SEDAT:Security Enhanced Device Attestation with TPM2.0

• URL: http://arxiv.org/abs/2101.06362v1
• Date: Sat, 16 Jan 2021 03:41:01 GMT
• Title: SEDAT:Security Enhanced Device Attestation with TPM2.0
• Authors: Avani Dave, Monty Wiseman and David Safford
• Abstract summary: This paper presents SE DAT, a novel methodology for remote attestation of the device via a security enhanced communication channel. SE DAT provides a way for verifier to get on-demand device integrity and authenticity status via a secure channel. It also enables the verifier to detect counterfeit hardware, change in firmware, and software code on the device.
• Score: 0.3007949058551534
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Remote attestation is one of the ways to verify the state of an untrusted device. Earlier research has attempted remote verification of a devices' state using hardware, software, or hybrid approaches. Majority of them have used Attestation Key as a hardware root of trust, which does not detect hardware modification or counterfeit issues. In addition, they do not have a secure communication channel between verifier and prover, which makes them susceptible to modern security attacks. This paper presents SEDAT, a novel methodology for remote attestation of the device via a security enhanced communication channel. SEDAT performs hardware, firmware, and software attestation. SEDAT enhances the communication protocol security between verifier and prover by using the Single Packet Authorization (SPA) technique, which provides replay and Denial of Service (DoS) protection. SEDAT provides a way for verifier to get on-demand device integrity and authenticity status via a secure channel. It also enables the verifier to detect counterfeit hardware, change in firmware, and software code on the device. SEDAT validates the manufacturers` root CA certificate, platform certificate, endorsement certificate (EK), and attributes certificates to perform platform hardware attestation. SEDAT is the first known tool that represents firmware, and Integrity Measurement Authority (IMA) event logs in the Canonical Event Logs (CEL) format (recommended by Trusted Computing Group). SEDAT is the first implementation, to the best of our knowledge, that showcases end to end hardware, firmware, and software remote attestation using Trusted Platform Module (TPM2.0) which is resilient to DoS and replay attacks. SEDAT is the first remote verifier that is capable of retrieving a TPM2.0 quote from prover and validate it after regeneration, using a software TPM2.0 quote check.

Related papers

• TrustMee: Self-Verifying Remote Attestation Evidence [0.7491482431654224]
  We introduce the concept of self-verifying remote attestation evidence.<n>We implement this concept as TrustMee, a platform-agnostic verification driver for the Trustee framework.
  arXiv  Detail & Related papers  (2026-02-13T17:56:08Z)
• FAARM: Firmware Attestation and Authentication Framework for Mali GPUs [0.463928297802265]
  Recent work has revealed MOLE, the first practical attack to compromise GPU Trusted Execution Environments (TEEs)<n>This paper presents FAARM, a lightweight and cryptographic framework that prevents MOLE-style firmware subversion.<n>FAARM reliably detects and blocks malicious firmware injections, rejecting tampered images before use and denying attempts after attestation.
  arXiv  Detail & Related papers  (2025-10-26T07:46:27Z)
• Detecting Hardware Trojans in Microprocessors via Hardware Error Correction Code-based Modules [49.1574468325115]
  Hardware Trojans (HTs) enable attackers to execute unauthorized software or gain illicit access to privileged operations.<n>This manuscript introduces a hardware-based methodology for detecting runtime HT activations using Error Correction Codes (ECCs) on a RISC-V microprocessor.
  arXiv  Detail & Related papers  (2025-06-18T12:37:14Z)
• Base Station Certificate and Multi-Factor Authentication for Cellular Radio Control Communication Security [1.3142127084199051]
  Current cellular networking remains vulnerable to malicious fake base stations. We design a base station certificate (certifying the base station's public key and location) and a multi-factor authentication to secure the authenticity and message integrity of the base station control communications.
  arXiv  Detail & Related papers  (2025-04-02T21:12:29Z)
• Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
  We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC) ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic. We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
  arXiv  Detail & Related papers  (2024-11-21T18:26:05Z)
• On the Verification of Control Flow Attestation Evidence [9.30850875158975]
  We argue that run-time attestation and auditing are only truly useful if Vrf can effectively analyze received evidence. As a case study for practical uses of run-time evidence by Vrf, we propose SABRE: a Security Analysis and Binary Repair Engine.
  arXiv  Detail & Related papers  (2024-11-16T18:24:11Z)
• TRACES: TEE-based Runtime Auditing for Commodity Embedded Systems [9.32090482996659]
  Control Flow Auditing (CFA) offers a means to detect control flow hijacking attacks on remote devices. CFA generates a trace (CFLog) containing the destination of all branching instructions executed. TraCES guarantees reliable delivery of periodic runtime reports even when Prv is compromised.
  arXiv  Detail & Related papers  (2024-09-27T20:10:43Z)
• PACCOR4ESP: Embedded Device Security Attestation using Platform Attribute Certificates [0.3474871319204387]
  This paper proposes an extension of the NSA Cybersecurity Directorate's Platform Attribute Certificate Creator for the ESP32. The toolkit extracts security-relevant information from an ESP32-S3, such as the firmware hash, and automatically embeds it into a Platform Attribute Certificate.
  arXiv  Detail & Related papers  (2024-07-19T13:17:00Z)
• Towards Credential-based Device Registration in DApps for DePINs with ZKPs [46.08150780379237]
  We propose a credential-based device registration (CDR) mechanism that verifies device credentials on the blockchain. We present a general system model, and technically evaluate CDR using zkSNARKs with Groth16 and Marlin.
  arXiv  Detail & Related papers  (2024-06-27T09:50:10Z)
• HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
  Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs) TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks. We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
  arXiv  Detail & Related papers  (2024-01-17T00:56:23Z)
• Attestation with Constrained Relying Party [0.7249731529275341]
  We show that our protocol, including the needed cryptography and message processing, can be implemented with a code size of 6 KB. We show that our protocol, including the needed cryptography and message processing, can be implemented with a code size of 6 KB and validate its security via model checking with the ProVerif tool.
  arXiv  Detail & Related papers  (2023-12-14T13:05:21Z)
• Tamper-Evident Pairing [55.2480439325792]
  Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard. TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent. This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
  arXiv  Detail & Related papers  (2023-11-24T18:54:00Z)
• A Lightweight and Secure PUF-Based Authentication and Key-exchange Protocol for IoT Devices [0.0]
  Device Authentication and Key exchange are major challenges for the Internet of Things. PUF appears to offer a practical and economical security mechanism in place of typically sophisticated cryptosystems like PKI and IBE. We present a system in which the IoT device does not require a continuous active internet connection to communicate with the server in order to Authenticate itself.
  arXiv  Detail & Related papers  (2023-11-07T15:42:14Z)
• Putting a Padlock on Lambda -- Integrating vTPMs into AWS Firecracker [49.1574468325115]
  Software services place implicit trust in the cloud provider, without an explicit trust relationship. There is currently no cloud provider that exposes Trusted Platform Module capabilities. We improve trust by integrating a virtual TPM device into the Firecracker, originally developed by Amazon Web Services.
  arXiv  Detail & Related papers  (2023-10-05T13:13:55Z)
• SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices [67.65883495888258]
  We present SyzTrust, the first state-aware fuzzing framework for vetting the security of resource-limited Trusted OSes. SyzTrust adopts a hardware-assisted framework to enable fuzzing Trusted OSes directly on IoT devices. We evaluate SyzTrust on Trusted OSes from three major vendors: Samsung, Tsinglink Cloud, and Ali Cloud.
  arXiv  Detail & Related papers  (2023-09-26T08:11:38Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.