{"id":55,"date":"2011-07-15T00:48:47","date_gmt":"2011-07-15T00:48:47","guid":{"rendered":"http:\/\/www.daprim.de\/?p=55"},"modified":"2011-07-15T00:48:47","modified_gmt":"2011-07-15T00:48:47","slug":"enabling-system-cloning-for-tpm-based-platforms-paper","status":"publish","type":"post","link":"https:\/\/www.daprim.de\/?p=55","title":{"rendered":"Enabling System Cloning for TPM based Platforms (paper)"},"content":{"rendered":"<p>We describe a concept of <strong>mutual remote attestation<\/strong> for two identically configured trusted (TPM based) systems. We provide a cryptographic protocol to achieve the goal of deriving a common session key for two systems that have verified each other to be a clone of themselves.<\/p>\n<p>The mutual attestation can be applied to backup procedures without providing data access to administrators, i. e. one trusted systems exports its database to another identical trusted system via a secure channel after mutual attestation is completed.<\/p>\n<p>Another application is dynamically parallelizing trusted systems in order to increase the performance of a trusted server platform. We present details of our proposed architecture and show results from extensive hardware tests. These tests show that there are some unresolved issues with TPM-BIOS settings currently distributed by PC hardware manufacturers since the specification regarding measurement of extended platform BIOS configuration is either not met or the usage of undocumented options is required.<\/p>\n<div style=\"width: 648px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" alt=\"Test Environment\" src=\"http:\/\/uli.libra.uberspace.de\/dp\/wp-content\/uploads\/2011\/09\/clone_gfx.jpg\" title=\"Test Environment\" width=\"638\" height=\"158\" \/><p class=\"wp-caption-text\">Test Environment<\/p><\/div>\n<p>Our results show that the specfied requirement (TCG EFI Platform Speci\fcation V1.20.) that &#8222;platform configuration information being unique or automatically updated must not be measured&#8220; is apparently violated. The full activation of extended security reporting options results in different values on identical systems.<\/p>\n<p>Read full paper <a href=\"http:\/\/1lab.de\/pub\/STM11paper.pdf\">here<\/a>. Get slides from <a href=\"http:\/\/1lab.de\/pub\/STM11slides.pdf\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We describe a concept of mutual remote attestation for two identically configured trusted (TPM based) systems. We provide a cryptographic protocol to achieve the goal of deriving a common session key for two systems that have verified each other to &hellip; <a href=\"https:\/\/www.daprim.de\/?p=55\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[],"_links":{"self":[{"href":"https:\/\/www.daprim.de\/index.php?rest_route=\/wp\/v2\/posts\/55"}],"collection":[{"href":"https:\/\/www.daprim.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.daprim.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.daprim.de\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.daprim.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=55"}],"version-history":[{"count":0,"href":"https:\/\/www.daprim.de\/index.php?rest_route=\/wp\/v2\/posts\/55\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.daprim.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=55"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.daprim.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=55"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.daprim.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=55"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}