Lecture 14-Quantum Flashcards
Kerberos vs TLS
Kerberos is used for more permanent servers and uses symmetric key encryption. It is not scalable. TLS uses certification chain and scales better.
Rare event removal
Including a flip flop or extra gate to increase the chances of a rare event happening to test for detection of hw trojan
Design obfuscation
Creating an obfuscated mode where a hw trojan would be invalid and cannot be transferred to the normal mode if it doesn’t know secret key
What is the point of PCRs?
Store hashed concatenated bytes of data (gets rehashed each time new data is appended) So that if one bit gets tampered with, whole hash changes
Trusted Boot Process
Each step from CRTM to user application gets verified using hashes by TPM 2.0
Why shouldn’t Endorsement key be used for signatures?
Not secure, sensitive date. Instead use Attestation Identity key that is generated anew for each interaction
How to connect TPM to Attestation Identity Key?
TPM generates AI key and asks TTP to endorse the key and provide the certification to show to the verifier. The way to prove to TTP is to sign AI key with Endorsement key (only time revealing sensitive information)
Three main functions of TPM
Sealed Storage, Remote Attestation, Integrity Measurements
BitLocker
Way of full disk encryption and key stored in TPM
Main issue with TPM?
No way to know if it is a truly secure state. (There could be something passive or something broken prior to TPM verifying it)
QKD: BB84
Quantum channel sends out photons and throws out readings that don’t match. Alice and Bob send and receive photons and then share their basis. They then wipe out the bits that don’t match
Can Eve attack bb84?
Yes but if Eve intercepted photons, then Alice and Bob will know because they can detect inconsistencies if a lot of bits get intercepted
How do you ensure an n-bit key?
By sending double the number of photons. (Gives Bob the chance to get 50% of it right)
How can TLS be improved upon?
Use Quantum Resistant public key (generated by bb84 or e91)