#remoteattestation — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #remoteattestation, aggregated by home.social.
-
Reproducible builds are a valuable property for remote attestation workflows but often hard to maintain. We faced a special challenge building reproducible artifacts that contain signatures.
Together with @Euler I wrote a blog post about how we used ECDSA public key recovery to generate signatures that match exactly one artifact, can be reproduced by a verifier, and are secure, without anyone ever knowing a private key.
https://katexochen.aro.bz/posts/reproducible-secure-signatures/
#ReproducibleBuilds #RemoteAttestation #Cryptography #ConfidentialComputing #Infosec
-
Reproducible builds are a valuable property for remote attestation workflows but often hard to maintain. We faced a special challenge building reproducible artifacts that contain signatures.
Together with @Euler I wrote a blog post about how we used ECDSA public key recovery to generate signatures that match exactly one artifact, can be reproduced by a verifier, and are secure, without anyone ever knowing a private key.
https://katexochen.aro.bz/posts/reproducible-secure-signatures/
#ReproducibleBuilds #RemoteAttestation #Cryptography #ConfidentialComputing #Infosec
-
Reproducible builds are a valuable property for remote attestation workflows but often hard to maintain. We faced a special challenge building reproducible artifacts that contain signatures.
Together with @Euler I wrote a blog post about how we used ECDSA public key recovery to generate signatures that match exactly one artifact, can be reproduced by a verifier, and are secure, without anyone ever knowing a private key.
https://katexochen.aro.bz/posts/reproducible-secure-signatures/
#ReproducibleBuilds #RemoteAttestation #Cryptography #ConfidentialComputing #Infosec
-
Reproducible builds are a valuable property for remote attestation workflows but often hard to maintain. We faced a special challenge building reproducible artifacts that contain signatures.
Together with @Euler I wrote a blog post about how we used ECDSA public key recovery to generate signatures that match exactly one artifact, can be reproduced by a verifier, and are secure, without anyone ever knowing a private key.
https://katexochen.aro.bz/posts/reproducible-secure-signatures/
#ReproducibleBuilds #RemoteAttestation #Cryptography #ConfidentialComputing #Infosec
-
Reproducible builds are a valuable property for remote attestation workflows but often hard to maintain. We faced a special challenge building reproducible artifacts that contain signatures.
Together with @Euler I wrote a blog post about how we used ECDSA public key recovery to generate signatures that match exactly one artifact, can be reproduced by a verifier, and are secure, without anyone ever knowing a private key.
https://katexochen.aro.bz/posts/reproducible-secure-signatures/
#ReproducibleBuilds #RemoteAttestation #Cryptography #ConfidentialComputing #Infosec
-
RE: https://fosstodon.org/@golemwire/116444607177916368
@Gina That's awful. They're trying to get people to use the LinkedIn mobile app for identity verification, which is really annoying as they're trying to take me from my open browser to a locked-down platform. ( #remoteAttestation , anyone?)
-
I see that #LinkedIn is trying to loop me into a locked-down platform. (No surprise, obviously, coming from #Microsoft ).
-
To me, this clearly looks like #Valve is investing on #RemoteAttestation as an alternative to #KernelLevelAntiCheat : lists.archlinux.org/archives/l…
-
To me, this clearly looks like #Valve is investing on #RemoteAttestation as an alternative to #KernelLevelAntiCheat : lists.archlinux.org/archives/l… -
The recording of my third talk with Pragyan and Vitaly at All Systems Go! about UKI, composefs and remote attestation for Bootable Containers is now available: https://app.media.ccc.de/v/all-systems-go-2025-362-uki-composefs-and-remote-attestation-for-bootable-containers
#ASG2025 #AllSystemsGo #AllSystemsGo2025 #UKI #composefs #bootc #BootableContainers #RemoteAttestation
-
The recording of my third talk with Pragyan and Vitaly at All Systems Go! about UKI, composefs and remote attestation for Bootable Containers is now available: https://app.media.ccc.de/v/all-systems-go-2025-362-uki-composefs-and-remote-attestation-for-bootable-containers
#ASG2025 #AllSystemsGo #AllSystemsGo2025 #UKI #composefs #bootc #BootableContainers #RemoteAttestation
-
The recording of my third talk with Pragyan and Vitaly at All Systems Go! about UKI, composefs and remote attestation for Bootable Containers is now available: https://app.media.ccc.de/v/all-systems-go-2025-362-uki-composefs-and-remote-attestation-for-bootable-containers
#ASG2025 #AllSystemsGo #AllSystemsGo2025 #UKI #composefs #bootc #BootableContainers #RemoteAttestation
-
The recording of my third talk with Pragyan and Vitaly at All Systems Go! about UKI, composefs and remote attestation for Bootable Containers is now available: https://app.media.ccc.de/v/all-systems-go-2025-362-uki-composefs-and-remote-attestation-for-bootable-containers
#ASG2025 #AllSystemsGo #AllSystemsGo2025 #UKI #composefs #bootc #BootableContainers #RemoteAttestation
-
The recording of my third talk with Pragyan and Vitaly at All Systems Go! about UKI, composefs and remote attestation for Bootable Containers is now available: https://app.media.ccc.de/v/all-systems-go-2025-362-uki-composefs-and-remote-attestation-for-bootable-containers
#ASG2025 #AllSystemsGo #AllSystemsGo2025 #UKI #composefs #bootc #BootableContainers #RemoteAttestation
-
CW: Long thread/9
That meant that programs on other computers could decide whether to talk to your computer based on whether they agreed with your choices about which code to run.
This process, called "#RemoteAttestation," is generally billed as a way to identify and block computers that have been compromised by malware, or to identify gamers who are running cheats and refuse to play with them.
9/
-
Achievement Unlocked:
Remote attestation with Keylime on RHEL. Whew!#keylime #rhel #redhat #redhatenterpriselinux #remoteattestation #infosec #security
-
You get subjected to draconian tech like #DRM, #TrustedComputing, #RemoteAttestation and #PartsPairing in the name of protecting IP. What about your IP? The code you write, the paintings you make and even your online comments get fed into #AI and reproduced wholly or in part elsewhere, in the name of #fairuse. What is common to these seemingly contradictory, if not hypocritical measures? Those who promote it have the money to deploy them in mass and fight you in court if you challenge them.
-
Well, it finally happened to me. I was blocked out of a site I need for work because of #cloudflare. And I have no idea if or when I’ll be let back in.
https://jrhawley.ca/2023/08/07/blocked-by-cloudflare
For all the #internet #security people who think that #remoteattestation is a good idea, please reconsider. I already have all the security certificates and passwords I should need to access this site, but I was blocked anyway for some unknown reason probably related to browser fingerprinting. -
CW: Long thread/35
Owner override also completely changed the calculus for another, even more dangerous part of Trusted Computing: #RemoteAttestation.
35/
-
CW: Long thread/46
Then it can cryptographically "sign" these observations, proving that they were made by a secure chip and not by something you could have modified. Then you can send this signed "attestation" to someone else, who can use it to determine how your computer is configured and thus whether to trust it. This is called "#RemoteAttestation."
46/
-
CW: Long thread/44
Then there are applications that are somewhere in between, like #RemoteAttestation (when the secure computer signs a computer-readable description of what your computer is doing so that you can prove things about your computer and its operation to people who don't trust you, but do trust that secure computer).
Remote attestation is the McGuffin of *Red Team Blues*, my latest novel, a crime-thriller about a #cryptocurrency heist.
44/
-
CW: research review
V. Narayanan et al., "emote attestation of SEV-SNP confidential VMs using e-vTPMs"¹
Departing from "your data is safe with us" model where the cloud infrastructure is trusted, cloud tenants are shifting towards a model in which the cloud provider is not part of the trust domain. Both silicon and cloud vendors are trying to address this shift by introducing confidential computing - an umbrella term that provides mechanisms for protecting the data in-use through encryption below the hardware boundary of the CPU, e.g., Intel Software Guard Extensions (SGX), AMD secure encrypted virtualization (SEV), Intel trust domain extensions (TDX), etc.
In this work, we design and implement a virtual trusted platform module (vTPM) that virtualizes the hardware root-of-trust without requiring to trust the cloud provider. To ensure the security of a vTPM in a provider-controlled environment, we leverage unique isolation properties of the SEV-SNP hardware and a novel approach to ephemeral TPM state management. Specifically, we develop a stateless ephemeral vTPM that supports remote attestation without persistent state. This allows us to pair each confidential VM with a private instance of a vTPM that is completely isolated from the provider-controlled environment and other VMs. We built our prototype entirely on open-source components - Qemu, Linux, and Keylime. Though our work is AMD-specific, a similar approach could be used to build remote attestation protocol on other trusted execution environments (TEE).#arXiv #ResearchPapers #SEV-SNP #TPM #TDX #SGX #RemoteAttestation #Intel #AMD
-
In #DistributedSystems that rely on #RemoteAttestation, a reasonable policy may be put in place requiring nodes to run the latest updates in order to be admitted.
This becomes a challenging coordination problem at best, and a perpetual denial of service in extreme cases.
-
And here comes the corresponding repo:
https://github.com/RobertBuhren/Insecure-Until-Proven-Updated-Analyzing-AMD-SEV-s-Remote-Attestation