A Practical Approach for Establishing Trust Relationships between Remote Platforms Using Trusted Computing

  • Kurt Dietrich
  • Martin Pirker
  • Tobias Vejda
  • Ronald Toegl
  • Thomas Winkler
  • Peter Lipp
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4912)

Abstract

Over the past years, many different approaches and concepts in order to increase computer security have been presented. One of the most promising of these concepts is Trusted Computing which offers various services and functionalities like reporting and verifying the integrity and the configuration of a platform (attestation). The idea of reporting a platform’s state and configuration to a challenger opens new and innovative ways of establishing trust relationships between entities. However, common applications are not aware of Trusted Computing facilities and are therefore not able to utilise Trusted Computing services at the moment. Hence, this article proposes an architecture that enables arbitrary applications to perform remote platform attestation, allowing them to establish trust based on their current configuration. The architecture’s components discussed in this article are also essential parts of the OpenTC proof-of-concept prototype. It demonstrates applications and techniques of the Trusted Computing Group’s proposed attestation mechanism in the area of personal electronic transactions.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: Proceedings of the 13th USENIX Security Symposium, pp. 223–238 (2004)Google Scholar
  2. 2.
    NTRU Cryptosystems, Inc. NTRU Core TCG Software Stack (CTSS) (2005), http://www.ntru.com/products/tcg_ss.htm
  3. 3.
    Stallman, R.: Can You Trust Your Computer (2007), http://www.gnu.org/philosophy/can-you-trust.html
  4. 4.
    Schneier, B.: Who Owns Your Computer (2007), http://www.schneier.com/blog/archives/2006/05/who_owns_your_c.html
  5. 5.
    Baek, K.-Y., Ingersoll, W., Rotondo, S.A.: OpenSolaris Project: Trusted Platform Module Support (2007), http://www.opensolaris.org/os/project/tpm/
  6. 6.
  7. 7.
    Sarmenta, L., Rhodes, J., Müller, T.: TPM/J Java-based API for the Trusted Platform Module (2007), http://projects.csail.mit.edu/tc/tpmj/
  8. 8.
    Microsoft Developer Network. TPM Base Services (2007), http://msdn2.microsoft.com/en-us/library/aa446796.aspx
  9. 9.
    TrouSerS - An Open-Source TCG Software Stack Implementation (2007), http://trousers.sourceforge.net/
  10. 10.
    Kinney, S.: Trusted Platform Module Basics: Using TPM in Embedded Systems. Elsevier, Burlington, MA, USA (2006)Google Scholar
  11. 11.
    Sadeghi, A.-R., Stüble, C.: Property-based Attestation for Computing Platforms: Caring about Policies, not Mechanisms. In: Proceedings of the New Security Paradigm Workshop (NSPW), pp. 67–77 (2004)Google Scholar
  12. 12.
    Haldar, V., Chandra, D., Franz, M.: Semantic Remote Attestation - Virtual Machine Directed Approach to Trusted Computing. In: Proceedings of the 3rd Virtual Machine Research and Technology Symposium, pp. 29–41 (2004)Google Scholar
  13. 13.
    International Telecommunication Union. Generation and registration of Universally Unique Identifiers (UUIDs) and their use as ASN.1 object identifier components. ITU-T X.667 (2004), http://www.itu.int/ITU-T/studygroups/com17/oid/X.667-E.pdf
  14. 14.
    Pirker, M., Winkler, T., Toegl, R.: Trusted Computing for the JavaTMPlatform (2007), http://trustedjava.sourceforge.net/
  15. 15.
    Trusted Computing Group. TCG Software Stack Specification, Version 1.2 Errata A (2007), https://www.trustedcomputinggroup.org/specs/TSS/
  16. 16.
    W3C. Simple Object Access Protocol (SOAP) 1.1, W3C Note (2000), http://www.w3.org/TR/2000/NOTE-SOAP-20000508/
  17. 17.
    Trusted Computing Group. TCG Infrastructure Specifications (2007), https://www.trustedcomputinggroup.org/specs/IWG
  18. 18.
    Trusted Computing Group (2007), https://www.trustedcomputinggroup.org
  19. 19.
    Selhost, M., Stüble, C.: TrustedGRUB, Version 1.1 (2007), http://sourceforge.net/projects/trustedgrub
  20. 20.
    Goldman, K., Perez, R., Sailer, R.: Linking remote attestation to secure tunnel endpoints. In: Proceedings of the first ACM workshop on Scalable Trusted Computing, pp. 21–24 (2006)Google Scholar
  21. 21.
    Stumpf, F., Tafreschi, O., Röder, P., Eckert, C.: A Robust Integrity Reporting Protocol for Remote Attestation. In: Second Workshop on Advances in Trusted Computing (WATC 2006 Fall) (2006)Google Scholar
  22. 22.
    Trusted Computing Group. Trusted Network Connect (TNC) Specifications (2007), https://www.trustedcomputinggroup.org/specs/TNC/
  23. 23.
    Trusted Computing Group. TCG Specification Architecture Overview, Revision 1.4 (2007), https://www.trustedcomputinggroup.org/groups/TCG_1_4_Architecture_Overview.pdf

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Kurt Dietrich
    • 1
  • Martin Pirker
    • 1
  • Tobias Vejda
    • 1
  • Ronald Toegl
    • 1
  • Thomas Winkler
    • 1
  • Peter Lipp
    • 1
  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria

Personalised recommendations