Klausurfragen

Question 1

Wie wird Authenticated Boot realisiert?

Answer 1

• Wählen einer sicheren Speicherstelle Rsec
• Resetten von Rsec
• Start mit RTM und dann Ausführen jeder Komponente nacheinander und Hinzufügen des Digest

Question 2

Was ist der Unterschied zwischen Secure und Authenticated Boot?

Answer 2

• Authenticated Boot prüft per se nicht die Integrität (erst im Rahmen von z.B. Remote Attestation)
• Secure Boot erlaubt nur Boot in einem verifizierten Zustand

Question 3

Definition Attestation

Answer 3

Is a security service/approach which enables making statements about the state of a remote computer system
-> Protocol between a prover P and a verifier V where P proves the integrity of its software to the verifier V

Question 4

Join Protokoll Ablauf

Answer 4

1. New device is installed, configuration signed by manager is sent to Central Computer
2. Verifier verifies configuration
3. Both device and verifier exchange their public keys and corresponding certificates
4. After verification, derive shared key based on own private key and counterpart‘s public key
5. After shared key is established, the device deletes its own private and public key and certificates

Question 5

Wie erfüllt das Join-Protokoll die Anforderungen an Softwareintegrität, Hardwareintegrität und Authenticity of messages?

Answer 5

• Softwareintegrität: Certificate of manufacturer
• Hardwareintegrität: Cannot be checked, is assumed
• Authenticity of messages: exchanged keys

Question 6

Join Attestation Protocol

Answer 6

1. Verifier sends attestation request including a nonce N
2. Devices generate report
3. Device sends report back to Verifier
4. Verifier checks report
5. If report is valid, send session key encrypted with shared key