Server attestation refers to the process of authenticating and attesting to the state of a remote platform and its operating system. Attestation allows for changes in a remote host to be detected by authorized parties. This process allows administrators to validate server integrity and identify unauthorized changes.
Below are various resources for understanding server attestation technology.
Intel® TXT, a feature of the Intel® Xeon® processor, establishes a root of trust by measuring the system hardware and pre-launch software components are in a known good state. PrivateCore vCage supports Intel TXT and uses Dynamic Root of Trust Measurement (DRTM) to validate that a host system is in a known good state.
Tags: TXT, Remote Attestation, Server Integrity
A Trusted Computing Group summary of the TPM specification. TPM is a computer chip (microcontroller) that can securely store information (passwords, certificates, or encryption keys) used to authenticate a platform.
A university research paper providing a systematic overview of remote attestation and deconstruction into necessary properties.
Tags: Remote Attestation
A research paper by authors from the US National Security Agency (NSA) and MITRE Corporation laying out principles to guide the development of remote attestation systems.
Tags: Remote Attestation,
A university presentation and paper describing the communication mechanism of Trusted Platform Modules (TPMs) and how such mechanisms can be circumvented by attackers with physical access to the system.
A research paper by Invisible Things Lab describing a practical attack that can bypass the TXT’s trusted boot process. The paper also discusses practical attacks on System Management Mode (SMM) memory in Intel systems.
Tags: TXT, TPM
A university research paper that discusses listening to Trusted Platform Module (TPM) communications by attackers with physical access to a system.
A research paper describing methods of tapping into communication between the Trusted Platform Module (TPM) and other parts of the trusted platform.