Cui Yan-Li,Xing Zhang

DOI: https://doi.org/10.1109/PACIIA.2009.5406422

2009-01-01

Abstract:For trusted computing technology, as the basis of remote attestation, system integrity measurement whose theory model and application research is all along a discussed focus. Integrity measurement of binary system of trusted computing technology used the transmission model of trust chain, but the development of this model is late to the development of remote attestation. This paper mainly concerns systems integrity measurement of property remote attestation, adds certificate authority and trusted property authority based on the original binary integrity measurement, realizes the conversion from binary fingerprints convert to property remote attestation. Combining the new features of property remote attestation, this paper uses the predicate logic to prove the credibility of systems integrity measurement of property remote attestation. ©2009 IEEE.

Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/fitme.2009.68

2009-01-01

Abstract:During the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of attestation method of certifier. This paper designs an attestation method model of property remote attestation, and applies the authentication and access control logic technology to make formal description for the participants of attestation method of property remote attestation, and finally prove the credibility of attestation method. Paper's research conclusion proves, after increasing the authority of certificate and trusted property certificate, the credibility of property remote attestation method can be guaranteed among the computing environment applying the public key infrastructure participates.

liehuang zhu,zijian zhang,lejian liao,cong guo

DOI: https://doi.org/10.1007/978-3-642-27323-0_27

2012-01-01

Abstract:Trusted computing has been proposed to enhance the security of computing environment in disparate computer platforms. Remote attestation is necessary to prove integrity and authenticity of system environments. Stumpf et al. propose a robust integrity reporting protocol for remote attestation. However, their protocol is not secure under fully adaptive party corruptions. In this paper, we propose a secure integrity reporting protocol for remote attestation under fully adaptive party corruptions.

Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

Wu Luo,Wei Liu,Yang Luo,Anbang Ruan,Qingni Shen,Zhonghai Wu

DOI: https://doi.org/10.1109/trustcom.2016.0058

2016-01-01

Abstract:In recent years, the rapid development of virtualization and container technology brings unprecedented impact on traditional IT architecture. Trusted Computing devotes to provide a solution to protect the integrity of the target platform and introduces a virtual TPM to adapt to the challenges that virtualization brings. However, the traditional integrity measurement solution and remote attestation has limitations due to the challenges such as large of measurement and attestation cost and overexposure of configurations details. In this paper, we propose the Partial Attestation Model. The basic idea of Partial Attestation Model is to reconstruct the Chain of Trust by dividing them into several separated ones. Our model therefore enables the challenger to attest the specified security requirements of the target platform, instead of acquiring and verifying the complete detailed configurations. By ignoring components not related to the target requirements, our model reduces the attestation costs. In addition, we further implement an attestation protocol to prevent overexposure of the target platform's configuration details. We build a use case to illustrate the implementation of our model, and the evaluations on our prototype show that our model achieves better efficiency than the existing remote attestation scheme.

TAN Zhiyong,SI Tiange,LIU Ouo,DAI Yiqi

DOI: https://doi.org/10.3321/j.issn:1000-0054.2009.07.023

2009-01-01

Abstract:A trusted computing model was developed for the non-local-storage characteristics of the server-end storage computer architecture. The model achieves high flexibility and scalability by replacing the original trusted platform module (TPM) hardware with a software module implemented on the server. The model ensures the security of the computing platform by establishing a complete trust chain from the beginning of the boot stage of the client operating system. Implementation of a prototype system shows that since the server measures the trust of all clients, a security strategy can be formulated to implement real trustworthiness on the entire local area network.

XIAO Yue-lei,WU Jun-sheng,ZHU Zhi-xiang

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2018.12.001

2018-01-01

Abstract:On the basis of the IKEv2, an extended IKEv2 in trusted computing environment based on ISO/IEC 9798-3:1998/Amd 1:2010 is proposed in this paper. It realizes mutual identity authentication and Platform-Authentication between an initiator and a responder, and establishes session keys between them, and is backward compatible with the IKEv2, where a trusted third party (TTP) is responsible for validating the identity and Attestation Identity Key (AIK) certificates of them, and evaluating the platform integrity of them, and the stored integrity measurement logs (SML) of them are encrypted and sent to the TTP. Thus, it is able to solve the problems of the existing extended IKE protocol for trusted computing environment effectively. Moreover, the extended IKEv2 is proved secure based on the strand space model for trusted network connect protocols.

Carlton Shepherd,Raja N. Akram,Konstantinos Markantonakis

DOI: https://doi.org/10.48550/arXiv.1804.10707

2018-11-26

Abstract:Trusted Execution Environments (TEEs) are rapidly emerging as a root-of-trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution. TEEs provide robust assurances regarding critical algorithm execution, tamper-resistant credential storage, and platform integrity using remote attestation. However, the challenge of remotely managing credentials between TEEs remains largely unaddressed in existing literature. In this work, we present novel protocols using mutual attestation for supporting four aspects of secure remote credential management with TEEs: backups, updates, migration, and revocation. The proposed protocols are agnostic to the underlying TEE implementation and subjected to formal verification using Scyther, which found no attacks.

Cryptography and Security

HE Li-Bao,HUANG Liu-Sheng,YANG Wei,LUO Yong-Long

DOI: https://doi.org/10.3969/j.issn.1671-1122.2009.07.017

2009-01-01

Abstract:Building trust relationships between entities is an important and difficult part in the security needs of P2P networks.By using appropriate assessment tools,traditional trust models can weaken some security threats such as simple deception,an omission,defamation and joint cheating to a certain extent,however they are unable to resist the attacks of Pseudospoofing and Pseudostheft effectively.In this paper,the trusted computing method initiated by Trusted Computing Group(TCG) is introduced into P2P networks,and we propose an efficient scheme on foundation and management of stable and verifiable digital identities of entities.The new designed trust model,using platform attestation technology through the whole process of trust evaluation,perfectly solved security problems of P2P networks.

xuhua ding,liang gu,robert h deng,bing xie,hong mei

DOI: https://doi.org/10.4018/978-1-61520-682-7.ch001

2010-01-01

Abstract:One of the key mechanisms for trust establishment among different platforms is remote attestation, which allows a platform to vouch for its trust related characteristics to a remote challenger. In this chapter, the authors propose a new conceptual model for remote attestation consisting of four basic ingredients: root of trust, attestation objective, object measurement, and attestation process. With this model, they present a systematic study on the remote attestation, including the methodologies applied for implementing the four elements and the principles for designing an attestation scheme. The authors also examine existing remote attestation schemes in the literature by grouping them into two main types: integrity attestation and quality attestation. They discuss both the strength and the limitations of each type of scheme and explain how they can be applied in trust management in distributed environment.

Anbang Ruan,Qingni Shen,Liang Gu,Li Wang,Lei Shi,Yahui Yang,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-11145-7_18

2009-01-01

Abstract:The Trusted Computing Group (TCG) proposed remote attestation as a solution for establishing trust among distributed applications. However, current TCG attestation architecture requires challengers to attest to every program loaded on the target platform, which will increase the attestation overhead and bring privacy leakage and other security risks. In this paper, we define a conceptual model called the Trusted Isolation Environment (TIE) to facilitate remote attestation. We then present the implementation of TIE with our tailored Usage CONtrol model (UCONRA) and a set of system-defined policies. With its continuous and mutable feature and obligation support, we construct the TIE with flexibility. Lastly, we propose our attestation architecture with UCONRA gaining the benefits of scalable and lightweight.

Zhang Shibin,Xu Chunxiang,Long Yaxing

DOI: https://doi.org/10.1109/itap.2011.6006215

2011-01-01

Abstract:In this paper, taking the trusted computing as the background, the terminal trusted model based on Xen VMM is studied and proposed. On the basis of this model, a one layer measurement trust model with recovery processing is analyzed and researched, and we specifically study and discuss the mode of trusted measurement and the trusted measurement of each part in the Linux boot process. In order to further verify the feasibility and reasonableness of terminal trusted model based on trusted computing, we use TPM Emulator to build TPM simulation experiment platform. Finally, the feasibility and reasonableness of this model is further confirmed by the aid of simulation application. At the same time, this model proposed in this paper has certain practical value.

Liang Gu,Xuhua Ding,Robert Huijie Deng,Bing Xie,Hong Mei

DOI: https://doi.org/10.1145/1456455.1456458

2008-01-01

Abstract:Remote attestation provides the basis for one platform to establish trusts on another. In this paper, we consider the problem of attesting the correctness of program executions. We propose to measure the target program and all the objects it depends on, with an assumption that the Secure Kernel and the Trusted Platform Module provide a secure execution environment through process separation. The attestation of the target program begins with a program analysis on the source code or the binary code in order to find out the relevant executables and data objects. Whenever such a data object is accessed or a relevant executable is invoked due to the execution of the target program, its state is measured for attestation. Our scheme not only testifies to a program's execution, but also supports fine-granularity attestations and information flow checking.

Xiao-xiang JIAN,Hong GAO,Wen-huang LIU

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.36.022

2006-01-01

Abstract:According to the coming of the global information age,trusted computing improved from fault-tolerance computing,fault detection,redundancy backup technique to trusted computing software and hardware platforms.This article analyzes the limitation of current trusted computing platform based on integrated TPM,and discusses methods using portable TPM to solve current problems.A trusted computing model and its implementation is presented,which is based on the portable TPM.

Xin Jin,Xingshu Chen,Cheng Zhao,Dandan Zhao

DOI: https://doi.org/10.23919/tst.2017.8030536

2017-01-01

Tsinghua Science & Technology

Abstract:Trusted attestation is the main obstruction preventing large-scale promotion of cloud computing.How to extend a trusted relationship from a single physical node to an Infrastructure-as-a-Service（IaaS） platform is a problem that must be solved.The IaaS platform provides the Virtual Machine（VM）,and the Trusted VM,equipped with a virtual Trusted Platform Module（vTPM）,is the foundation of the trusted IaaS platform.We propose a multi-dimensional trusted attestation architecture that can collect and verify trusted attestation information from the computing nodes,and manage the information centrally on a cloud management platform.The architecture verifies the IaaS’s trusted attestation by apprising the VM,Hypervisor,and host Operating System’s（OS） trusted status.The theory and the technology roadmap were introduced,and the key technologies were analyzed.The key technologies include dynamic measurement of the Hypervisor at the process level,the protection of vTPM instances,the reinforcement of Hypervisor security,and the verification of the IaaS trusted attestation.A prototype was deployed to verify the feasibility of the system.The advantages of the prototype system were compared with the Open CIT（Intel Cloud attestation solution）.A performance analysis experiment was performed on computing nodes and the results show that the performance loss is within an acceptable range.

Wei Feng,Yu Qin,Ai-min Yu,Dengguo Feng

DOI: https://doi.org/10.1109/trustcom.2011.55

2011-01-01

Abstract:Trusted Network Connection (TNC for short) can prevent insecure terminal from accessing protected network and thus strengthen the security of network. Existing TNC solutions face a serious problem called lying endpoint problem (LEP for short). If an attacker modifies the terminal agent software which is responsible for collecting the integrity state of an endpoint platform, Trusted Network Connection will lose its meanings. Trusted Computing Group (TCG) adds the functionality of trusted computing to prevent lying endpoint problem, but TCG's TNC relies on the traditional Static Root of Trust for Measurement (SRTM) which has too big TCB (Trusted Computing Base) and has been proved unsafe. In this paper, we design and implement an improved TNC scheme with high reliability and scalability based on trusted integrity status of terminal. While focusing on LEP problem under the context of Network Access Control (NAC), we leverage Dynamic Root of Trust for Measurement (DRTM) technology to realize desired security requirements such as smaller TCB. We also use the Logic of Secure Systems (LS2) to prove the security properties of our improved TNC system. Our experimental evaluation demonstrates that our method is feasible.

Jianwei LIU,Dongxu CHENG,Yan LI

DOI: https://doi.org/10.3969/j.issn.1009-6868.2015.03.004

2015-01-01

Abstract:Aiming at the increasing growth of high security level business requirements for mobile terminal, a high security, trusted computing platform architecture for mobile terminal based on trusted platform module (TPM) trusted chip is proposed. Based on the analysis of expanded architecture for trusted function of a wide variety of current mobile terminals, a software and hardware integration scheme is given. In this scheme, the TPM chip plays a key role in the trusted link of mobile terminal. Furthermore, a prototype platform integrated TPM chip has been designed and used for principle verification of highly secure and trusted attribute of mobile <br> terminal. A key point analysis has been done for this trusted computing platform.

Liang Gu,Guangdong Bai,Yao Guo,Xiangqun Chen,Hong Mei

DOI: https://doi.org/10.1016/j.jnca.2011.03.014

IF: 7.574

2012-01-01

Journal of Network and Computer Applications

Abstract:As more and more component-based systems (CBS) run in the open and dynamic Internet, it is very important to establish trust between clients and CBS. One of the key mechanisms to establish trust among different platforms in an open and dynamic environment is remote attestation, which allows a platform to vouch for its trust-related characteristics to a remote challenger. This paper proposes a novel attestation scheme for a dynamically reconfigurable CBS to reliably prove whether its execution satisfies the specified security model, by introducing a TPM-based attestation service to dynamically monitor the execution of the CBS. As a case study, we have applied the proposed scheme on OSGi systems and implemented a prototype based on JVMTI for Felix. The evaluation results show that the proposed scheme is both effective and practical.

Lei Han,Jiqiang Liu,Zhen Han,Xueye Wei

DOI: https://doi.org/10.1007/s11704-011-9180-4

2011-05-14

Frontiers of Computer Science in China

Abstract:In today’s globalized digital world, network-based, mobile, and interactive collaborations have enabled work platforms of personal computers to cross multiple geographical boundaries. The new requirements of privacy-preservation, sensitive information sharing, portability, remote attestation, and robust security create new problems in system design and implementation. There are critical demands for highly secure work platforms and security enhancing mechanisms for ensuring privacy protection, component integrity, sealed storage, and remote attestation of platforms. Trusted computing is a promising technology for enhancing the security of a platform using a trusted platform module (TPM). TPM is a tamper-resistant microcontroller designed to provide robust security capabilities for computing platforms. It typically is affixed to the motherboard with a low pin count (LPC) bus. However, it limited in that TPM cannot be used directly in current common personal computers (PCs), and TPM is not flexible and portable enough to be used in different platforms because of its interface with the PC and its certificate and key structure. For these reasons, we propose a portable trusted platform module (PTPM) scheme to build a trusted platform for the common PC based on a single cryptographic chip with a universal serial bus (USB) interface and extensible firmware interface (EFI), by which platforms can get a similar degree of security protection in general-purpose systems. We show the structure of certificates and keys, which can bind to platforms via a PTPM and provide users with portability and flexibility in different platforms while still allowing the user and platform to be protected and attested. The implementation of prototype system is described in detail and the performance of the PTPM on cryptographic operations and time-costs of the system bootstrap are evaluated and analyzed. The results of experiments show that PTPM has high performances for supporting trusted computing and it can be used flexibly and portably by the user.

Liang TAN,Xun LUO,Ming-tian ZHOU

DOI: https://doi.org/10.3969/j.issn.1001-0548.2007.03.005

2007-01-01

Abstract:In this paper, the Trusted Authentication Gateway System (TAGS), based on Trusted Platform Model (TPM) of Trusted Computing Group (TCG), is presented, its design and principle are introduced, and deficiencies of TAGS are analyzed. Key and certification are resident in TPM on client platform, so verifier can decide that when a secure link between client and server could be established by TAGS.