A Server-Based Secure Bootstrap Architecture

The computer terminal plays an import role in the security of whole Local Area Network. However, the uncontrolled way of bootstrap brings about difficulties of providing sufficient trustworthiness to the LAN. To enforce the terminal security of the LAN and especially its ability of resisting ill-meaning tampering, this paper puts forward a server-based bootstrap architecture, based on the trusted computing technology. By verifying the integrity of the terminal before booting the OS, this architecture can effectively prevent the terminal from booting into a tampered OS, and the recovery module meanwhile enforces the robustness of the system. We present an implementation of the architecture, which extends the Trusted GRUB by adopting an attestation process between the GRUB level and the attestation server. The performance analysis shows that at a low time delay, the security of the system has been improved, and the proposed architecture can also provide server with stronger control and management ability towards the whole LAN.

[1]  Leendert van Doorn,et al.  A Practical Guide to Trusted Computing , 2007 .

[2]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[3]  Ravi S. Sandhu,et al.  Client-side access control enforcement using trusted computing and PEI models , 2006, J. High Speed Networks.

[4]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[5]  Jiqiang Liu,et al.  A remote anonymous attestation protocol in trusted computing , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing.

[6]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[7]  Maurice Herlihy,et al.  Virtual Leashing: Internet-Based Software Piracy Protection , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[8]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[9]  Bart Preneel,et al.  Remote Attestation on Legacy Operating Systems With Trusted Platform Modules , 2008, Electron. Notes Theor. Comput. Sci..