Question

In a zero-trust edge architecture, what mechanism is required to verify that an edge device&#x27;s hardware and identity have not been tampered with before granting access to the network?

Accepted Answer

The mechanism required is hardware-based device attestation using a Trusted Platform Module. A Trusted Platform Module is a specialized, tamper-resistant chip physically soldered onto a device&#x27;s motherboard that serves as a secure vault for cryptographic keys and system measurements. Device attestation is the process where the device proves its identity and state by generating a report that includes cryptographic signatures of its hardware configuration and firmware. During the startup process, the device performs a process called measured boot, where it records the hash or digital fingerprint of every software component, from the firmware to the operating system kernel. These measurements are stored inside the Trusted Platform Module. When the device attempts to connect to the network, it sends these stored measurements to an external verification service. The verification service compares the reported measurements against a known-good baseline of what the device should look like. If the measurements match, it proves the hardware is legitimate and the software environment has not been tampered with or modified by unauthorized entities like rootkits. Only after this successful verification of identity and integrity does the network grant the device access to resources.

Home → All Courses → Engineering and Technology Courses → Edge Computing Architecture → Flashcard

In a zero-trust edge architecture, what mechanism is required to verify that an edge device's hardware and identity have not been tampered with before granting access to the network?