Attestation and FIPS: Past, Present and Future (G30b)
With the rising number of resource-constrained devices, the demand of verifying the trustworthiness of a remote platform that a device connects to is getting stronger every day. The worry of connecting the device to a bogus platform with malicious software running inside is a big threat. A technique known as “remote attestation” aiming to provide such verification for the platform and the integrity of its components become crucial to mitigate this type of threats. Although this is still an area of research, the first Committee Draft (CD1) of the ISO/IEC 19790:2012 that was released for public comments in January this year already included a section dedicated to attestation, and it is expected to be part of the future publication of ISO/IEC 19790:2024. This talk surveys the evolving attestation requirements in the industry standards from their past versions to the current state-of-the-art usage, analyses their connection to CD1 of 19790, and predicts the impact on the future FIPS validation.