We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Ultrablue

1
 Cite
 Share
 Related Material
 Download
 Purchase
Logo of FOSDEM VZWFOSDEM VZW
 Kerneis, Gabriel

Formal Metadata

Title
Ultrablue
Subtitle
User-friendly Lightweight TPM Remote Attestation over Bluetooth
Title of Series
Number of Parts
542
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Ultrablue (User-friendly Lightweight TPM Remote Attestation over Bluetooth) is a solution to allow individual users to perform boot state attestation with their phone. It consists in a server, running on a computer, acting as the attester, and a graphical client application, running on a trusted phone, acting as the verifier. A typical use-case is to verify the integrity of your bootchain before unlocking your computer, to prevent offline attacks on an unattended laptop. It can also serve as a debugging tool for secure boot issues after firmware upgrades or as a second factor for disk encryption. During the boot of a PC, it is now common to have each stage store measurements of the next one into a TPM, in order to keep a tamper-proof log of the boot chain. Those measurements are then leveraged to seal secrets, eg. a disk encryption key, or to report the state of the device to a remote server in cryptographically secure way, using a procedure known as remote attestation. Remote attestation has slowly gained traction over the last few years, most notably among cloud providers such as Azure, to guard access to online resources. It is also a key element in validating dynamic root-of-trust measurements (DRTM), which reduce the trusted computing base compared to traditional UEFI-based boot chains, but require a trusted third-party to validate the final state of the system. Unfortunately, little progress has been made recently to enable individual users without access to server resources to reap the benefits of remote attestation. This is particularly frustrating considering that almost everybody carries a small trusted server with them all the time: smartphones. Building upon an idea by Matthew Garrett (Linux Conference Australia, 2020), we introduce Ultrablue (User-friendly Lightweight TPM Remote Attestation over Bluetooth), a solution to securely inspect and validate a TPM event log from a phone. Ultrablue consists of a command-line attester, running on a computer, and an Android graphical application, running on a trusted phone, communicating over encrypted Bluetooth low-energy (BLE). Pairing the phone and computer is made easier and more secure through the use of a QR Code. After a trust-on-first-use provisioning phase to enroll the computer on the phone, the phone can check that the boot chain has not been compromised in later boots. Sample scripts and a self-contained virtual machine are also provided as a reference of how to integrate Ultrablue in the boot process to guard disk encryption by a secret delivered by the phone. Future work includes improving the user interface to inspect and validate unexpected event logs, adding support for more versatile verification policies, and integrating Ultrablue into existing hardened systems such as Safeboot (safeboot.net). The Ultrablue project has been developped at ANSSI (https://ssi.gouv.fr) by Loïc Falkau--Buckwell, under the supervision of Nicolas Bouchinet and Gabriel Kerneis.