Difference between revisions of "Attested"
From MgmtWiki
(→Solution) |
m (→Context) |
||
| (11 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
==Context== | ==Context== | ||
| − | *The Context in which an [[ | + | *The Context in which an [[Attestation]] of [[Security]] applies is typically during the [[Validated|Validation]] of the security protection provided to [[User]] secrets (such as [[Credential]]s) on a [[User Device]]. |
| + | *NIST 800-63-3 defines an [[Attestation]] as information conveyed to the verifier regarding a directly-connected authenticator or the endpoint involved in an authentication operation. Information conveyed by attestation MAY include, but is not limited to: | ||
| + | #The provenance (e.g., manufacturer or supplier certification), health, and integrity of the authenticator and endpoint. | ||
| + | #Security features of the authenticator. | ||
| + | #Security and performance characteristics of biometric sensor(s). | ||
| + | #Sensor modality. | ||
==Problems== | ==Problems== | ||
* When a secure operation is performed at a user location, the packet returned from that [[User Device]] needs to be trusted by the [[Site]] that receives it. | * When a secure operation is performed at a user location, the packet returned from that [[User Device]] needs to be trusted by the [[Site]] that receives it. | ||
* The signing key for that packet from a [[User Device]] will have a certificate that binds that signing key to a particular device. | * The signing key for that packet from a [[User Device]] will have a certificate that binds that signing key to a particular device. | ||
| − | * If the device reports a serial number, or (equivalently) a public key that is unique that that device, that can be used as a tracking number for the owner of the device. | + | * If the device reports a serial number, or (equivalently) a public key that is unique that that device, that can be used as a [[User Tracking|tracking]] number for the owner of the device. |
* In 1999 Intel started to ship Pentium Processors with a serial number that created huge public outcry about the privacy implications. They backtracked a lot from their original assertions about security an privacy with a Q&A for their OEMs to address the issues.<ref>Andrew Thomas, ''Intel Processor Serial Number Q&A for OEMs.'' (2000-05-04) https://www.theregister.co.uk/2000/05/04/intel_processor_serial_number_q/</ref> No company has tried putting a serial number in processors since then. | * In 1999 Intel started to ship Pentium Processors with a serial number that created huge public outcry about the privacy implications. They backtracked a lot from their original assertions about security an privacy with a Q&A for their OEMs to address the issues.<ref>Andrew Thomas, ''Intel Processor Serial Number Q&A for OEMs.'' (2000-05-04) https://www.theregister.co.uk/2000/05/04/intel_processor_serial_number_q/</ref> No company has tried putting a serial number in processors since then. | ||
==Solution == | ==Solution == | ||
* The certificate for the signing key from the [[User Device]], and potentially the configuration information from the device, will need to be [[Attested]] by some [[Trusted Third Party]]. | * The certificate for the signing key from the [[User Device]], and potentially the configuration information from the device, will need to be [[Attested]] by some [[Trusted Third Party]]. | ||
| − | * It is recommended that a large number (ca 100,000) devices be equipped with the same public key to avoid privacy concerns.<ref>FIDO TechNotes | + | * It is recommended that a large number (ca 100,000) devices be equipped with the same public key to avoid privacy concerns.<ref name='attestation'>FIDO TechNotes, ''The Truth about Attestation.'' (2018-07-19) https://fidoalliance.org/fido-technotes-the-truth-about-attestation/</ref> Then the public key is basically the [[Identifier]] for the category of [[User Device]]. |
| − | * Attestation can be complex for programmable computers, or simple for one function [[User Device]]s like [[Security Token]]s. | + | * Attestation can be complex for programmable computers with a [[TPM]], or simple for one function [[User Device]]s like [[Security Token]]s. |
| − | * An example of a single attestation program with associated metadata is described in the | + | * An example of a single attestation program with associated metadata is described in the FIDO web site<ref name='attestation' />. |
* When a simple certificate is used, it typically is accompanied by a metadata statement, an example is [https://developers.yubico.com/U2F/yubico-metadata.json this one at Yubico]. | * When a simple certificate is used, it typically is accompanied by a metadata statement, an example is [https://developers.yubico.com/U2F/yubico-metadata.json this one at Yubico]. | ||
==References== | ==References== | ||
| + | <references /> | ||
| + | ===Other internal and external links=== | ||
# Synonyms include: [[Assurance|Assured]] [[Corroborated]] [[Validated]]. | # Synonyms include: [[Assurance|Assured]] [[Corroborated]] [[Validated]]. | ||
| − | [[Category:Glossary]] | + | [[Category: Glossary]] |
| + | [[Category: Attestation]] | ||
| + | [[Category: Assurance]] | ||
Latest revision as of 11:53, 30 August 2022
Contents
Full Title or Meme
A statement is Attested if some Trusted Third Party can create a Validated Claim about a User Device used during either Authentication or Authorization.
Context
- The Context in which an Attestation of Security applies is typically during the Validation of the security protection provided to User secrets (such as Credentials) on a User Device.
- NIST 800-63-3 defines an Attestation as information conveyed to the verifier regarding a directly-connected authenticator or the endpoint involved in an authentication operation. Information conveyed by attestation MAY include, but is not limited to:
- The provenance (e.g., manufacturer or supplier certification), health, and integrity of the authenticator and endpoint.
- Security features of the authenticator.
- Security and performance characteristics of biometric sensor(s).
- Sensor modality.
Problems
- When a secure operation is performed at a user location, the packet returned from that User Device needs to be trusted by the Site that receives it.
- The signing key for that packet from a User Device will have a certificate that binds that signing key to a particular device.
- If the device reports a serial number, or (equivalently) a public key that is unique that that device, that can be used as a tracking number for the owner of the device.
- In 1999 Intel started to ship Pentium Processors with a serial number that created huge public outcry about the privacy implications. They backtracked a lot from their original assertions about security an privacy with a Q&A for their OEMs to address the issues.[1] No company has tried putting a serial number in processors since then.
Solution
- The certificate for the signing key from the User Device, and potentially the configuration information from the device, will need to be Attested by some Trusted Third Party.
- It is recommended that a large number (ca 100,000) devices be equipped with the same public key to avoid privacy concerns.[2] Then the public key is basically the Identifier for the category of User Device.
- Attestation can be complex for programmable computers with a TPM, or simple for one function User Devices like Security Tokens.
- An example of a single attestation program with associated metadata is described in the FIDO web site[2].
- When a simple certificate is used, it typically is accompanied by a metadata statement, an example is this one at Yubico.
References
- ↑ Andrew Thomas, Intel Processor Serial Number Q&A for OEMs. (2000-05-04) https://www.theregister.co.uk/2000/05/04/intel_processor_serial_number_q/
- ↑ 2.0 2.1 FIDO TechNotes, The Truth about Attestation. (2018-07-19) https://fidoalliance.org/fido-technotes-the-truth-about-attestation/
Other internal and external links
- Synonyms include: Assured Corroborated Validated.
