Abstract
We describe a concept of mutual remote attestation for two identically configured trusted (TPM based) systems. We provide a cryptographic protocol to achieve the goal of deriving a common session key for two systems that have verified each other to be a clone of themselves.
The mutual attestation can be applied to backup procedures without providing data access to administrators, i.e. one trusted systems exports its database to another identical trusted system via a secure channel after mutual attestation is completed.
Another application is dynamically parallelizing trusted systems in order to increase the performance of a trusted server platform.
We present details of our proposed architecture and show results from extensive hardware tests. These tests show that there are some unresolved issues with TPM-BIOS settings currently distributed by PC hardware manufacturers since the specification regarding measurement of extended platform BIOS configuration is either not met or the usage of undocumented options is required.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Sirrix, A.G.: TPM Compliance Test Results (2006), http://www.sirrix.com/content/pages/test_results_en.htm
Armknecht, F., Chen, L., Sadeghi, A.-R., Wachsmann, C.: Anonymous Authentication for RFID Systems. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 158–175. Springer, Heidelberg (2010)
Balfe, S., Lakhani, A.D., Paterson, K.G.: Trusted Computing: Providing Security for Peer-to-Peer Networks. In: Peer-to-Peer Computing, pp. 117–124 (2005)
Brickell, E.F., Camenisch, J., Chen, L.: Direct Anonymous Attestation. In: ACM Conference on Computer and Communications Security, pp. 132–145 (2004)
Brickell, E., Chen, L., Li, J.: A New Direct Anonymous Attestation Scheme from Bilinear Maps. In: TRUST, pp. 166–178 (2008)
Brickell, E., Li, J.: Enhanced privacy id: A Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities. In: WPES, pp. 21–30 (2007)
Brickell, E., Li, J.: A Pairing-Based DAA Scheme Further Reducing TPM Resources. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 181–195. Springer, Heidelberg (2010)
Cesena, E., Löhr, H., Ramunno, G., Sadeghi, A.-R., Vernizzi, D.: Anonymous Authentication with TLS and DAA. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 47–62. Springer, Heidelberg (2010)
Chen, L.: A DAA Scheme Using Batch Proof and Verification. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 166–180. Springer, Heidelberg (2010)
Chen, L., Page, D., Smart, N.P.: On the Design and Implementation of an Efficient DAA Scheme. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 223–237. Springer, Heidelberg (2010)
Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Transactions on Information Theory IT-22, 644–654 (1976)
Federal Office for Information Security. Algorithms for qualified electronic signatures. Technical Report (February 19, 2010)
Trusted Computing for the Java(tm) Platform http://trustedjava.sourceforge.net/
Trusted Computing Group. Trusted computing platform alliance (TCPA) main specification, version 1.1b (2001), www.trustedcomputing.org
Trusted Computing Group. Trusted computing platform alliance (TCPA) main specification, version 1.2 (2003), www.trustedcomputing.org
Trusted Computing Group. TCG EFI Platform Specification V1.20 (2006), www.trustedcomputing.org
Leung, A., Mitchell, C.J.: Ninja: Non Identity Based, Privacy Preserving Authentication for Ubiquitous Environments. In: Krumm, J., Abowd, G.D., Seneviratne, A., Strang, T. (eds.) UbiComp 2007. LNCS, vol. 4717, pp. 73–90. Springer, Heidelberg (2007)
Li, J., Rajan, A.: An Anonymous Attestation Scheme with Optional Traceability. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 196–210. Springer, Heidelberg (2010)
Marchesini, J., Smith, S., Wild, O., MacDonald, R.: Experimenting with TCPA/TCG hardware, or: How I learned to stop worrying and love the bear. TR2003-476, Dartmouth College (2003)
Nauman, M., Khan, S., Zhang, X., Seifert, J.-P.: Beyond Kernel-Level Integrity Measurement: Enabling Remote Attestation for the Android Platform. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 1–15. Springer, Heidelberg (2010)
Piegdon, D.R., Pimenidis, L.: Hacking in Physically Addressable Memory. In: Hämmerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 1–19. Springer, Heidelberg (2007)
Sadeghi, A.R., Selhorst, M., Stueble, C., Wachsmann, C., Winandy, M.: TCG Inside? A Note on TPM Specification Compliance. In: Proceedings of the First ACM Workshop on Scalable Trusted Computing, pp. 47–56. ACM (2006)
Schroeder, M.: Engineering a security kernel for multics. In: Fifth Symposium on Operating Systems Principles, pp. 125–132 (November 1975)
Shubina, A., Bratus, S., Ingersoll, W., Smith, S.W.: The Diversity of TPMs and its Effects on Development. In: ACM STC 2010 (2010)
TPM Quote Tools, http://sourceforge.net/
Walker, J., Li, J.: Key Exchange with Anonymous Authentication using DAA-SIGMA Protocol. In: IACR eprint archive (2010)
Infineon Technologies Website, http://www.infineon.com/cms/en/product/channel.html?channel=ff80808112ab681d0112ab692060011a
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Greveler, U., Justus, B., Löhr, D. (2012). Mutual Remote Attestation: Enabling System Cloning for TPM Based Platforms. In: Meadows, C., Fernandez-Gago, C. (eds) Security and Trust Management. STM 2011. Lecture Notes in Computer Science, vol 7170. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29963-6_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-29963-6_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29962-9
Online ISBN: 978-3-642-29963-6
eBook Packages: Computer ScienceComputer Science (R0)