IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [remote-attestation]

25 questions
17
votes
3 answers

Status of Trusted Computing and Remote Attestation deployment

Hardware support for various client-side controls based on Trusted Computing (Wikipedia) has been evolving over the years, e.g. TCPM, TPM, TXT (LaGrande, DRTM). I've heard of one practical application, for convenient disk encryption via a…
nealmcb
  • 20,544
  • 6
  • 69
  • 116
12
votes
5 answers

Protect application from being modified

I have a question about how to detect a program/binary modification assuming the program is able to communicate with a remote validation server. More specifically I'm asking for android APK file, but it can be for any other program as well. I…
luben
  • 898
  • 2
  • 12
  • 17
11
votes
3 answers

Does "late launch"/"dynamic chain of trust" allow remote attestation?

One of the features support by modern processes and Trusted Platform Modules is "dynamic chain of trust" (also known under the acronym DRTM, for dynamic root of trust measurement). This allows loading a critical piece of software in an isolated…
D.W.
  • 98,420
  • 30
  • 267
  • 572
7
votes
1 answer

TPM: signing key or Attestation Identity Key?

I am dealing with the TPM right now and do not get why there is a need for an extra signing key. Instead one could use one of the Attestation Identity Keys (AIKs) for signing as well?! Using different keys shall be good practice but I would like to…
onb
  • 73
  • 1
  • 6
7
votes
3 answers

Does any tablet support remote attestation?

Some PCs come with a TPM. One of the nifty capabilities of TPMs is the ability to perform remote attestation. Remote attestation allows your computer to tell a third computer what software your computer is currently running -- and this statement…
D.W.
  • 98,420
  • 30
  • 267
  • 572
5
votes
2 answers

How to use TPM to perform platform authentication?

I am currently looking at TPM (Trusted Platform Module) and wondering how does TPM offer platform authentication. Suppose a legal host is deployed on the cloud. How do I use TPM to assure that the host I am connecting to is that very host, rather…
user1834567
  • 51
  • 1
  • 2
5
votes
3 answers

Is there any mechanism available in Android platform for remote attestation?

I recently read about PC/Desktops which come with TPM chips which are used for remote attestation. So following are my questions: Does any Android smartphone come with a TPM chip? Is there any way for a service provider to check whether the user is…
aMa
  • 223
  • 2
  • 6
4
votes
3 answers

Preventing users from tampering with replay data

Possible Duplicate: Protect application from being modified This probably belongs here as much as it does belong in gamedev.stackexchange.com, but I suppose I might find better technical answers here. So I've been developing an iPhone game which…
kamziro
  • 277
  • 1
  • 5
4
votes
1 answer

Practicality of outsourcing password hashing using enclaves

I've been pondering some potential cybersecurity applications for enclaves. One of them being the problem of password hashing. Some clients have enclave support, meaning part of their CPU can securely execute code in an encrypted and authenticated…
Expectator
  • 171
  • 4
4
votes
2 answers

What, or who, exactly is a Certificate Authority (CA) for TPM attestation?

I'm learning about and researching the Trusted Platform Module (TPM) to incorporate into a solution involving remote machines. As I understand it: all attestation methods (AIK, DAA) still require someone to know your identity (well, the chip's…
Wilbur Whateley
  • 588
  • 6
  • 12
3
votes
1 answer

Using the TPM module to measure boot process and remote attestation

I have a question about Remote Attestation and measured boot with a TPM-Module. The illustration shows my project schematically. A TPM module will be used to measure the boot process and validate user applications. The kernel generates a hash…
DommiB
  • 31
  • 2
2
votes
1 answer

TPM - number of AIKs and signing key

I try to learn a bit about the TPM and have a few questions I could not solve by myself. There are some privacy concerns about using the EK for identifying a TPM. I do not get these privacy concerns. Can anyone provide me a small example how one…
onb
  • 21
  • 1
2
votes
0 answers

Perform quote operation over NV-memory in TPM

It is known that is possible to define an NV Extend Index which has a behaviour similar to a PCR (Platform Configuration Register) and it is possible to modify it using TPM2_NV_Extend() operation. Now if I want to use this space to increment the…
Andrew
  • 21
  • 2
2
votes
1 answer

Intel SGX - Remote attestation

I am currently reading up on Intel's SGX, especially the remote attestation part. I am having a questions regarding this topic. Let us consider the following protocol: Enclave A and B do remote attestation. Each of them generates an asymmetric key…
Donut
  • 141
  • 4
2
votes
2 answers

Is ransomware that threatens with publication and verifiably deletes upon payment possible?

Inspired by the article The future of Ransomware and its description of possible ransomware with verifiable key delivery, I wonder if the idea can be taken further into ransomware that credibly threatens publication unless a payment is made, yet…
Sami Liedes
  • 121
  • 1
1
2