Improving security and privacy through profiles and conformity certification

This blog post was written by ENTRUST partner University of Murcia (UMU).

UMU’s activities in the last months have followed the project’s path, focusing on implementation and demonstration activities. UMU is working in two main lines within the ENTRUST project. 

Conformity Certificates 

Conformity Certificates (CC) provide functionality for certifying trust appraisals resulting from the attestation process, following the dynamic certification approach of ENTRUST. They are issued by the Trust Assessment Framework (TAF), held by the Connected Medical Device (CMD) and later presented to a third-party auditor.

CCs are instantiated following the Verifiable Credential format to allow for flexibility and interoperability in the cryptographic measures applied to protect them. Particularly, UMU has successfully implemented and benchmarked CCs as part of the Trusted Compute Base in high-end devices based on privacy-preserving Attribute-Based Credentials (p-ABC). This approach enables selective disclosure through the derivation of a zero-knowledge proof from the stored CC according to a policy, which can be verified by the auditor with formal guarantees of its validity. To showcase the (necessary) flexibility of the approach, in the project this will be complemented by the use of the PUF-based authentication scheme of ENTRUST for the case of low-end devices.

Extended Protection Profiles for Trust and Security Guidance 

UMU is applying the concepts of protection profiles that define the security posture of a device through the application of Manufacturer Usage Description (MUD) files. However, traditional MUD profiles, as outlined in RFC 8520, focus primarily on network behaviour through Access Control Lists, lacking expressiveness over other security or trustworthiness capabilities. ENTRUST proposes an extended approach with enhanced MUD (eMUD) profiles, which incorporate deeper insights into device operations. eMUDs introduce granular security measures, such as threats and vulnerabilities associated with a device, potential mitigations, or specification of pieces of evidence to be collected to check the security state of the device.

In ENTRUST, the MUD retrieval initially occurs during the bootstrapping process in a secure way through the integration of EAP and MUD profiles within the Domain Manager component. In this phase, the Domain Manager initiates an authentication process upon receiving the MUD-URL of the CMD. This process involves verifying the device’s identity before retrieving its protection profile from the manufacturer’s public MUD Server. By incorporating device-specific policies, this system enhances the authentication process, allowing for real-time adjustments to network access based on policy changes. Consequently, it ensures a more adaptable and secure network environment for CMDs within the ENTRUST ecosystem. This robust security framework extends beyond initial bootstrapping, establishing a foundation for long-term operational trust and resilience, as MUD files are updated and monitored throughout the CMD’s lifecycle as new vulnerabilities, threats, or countermeasures arise.