Attester Groups for Remote Attestation

RATS Working Group This document proposes an extension to the Remote Attestation Procedures architecture as defined in by introducing the concept of Attester Groups. This extension aims to reduce computational and communication overhead by enabling collective attestation of devices with similar characteristics, thereby improving the scalability of attestation processes.

Introduction defines Attesters as entities comprising at least one Attesting Environment and one Target Environment. It also introduces configurations, such as Composite Devices and Layered Attesters. However, mechanisms for efficiently managing multiple, independent Attesters are missing. Assessing the trustworthiness of large numbers of independent devices individually can result in high conveyance and processing overhead. This comes into effect particularly when these devices share identical hardware or firmware components, which can lead to redundancy between all individual remote attestation procedures. One example would be a smart factory scenario where numerous sensors of the same model monitor different parts of the manufacturing process. These sensors share identical hardware and firmware configurations. This document proposes a model by which these separate sensors devices can be grouped into a single Attester Group and a shared remote attestation procedure can appraise their authenticity collectively rather than individually. Direct Anonymous Attestation (DAA) has a similar concept of using one unique ID for one group of attesters, but its goal is to mitigate the issue of uniquely (re-)identifiable Attesting Environments, while the scalability is the major concern in this document.

Terminology The following terms are imported from : Attester, Composite Device, Evidence, Layered Attester, Verifier. Newly defined terms for this document: Attester Group: A role performed by a group of Attesters whose Evidence must be appraised in order to infer the extent to which the individual Attesters comprising the group are considered trustworthy. group-id: A new Attester Identity type (see section 2.2.1.). It is a unique identifier assigned to each Attester Group, allowing the group to dynamically adjust its membership without redefining its fundamental identity.

Attester Group and Comparison to Composite Devices An Attester Group is inherently a dynamic entity. Attesters can join or leave the group, in contrast to Composite Devices that have a static composition with a pre-defined set of Attesting Environments and fixed parameters. The dynamic nature of an Attester Group allows for the flexibility to tailor group parameters, such as the number of Lead Attesters in the group (if any), the range of devices included in the group, and which or how much Evidence is expected to be produced by each groups. This kind of flexibility facilitates the implementation of various group aggregation schemes that can optimize the resources required to conduct remote attestation procedures for large device groups. The table below summarizes the key differences between the Group Attester concept and the Composite Device concept.

IANA Considerations This document has no IANA actions.

References Remote ATtestation procedureS (RATS) Architecture In network protocol exchanges, it is often useful for one end of a communication to know whether the other end is in an intended operating state. This document provides an architectural overview of the entities involved that make such tests possible through the process of generating, conveying, and evaluating evidentiary Claims. It provides a model that is neutral toward processor architectures, the content of Claims, and protocols. Attestation Results for Secure Interactions Cisco Systems Fraunhofer SIT MIT Linaro Intel This document defines reusable Attestation Result information elements. When these elements are offered to Relying Parties as Evidence, different aspects of Attester trustworthiness can be evaluated. Additionally, where the Relying Party is interfacing with a heterogeneous mix of Attesting Environment and Verifier types, consistent policies can be applied to subsequent information exchange between each Attester and the Relying Party. Direct Anonymous Attestation for the Remote Attestation Procedures Architecture Fraunhofer SIT University of Surrey University of Surrey Microsoft This document maps the concept of Direct Anonymous Attestation (DAA) to the Remote Attestation Procedures (RATS) Architecture. The protocol entity DAA Issuer is introduced and its mapping with existing RATS roles in DAA protocol steps is specified.

Implementation Considerations Details on creating and maintaining Attester Groups, choosing the number of Lead Attesters, and methods for evidence collection and signing are left to the implementer's discretion, allowing for tailored security measures.