Design Space and Challenges in Design of Attested TLS Protocols

Explore the design space and security challenges in developing attested TLS protocols through this 19-minute conference talk from the Linux Plumbers Conference. Discover how remote attestation can be integrated into Transport Layer Security (TLS) to validate the security state of workloads and their platforms, addressing a critical gap in current TLS implementations. Learn about three distinct approaches for this integration: pre-handshake attestation, intra-handshake attestation, and post-handshake attestation, each with unique security properties and trade-offs. Examine formal verification insights using ProVerif symbolic security analysis tool that provides high confidence for security-critical applications. Understand the vulnerabilities associated with each approach, including replay, relay, and diversion attacks in pre-handshake and intra-handshake methods, while discovering why post-handshake attestation offers superior security properties despite slightly higher latency. Gain insights into the ongoing IETF standardization efforts through the newly formed Secure Evidence and Attestation Transport (SEAT) Working Group, supported by industry partners including Arm, Linaro, Siemens, Huawei, Intuit, Axis, and academic institutions. Learn how attested TLS protocols can provide more robust security guarantees for confidential computing applications and contribute to the TEE attestation ecosystem by replacing standard TLS implementations.