17 Nov 2014
Demo 4, our last demonstration for our first contract year, is complete and successful. This demonstration extends previous demos by including explicit certification of the \(AIK\) by an external certificate authority.
All data exchanged among the appraiser, attestation manager, measurer, and Privacy CA is in the form of standard JSON structures. This supports integration with other trusted computing components outside the ArmoredSoftware ecosystem.
In addition to executing successful runs, the demo checks a number of cases that should cause the protocol to fail or give bad results. These include:
The demo is quite close to being a complete and valid attestation protocol execution. Following are remaining limitations:
Note that the measurer is now being called explicitly and is no longer simulated.
01 Aug 2014
Here’s a link to a nice article on TPM Uptake from Computer Weekly. Most enterprise computers have a hardware TPM on board, but they are rarely used. Microsoft’s BitLocker is one application that does and I’ve heard Chromebooks use a TPM to protect information in the cloud. However, broad uptake has been slow. This article suggests that might be changing. Furthermore, TCG is introducing the TPM 2.0 shortly that will be more flexible than the current 1.2. Only time will tell.
01 Aug 2014
Demo 2 is in the books. Demo 2 adds explicit execution of an attestation protocol and interaction with the measurer. This demo continues to be naive, but uses an attestation protocol and returns an evidence package. The evidence package integrity is guaranteed and linked to the quote by the hash returned in the quote. The quote is used to evaluate the data and the data in turn used to evaluate the target system.
The attestation protocol receives \(D\) from the appraiser and translates its components into calls the measurer to generate \(E\). The evidence package and quote are generated by individual protocol steps.
The demo is limited for several reasons:
The first three limitations will be eliminated in Demonstration 3 when we integrate a TPM. The last limitation is an operating system issue that will be resolved when we move from CentOS to Fedora in the next demonstration.
We are now working full time on Demonstration 3.
01 Jul 2014
Today we did our first internal demonstration of an ArmoredSoftware attestation among two virtual machines. Demo 1 implemented an exceptionally naive appraisal whose intent was shaking out infrastructure issues including cryptography functions and communication. The demo uses a traditional asymmetric key, k, rather than an AIK or EK for signing and assumes the appraiser has a public key for the target’s TPM.
Here’s what we learned:
vchanthrough a Haskell interface is working for us. Some issues remain concerning communcating large data objects, but we have what we need to move forward.
We’re now off and running for Demo 2 where we will add quite a bit including protocol selection and execution, interaction with the measurer, and complex data requests.
03 May 2014
HCSS’14 will be May 6-8 in Annapolis where we will be presenting our first poster presentation on ArmoredSoftware. We will also be holding our initial kickoff meeting with the sponsor May 9.
10 Apr 2014
KU and ITTC are now formally participants in the Trusted Computing Group Liaison Program. We will actively be contributing to TCG standards for systems such as the TPM, Virtualized TPM and Mobile platforms.
19 Jan 2014
Welcome to Justin Dawson and Jason Gevargizian. Justin will be working with Andy Gill on the system architecture and Jason will be working with Prasad on measurement.
28 Sep 2013
ArmoredSoftware is officially up and going. Our contract started 27 September 2013 and we are happily at work. Thanks to everyone who got our contract in place!