Is it possible to prove to the remote party that the application I am running in my system is the same as I am claiming that I am running using DRTM or SRTM? If yes then How?
Remotely Verifying the Application in execution
235 Views Asked by Geek At
1
There are 1 best solutions below
Related Questions in INTEL
- How can I compile *without* various instruction sets enabled?
- Restrict MKL optimized scipy to single thread
- Why is genymotion running so slowly?
- Intel VT-X not found
- Intel Edison with Kinect
- Formatting a MicroSD card within OSX
- Can I run Cuda or OpenCl on Intel processor graphics I7 (3rd or 4rd generation)
- Contrast reduction - intel x86
- x86 assembly fading bmp with linear interpolation
- Why I'm getting "error expected an expression" while compile cilk program
- Intel HAXM's intelhaxm-android.exe is not running
- Cordova - Media Plugin - Intel XDK - IOS build fail
- intel xdk: my links are not working
- running a python script that requires matplotlib gives: ImportError: undefined symbol: __libm_sse2_sincos
- To which cache a function pointer belongs to?
Related Questions in TPM
- jTSS "There seems no TCS running"
- Protecting a system deployed in a "hostile" environment
- What is TPM and PV
- Are Intel's PTT and TPM equivalent
- Is a TPM device supposed to support both TPM1.2 and TPM2.0
- Is it safe to store keys in TPM using Tpm2Lib?
- How to use ESAPI TPM implementation TSS for java
- How to determine if a self-signed cert was placed in the TPM?
- Tpm 2.0 takeownership not creating SRK
- How do you implement a platform-license "dongle" with TPM on Linux?
- Handling TPM2 tools command line changes
- Unable to Obtain EK Certificate from TPM 2.0
- How to verify TPM-generated signatures with OpenSSL?
- Accessing TPM 2.0 from Ubuntu on WSL 2
- TPM2 NVM write in EDK2 EFI_DEVICE_ERROR
Related Questions in TRUSTED-COMPUTING
- Trusted Computing, iPad, Certifying Unmodified Apps
- Signed executables under Linux
- Support of Intel's MLE / DRTM in long mode
- Can Android app on ChromeOS create a KeyPair that is at least SECURITY_LEVEL_TRUSTED_ENVIRONMENT?
- How does the TPM provide security for the cloud?
- What happens to the sealed object when unsealing it in TPM?
- TPM: PCR_Event VS PCR_Extend
- How to load and use a persistent symmetric key in the TPM?
- Android Dev: Run custom code in the Trusted Execution Environment (TEE), extending the Keystore
- Undefined reference to Tss2_TctiLdr_Initialize
- How to setup a TrustZone development environment
- Use TPM for signing on Windows without taking ownership
- how to enable TPM measured boot and see pcr values in windows 10?
- file path of each hash in measurements with TPM
- How to make sure a piece of code never leaves the CPU cache (L3)?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Theoretically: yes. The concept is called remote attestation.
The basic idea is: First you have a sound chain of trust built on your platform, like:
The resulting measurements are stored in the PCRs.
Now you can let the TPM sign this set of PCRs, that's called
quote.You can submit this quote to a remote entity. Here the problems start:
How can you proof that the quote was signed by a hardware TPM and not an emulator?
Possible solutions: pre-shared keys or some kind of CA.
How can you be sure that the PCR values represent a trusted system state?
That's not so easy. If you have SRTM, you have to consider every possible combination of how your system load the components. E.g. in BIOS-phase, in which order are the option-ROMs loaded?
Here DRTM comes for the rescue, but it makes the matter just slightly easier. With DRTM you can forget about all the pre-DRTM stuff. If you have a small trusted environment, say like flicker, then you'll have a manageable set of trusted configurations. If you have a full-featured OS, than it's hard.
First, you have to find an OS that measures everything. IBM's IMA for the Linux kernel is one example.
Then, the slightest difference in the order of loaded components will lead to different PCR values. Furthermore consider all the combinations of states the different installed software packages might be in.
Possible solutions are to restrict the possible set of PCR values that represent a valid configuration. For example you can measure a whole OS image instead of each binary. An example is the acTvSM platform published a few years ago.
Conclusion: There is no easy, off-the-shelf solution, but you can design a system such that it fits your requirements.