Difference between revisions of "Attestation"
From MgmtWiki
(→Context) |
(→Solutions) |
||
(7 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
==Context== | ==Context== | ||
A [[Remote Attestation]] Service was proposed as a service that would accept statements from a [[TPM]] to verify that the code running on the computer was that approved by the manufacturer. | A [[Remote Attestation]] Service was proposed as a service that would accept statements from a [[TPM]] to verify that the code running on the computer was that approved by the manufacturer. | ||
+ | |||
+ | ==Solutions== | ||
+ | * [https://www.cisa.gov/sites/default/files/2024-03/Self-Attestation-Common-Form-03082024-FINAL.pdf US CISA Secure Software Development Attestation Form Instructions] The purpose of this form is to provide the Federal Government assurances that software used by agencies is securely developed. (2024-03) | ||
+ | * [https://developer.android.com/training/articles/security-key-attestation Verifying hardware-backed key pairs with Key Attestation] in Android for [[Smartphone]]s.<blockquote>Key Attestation gives you more confidence that the keys you use in your app are stored in a device's hardware-backed keystore. The link describes how to verify the properties of hardware-backed keys and how to interpret the schema of the attestation certificate's extension data. </blockquote> | ||
+ | * [https://developer.apple.com/documentation/devicecheck/dcappattestservice/3573911-attestkey attestKey(_:clientDataHash:completionHandler:)] Asks Apple to attest to the validity of a generated cryptographic key. | ||
==References== | ==References== | ||
+ | * See wiki page [[Attested]] for details of an [[Attestation]]. | ||
+ | * See wiki page [[Hardware-Enabled Security]] | ||
[[Category: Attestation]] | [[Category: Attestation]] | ||
+ | [[Category: Assurance]] | ||
+ | [[Category: Hardware]] |
Latest revision as of 13:24, 20 March 2024
Full Title or Meme
Attestation in computing devices typically means a statement from a Trust Authority about the security of statements made by some other computing device.
Context
A Remote Attestation Service was proposed as a service that would accept statements from a TPM to verify that the code running on the computer was that approved by the manufacturer.
Solutions
- US CISA Secure Software Development Attestation Form Instructions The purpose of this form is to provide the Federal Government assurances that software used by agencies is securely developed. (2024-03)
- Verifying hardware-backed key pairs with Key Attestation in Android for Smartphones.
Key Attestation gives you more confidence that the keys you use in your app are stored in a device's hardware-backed keystore. The link describes how to verify the properties of hardware-backed keys and how to interpret the schema of the attestation certificate's extension data.
- attestKey(_:clientDataHash:completionHandler:) Asks Apple to attest to the validity of a generated cryptographic key.
References
- See wiki page Attested for details of an Attestation.
- See wiki page Hardware-Enabled Security