Jun Ho Huh
ABSTRACT
This paper proposes an indirect attestation paradigm for verifying the trustworthiness of end user platforms. This approach overcomes several criticisms of attestation by maintaining the user's freedom to choose their own software configurations and minimising the whitelist management overhead for the relying party. Each user platform defines its own acceptable software combination in terms of reference integrity measurements, and reports the local verification results to the relying party through a late-launched, trusted Platform Trust Service. The relying party simply checks this verification result and a security meta-policy that has been used to ensure the quality of the security checks performed locally. The Platform Trust Service is also responsible for reporting whether this meta-policy is satisfied. By configuring the meta-policy, the relying party selects an indirect attestation paradigm that best meets their high-level security requirements.
- TCG Infrastructure Working Group Platform Trust Services Interface Specification (IF-PTS). Specification version 1.0, November 2006.Google Scholar
- Trusted computing group backgrounder. https://www.trustedcomputinggroup.org/about/, October 2006.Google Scholar
- TCG Mobile Reference Architecture. Specification version 1.0, June 2007.Google Scholar
- T. Ali, M. Nauman, and X. Zhang. On leveraging stochastic models for remote attestation. In INTRUST 2010: Proceedings of the 2nd International Conference on Trusted Systems, 2010. Google ScholarDigital Library
- E. Bangerter, M. Djackov, and A.-R. Sadeghi. A Demonstrative Ad Hoc Attestation System. In V. R. Tzong-Chen Wu, Chin-Laung Lei and D.-T. Lee, editors, ISC '08: Proceedings of the 11th International Conference on Information Security, volume 5222 of Lecture Notes in Computer Science, pages 17--30, Taipei, Taiwan, September 2008. Springer. Google ScholarDigital Library
- D. Grawrock. Dynamics of a Trusted Platform. Intel Press, February 2009. Google ScholarDigital Library
- H. Kim, J. H. Huh, and R. Anderson. On the Security of Internet Banking in South Korea. Technical Report RR-10-01, OUCL, March 2010.Google Scholar
- A. Lee-Thorp. Attestation in Trusted Computing: Challenges and Potential Solutions. Technical report, Royal Holloway,2010.Google Scholar
- A.-R. Sadeghi and C. Stüble. Property-based Attestation for Computing Platforms: Caring About Properties, Not Mechanisms. In NSPW '04: Proceedings of the 2004 Workshop on New Security Paradigms, pages 67--77, New York, NY, USA, 2004. ACM. Google ScholarDigital Library
- R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In USENIX Security Symposium, volume 13, pages 223--238. USENIX Association, 2004. Google ScholarDigital Library
- A. Seshadri, M. Luk, N. Qu, and A. Perrig. SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles, pages 335--350, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
Index Terms
- Achieving attestation with less effort: an indirect and configurable approach to integrity reporting
Recommendations
Credibility Attestation of Property Remote Attestation Method
FITME '09: Proceedings of the 2009 Second International Conference on Future Information Technology and Management EngineeringDuring the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of ...
Model-based behavioral attestation
SACMAT '08: Proceedings of the 13th ACM symposium on Access control models and technologiesRemote attestation is an important characteristic of trusted computing technology which provides reliable evidence that a trusted environment actually exists. Existing approaches for the realization of remote attestation measure the trustworthiness of a ...
Analysis of existing remote attestation techniques
This paper has been written as a part of the research project that is working towards the implementation of dynamic behavioral attestation for mobile platforms. The motivation behind this paper was to analyze the existing remote attestation techniques ...
Comments