Client-Server Application for Trusted Device Setup

Device attestation and intrusion detecting app

Solution Desktop app for device attestation
Industry Software and Technology
Engagement Model T&M (time and materials)
Methodology Agile
Team
  • Desktop Developers
  • Java Developers
  • .NET Developer
  • Project Manager
1
2
3
4
5
6

Customer

Case Highlights

  • Performs automated device attestation on the first boot
  • Cross-validates the system measurements generated on the first boot with those made at the factory
  • Notifies users about successful attestation and any tampering events
  • Generates device health attestation reports

Problem

Lenovo decided to help organizations comply with internal security practices. For that, the company wanted to add an additional security level to ThinkPad laptops marketed to corporate clients.

The client needed a solution verifying that:

  • End users get their devices with trusted applications, data, and services
  • No changes to the system were made after the devices left the factory

Challenge

The Softeq team had to create the solution following Intel's specifications for the device attestation process.

Solution

Overview

Softeq created a client-server solution that performs device attestation and detects intrusions. The system consists of three parts:

Local Attestation Service

  • Initiates the attestation process
  • Collects attestation data and transfers it to the server
  • Receives a health report in response

User Interface

  • Serves the local attestation service
  • Notifies about successful attestation or any unauthorized modifications made to the system, such as installed software or changes in configurations

Remote Device Health Attestation Server

  • Collects device parameters to compare measurements against the production specifications
  • Generates health reports

How Device Attestation Works

The device attestation flow starts on the first boot.

  • The local attestation agent (LAA) connects to a cloud-based Remote Health Attestation Server (RHAS)
  • The server receives the device ID and sends a challenge response to LAA to collect the following device parameters:
    - Attestation data stored in a Converged Security and Management Engine (CSME) module residing in the device’s chip
    - Trusted Platform Module (TPM) quote that enables digest authentication—secure authorization on the server
  • When RHAS has collected the required data, it performs the attestation process—the validation of device parameters against the production specifications
  • The server generates and signs a statement of health
  • LAA uses this report to notify users via the dashboard about successful attestation or any vulnerabilities

Solution Composition

The solution is based on the Amazon Virtual Private Cloud (VPC)an isolated secure private cloud within AWS.

Health Report

Health attestation reports are XML files that verify the successful device attestation and report on the machine/system integrity.

The report contains:

  • Session ID
  • Timestamp
  • The laptop’s serial number
  • BIOS number
  • Status report
  • Policies to attest the device

The report also includes a log containing information about boots and any locking/unlocking events or unauthorized modifications.

An “unhealthy” report status may indicate unauthorized access or that the attestation request was transferred under the table to another server.

Security

We provided data protection based on Lenovo and Intel security requirements.

The solution’s security capabilities include:

  • Direct Anonymous Attestation (DAA)—a cryptographic primitive that enables remote authentication of a trusted computer while ensuring user privacy
  • Digital seal set at the factory and activated on the first boot. The device sealing event is stored in the CSME module, which resides in the Intel chips and contains the event log
    TPM module—a dedicated microcontroller that secures hardware through integrated cryptographic keys. TPMs contain both public and private keys. The public keys, which are stored in the production base, authorize TPMs on the server
  • AWS Secrets Manager—stores keys supporting secure access to the production specifications
  • The server makes a digital signature of a health report with the Elliptic Curve Digital Signature Algorithm (ECDSA), a cryptographic encryption algorithm used to secure communication

User Interface

A desktop user interface supports the device attestation process on the user side. A simple pop-up window notifies users about the successful attestation, warns in the event of a lost network connection, and alerts any intrusion events.

Results

Ready-to-Install App

Softeq developed a client-server application that performs device attestation and detects intrusions. The solution verifies that a device sealed at the factory did not have any changes on the way to the purchaser, and thus helps organizations comply with internal security practices.

The device attestation service was delivered ready for incorporating into Lenovo business-oriented laptop range.