Taming Attestation for the Cloud Native World with Parsec - Paul Howard, Arm
Abstract
As compute continues to move to the edge, there is an increasing need for compute nodes that are outside of the managed cloud to authenticate and communicate securely with cloud services. The need to achieve this across a diverse ecosystem of devices creates a bewildering problem for the industry. Hardware-backed security is a must when devices are in tamper-prone environments. Parsec, in the CNCF sandbox, has tamed the problem of managing keys and secrets in these various devices, creating the convenient and portable interface to a strong, hardware-backed device identity. But a key isn’t always enough. Sometimes there is a need also to prove that the key was created within the device, and that the device itself is composed of an approved combination of hardware, firmware and software, booted to a known-good configuration. This is commonly known as attestation. But attestation brings its own set of portability challenges, with platform-specific APIs, flows and data formats. The advent of confidential computing adds an extra dimension of complexity as well. In this talk, you will learn how Parsec is now primed to create the portable, cloud-native approach to attestation on any platform for a variety of use cases, including secure channel bootstrap with enhanced TLS handshakes.