On reporting of the time of attestation measurements

One problem that arises with remote attestation is that while the second remote party gets an attestation of measurements taken for the first party, the measurements do not indicate when they were taken. Existing attestation protocols include a nonce to prove that the quoting of the measurements is fresh; however, this alone does not provide an indication of when those measurements were actually taken. This allows reboot attacks, where a machine is put in a correct state only when an attestation is going to be performed. In addition, stale measurements may incorrectly characterize a system´s security posture. This paper provides a solution to this quandary called “provably dated measurements” which utilizes the tickCount and tickStamp capabilities of the TPM (Trusted Platform Module).