Results and Discussions

Results and Discussions

DOI: 10.4018/978-1-5225-7924-3.ch006

Abstract

This chapter describes the proof-of-concept of the proposed protocol architecture. The eXtensible modular hypervisor framework has been utilized to build the TrustVisor hypervisor along with the core modules: cryptography operations, TEE, and TPM emulator, which contains TPM library function to make a secure communication with TPM hardware. The constructed hypervisor has been placed in the cloud server grub entry to make a choice of hypervisor. To ensure the trust worthiness of cloud platform, a remote attestation concept is used along with the most popular and widely used method called integrity measurement architecture (IMA). Remote attestation uses IMA. It works based on binary attestation concept. After configuring IMA, it calculates and extends the hashes of all components while boot process into their respective PCRs. To ensure the remote attestation with privacy preserving of NC, the authors used attestation identity key (AIK) for signing hashes of PCRs while performing quote operation. They used TPM emulator for communication with TPM device using TPM driver.
Chapter Preview
Top

Performance Of Tpm Commands

As discussed earlier, we used open source cloud software called eucalyptus to establish an IaaS private cloud for our testing. Eucalyptus consists well defined components such as node controller, cloud controller, walrus, storage controller and cluster controller, those provides efficient communication among resources using web-service. Eucalyptus is an EC2 API-compatible and which is an answer to commercial Amazon EC2 cloud infrastructure. Eucalyptus supports libvirt hypervisor, it consists most popular hypervisors Xen and KVM hypervisors. The eucalyptus components are well defined with web-service based interfaces and those components are developed using high-level and standard packages such as Axis2, Apache, and Rampart . Our proposed architecture utilizes these components to prove that our concept is secure from insider attacks.

The node controller is the central component of our proposed eucalyptus cloud frame work, where cloud controller can launch and execute virtual machines. The proposed framework implemented on HP elite Notebook 8540 with configuration of Intel i5 processor, 8GB RAM, 500HDD and Ubuntu 12.04 as a host OS. The Eucalyptus cloud software used for implementing the private cloud that provides an infrastructure for launching virtual machine’s. The experimental results show that proposed framework has greater ability to reduce the TCB minimization and less over heads while communicate with TPM device through the host operating system.The Intel SENTER (AMD SKINIT) instruction takes 20.5ms for the initiation of secure boot along with the TrustVisor hypervisor boot process. The PCR Extend is used to quote respective PCR value and it took 10.68ms. The TPM quote for measuring the PCR values with hash values are calculated and replaced with new hash digest and this operation took 357.68ms. Thus, it shows us that Flicker based environment takes long time to respond for the TPM quote. The seal and unseal operation takes 45.29ms and 537.87ms, when compared to other hypervisor performance in both operations TrustVisor has great ability to reduce the overheads in unseal operation.

Figure 1.

TPM performance evaluation (ms)

978-1-5225-7924-3.ch006.f01

The remote attestation took 100.3ms for trusting the platform using the PCR values with cryptographic techniques those we discussed earlier sections. The results show us that TrustVisor has great ability to reduce the overheads during the TPM operations.

Table 1.
HMAC and basic operations on TrustVisor (ms)
ExtendSealUnsealQuote
Native Linux240663581021008654815654
TrustVisor53311.712.621000
HMACSign
AvgStdevAvgStdev
Flicker62.6440.18167.4610.008
TrustVisor0.0510.0035.0120.018

Complete Chapter List

Search this Book:
Reset