• <button id="ecio8"></button>
  • <li id="ecio8"></li>
    <s id="ecio8"></s>
    <dl id="ecio8"></dl>
    <center id="ecio8"><noscript id="ecio8"></noscript></center>
    • <table id="ecio8"><source id="ecio8"></source></table>
      <bdo id="ecio8"></bdo>
    • <s id="ecio8"></s>

      COMP3217代做、Python/Java編程設(shè)計(jì)代寫(xiě)

      時(shí)間:2024-02-28  來(lái)源:  作者: 我要糾錯(cuò)



      COMP3217 University of Southampton
      Assignment 1: Trusted Computing
      Set: 16/02/2024, Due: 22/03/2024
      The assignment at hand is concerned with secure boot and trusted platform modules (TPM), and
      draws upon the content covered in the lectures and previous labs. This is an individual assignment
      that carries a weightage of 50% towards the overall module grade. You will be assessed on your
      ability to demonstrate your understanding of trusted computing and benefits of applying trusted
      computing to today’s computing platforms.
      Marks Breakdown
      50 Mark For all tasks. Which is broken down into:
      5 Mark: For clarity of your description.
      15 Mark: For Part-1 (breakdown below)
      15 Mark: For Part-2 (breakdown below)
      15 Mark: For Part-3 (breakdown below)
      Submission Instructions
      Please submit a report to this link https://handin.ecs.soton.ac.uk. Your report must be submitted
      in PDF format.
      Deadline
      The assignment deadline is on 22/3/2024
      Experimental Setup
      We will be utilizing the same lab setup. While you are not required to submit any code, we highly encourage
      you to confirm the validity of your solution by employing the simulated TPM we used in the lab.
      1
      COMP3217 University of Southampton
      1 Part 1 - Trusted Platform Module (15 marks)
      A Trusted Platform Module (TPM) is a dedicated hardware component that provides secure storage and
      processing of cryptographic keys and other sensitive information. The TPM is a microcontroller that
      resides on the motherboard of a computer and interacts with the system firmware to ensure that the
      system remains in a trusted state during boot-up and operation. The TPM can be used for various security
      purposes, including secure boot, disk encryption, and digital rights management. It includes features such
      as random number generation, cryptographic functions, and secure storage of secrets. The TPM is designed
      to be tamper-resistant, so it can protect sensitive information even if an attacker gains physical access to
      the computer. This standardized technology was developed by the Trusted Computing Group (TCG) and is
      widely used in modern computers and other devices. In our lab, we used a software TPM and implemented
      remote attestation using TPM2 Quote and TPM2 PCRs.
      1. Highlight four differences between TPM1.2 and TPM2.0. What are the major difference between
      the two? (2 Marks)
      2. Can you explain the difference between the Endorsement Hierarchy and the Storage Hierarchy? (2
      Marks)
      3. Can you give an example of how to generate a key that is exclusively intended for encryption and
      cannot be utilized for signing? (2 Marks)
      4. In a virtualized environment, TPM 2.0 can be used by multiple users. How does TPM 2.0 maintain
      isolation between these users? Additionally, is it possible for each user to own their respective
      hierarchies? (2 Marks)
      5. You have decided that remote attestation is an essential feature and want to utilize it on your laptop.
      (7 Marks)
      (a) Can you describe which measurements you would store within TPM Volatile PCRs, and why
      you would use those particular PCRs?
      (b) Can you describe which TPM2 Quote command you would use and what arguments you would
      include in the command?
      (c) You have received a TPM2 quote on your laptop and are using the tools you learned in the lab
      to parse and verify it. Which data from the quote would you examine and why?
      (d) To utilize remote attestation, users must implement a protocol between their device and the
      verifier. The lab notes provide a detailed explanation of this protocol. As part of this process,
      the "verifier" sends a nonce. Why is this necessary? Additionally, can you propose a method to
      ensure that this nonce is distinct from other nonces that the TPM has used within the previous
      five days?
      2 Part 2- Secure Boot (15 Marks)
      Part 1 is concerned with secure boot and methods used to implement secure boot.
      1. Can you provide a brief description of what secure boot is and explain why it is necessary? (1 Mark)
      2. If you are considering buying a laptop with secure boot enabled, it’s essential to understand the
      potential threats that it can prevent. Can you list five different types of threats, three different
      adversaries, and three types of attacks that could occur if secure boot is not implemented?(2 points)
      3. "Secure boot" is also referred to as "verified boot." Can you explain the difference between verified
      boot and measured boot? Additionally, can you explain which approach is superior and provide
      supporting reasons for your choice? (2 points)
      2
      COMP3217 University of Southampton
      4. An engineer is designing a new system and intends to implement the latest and greatest security
      measures for secure boot. The engineer is examining the hardware and software requirements necessary to create a robust secure boot solution. Additionally, the engineer has a functional requirement
      of a boot time of one second. The one second is measured from the time you power on the device
      until booting the application. The following describes the boot flow:
      bootloader1->bootloader2->middileware->OS->application
      Help the engineer by answering the following questions. (10 points)
      (a) Which cryptographic ciphers should the hardware and software support? (2 Marks)
      (b) Does the engineer require a root of trust? What is the purpose of a root of trust and why is it
      necessary? (2 Marks)
      (c) What storage requirements are necessary for a root of trust? Is the storage within the root of
      trust volatile or non-volatile? Explain your answer. (2 Marks)
      (d) How many cryptographic keys are required for the secure boot process? (2 Marks)
      (e) In the lectures, you have learned about internal root-of-trust, which is when the root of trust is
      embedded within the CPU. However, the engineer has found a CPU that suits the performance
      he is looking for, but it does not have root-of-trust or the necessary hardware to implement
      secure boot. Can you suggest some alternative options for him? (2 Marks)
      (f) Following the previous question, can you describe the steps involved in verifying the bootloader1
      starting from the moment the user presses the power on button until bootloader1 hands over
      execution to bootloader2? (2 Marks)
      3 Part 3- UEFI (15 Marks)
      UEFI stands for "Unified Extensible Firmware Interface." It is a specification for firmware that operates as a
      replacement for the traditional BIOS (Basic Input/Output System) firmware on modern computers. UEFI
      provides a layer of software between the operating system and the firmware, enabling advanced features
      such as secure boot and faster boot times. It also supports larger hard drives and partitions, as well as more
      modern technologies like touchscreens and network booting. UEFI was developed by the UEFI Forum, a
      group of industry leaders, and is widely adopted by major computer manufacturers. In the lectures, you
      have seen a Black Hat talk that explains UEFI and possible attacks on UEFI. A link to the talk is available
      on the noteswiki, and it will help you answer the following questions.
      1. Who verifies the integrity of UEFI on Intel platforms (as mentioned in the lectures)? (1 Marks)
      2. Where is UEFI normally stored on laptop devices? (2 Marks)
      3. Where are the keys used by UEFI stored and who has direct access to them? (3 Marks)
      4. Can the OS access UEFI keys location directly? why? (3 Marks)
      5. How does the UEFI specification address revocation? Can you guarantee that a specific cryptographic
      key is never used in the secure boot process? (3 Marks)
      6. If you were to attack the implementation of UEFI secure boot and you had the option to delete
      exactly one key (that is used by UEFI), which key would you choose to delete? (3 Marks)
      請(qǐng)加QQ:99515681  郵箱:99515681@qq.com   WX:codehelp 

      標(biāo)簽:

      掃一掃在手機(jī)打開(kāi)當(dāng)前頁(yè)
    • 上一篇:代寫(xiě)CS 7638: Artificial Intelligence for Robotics
    • 下一篇:代寫(xiě)ENGINEERING 2125編程 Decision Making
    • 無(wú)相關(guān)信息
      昆明生活資訊

      昆明圖文信息
      蝴蝶泉(4A)-大理旅游
      蝴蝶泉(4A)-大理旅游
      油炸竹蟲(chóng)
      油炸竹蟲(chóng)
      酸筍煮魚(yú)(雞)
      酸筍煮魚(yú)(雞)
      竹筒飯
      竹筒飯
      香茅草烤魚(yú)
      香茅草烤魚(yú)
      檸檬烤魚(yú)
      檸檬烤魚(yú)
      昆明西山國(guó)家級(jí)風(fēng)景名勝區(qū)
      昆明西山國(guó)家級(jí)風(fēng)景名勝區(qū)
      昆明旅游索道攻略
      昆明旅游索道攻略
    • 福建中專(zhuān)招生網(wǎng) NBA直播 短信驗(yàn)證碼平臺(tái) 幣安官網(wǎng)下載 WPS下載

      關(guān)于我們 | 打賞支持 | 廣告服務(wù) | 聯(lián)系我們 | 網(wǎng)站地圖 | 免責(zé)聲明 | 幫助中心 | 友情鏈接 |

      Copyright © 2025 kmw.cc Inc. All Rights Reserved. 昆明網(wǎng) 版權(quán)所有
      ICP備06013414號(hào)-3 公安備 42010502001045

      欧美成人免费全部观看天天性色,欧美日韩视频一区三区二区,欧洲美女与动性zozozo,久久久国产99久久国产一
    • <button id="ecio8"></button>
    • <li id="ecio8"></li>
      <s id="ecio8"></s>
      <dl id="ecio8"></dl>
      <center id="ecio8"><noscript id="ecio8"></noscript></center>
      • <table id="ecio8"><source id="ecio8"></source></table>
        <bdo id="ecio8"></bdo>
      • <s id="ecio8"></s>
        主站蜘蛛池模板: 九九久久国产精品| 国产一区二区三精品久久久无广告| 亚洲激情视频网站| 99精品欧美一区二区三区| 粗大的内捧猛烈进出在线视频 | 波多野结衣伦理电影| 在线观看网站污| 亚洲色无码国产精品网站可下载| mm131美女做爽爽爱视频| 精品一区二区高清在线观看| 宅男噜噜噜66| 免看**毛片一片成人不卡| xxxx日本性| 狠狠干2019| 国产精欧美一区二区三区| 亚洲成av人影片在线观看| 私人影院在线观看| 权明星商标查询| 国产又猛又黄又爽| 中文字幕精品视频在线观| 美国玩尿眼道videos| 姚瑶小说穿越到古代免费阅读下载| 免费人成在线观看69式小视频| www.日韩三级www.日日爱| 波多野结衣和邻居老人公| 国产肉丝袜在线观看| 亚洲午夜久久久久久久久电影网| 色综合久久天天影视网| 色欲精品国产一区二区三区AV| 无翼日本全彩漫画大全全彩 | 日韩欧美亚洲综合久久| 国产亚洲精久久久久久无码 | 日韩欧美亚洲天堂| 国产乱人伦偷精精品视频| 中文字字幕在线乱码| 男女下面一进一出视频在线观看| 国产麻豆剧果冻传媒免精品费网站 | 鲁啊鲁视频在线精品| 我和小雪在ktv被一群男生小说 | 在线天堂中文在线资源网| 亚洲人成在线播放网站|