On Aug 20, 2022, at 8:23 PM, Laurence Lundblade <l...@island-resort.com> wrote: > > I don’t know anything about router architecture, but do about mobile phone > architecture which I consider a candidate for composite attestation. > > A mobile phone based on a chip like a Qualcomm Snapdragon has many > subsystems. Something like this: > - A TEE and/or HW root of trust, perhaps controlled by the chip vendor, not > the phone vendor > - A Secure Element for payments or eSIM > - A SIM card > - The general purpose CPU running Android and is controlled by the phone > vendor > - A video playback subsystem that does content protection and is isolated > from the main CPU > - A cellular modem > - A Bluetooth subsystem isolated from the modem > - … > > There are several tiers of security and multiple vendors. >
To go on a bit further, there are many attestation architecture possible here for various use cases. Maybe even one phone has more than one implementation of attestation. The TEE is likely the lead attester in many. For example, in a content protection application it may collect measurements from the video playback subsystem and from Android and report to the video distribution server. Or go for further to have nesting and have a HW root of trust (like a TPM, but more capable) and have it attest to the TEE and then the TEE attests to other parts. Samsung Knox TIMA <https://www.engr.ncsu.edu/news/2014/11/19/tima-technology-is-core-to-samsungs-state-of-the-art-knox-platform/> is an implementation of this that includes taking *and* evaluating them on the device. Simple Android applications may want to include attestation that is either shallow (just the app) or deep (down to HW root of trust) so their associated servers know it’s really the authentication application. Qualcomm’s product here <https://www.qualcomm.com/products/features/mobile-security> does some of that. When the secure element is included, it will probably produce its own signed stand-alone attestation. That attestation can be included as a nested token in a TEE-based attestation of the TEE and other parts of the device. This cryptographically binds that particular secure element attestation to the rest of the parts of the phone, perhaps for top-bottom (user interface to secured key material) attestation of a financial transaction. LL
_______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www.ietf.org/mailman/listinfo/gen-art
