How it works?

Remote attestation is a security mechanism that allows a remote entity (the "verifier" or "relying party") to cryptographically verify the integrity and authenticity of a system or application running on another machine (the "attester" or "prover"). This is crucial for establishing trust in distributed systems, especially in cloud, edge and AI computing, where you need to be sure that sensitive data is being processed in a secure and uncompromised environment.

Putting it all together

Remote attestation protocol generally works, involving three main parties:

• Workload: The system or application (e.g. VM, k8s pod) whose integrity needs to be verified.

• Relying Workload: Application or service the attested workload should have access to.

• Workload Identity Management Provider: The entity that wants to verify the attester's integrity and decide what access a workload has.

• Trusted Third Party: This could be a Certificate Authority (CA) of a hardware manufacturer (like Intel or AMD). The party forms a public key infrastructure and is the root of trust.

The General Workflow is

1. the attestor measures the identity of the workload and issues the workload certificate. The attestor's identity itself is certified and rooted down to the CPU's manufacturer Intel, AMD, ARM or NVIDIA. Optionally, the cloud service provider's identity may be included.

2. Upon reception of the workload certificate, the workload identity management provider verifies the claims/measurements in the certificates, compares the values with reference values, and enforces a policy to grant the workload access to a relying workload.

3. The workload identity management provider issues a time and resource bound auth token, such that attested workload can authenticate to relying workloads.