首页
网站开发
桌面应用
管理软件
微信开发
App开发
嵌入式软件
工具软件
数据采集与分析
其他
首页
>
> 详细
COMP3217代做、Python/Java编程设计代写
项目预算:
开发周期:
发布时间:
要求地区:
COMP3217 University of Southampton
Assignment 1: Trusted Computing
Set: 16/02/2024, Due: 22/03/2024
The assignment at hand is concerned with secure boot and trusted platform modules (TPM), and
draws upon the content covered in the lectures and previous labs. This is an individual assignment
that carries a weightage of 50% towards the overall module grade. You will be assessed on your
ability to demonstrate your understanding of trusted computing and benefits of applying trusted
computing to today’s computing platforms.
Marks Breakdown
50 Mark For all tasks. Which is broken down into:
5 Mark: For clarity of your description.
15 Mark: For Part-1 (breakdown below)
15 Mark: For Part-2 (breakdown below)
15 Mark: For Part-3 (breakdown below)
Submission Instructions
Please submit a report to this link https://handin.ecs.soton.ac.uk. Your report must be submitted
in PDF format.
Deadline
The assignment deadline is on 22/3/2024
Experimental Setup
We will be utilizing the same lab setup. While you are not required to submit any code, we highly encourage
you to confirm the validity of your solution by employing the simulated TPM we used in the lab.
1
COMP3217 University of Southampton
1 Part 1 - Trusted Platform Module (15 marks)
A Trusted Platform Module (TPM) is a dedicated hardware component that provides secure storage and
processing of cryptographic keys and other sensitive information. The TPM is a microcontroller that
resides on the motherboard of a computer and interacts with the system firmware to ensure that the
system remains in a trusted state during boot-up and operation. The TPM can be used for various security
purposes, including secure boot, disk encryption, and digital rights management. It includes features such
as random number generation, cryptographic functions, and secure storage of secrets. The TPM is designed
to be tamper-resistant, so it can protect sensitive information even if an attacker gains physical access to
the computer. This standardized technology was developed by the Trusted Computing Group (TCG) and is
widely used in modern computers and other devices. In our lab, we used a software TPM and implemented
remote attestation using TPM2 Quote and TPM2 PCRs.
1. Highlight four differences between TPM1.2 and TPM2.0. What are the major difference between
the two? (2 Marks)
2. Can you explain the difference between the Endorsement Hierarchy and the Storage Hierarchy? (2
Marks)
3. Can you give an example of how to generate a key that is exclusively intended for encryption and
cannot be utilized for signing? (2 Marks)
4. In a virtualized environment, TPM 2.0 can be used by multiple users. How does TPM 2.0 maintain
isolation between these users? Additionally, is it possible for each user to own their respective
hierarchies? (2 Marks)
5. You have decided that remote attestation is an essential feature and want to utilize it on your laptop.
(7 Marks)
(a) Can you describe which measurements you would store within TPM Volatile PCRs, and why
you would use those particular PCRs?
(b) Can you describe which TPM2 Quote command you would use and what arguments you would
include in the command?
(c) You have received a TPM2 quote on your laptop and are using the tools you learned in the lab
to parse and verify it. Which data from the quote would you examine and why?
(d) To utilize remote attestation, users must implement a protocol between their device and the
verifier. The lab notes provide a detailed explanation of this protocol. As part of this process,
the "verifier" sends a nonce. Why is this necessary? Additionally, can you propose a method to
ensure that this nonce is distinct from other nonces that the TPM has used within the previous
five days?
2 Part 2- Secure Boot (15 Marks)
Part 1 is concerned with secure boot and methods used to implement secure boot.
1. Can you provide a brief description of what secure boot is and explain why it is necessary? (1 Mark)
2. If you are considering buying a laptop with secure boot enabled, it’s essential to understand the
potential threats that it can prevent. Can you list five different types of threats, three different
adversaries, and three types of attacks that could occur if secure boot is not implemented?(2 points)
3. "Secure boot" is also referred to as "verified boot." Can you explain the difference between verified
boot and measured boot? Additionally, can you explain which approach is superior and provide
supporting reasons for your choice? (2 points)
2
COMP3217 University of Southampton
4. An engineer is designing a new system and intends to implement the latest and greatest security
measures for secure boot. The engineer is examining the hardware and software requirements necessary to create a robust secure boot solution. Additionally, the engineer has a functional requirement
of a boot time of one second. The one second is measured from the time you power on the device
until booting the application. The following describes the boot flow:
bootloader1->bootloader2->middileware->OS->application
Help the engineer by answering the following questions. (10 points)
(a) Which cryptographic ciphers should the hardware and software support? (2 Marks)
(b) Does the engineer require a root of trust? What is the purpose of a root of trust and why is it
necessary? (2 Marks)
(c) What storage requirements are necessary for a root of trust? Is the storage within the root of
trust volatile or non-volatile? Explain your answer. (2 Marks)
(d) How many cryptographic keys are required for the secure boot process? (2 Marks)
(e) In the lectures, you have learned about internal root-of-trust, which is when the root of trust is
embedded within the CPU. However, the engineer has found a CPU that suits the performance
he is looking for, but it does not have root-of-trust or the necessary hardware to implement
secure boot. Can you suggest some alternative options for him? (2 Marks)
(f) Following the previous question, can you describe the steps involved in verifying the bootloader1
starting from the moment the user presses the power on button until bootloader1 hands over
execution to bootloader2? (2 Marks)
3 Part 3- UEFI (15 Marks)
UEFI stands for "Unified Extensible Firmware Interface." It is a specification for firmware that operates as a
replacement for the traditional BIOS (Basic Input/Output System) firmware on modern computers. UEFI
provides a layer of software between the operating system and the firmware, enabling advanced features
such as secure boot and faster boot times. It also supports larger hard drives and partitions, as well as more
modern technologies like touchscreens and network booting. UEFI was developed by the UEFI Forum, a
group of industry leaders, and is widely adopted by major computer manufacturers. In the lectures, you
have seen a Black Hat talk that explains UEFI and possible attacks on UEFI. A link to the talk is available
on the noteswiki, and it will help you answer the following questions.
1. Who verifies the integrity of UEFI on Intel platforms (as mentioned in the lectures)? (1 Marks)
2. Where is UEFI normally stored on laptop devices? (2 Marks)
3. Where are the keys used by UEFI stored and who has direct access to them? (3 Marks)
4. Can the OS access UEFI keys location directly? why? (3 Marks)
5. How does the UEFI specification address revocation? Can you guarantee that a specific cryptographic
key is never used in the secure boot process? (3 Marks)
6. If you were to attack the implementation of UEFI secure boot and you had the option to delete
exactly one key (that is used by UEFI), which key would you choose to delete? (3 Marks)
3
软件开发、广告设计客服
QQ:99515681
邮箱:99515681@qq.com
工作时间:8:00-23:00
微信:codinghelp
热点项目
更多
代写dts207tc、sql编程语言代做
2024-12-25
cs209a代做、java程序设计代写
2024-12-25
cs305程序代做、代写python程序...
2024-12-25
代写csc1001、代做python设计程...
2024-12-24
代写practice test preparatio...
2024-12-24
代写bre2031 – environmental...
2024-12-24
代写ece5550: applied kalman ...
2024-12-24
代做conmgnt 7049 – measurem...
2024-12-24
代写ece3700j introduction to...
2024-12-24
代做adad9311 designing the e...
2024-12-24
代做comp5618 - applied cyber...
2024-12-24
代做ece5550: applied kalman ...
2024-12-24
代做cp1402 assignment - netw...
2024-12-24
热点标签
mktg2509
csci 2600
38170
lng302
csse3010
phas3226
77938
arch1162
engn4536/engn6536
acx5903
comp151101
phl245
cse12
comp9312
stat3016/6016
phas0038
comp2140
6qqmb312
xjco3011
rest0005
ematm0051
5qqmn219
lubs5062m
eee8155
cege0100
eap033
artd1109
mat246
etc3430
ecmm462
mis102
inft6800
ddes9903
comp6521
comp9517
comp3331/9331
comp4337
comp6008
comp9414
bu.231.790.81
man00150m
csb352h
math1041
eengm4100
isys1002
08
6057cem
mktg3504
mthm036
mtrx1701
mth3241
eeee3086
cmp-7038b
cmp-7000a
ints4010
econ2151
infs5710
fins5516
fin3309
fins5510
gsoe9340
math2007
math2036
soee5010
mark3088
infs3605
elec9714
comp2271
ma214
comp2211
infs3604
600426
sit254
acct3091
bbt405
msin0116
com107/com113
mark5826
sit120
comp9021
eco2101
eeen40700
cs253
ece3114
ecmm447
chns3000
math377
itd102
comp9444
comp(2041|9044)
econ0060
econ7230
mgt001371
ecs-323
cs6250
mgdi60012
mdia2012
comm221001
comm5000
ma1008
engl642
econ241
com333
math367
mis201
nbs-7041x
meek16104
econ2003
comm1190
mbas902
comp-1027
dpst1091
comp7315
eppd1033
m06
ee3025
msci231
bb113/bbs1063
fc709
comp3425
comp9417
econ42915
cb9101
math1102e
chme0017
fc307
mkt60104
5522usst
litr1-uc6201.200
ee1102
cosc2803
math39512
omp9727
int2067/int5051
bsb151
mgt253
fc021
babs2202
mis2002s
phya21
18-213
cege0012
mdia1002
math38032
mech5125
07
cisc102
mgx3110
cs240
11175
fin3020s
eco3420
ictten622
comp9727
cpt111
de114102d
mgm320h5s
bafi1019
math21112
efim20036
mn-3503
fins5568
110.807
bcpm000028
info6030
bma0092
bcpm0054
math20212
ce335
cs365
cenv6141
ftec5580
math2010
ec3450
comm1170
ecmt1010
csci-ua.0480-003
econ12-200
ib3960
ectb60h3f
cs247—assignment
tk3163
ics3u
ib3j80
comp20008
comp9334
eppd1063
acct2343
cct109
isys1055/3412
math350-real
math2014
eec180
stat141b
econ2101
msinm014/msing014/msing014b
fit2004
comp643
bu1002
cm2030
联系我们
- QQ: 9951568
© 2021
www.rj363.com
软件定制开发网!