Kickstarting the Integrity subproject

kickstarting-the-integrity-subproject

Sven Vermeulen Mon 30 July 2012

Now that Gentoo Hardened has its integrity subproject, I started with writing down the concepts (draft - will move to the project site when finished!) used within the subproject: what is integrity, how does trust fit into this, what kind of technologies will we look at, etc. I'm hoping that this document will help users in positioning this project as well as already identify a few areas where I think we need to work on.

The guide starts with talking about hashes (since hashes are often used in integrity validation schemes), continuing towards HMAC (for authenticated hashes) and signed HMAC digests (for better protection of the cryptographic keys while verifying the integrity). It already talks a bit about trust (and trust chains) and how it works in both ways (top-down and bottom up - the latter especially when considering you are running services on platforms you do not manage yourself).

I will be working further on this, describing how the trusted computing group's vision and the trusted platform module standard they developed fits into this as a possible implementation of trust validation (hopefully without getting to the religious part of it) as well as giving first highlights on other technologies we will look at as well.