Property-based attestation for computing platforms: caring about properties, not mechanisms

Over the past years, the computing industry has started various initiatives announced to increase computer security by means of new hardware architectures. The most notable effort is the Trusted Computing Group (TCG) and the Next-Generation Secure Computing Base (NGSCB). This technology offers useful new functionalities as the possibility to verify the integrity of a platform (attestation) or binding quantities on a specific platform (sealing).In this paper, we point out the deficiencies of the attestation and sealing functionalities proposed by the existing specification of the TCG: we show that these mechanisms can be misused to discriminate certain platforms, i.e., their operating systems and consequently the corresponding vendors. A particular problem in this context is that of managing the multitude of possible configurations. Moreover, we highlight other shortcomings related to the attestation, namely system updates and backup. Clearly, the consequences caused by these problems lead to an unsatisfactory situation both for the private and business branch, and to an unbalanced market when such platforms are in wide use.To overcome these problems generally, we propose a completely new approach: the attestation of a platform should not depend on the specific software or/and hardware (configuration) as it is today's practice but only on the "properties" that the platform offers. Thus, a property-based attestation should only verify whether these properties are sufficient to fulfill certain (security) requirements of the party who asks for attestation. We propose and discuss a variety of solutions based on the existing Trusted Computing (TC) functionality. We also demonstrate, how a property-based attestation protocol can be realized based on the existing TC hardware such as a Trusted Platform Module (TPM).

[1]  Christian Stüble,et al.  Improving End-user Security and Trustworthiness of TCG Platforms , 2003 .

[2]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[3]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[4]  David R. Safford The Need for TCPA , 2002 .

[5]  George C. Necula,et al.  The design and implementation of a certifying compiler , 1998, PLDI.

[6]  Birgit Pfitzmann,et al.  The PERSEUS System Architecture , 2001 .

[7]  Butler W. Lampson,et al.  A Trusted Open Platform , 2003, Computer.

[8]  Ahmad-Reza Sadeghi,et al.  Taming "Trusted Computing" by Operating System Design , 2003 .

[9]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[10]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[11]  Ahmad-Reza Sadeghi,et al.  Bridging the Gap between TCPA/Palladium and Personal Security , 2003 .

[12]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[13]  David R. Safford Clarifying Misinformation on TCPA , 2002 .

[14]  William A. Arbaugh,et al.  Improving the TCPA Specification , 2002, Computer.

[15]  Jochen Liedtke,et al.  Improving IPC by kernel design , 1994, SOSP '93.

[16]  William A. Arbaugh,et al.  Personal Secure Booting , 2001, ACISP.

[17]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.

[18]  Angelos D. Keromytis,et al.  Automated Recovery in a Secure Bootstrap Process , 1998, NDSS.

[19]  Ross J. Anderson,et al.  Security in open versus closed systems - the dance of Boltzmann , 2002 .

[20]  Mark Horowitz,et al.  Implementing an untrusted operating system on trusted hardware , 2003, SOSP '03.

[21]  Bennet S. Yee,et al.  Dyad : a system for using physically secure coprocessors , 1991 .

[22]  James H. Burrows,et al.  Secure Hash Standard , 1995 .

[23]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.