{
uses tpm:tpm12-pcr-selection;
uses tpm:nonce;
leaf-list certificate-name {
if-feature "tpm:tpms";
type tpm:certificate-name-ref;
must "/tpm:rats-support-structures/tpm:tpms"
+ "/tpm:tpm[tpm:firmware-version='taa:tpm12']"
+ "/tpm:certificates/"
+ "/tpm:certificate[name=current()]" {
error-message "Not an available TPM1.2 AIK certificate.";
}
description
"When populated, the RPC will only get a Quote for the
TPMs associated with these certificate(s).";
}
}
}
case TPM20{
container tpm20-pcr{
uses tpm:nonce;
uses tpm:tpm20-pcr-selection;
leaf-list certificate-name {
if-feature "tpm:tpms";
type tpm:certificate-name-ref;
must "/tpm:rats-support-structures/tpm:tpms"
+ "/tpm:tpm[tpm:firmware-version='taa:tpm20']"
+ "/tpm:certificates/"
+ "/tpm:certificate[name=current()]" {
error-message "Not an available TPM2.0 AIK certificate.";
}
description
"When populated, the RPC will only get a Quote for the
TPMs associated with the certificates.";
}
}
}
case TEE-general{
description
"there is no standard to reference";
leaf nonce{
type binary;
}
leaf certificate-name{
type string;
}
}
}
}
output{
uses remote-attestation-log;
}
}
}
]]></artwork>
</figure>
</section>
</section>
<section title="Trust Enhanced Registration interface">
<t>The reference value of a NSF needs to be conveyed by trust enhanced registration interface. The interface works between Security Controller and Developer's Management System. (One trivial thing needs to point out is that when refer to event-logs in ietf-tpm-remote-attestation in data node, the list of "digest-list" needs to define a key value. This condition determines future alignment with <xref target="I-D.ietf-rats-yang-tpm-charra"></xref>. )</t>
<section title="Yang Tree Diagram of Trust Enhanced Registration interface">
<figure>
<artwork><![CDATA[
module: ietf-i2nsf-nsf-trust-enhanced-registration-interface
+--rw reference-value-register
+--rw nsf-name string
+--rw hardware-type string
+--rw operating-system-type string
+--rw (RoT-type)?
+--:(TPM12)
| +--rw tpm12-ref
| +--rw (attested_event_log_type)
| +--:(bios) {bios}?
| | +--rw bios-event-logs
| | +--rw bios-event-entry* [event-number]
| | +--rw event-number uint32
| | +--rw event-type? uint32
| | +--rw pcr-index? pcr
| | +--rw digest-list* [hash-alog]
| | | +--rw hash-algo? identityref
| | | +--rw digest* binary
| | +--rw event-size? uint32
| | +--rw event-data* uint8
| +--:(ima) {ima}?
| | +--rw ima-event-logs
| | +--rw ima-event-entry* [event-number]
| | +--rw event-number uint64
| | +--rw ima-template? string
| | +--rw filename-hint? string
| | +--rw filedata-hash? binary
| | +--rw filedata-hash-algorithm? string
| | +--rw template-hash-algorithm? string
| | +--rw template-hash? binary
| | +--rw pcr-index? pcr
| | +--rw signature? binary
| +--:(netequip_boot) {netequip_boot}?
| +--rw boot-event-logs
| +--rw boot-event-entry* [event-number]
| +--rw event-number uint64
| +--rw ima-template? string
| +--rw filename-hint? string
| +--rw filedata-hash? binary
| +--rw filedata-hash-algorithm? string
| +--rw template-hash-algorithm? string
| +--rw template-hash? binary
| +--rw pcr-index? pcr
| +--rw signature? binary
+--:(TPM20)
| +--rw tpm20-ref
| +--rw (attested_event_log_type)
| +--:(bios) {bios}?
| | +--rw bios-event-logs
| | +--rw bios-event-entry* [event-number]
| | +--rw event-number uint32
| | +--rw event-type? uint32
| | +--rw pcr-index? pcr
| | +--rw digest-list* [hash-alog]
| | | +--rw hash-algo? identityref
| | | +--rw digest* binary
| | +--rw event-size? uint32
| | +--rw event-data* uint8
| +--:(ima) {ima}?
| | +--rw ima-event-logs
| | +--rw ima-event-entry* [event-number]
| | +--rw event-number uint64
| | +--rw ima-template? string
| | +--rw filename-hint? string
| | +--rw filedata-hash? binary
| | +--rw filedata-hash-algorithm? string
| | +--rw template-hash-algorithm? string
| | +--rw template-hash? binary
| | +--rw pcr-index? pcr
| | +--rw signature? binary
| +--:(netequip_boot) {netequip_boot}?
| +--rw boot-event-logs
| +--rw boot-event-entry* [event-number]
| +--rw event-number uint64
| +--rw ima-template? string
| +--rw filename-hint? string
| +--rw filedata-hash? binary
| +--rw filedata-hash-algorithm? string
| +--rw template-hash-algorithm? string
| +--rw template-hash? binary
| +--rw pcr-index? pcr
| +--rw signature? binary
+--:(TEE-generic)
+--rw (token-type)?
+--:(cwt)
| +--rw eat-header-cwt? string
| +--rw eat-payload-cwt? string
| +--rw eat-signature-cwt? string
+--:(jwt)
+--rw eat-header-jwt? string
+--rw eat-payload-jwt? string
+--rw eat-signature-jwt? string
]]></artwork>
</figure>
</section>
<section title="Yang Data Model of Trust Enhanced Registration interface">
<t>The Yang Model of Trust Enhanced Registration Interface is shown below. The registration information will refer to the system logs of remote attestation. The log infomation contains all the information needed by Security Controller to apparaise attester's evidence.</t>
<figure>
<artwork><![CDATA[
module ietf-i2nsf-nsf-trust-enhanced-registration-interface {
yang version 1.1;
namespace
"urn:ietf:params:xml:ns:yang:ietf-i2nsf-nsf-trust-enhanced-registration-interface";
prefix
nsfteri;
import ietf-tpm-remote-attestation{
prefix tpm;
}
import ietf-i2nsf-nsf-trust-enhanced-monitoring{
prefix nsftemi;
}
organization
"IETF I2NSF (Interface to Network Security Functions) Working Group";
contact
"WG Web: <http://tools.ietf.org/wg/i2nsf>
WG List: <mailto:[email protected]>
Editor: Penglin Yang
<mailto:[email protected]>";
description
"This module is a YANG module for I2NSF NSF Trust Enhanced Registration Interface.";
container reference-value-registration{
description
"the reference value is for nsf";
leaf nsf-name{
type string;
mandatory true;
description
"The name of nsf";
}
leaf hardware-type{
mandatory true;
type string;
}
leaf operating-system-type{
mandatory true;
type string;
}
choice RoT-type{
case TPM12{
container tpm12-ref{
uses tpm:event-logs;
}
}
case TPM20{
container tpm20-ref{
uses tpm:event-logs;
}
}
case TEE-generic{
uses nsftemi:TEE-general-log;
}
}
}
}
]]></artwork>
</figure>
</section>
</section>
</section>
<section anchor="IANA" title="IANA Considerations">
<t>This document requests IANA to register the following URI in the "IETF XML Registry" <xref target="RFC3688">RFC 3688</xref>:
<list hangIndent="10" style="empty">
<t>URI: urn:ietf:params:xml:ns:yang:ietf-i2nsf-trust-enhanced-monitoring
Registrant Contact: The IESG.</t>
<t>XML: N/A; the requested URI is an XML namespace.</t>
<t>URI: urn:ietf:params:xml:ns:yang:ietf-i2nsf-trust-enhanced-registration
Registrant Contact: The IESG.</t>
<t>XML: N/A; the requested URI is an XML namespace.</t>
</list>
</t>
<t>This document requests IANA to register the following YANG module in the "YANG Module Names" registry <xref target="RFC7950">RFC 7950</xref> <xref target="RFC8525">RFC 8525</xref>:
<list hangIndent="10" style="empty">
<t>Name: ietf-i2nsf-trsut-enhanced-monitoring-interface</t>
<t>Namespace: urn:ietf:params:xml:ns:yang:ietf-i2nsf-trust-enhanced-monitoring</t>
<t>Prefix: nsftemi</t>
<t>Reference: RFC XXXX</t>
<t>Name: ietf-i2nsf-trsut-enhanced-registration-interface</t>
<t>Namespace: urn:ietf:params:xml:ns:yang:ietf-i2nsf-trust-enhanced-registration</t>
<t>Prefix: nsfteri</t>
<t>Reference: RFC XXXX</t>
</list>
</t>
</section>
<section title="Security Considerations">
<t>This document introduces the architecture of trust enhanced I2NSF and designs related interfaces. Different RoT architectures have different trust ability and different appearance. Security Controller will determine if it will trust these remote attestation results by customized policy rules. The trust enhanced interfaces need to be protected by secure channel when transmission occurs. Meanwhile, the remote attestation results in trust enhanced interfaces are protected by their own mechanisms like TPM signature or token.</t>
</section>
</middle>
<back>
<references title="Normative Reference">
&RFC8329;
&I-D.ietf-rats-architecture;
&I-D.ietf-rats-tpm-based-network-device-attest;
&I-D.ietf-i2nsf-nsf-monitoring-data-model;
&I-D.ietf-rats-yang-tpm-charra;
&I-D.ietf-rats-eat;
&RFC7519;
&RFC8392;
&RFC3688;