S2es innova2on in player design eff allow users to

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: rity Regs. (DIR) –  Need OwnerPassword to write DIR, anyone can read –  Stored in NV- RAM Dan Boneh Trusted Compu2ng A_esta2on Dan Boneh Attestation: what it does Goal: prove to remote party what soHware loaded on my machine Good applica4ons: •  Bank allows money transfer only if customer’s machine runs “up- to- date” OS patches •  Enterprise allows laptop to connect to its network only if laptop runs “authorized” soHware •  Gamers can join network only if their game client is unmodified DRM: MusicStore sells content for authorized players only. Dan Boneh Attestation: how it works Recall: EK private key on TPM. –  Cert for EK public- key issued by TPM vendor. Step 1: Create A_esta2on Iden2ty Key (AIK) –  Details not important here –  AIK Private key known only to TPM –  AIK public cert issued only if EK cert is valid Dan Boneh Attestation: how it works Step 2: sign PCR values (aHer boot) with TPM_Quote. Arguments: •  keyhandle: which AIK key to sign with •  KeyAuth: Password for using key `keyhandle’ •  PCR List: Which PCRs to sign. •  Challenge: 20- byte challenge from remote server –  Prevents replay of old signatures. •  Userdata: addi2onal data to include in sig. Returns signed data and signature. Dan Boneh Attestation:...
View Full Document

Ask a homework question - tutors are online