Is it possible to prove to the remote party that the application I am running in my system is the same as I am claiming that I am running using DRTM or SRTM? If yes then How?
Remotely Verifying the Application in execution
235 Views Asked by Geek At
1
There are 1 best solutions below
Related Questions in INTEL
- What is the parameter for CLI YOLOv8 predict to use Intel GPU?
- Optimizing Memory-Bound Loop with Indirect Prefetching
- How can I set an uncommon screen resolution on GNU/Linux with an Arc 380 GPU and X11?
- How does CPU tell between MMIO(Memory Mapped IO) and normal memory access in x86 architecture
- Using CUDA with an intel gpu
- Having issue with CPU boosting on AMD
- Do all OpenCL drivers come with the IntelOneAPI compiler
- CL_DEVICE_NOT_AVAILABLE using Intel(R)Xeon(R)Gold 6240 CPU
- Can I launch a SGX enclave without Internet?
- Intel OneApi Vtune profiler not supporting my microarchitecture
- ModuleNotFoundError: No module named 'intel_extension_for_pytorch'
- What is the microcode scoreboard?
- Why does the assembly after my sys_clone call affect the cloned process?
- Why does mov fail to set dynamic section sizes when used on a function using GCC
- weird error happened when ran fpga program
Related Questions in TPM
- What could be causing TPM_RC_COMMAND_SIZE error (0x80010000000a00000142) in response to TPM_GETRANDOM?
- TPM 2.0 based TLS handshake fails against RSA-4k Server keys (out-of-range)
- Why OpenSSL doesn`t work with PKCS11-URI?
- Support curl tpm2 access like openssl via handles?
- TPM Key Generation
- Difference between Trusted Platform Module (TPM) and Secure Element (SE)
- Store and retrieve a symmetric AES key in the TPM on windows
- How to Ensure Imported Keys Are Non-Exportable in TPM 2.0?
- TPM issue: error in session attributes of NV_define when trying to connect PCR policy
- How to include TSS.CPP in another Visual Studio Project
- how to securely give access to the container to use private key stored in TPM
- Can TPM2 NVM encrypt data?
- HttpWebRequest returns 403 in Windows Server 2019 to url:microsoft.com
- TPM2 NVM write in EDK2 EFI_DEVICE_ERROR
- How to verify TPM-generated signatures with OpenSSL?
Related Questions in TRUSTED-COMPUTING
- Difference between Trusted Platform Module (TPM) and Secure Element (SE)
- For TPM 1.2, using tpm-tools the tpm_sealdata does not work after a reboot
- Reconstruction of PCR register from ASCII measurements
- Go lang tpm2 library PCR extend, PCR read inconsistency
- Secure management of local counter on Android
- Can Android app on ChromeOS create a KeyPair that is at least SECURITY_LEVEL_TRUSTED_ENVIRONMENT?
- Support of Intel's MLE / DRTM in long mode
- Can we prevent EC2 instance from accessing the plain text data when using the AWS Nitro Enclave for encryption?
- Undefined reference to Tss2_TctiLdr_Initialize
- Should switching between RSASSA-PSS and RSASSA-PKCS1-v1_5 be mindful of other parameters?
- file path of each hash in measurements with TPM
- how to enable TPM measured boot and see pcr values in windows 10?
- What TPM2_GetCapability TPM_HT_LOADED_SESSION is intended to show?
- How to load and use a persistent symmetric key in the TPM?
- TPM: PCR_Event VS PCR_Extend
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Theoretically: yes. The concept is called remote attestation.
The basic idea is: First you have a sound chain of trust built on your platform, like:
The resulting measurements are stored in the PCRs.
Now you can let the TPM sign this set of PCRs, that's called
quote.You can submit this quote to a remote entity. Here the problems start:
How can you proof that the quote was signed by a hardware TPM and not an emulator?
Possible solutions: pre-shared keys or some kind of CA.
How can you be sure that the PCR values represent a trusted system state?
That's not so easy. If you have SRTM, you have to consider every possible combination of how your system load the components. E.g. in BIOS-phase, in which order are the option-ROMs loaded?
Here DRTM comes for the rescue, but it makes the matter just slightly easier. With DRTM you can forget about all the pre-DRTM stuff. If you have a small trusted environment, say like flicker, then you'll have a manageable set of trusted configurations. If you have a full-featured OS, than it's hard.
First, you have to find an OS that measures everything. IBM's IMA for the Linux kernel is one example.
Then, the slightest difference in the order of loaded components will lead to different PCR values. Furthermore consider all the combinations of states the different installed software packages might be in.
Possible solutions are to restrict the possible set of PCR values that represent a valid configuration. For example you can measure a whole OS image instead of each binary. An example is the acTvSM platform published a few years ago.
Conclusion: There is no easy, off-the-shelf solution, but you can design a system such that it fits your requirements.