论文信息 - Building tamper-resistant reboot counter without trusted running OS

Building tamper-resistant reboot counter without trusted running OS

Modern computer is lack of the counter to record the reboot times. However a reboot counter is a valuable primitive for system security. In this paper, we propose a method to build reboot counter which is tamper-resistant. To the end, a reboot counter is divided into many shares with threshold secret sharing, and these shares hide dispersedly in the disk. To protect these shares, the addresses of these shares are produced on the seed which is protected by TPM. Furthermore, our reboot counter is developed without a trusted running OS. Our discussion shows that an adversary fails to obtain the security shares and tamper the reboot counter.

Hongwei Zhou | Jinhui Yuan

[1] Srinivas Devadas,et al. Virtual monotonic counters and count-limited objects using a TPM without a trusted OS , 2006, STC '06.

[2] Adrian Perrig,et al. TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[3] Jonathan M. McCune,et al. Memoir: Practical State Continuity for Protected Modules , 2011, 2011 IEEE Symposium on Security and Privacy.

[4] Michael K. Reiter,et al. Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[5] Adi Shamir,et al. How to share a secret , 1979, CACM.