Editing Trusted Computing (section)

==={{anchor|REMOTE-ATTESTATION}}Remote attestation===<!-- This section is linked from [[Trusted Computing]] -->
Remote attestation allows changes to the user's computer to be detected by authorized parties. For example, software companies can identify unauthorized changes to software, including users modifying their software to circumvent commercial digital rights restrictions. It works by having the hardware generate a certificate stating what software is currently running. The computer can then present this certificate to a remote party to show that unaltered software is currently executing. Numerous remote attestation schemes have been proposed for various computer architectures, including Intel,<ref>{{cite book |last1=Johnson |first1=Simon |title=Intel Software Guard Extensions: EPID Provisioning and Attestation Services |date=2016 |publisher=Intel |url=https://software.intel.com/content/dam/develop/public/us/en/documents/ww10-2016-sgx-provisioning-and-attestation-final.pdf |access-date=14 May 2021}}</ref> RISC-V,<ref>{{cite conference |last1=Shepherd |first1=Carlton |last2=Markantonakis |first2=Konstantinos |last3=Jaloyan |first3=Georges-Axel| title=LIRA-V: Lightweight Remote Attestation for Constrained RISC-V Devices |date=2021 |conference=IEEE Security and Privacy Workshops |publisher=IEEE |arxiv=2102.08804 }}</ref> and ARM.<ref>{{cite conference |last1=Abera |first1=Tigist |title=C-FLAT: Control-Flow Attestation for Embedded Systems Software |series=CCS '16 |date=2016 |pages=743–754 |publisher=ACM |doi=10.1145/2976749.2978358 |isbn=9781450341394 |s2cid=14663076 |url=https://dl.acm.org/doi/abs/10.1145/2976749.2978358 |access-date=14 May 2021|url-access=subscription }}</ref>

Remote attestation is usually combined with public-key encryption so that the information sent can only be read by the programs that requested the attestation, and not by an eavesdropper.

To take the song example again, the user's music player software could send the song to other machines, but only if they could attest that they were running an authorized copy of the music player software. Combined with the other technologies, this provides a more restricted path for the music: encrypted I/O prevents the user from recording it as it is transmitted to the audio subsystem, memory locking prevents it from being dumped to regular disk files as it is being worked on, sealed storage curtails unauthorized access to it when saved to the hard drive, and remote attestation prevents unauthorized software from accessing the song even when it is used on other computers. To preserve the privacy of attestation responders, [[Direct Anonymous Attestation]] has been proposed as a solution, which uses a group signature scheme to prevent revealing the identity of individual signers.

[[Proof of space]] (PoS) have been proposed to be used for malware detection, by determining whether the L1 cache of a processor is empty (e.g., has enough space to evaluate the PoSpace routine without cache misses) or contains a routine that resisted being evicted.<ref name="JakobssonStewart13">{{cite conference |last1=Jakobsson|first1=Markus|last2=Stewart|first2=Guy|title=Mobile Malware: Why the Traditional AV Paradigm is Doomed, and How to Use Physics to Detect Undesirable Routines|conference=Black Hat USA|year=2013}}</ref><ref>Markus Jakobsson [https://eprint.iacr.org/2018/031.pdf Secure Remote Attestation] ''Cryptology ePrint Archive.'' Retrieved January 8, 2018.</ref>