5

I am currently looking at TPM (Trusted Platform Module) and wondering how does TPM offer platform authentication. Suppose a legal host is deployed on the cloud. How do I use TPM to assure that the host I am connecting to is that very host, rather than some other host that has the same configuration?

In principle, since that very host is equipped with TPM, whose Endorsement Key is unique, I can verify it via the public key of EK (Endorsement Key). For example, I can have TPM to encrypt a message with its private key of EK. And I decrypt it with the public key of EK. However, I looked up the documents, and didn't find any API to explicitly encrypt arbitrary message with private key of EK.

So, usually, how can TPM be used to perform such host authentication?

UndercoverDog
  • 612
  • 2
  • 17
user1834567
  • 51
  • 1
  • 2

2 Answers2

5

What you need is remote attestation (QUOTE operation).

The Endorsement Key (EK) is not directly accessible as this would be privacy issue - we could track a system using this unique identifier. The EK can be used in conjunction with an Attestation Identity Key (AIK) or using Direct Anonymous Attestation (DAA).

  • The AIK model make use of a Privacy CA (Certificate Authority) which assert the validity of your EK to a third party. Multiple AIKs can be created to protect your identity (e.g. one AIK per thrid party, one AIK per security domain).
  • The DAA model use 'Zero-knowledge proof' to anonymously verify your EK. See this to get a general idea how zero-knowledge protocols works.

I suggest you take a look at OpenAttestation open-source solution from Intel, PrivateCA and this presentation.

Victor Signaevskyi
  • 121
  • 5
northox
  • 1,403
  • 16
  • 26
  • I disagree that they need quotes and attestation. They just need identification. Authentication is critical and integrated to attestation, but it is not correct to conflate the ideas. OTOH, one could say that authentication is merely attestation of one's identity. – Wilbur Whateley Apr 14 '16 at 01:07
2

Just a minor correction to what northox said: remote attestation uses an AIK, and is what you need. You can get a properly-certified AIK using either a Privacy CA or DAA, depending on what you have available.

However, for this kind of use, you might not actually need the AIK certificate: if you have physical access (or an equivalently secure channel) to the machine, you can have it generate an AIK, and just export its public key and use that to authenticate it.

Justin King-Lacroix
  • 452
  • 2
  • 6