What is remote attestation?

Remote attestation is a method by which a host (client) authenticates it’s hardware and software configuration to a remote host (server). The goal of remote attestation is to enable a remote system (challenger) to determine the level of trust in the integrity of platform of another system (attestator).

What is the meaning of attestation in trusted computing?

Attestation is a mechanism for software to prove its identity. The goal of attestation is to prove to a remote party that your operating system and application software are intact and trustworthy. The verifier trusts that attestation data is accurate because it is signed by a TPM whose key is certified by the CA.

How does TPM attestation work?

TPM key attestation is the ability of the entity requesting a certificate to cryptographically prove to a CA that the RSA key in the certificate request is protected by either “a” or “the” TPM that the CA trusts.

What is Attestation Identity key?

An Attestation Identity Key (AIK) is used to provide such a cryptographic proof by signing the properties of the non-migratable key and providing the properties and signature to the CA for verification.

What can possibly go wrong with TPM attestation?

Instead, they are supposed to acquire that cert when they start up. We can attempt to force that to happen by running the TPM maintenance task: But for various reasons (bad drivers, network connectivity challenges, TPM operating in reduced functionality mode, etc.) that process might not complete successfully.

How does TPM attestation work in Windows autopilot?

Simply, we needed a mechanism to allow the device to prove that it wasn’t an imposter. A device can leverage TPM attestation to prove to Azure AD that it is the same device that was registered with Windows Autopilot. Azure AD will then provide a device token, enabling Azure AD Join or MDM enrollment, without anyone ever typing in any credentials.

What is the goal of remote attestation protocol?

The goal of attestation is to prove to a remote party that your operating system and application software are intact and trustworthy. The verifier trusts that attestation data is accurate because it is signed by a TPM whose key is certified by the CA. A basic remote attestation protocol looks something like this[4]: 1.

How is remote attestation used in Trusted Computing?

One component of trusted computing that has attracted particular attention is remote attestation. Attestation allows a program to authenticate itself and remote attestation is a means for one system to make reliable statements about the software it is running to another system.