COMP3217代做、Python/Java编程设计代写

日期：2024-02-27 10:02

COMP3217 University of Southampton

Assignment 1: Trusted Computing

Set: 16/02/2024, Due: 22/03/2024

The assignment at hand is concerned with secure boot and trusted platform modules (TPM), and

draws upon the content covered in the lectures and previous labs. This is an individual assignment

that carries a weightage of 50% towards the overall module grade. You will be assessed on your

ability to demonstrate your understanding of trusted computing and benefits of applying trusted

computing to today’s computing platforms.

Marks Breakdown

50 Mark For all tasks. Which is broken down into:

5 Mark: For clarity of your description.

15 Mark: For Part-1 (breakdown below)

15 Mark: For Part-2 (breakdown below)

15 Mark: For Part-3 (breakdown below)

Submission Instructions

Please submit a report to this link https://handin.ecs.soton.ac.uk. Your report must be submitted

in PDF format.

Deadline

The assignment deadline is on 22/3/2024

Experimental Setup

We will be utilizing the same lab setup. While you are not required to submit any code, we highly encourage

you to confirm the validity of your solution by employing the simulated TPM we used in the lab.

1

COMP3217 University of Southampton

1 Part 1 - Trusted Platform Module (15 marks)

A Trusted Platform Module (TPM) is a dedicated hardware component that provides secure storage and

processing of cryptographic keys and other sensitive information. The TPM is a microcontroller that

resides on the motherboard of a computer and interacts with the system firmware to ensure that the

system remains in a trusted state during boot-up and operation. The TPM can be used for various security

purposes, including secure boot, disk encryption, and digital rights management. It includes features such

as random number generation, cryptographic functions, and secure storage of secrets. The TPM is designed

to be tamper-resistant, so it can protect sensitive information even if an attacker gains physical access to

the computer. This standardized technology was developed by the Trusted Computing Group (TCG) and is

widely used in modern computers and other devices. In our lab, we used a software TPM and implemented

remote attestation using TPM2 Quote and TPM2 PCRs.

1. Highlight four differences between TPM1.2 and TPM2.0. What are the major difference between

the two? (2 Marks)

2. Can you explain the difference between the Endorsement Hierarchy and the Storage Hierarchy? (2

Marks)

3. Can you give an example of how to generate a key that is exclusively intended for encryption and

cannot be utilized for signing? (2 Marks)

4. In a virtualized environment, TPM 2.0 can be used by multiple users. How does TPM 2.0 maintain

isolation between these users? Additionally, is it possible for each user to own their respective

hierarchies? (2 Marks)

5. You have decided that remote attestation is an essential feature and want to utilize it on your laptop.

(7 Marks)

(a) Can you describe which measurements you would store within TPM Volatile PCRs, and why

you would use those particular PCRs?

(b) Can you describe which TPM2 Quote command you would use and what arguments you would

include in the command?

(c) You have received a TPM2 quote on your laptop and are using the tools you learned in the lab

to parse and verify it. Which data from the quote would you examine and why?

(d) To utilize remote attestation, users must implement a protocol between their device and the

verifier. The lab notes provide a detailed explanation of this protocol. As part of this process,

the "verifier" sends a nonce. Why is this necessary? Additionally, can you propose a method to

ensure that this nonce is distinct from other nonces that the TPM has used within the previous

five days?

2 Part 2- Secure Boot (15 Marks)

Part 1 is concerned with secure boot and methods used to implement secure boot.

1. Can you provide a brief description of what secure boot is and explain why it is necessary? (1 Mark)

2. If you are considering buying a laptop with secure boot enabled, it’s essential to understand the

potential threats that it can prevent. Can you list five different types of threats, three different

adversaries, and three types of attacks that could occur if secure boot is not implemented?(2 points)

3. "Secure boot" is also referred to as "verified boot." Can you explain the difference between verified

boot and measured boot? Additionally, can you explain which approach is superior and provide

supporting reasons for your choice? (2 points)

2

COMP3217 University of Southampton

4. An engineer is designing a new system and intends to implement the latest and greatest security

measures for secure boot. The engineer is examining the hardware and software requirements necessary to create a robust secure boot solution. Additionally, the engineer has a functional requirement

of a boot time of one second. The one second is measured from the time you power on the device

until booting the application. The following describes the boot flow:

bootloader1->bootloader2->middileware->OS->application

Help the engineer by answering the following questions. (10 points)

(a) Which cryptographic ciphers should the hardware and software support? (2 Marks)

(b) Does the engineer require a root of trust? What is the purpose of a root of trust and why is it

necessary? (2 Marks)

(c) What storage requirements are necessary for a root of trust? Is the storage within the root of

trust volatile or non-volatile? Explain your answer. (2 Marks)

(d) How many cryptographic keys are required for the secure boot process? (2 Marks)

(e) In the lectures, you have learned about internal root-of-trust, which is when the root of trust is

embedded within the CPU. However, the engineer has found a CPU that suits the performance

he is looking for, but it does not have root-of-trust or the necessary hardware to implement

secure boot. Can you suggest some alternative options for him? (2 Marks)

(f) Following the previous question, can you describe the steps involved in verifying the bootloader1

starting from the moment the user presses the power on button until bootloader1 hands over

execution to bootloader2? (2 Marks)

3 Part 3- UEFI (15 Marks)

UEFI stands for "Unified Extensible Firmware Interface." It is a specification for firmware that operates as a

replacement for the traditional BIOS (Basic Input/Output System) firmware on modern computers. UEFI

provides a layer of software between the operating system and the firmware, enabling advanced features

such as secure boot and faster boot times. It also supports larger hard drives and partitions, as well as more

modern technologies like touchscreens and network booting. UEFI was developed by the UEFI Forum, a

group of industry leaders, and is widely adopted by major computer manufacturers. In the lectures, you

have seen a Black Hat talk that explains UEFI and possible attacks on UEFI. A link to the talk is available

on the noteswiki, and it will help you answer the following questions.

1. Who verifies the integrity of UEFI on Intel platforms (as mentioned in the lectures)? (1 Marks)

2. Where is UEFI normally stored on laptop devices? (2 Marks)

3. Where are the keys used by UEFI stored and who has direct access to them? (3 Marks)

4. Can the OS access UEFI keys location directly? why? (3 Marks)

5. How does the UEFI specification address revocation? Can you guarantee that a specific cryptographic

key is never used in the secure boot process? (3 Marks)

6. If you were to attack the implementation of UEFI secure boot and you had the option to delete

exactly one key (that is used by UEFI), which key would you choose to delete? (3 Marks)

3