Abstract
We present RATLS, a companion library for OpenSSL that integrates the Trusted Computing concept of Remote Attestation into Transport Layer Security (TLS). RATLS builds upon handshake extensions that are specified in version 1.3 of the TLS standard. It therefore does not require any changes to the TLS protocol or the OpenSSL library, which offers a suitable API for handshake extensions. RATLS supports remote attestation as part of a complete TLS handshake for new connections and it augments session resumption by binding session tickets to the platform state of TLS peers. We demonstrate that RATLS enables both client and server to attest their respective software stacks using widely-used Trusted Platform Modules. Our evaluation shows that the number of round trips during handshake is the same as for traditional TLS and that session resumption can reduce cryptographic overhead caused by remote attestation for frequently communicating peers.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
TLS v1.2 supports extensions, too, but on fewer message types than TLS v1.3.
- 2.
Some implementations use symmetric keys or a physically unclonable function (PUF) instead, but the general concept is the same.
- 3.
There are implementations of remote attestation that are software only, but they assume a weaker attacker model.
References
Intel Software Guard Extensions (Intel SGX). https://www.intel.com/content/www/us/en/architecture-and-technology/software-guard-extensions.html. Accessed 1 May 2022
OpenSSL. https://www.openssl.org/
The Trusted Computing Group - TPM Software Stack (TSS). https://trustedcomputinggroup.org/work-groups/software-stack/
The Trusted Computing Group - Trusted Platform Module (TPM). https://trustedcomputinggroup.org/work-groups/trusted-platform-module/
TSS.MSR. https://github.com/microsoft/TSS.MSR
Duan, H., Wang, C., Yuan, X., Zhou, Y., Wang, Q., Ren, K.: LightBox: full-stack protected stateful middlebox at lightning speed, pp. 2351–2367 (2019). https://doi.org/10.1145/3319535.3339814
Kim, S., Shin, Y., Ha, J., Kim, T., Han, D.: A first step towards leveraging commodity trusted execution environments for network applications (2015). https://doi.org/10.1145/2834050.2834100
King, G., Wang, H.: HTTPA: HTTPS attestable protocol. CoRR abs/2110.07954 (2021). https://arxiv.org/abs/2110.07954
Knauth, T., Steiner, M., Chakrabarti, S., Lei, L., Xing, C., Vij, M.: Integrating remote attestation with transport layer security. CoRR abs/1801.05863 (2018). http://arxiv.org/abs/1801.05863
Rescorla, E.: The transport layer security (TLS) protocol version 1.3. RFC 8446, RFC Editor, August 2018. https://www.rfc-editor.org/rfc/rfc8446.txt
Zheng, H., Arden, O.: Building secure distributed applications the DECENT way. CoRR abs/2004.02020 (2020). https://arxiv.org/abs/2004.02020
Acknowledgements
This research was co-financed by public funding of the state of Saxony/Germany. It has also received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No. 957216.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Walther, R., Weinhold, C., Roitzsch, M. (2022). RATLS: Integrating Transport Layer Security with Remote Attestation. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2022. Lecture Notes in Computer Science, vol 13285. Springer, Cham. https://doi.org/10.1007/978-3-031-16815-4_20
Download citation
DOI: https://doi.org/10.1007/978-3-031-16815-4_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-16814-7
Online ISBN: 978-3-031-16815-4
eBook Packages: Computer ScienceComputer Science (R0)