RATS Working Group H. Labiod Internet-Draft A. Lamouchi Intended status: Informational J. Zhang Expires: 4 January 2025 Huawei Technologies A. Duda Grenoble INP H. Birkholz Fraunhofer SIT 3 July 2024 Attester Groups for Remote Attestation draft-labiod-rats-attester-groups-00 Abstract This document proposes an extension to the Remote Attestation Procedures architecture as defined in [RFC9334] by introducing the concept of Attester Groups. This extension aims to reduce computational and communication overhead by enabling collective attestation of devices with similar characteristics, thereby improving the scalability of attestation processes. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 4 January 2025. Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Labiod, et al. Expires 4 January 2025 [Page 1] Internet-Draft Attester Groups for Remote Attestation July 2024 Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 3. Attester Group and Comparison to Composite Devices . . . . . 3 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 3 Appendix A. Implementation Considerations . . . . . . . . . . . 4 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction [RFC9334] defines Attesters as entities comprising at least one Attesting Environment and one Target Environment. It also introduces configurations, such as Composite Devices and Layered Attesters. However, mechanisms for efficiently managing multiple, independent Attesters are missing. Assessing the trustworthiness of large numbers of independent devices individually can result in high conveyance and processing overhead. This comes into effect particularly when these devices share identical hardware or firmware components, which can lead to redundancy between all individual remote attestation procedures. One example would be a smart factory scenario where numerous sensors of the same model monitor different parts of the manufacturing process. These sensors share identical hardware and firmware configurations. This document proposes a model by which these separate sensors devices can be grouped into a single Attester Group and a shared remote attestation procedure can appraise their authenticity collectively rather than individually. Direct Anonymous Attestation (DAA) [I-D.ietf-rats-daa] has a similar concept of using one unique ID for one group of attesters, but its goal is to mitigate the issue of uniquely (re-)identifiable Attesting Environments, while the scalability is the major concern in this document. 2. Terminology The following terms are imported from [RFC9334]: Attester, Composite Device, Evidence, Layered Attester, Verifier. Newly defined terms for this document: Attester Group: A role performed by a group of Attesters whose Evidence must be appraised in order to infer the extent to which the individual Attesters comprising the group are considered trustworthy. Labiod, et al. Expires 4 January 2025 [Page 2] Internet-Draft Attester Groups for Remote Attestation July 2024 group-id: A new Attester Identity type (see [I-D.ietf-rats-ar4si] section 2.2.1.). It is a unique identifier assigned to each Attester Group, allowing the group to dynamically adjust its membership without redefining its fundamental identity. 3. Attester Group and Comparison to Composite Devices An Attester Group is inherently a dynamic entity. Attesters can join or leave the group, in contrast to Composite Devices that have a static composition with a pre-defined set of Attesting Environments and fixed parameters. The dynamic nature of an Attester Group allows for the flexibility to tailor group parameters, such as the number of Lead Attesters in the group (if any), the range of devices included in the group, and which or how much Evidence is expected to be produced by each groups. This kind of flexibility facilitates the implementation of various group aggregation schemes that can optimize the resources required to conduct remote attestation procedures for large device groups. The table below summarizes the key differences between the Group Attester concept and the Composite Device concept. | Feature | Composite Device | Attester Group | |--------------|------------------|-------------------------| | Evidence | One evidence | More granular, e.g., | | Submission |per composite | one evidence | | |device | per two members | |-----------------------------------------------------------| | Lead Attester| One lead attester|Multiple or no | | | communicates |lead attesters (i.e. | | | with Verifier |distributed collection) | |-----------------------------------------------------------| | Identity | Identifiable by | Identified by unique | | |its lead attester | group-id, independent | | | | of lead attester | |-----------------------------------------------------------| | Flexibility | Static, with | Dynamic, members can | | & Dynamics | predefined | join or leave | | | members and roles| | 4. IANA Considerations This document has no IANA actions. 5. References Labiod, et al. Expires 4 January 2025 [Page 3] Internet-Draft Attester Groups for Remote Attestation July 2024 [I-D.ietf-rats-ar4si] Voit, E., Birkholz, H., Hardjono, T., Fossati, T., and V. Scarlata, "Attestation Results for Secure Interactions", Work in Progress, Internet-Draft, draft-ietf-rats-ar4si- 06, 4 March 2024, . [I-D.ietf-rats-daa] Birkholz, H., Newton, C., Chen, L., and D. Thaler, "Direct Anonymous Attestation for the Remote Attestation Procedures Architecture", Work in Progress, Internet- Draft, draft-ietf-rats-daa-05, 4 March 2024, . [RFC9334] Birkholz, H., Thaler, D., Richardson, M., Smith, N., and W. Pan, "Remote ATtestation procedureS (RATS) Architecture", RFC 9334, DOI 10.17487/RFC9334, January 2023, . Appendix A. Implementation Considerations Details on creating and maintaining Attester Groups, choosing the number of Lead Attesters, and methods for evidence collection and signing are left to the implementer's discretion, allowing for tailored security measures. Authors' Addresses Houda Labiod Huawei Technologies France, France Amine Lamouchi Huawei Technologies France, France Jun Zhang Huawei Technologies France, France Andrzej Duda Grenoble INP - Ensimag, LIG Lab, France Henk Birkholz Fraunhofer SIT Labiod, et al. Expires 4 January 2025 [Page 4]