Remote Platform Attestation: The Testimony for Trust Management

Remote Platform Attestation: The Testimony for Trust Management

Xuhua Ding (Singapore Management University, Singapore), Liang Gu (Peking University, China), Robert H. Deng (Singapore Management University, Singapore), Bing Xie (Peking University, China) and Hong Mei (Peking University, China)
DOI: 10.4018/978-1-61520-682-7.ch001
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

One of the key mechanisms for trust establishment among different platforms is remote attestation, which allows a platform to vouch for its trust related characteristics to a remote challenger. In this chapter, the authors propose a new conceptual model for remote attestation consisting of four basic ingredients: root of trust, attestation objective, object measurement, and attestation process. With this model, they present a systematic study on the remote attestation, including the methodologies applied for implementing the four elements and the principles for designing an attestation scheme. The authors also examine existing remote attestation schemes in the literature by grouping them into two main types: integrity attestation and quality attestation. They discuss both the strength and the limitations of each type of scheme and explain how they can be applied in trust management in distributed environment.
Chapter Preview
Top

Introduction

Motivation

Many applications nowadays are conducted on open computer platforms across heterogeneous domains or over the public Internet. The openness of the platforms and the open infrastructure of the Internet provide the essential flexibility to enable widespread adoptions of numerous innovative applications. However, entities involved in such distributed and open environments normally have different interests and motivations, and may not trust each other for critical operations or transactions. As such, it is important to study the means for establishing and managing trust among individual platforms, from the perspectives of the different entities involved. To further illustrate this point, consider the following two applications.

A corporate intranet is required to be accessible for its employees outside its premises, e.g. an employee on travel. This presents a threat to the corporation’s information facility, due to the lack of assurance on the sanity of the client systems used by those employees. Though the users are trusted, the remote systems could be malicious, which may download confidential corporate information, modify sensitive data, or even infect other nodes in the intranet. Existing security measures based on authentication, firewall and access control are insufficient to defeat these attacks. It is desirable for the corporation to have the ability of evaluating the trustworthiness of the remote systems before admitting them into the intranet.

Another typical application requiring trust management is distributed computing which consists of a job supervisor and multiple participants. The supervisor splits a large computation job into tasks and assigns them to the participants. Each participant accomplishes the assigned task by performing certain computations and returns the results back to the supervisor. There have been a surge of interests in using this computing paradigm to solve computation intensive problems, e.g., the well-known SETI@Home project (Korpela, Werthimer, Anderson, Cobb, & Lebofsky, 2001; SETI@Home, 2007), the Great Internet Mersenne Prime Project (GIMPS, 2007), and the Folding@Home project (Folding@home, 2007). The most vital requirement of such applications is that the results returned by the participants should be trustworthy in the sense that the participants’ computing processes are not tampered with.

Similar issues also exist in other distributed applications, such as distributed firewalls (Ioannidis, Keromytis, Bellovin, & Smith, 2000), digital rights management, P2P applications, ad hoc trust routing, Web services and Grid Computing. The transactions among participants in these applications can be securely executed only when the participants are trustworthy. For example, DRM protected content is transferred only to devices that are able to prove its trustworthiness.

Trust management usually begins with trust evaluation followed by policy enforcement. Therefore, a reliable trust evaluation is the premise of the entire trust management framework. A prerequisite to evaluate a platform’s trustworthiness is the knowledge of its trust related attributes, such as its system configurations and software, its access policies and its dynamic behavior. Remote attestation serves exactly for this purpose.

Complete Chapter List

Search this Book:
Reset