Remote Attestation - kunisuzaki/misc GitHub Wiki

Survey paper

• Firmware Integrity Protection: A Survey [arXiv23]
• CRC: Fully General Model of Confidential Remote Computing [arXiv23]
• Attestation Mechanisms for Trusted Execution Environments Demystified [arXiv22]
• An Exploratory Study of Attestation Mechanisms for Trusted Execution Environments [SysTEX'22] Survey for attestations of Intel SGX, Arm TrustZone, AMD SEV, RISC-V.
• Towards Interoperable Enclave Attestation: Learnings from Decades of Academic Work [FRUCT'22]
• Principles of remote attestation[International Journal of Information Security 2011]
• A Taxonomy and Review of Remote Attestation Schemes in Embedded Systems [arXiv21]
• Remote Attestation: A Literature Review[arXiv'21] Survey for singular attestation and swarm Attestation.
• A Survey of Remote Attestation in Internet of Things: Attacks, Countermeasures, and Prospects [Computers & Security21]
• A Survey on Hardware Approaches for Remote Attestation in Network Infrastructures[arXiv 20] Survey for hardware-based attestation, sostware-based attestation, and hybrid attestation.

Tutorial

• Remote Attestation ---Building trust in things you can’t see--- [Asia CCS'17]

Imprtant paper

• Towards an Attestation Architecture for Vlockchain Networks [WWW'21] shows 2 types of attestation flows: passport flow and background flow.

TPM (Trusted Platform Module)

• A Comprehensive Survey of TPM for Defense Systems[KSII Transactions on Internet and Information Systems2024]
• tpm2-software community, Remote Attestation Good explanation.
• TCG Trusted Attestation Protocol (TAP) Information Model for TPM Families 1.2 and 2.0 and DICE Family 1.0
• TPM 2.0 Keys for Device Identity and Attestation introduces IDevID(Initial Device ID)/IAK(Initial Attestation Key) and LDevID(Local Device ID)/LAK(Local Attestation Key)
• Remote attestation of confidential VMs using ephemeral vTPMs [ACSAC2023]

FIDO (Fast IDentity Online)

• (Article) FIDO TechNotes: The Truth about Attestation
• FIDO ECDAA Algorithm

Intel SGX

• SGX101 Attestaion Good expanation of Intel SGX Remote Attestation (Keys, Platform Provisioning, Remote Attestation Process)
• Intel SGX Remote Attestation is not sufficient [BlackHat'17] Paper(https://eprint.iacr.org/2017/736.pdf)
• DCAP
• Opera: Open remote attestation for intel's secure enclaves [CCS'19]
• AMI TreE

AMD SEV

• Insecure until proven updated: analyzing AMD SEV's remote attestation[CCS'19]
• VirTEE/SEV
• SNP-Guard, SNPGuard: Remote Attestation of SEV-SNP VMs Using Open Source Tools [SysTex24]

Arm CCA (Confidential Computing Architecure)

AWS Nitro

• CRYPTOGRAPHIC ATTESTATION

DAA (Direct Anonymous Attestaion)

• Enhanced Privacy ID from Bilinear Pairing [ePrint'09]
• A Symbolic Analysis of ECC-based Direct Anonymous Attestation[ EuroS&P'19]

Formal Verification

• VRASED: A Verified Hardware/Software Co-Design for Remote Attestation [USENIX Sec'19]
• Advancing remote attestation via computer-aided formal verification of designs and synthesis of executables: opinion [WiSec'19]
• Formal foundations for intel SGX data center attestation primitives[ICFEM'20]
• Demystifying attestation in intel trust domain extensions via formal verification[IEEE Access'21]
• Towards formalization of enhanced privacy ID (epid)-based remote attestation in intel SGX [DSD'20]

IETF RATS (Remote ATtestation procedureS)

• Remote Attestation Procedures Architecture
• The Entity Attestation Token (EAT)
• Direct Anonymous Attestation for the Remote Attestation Procedures Architecture

Application

• Androd
  • Attestation
    • Key Attestation from Android 7.1
    • ID Attestation from Android 8.0

CCC(Confidential Computing Consortium)

• Tech: Attestation
• Veraison Open souce software
• Gramine Open souce software
• Veracruz Open souce software

Key Research Person

• Prof. N. Asokan (Aalto University)
• Dr. Jan Camenisch (DFINITY) for DAA
• Prof. Christof Fetzer (Technische Universität Dresden)
• Prof. Thomas Hardjono (MIT)
• Prof. Ahmad-Reza Sadeghi (Technische Universität Darmstadt)
• Prof. Gene Tsudik (UC,Irvine)