Remote Attestation of Software and Execution-Environment in Modern Machines

The research on network security concentrates mainly on securing the communication channels between two endpoints, which is insufficient if the authenticity of one of the endpoints cannot be determined with certainty. Previously presented methods that allow one endpoint, the authentication authority, to authenticate another remote machine. These methods are inadequate for modern machines that have multiple processors, introduce virtualization extensions, have a greater variety of side effects, and suffer from nondeterminism. This paper addresses the advances of modern machines with respect to the method presented by Kennell. The authors describe how a remote attestation procedure, involving a challenge, needs to be structured in order to provide correct attestation of a remote modern target system.

[1]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[2]  Butler W. Lampson,et al.  A Trusted Open Platform , 2003, Computer.

[3]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[4]  L. V. Doorn,et al.  SCUBA: Secure Code Update By Attestation in sensor networks , 2006, WiSe '06.

[5]  Adrian Perrig,et al.  Remote detection of virtual machine monitors with fuzzy benchmarking , 2008, OPSR.

[6]  Robert H. Deng,et al.  A software-based root-of-trust primitive on multicore platforms , 2011, ASIACCS '11.

[7]  Leah H. Jamieson,et al.  Establishing the Genuinity of Remote Computer Systems , 2003, USENIX Security Symposium.

[8]  Bart Preneel,et al.  Remote attestation on legacy operating systems with trusted platform modules , 2008, Sci. Comput. Program..

[9]  Muli Ben-Yehuda,et al.  The Turtles Project: Design and Implementation of Nested Virtualization , 2010, OSDI.

[10]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[11]  Leah H. Jamieson,et al.  AN ANALYSIS OF PROPOSED ATTACKS AGAINST GENUINITY TESTS , 2004 .

[12]  Adrian Perrig,et al.  SAKE: Software attestation for key establishment in sensor networks , 2011, Ad Hoc Networks.

[13]  Claudio Soriente,et al.  On the difficulty of software-based attestation of embedded devices , 2009, CCS.

[14]  Siani Pearson,et al.  Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[15]  Sencun Zhu,et al.  Distributed Software-based Attestation for Node Compromise Detection in Sensor Networks , 2007, 2007 26th IEEE International Symposium on Reliable Distributed Systems (SRDS 2007).