Filters








6,481 Hits in 8.7 sec

Attestation: Proving Trustability [chapter]

Raghu Yeluri, Enrique Castro-Leon
2014 Building the Infrastructure for Cloud Security  
In reponse to the TPMQuote request, the TPM loads the attestation identity key from protected storage in the TPM by using the storage root key (SRK), performs a TPM Quote command, which is used to sign  ...  The challenger verifies the signature of the quote and checks the freshness of the quote. 7.  ... 
doi:10.1007/978-1-4302-6146-9_4 fatcat:awm2ozqipbdytgfzwhomj3o7qa

Principles of remote attestation

George Coker, Joshua Guttman, Peter Loscocco, Amy Herzog, Jonathan Millen, Brian O'Hanlon, John Ramsdell, Ariel Segall, Justin Sheehy, Brian Sniffen
2011 International Journal of Information Security  
We illustrate how to acquire evidence from a running system, and how to transport it via protocols to remote appraisers. We propose an architecture for attestation guided by these principles.  ...  We argue that (i) attestation must be able to deliver temporally fresh evidence; (ii) comprehensive information about the target should be accessible; (iii) the target, or its owner, should be able to  ...  We have analyzed this protocol in detail using CPSA. CPSA is a Cryptographic Protocol Shapes Analyzer [9] , and it was extremely useful in the process of refining CAVES.  ... 
doi:10.1007/s10207-011-0124-7 fatcat:ljsl65m5cbhdjhkeaaao2dsbzu

Principles of Layered Attestation [article]

Paul D. Rowe
2016 arXiv   pre-print
Some methods of layered attestation are more trustworthy than others, so it is important for system designers to understand the trust consequences of different system configurations.  ...  Attestations of such systems, which we call layered attestations, must bundle together the results of a diverse set of application-specific measurements of various parts of the system.  ...  Finally, thanks also to Sarah Helble and Aaron Pendergrass for lively discussions about measurement and attestation systems.  ... 
arXiv:1603.01244v1 fatcat:u5tqkbtsvfgwxc2lpocclaziua

SEDAT:Security Enhanced Device Attestation with TPM2.0 [article]

Avani Dave, Monty Wiseman, David Safford
2021 arXiv   pre-print
SEDAT is the first remote verifier that is capable of retrieving a TPM2.0 quote from prover and validate it after regeneration, using a software TPM2.0 quote check.  ...  SEDAT is the first implementation, to the best of our knowledge, that showcases end to end hardware, firmware, and software remote attestation using Trusted Platform Module (TPM2.0) which is resilient  ...  Therefore, we analyzed the requirements for designing a secure attestation protocol and depict how to address them with minimal features and assumptions.  ... 
arXiv:2101.06362v1 fatcat:pae52saonzhcjalygelobkthni

Verifying a Privacy CA Remote Attestation Protocol [chapter]

Brigid Halling, Perry Alexander
2013 Lecture Notes in Computer Science  
This work presents results of an effort to specify and verify an abstract TPM 1.2 model using PVS that is useful for understanding the TPM and verifying protocols that utilize it.  ...  Postconditions and invariants are specified for individual commands and validated by verifying a Privacy CA attestation protocol.  ...  We formally specify and verify a remote attestation protocol -known as the Privacy CA Protocol -using commands from TPM version 1.2.  ... 
doi:10.1007/978-3-642-38088-4_27 fatcat:n36kxbxqxfatpmh4wfn3zu73mm

Behavioral attestation for web services (BA4WS)

Masoom Alam, Xinwen Zhang, Mohammad Nauman, Tamleek Ali
2008 Proceedings of the 2008 ACM workshop on Secure web services - SWS '08  
Existing web service standards are used to incorporate remote attestation at the web services level and a prototype is presented, which implements XACML behavior policy using low-level attestation techniques  ...  Remote Attestation is a relatively new field of research which enables an authorized party to verify that a trusted environment actually exists on a partner platform.  ...  Moreover, it also analyzes the information flow to and from the target application using seLinux [2] policies.  ... 
doi:10.1145/1456492.1456496 dblp:conf/sws/AlamZNA08 fatcat:rhn5clshtbhu5hsyxkfovkb2dy

RepCloud: Attesting to Cloud Service Dependency

Anbang Ruan, Andrew Martin
2017 IEEE Transactions on Services Computing  
Experiments showed that besides achieving fine-grained cloud service dependency attestation, RepCloud incurred lower trust management overhead than the existing trusted cloud systems.  ...  With RepCloud, cloud customers are able to determine the properties of the exact nodes that may affect the genuine functionalities of their applications, without obtaining much internal information of  ...  The Attestation Module thus actively quotes its TPM's PCRs for the Dom0. It generates an attestation ticket with an updated nonce value using the nonce updating protocol in [28] .  ... 
doi:10.1109/tsc.2016.2558513 fatcat:fp2mrjcr6bb33gi6zqaqc5qvju

User-Based Attestation for Trustworthy Visual Sensor Networks

Thomas Winkler, Bernhard Rinner
2010 2010 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing  
In this work, we propose to use Trusted Computing to enhance the security of camera systems and, by enabling user-based attestation, give users a simple and intuitive way to check the trustworthiness of  ...  Today's systems however do not provide mechanisms that allow monitored people to verify that a camera system is behaving as advertised by its operators.  ...  Table 2 2 shows our user-based attestation protocol.  ... 
doi:10.1109/sutc.2010.20 dblp:conf/sutc/WinklerR10 fatcat:3kasqjd2wjbbva77x3uypx7qpy

Demystifying Attestation in Intel Trust Domain Extensions via Formal Verification

Muhammad Usama Sardar, Saidgani Musaev, Christof Fetzer
2021 IEEE Access  
We believe that TD attestation protocol will be used in the future as a unified approach for TD and SGX attestation.  ...  Ch can use the attestation-verification service to verify the Quote.  ... 
doi:10.1109/access.2021.3087421 fatcat:dgmei3vipfdytbrzkzep7vpamu

TrustVisor: Efficient TCB Reduction and Attestation

Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil Gligor, Adrian Perrig
2010 2010 IEEE Symposium on Security and Privacy  
TrustVisor can also attest the existence of isolated execution to an external entity.  ...  An important security challenge is to protect the execution of security-sensitive code on legacy systems from malware that may infect the OS, applications, or system devices.  ...  Figure 5 : 5 Attestation protocol.  ... 
doi:10.1109/sp.2010.17 dblp:conf/sp/McCuneLQZDGP10 fatcat:gw3fmn6h5zdubjcvoj7uvxxrke

Property-based token attestation in mobile computing

Thinh Le Vinh, Hervé Cagnon, Samia Bouzefrane, Soumya Banerjee
2017 Concurrency and Computation  
Second, our proposed protocol is verified by using Scyther which is a cryptographic protocol verification tool.  ...  In addition, Scyther is in use to verify the correctness of our protocol.  ...  SECURITY DISCUSSION To address the common threats in section 3, we analyze the security of our proposed protocol while using Scyther tool for verification of security protocol.  ... 
doi:10.1002/cpe.4350 fatcat:hfwa4ipsozezlopi2gf7ka4qoq

Maat: A Platform Service for Measurement and Attestation [article]

J. Aaron Pendergrass, Sarah Helble, John Clemens, Peter Loscocco
2017 arXiv   pre-print
Maat is a platform service that provides a centralized policy-driven framework for determining which measurement tools and protocols to use to meet the needs of a given integrity evaluation.  ...  Software integrity measurement and attestation (M&A) are critical technologies for evaluating the trustworthiness of software platforms.  ...  TPM quotes are a common form of evidence used to verify that the platform software was valid at platform startup.  ... 
arXiv:1709.10147v1 fatcat:33ps56ugfzcrnceh7dovk45i7m

An Analysis of the CAVES Attestation Protocol using CPSA [article]

John D. Ramsdell and Joshua D. Guttman and Jonathan K. Millen and Brian O'Hanlon
2012 arXiv   pre-print
This paper describes the CAVES attestation protocol and presents a tool-supported analysis showing that the runs of the protocol achieve stated goals.  ...  The goals are stated formally by annotating the protocol with logical formulas using the rely-guarantee method. The protocol analysis tool used is the Cryptographic Protocol Shape Analyzer.  ...  The protocol analysis tool used is the Cryptographic Protocol Shape Analyzer (CPSA) [4] .  ... 
arXiv:1207.0418v1 fatcat:vlpb3xikl5gzpcskdggyxul3za

Confidential Attestation: Efficient in-Enclave Verification of Privacy Policy Compliance [article]

Weijie Liu, Wenhao Wang, Xiaofeng Wang, Xiaozhu Meng, Yaosong Lu, Hongbo Chen, Xinyu Wang, Qingtao Shen, Kai Chen, Haixu Tang, Yi Chen, Luyi Xing
2020 arXiv   pre-print
Given that the conventional solutions do not work well under the resource-limited and TCB-frugal TEE, we propose a new design that allows an untrusted out-enclave generator to analyze the source code of  ...  Also, the whole consumer can be made public and verified through a conventional attestation. We implemented this model on Intel SGX and demonstrate that it introduces a very small part of TCB.  ...  The QE signs the report using the attestation key and the generated quote is forwarded to the Intel Attestation Service (IAS).  ... 
arXiv:2007.10513v1 fatcat:p23pajyac5hhvcszvc5els4ap4

Remote attestation to dynamic system properties: Towards providing complete system integrity evidence

Chongkyung Kil, Emre C. Sezer, Ahmed M. Azab, Peng Ning, Xiaolan Zhang
2009 2009 IEEE/IFIP International Conference on Dependable Systems & Networks  
To address this problem we present a novel remote dynamic attestation system named ReDAS (Remote Dynamic Attestation System) that provides integrity evidence for dynamic system properties.  ...  Our prototype implementation and evaluation with real-world applications show that we can improve on current static attestation techniques with an average performance overhead of 8%.  ...  The attestation service also uses the Tspi TPM Quote function to get the TPM to sign the value of PCR 8 and the nonce value.  ... 
doi:10.1109/dsn.2009.5270348 dblp:conf/dsn/KilSANZ09 fatcat:glb2cyjpmbeabn4g435brmstlm
« Previous Showing results 1 — 15 out of 6,481 results