research-article

Improving the scalability of platform attestation

Authors:

Frederic Stumpf,

Stefan Katzenbeisser,

Claudia EckertAuthors Info & Claims

STC '08: Proceedings of the 3rd ACM workshop on Scalable trusted computing

Pages 1 - 10

https://doi.org/10.1145/1456455.1456457

Published: 31 October 2008 Publication History

Abstract

In the process of platform attestation, a Trusted Platform Module is a performance bottleneck, which causes enormous delays if multiple simultaneously attestation requests arrive in a short period of time. In this paper we show how the scalability of platform attestation can be improved. In this context, we propose three protocols that enable fast and secure integrity reporting for servers that have to handle many attestation requests. We implemented all of our protocols and compared them in terms of security and performance. Our proposed protocols enable a highly frequented entity to timely answer incoming attestation requests.

References

[1]

AVISPA. Deliverable 2.3: The high-level protocol specification language. Technical report, http://www.avispa-project.org/delivs/2.1/d2-1.pdf, 2003.

[2]

S. Berger, R. Cáceres, K. A. Goldman, R. Perez, R. Sailer, and L. van Doorn. vtpm: virtualizing the trusted platform module. In USENIX-SS'06: Proceedings of the 15th conference on USENIX Security Symposium, pages 21--21, Berkeley, CA, USA, 2006. USENIX Association.

Digital Library

[3]

L. Chen, R. Landfermann, H. Löhr, M. Rohe, A.-R. Sadeghi, C. Stüble, and H. Görtz. A protocol for property-based attestation. In STC '06: Proceedings of the first ACM workshop on Scalable trusted computing, pages 7--16, New York, NY, USA, 2006. ACM Press.

Digital Library

[4]

Y. Chevalier, L. Compagna, J. Cuellar, P. H. Drieslma, J. Mantovani, S. Mödersheim, and L. Vigneron. A high level protocol specification language for industrial security-sensitive protocols. In Proceedings of Workshop on Specification and Automated Processing of Security Requirements (SAPS 2004), 2004.

[5]

T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.1. Technical report, IETF Network Working Group, 2006.

[6]

D. Dolev and A. Yao. On the security of public key protocols. In Proceedings of the IEEE 22nd Annual Symposium on Foundations of Computer Science, pages 350--357, 1981.

Digital Library

[7]

T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: A virtual machine-based platform for trusted computing. In SOSP '03: Proceedings of the nineteenth ACM symposium on Operating Systems Principles, pages 193--206, New York, NY, USA, 2003. ACM Press.

Digital Library

[8]

Y. Gasmi, A.-R. Sadeghi, P. Stewin, M. Unger, and N. Asokan. Beyond secure channels. In STC '07: Proceedings of the 2007 ACM workshop on Scalable trusted computing, pages 30--40, New York, NY, USA, 2007. ACM.

Digital Library

[9]

K. Goldman, R. Perez, and R. Sailer. Linking remote attestation to secure tunnel endpoints. In First ACM Workshop on Scalable Trusted Computing, Fairfax, Virginia, November 2006.

Digital Library

[10]

V. Haldar, D. Chandra, and M. Franz. Semantic remote attestation: A virtual machine directed approach to trusted computing. In USENIX Virtual Machine Research and Technology Symposium, 2004 2004.

Digital Library

[11]

C. Krauß, F. Stumpf, and C. Eckert. Detecting Node Compromise in Hybrid Wireless Sensor Networks Using Attestation Techniques. In In Proceedings of the Fourth European Workshop on Security and Privacy in Ad hoc and Sensor Networks (ESAS 2007), Lecture Notes in Computer Science, Cambridge, UK, July 2007. Springer-Verlag.

Digital Library

[12]

L. Lamport. Password authentication with insecure communication. In Commun. ACM, volume 24, pages 770--772, New York, NY, USA, 1981. ACM Press.

Digital Library

[13]

J. Liedtke. On Micro-Kernel Construction. In SOSP '95: Proceedings of the fifteenth ACM Symposium on Operating Systems Principles, pages 237--250, New York, NY, USA, 1995. ACM Press.

Digital Library

[14]

H. Löhr, H. V. Ramasamy, A.-R. Sadeghi, S. Schulz, M. Schunter, and C. Stüble. Enhancing grid security using trusted virtualization. In Second Workshop on Advances in Trusted Computing (WATC'06), Tokyo, Japan, November 2006.

[15]

A.-R. Sadeghi, M. Scheibel, C. Stüble, and M. Wolf. Play it once again, sam -- enforcing stateful licenses on open platforms. In 2nd Workshop on Advances in Trusted Computing (WATC '06 Fall), Tokyo, Japan, November 2006.

[16]

A.-R. Sadeghi, M. Selhorst, C. Stüble, and M. Winandy. TCG Inside? A Note on TPM Specification Compliance. In Proceedings of the First ACM Workshop on Scalable Trusted Computing (STC'06)., 2006.

Digital Library

[17]

A.-R. Sadeghi and C. Stüble. Property-based attestation for computing platforms: caring about properties, not mechanisms. In NSPW '04: Proceedings of the 2004 workshop on New security paradigms, pages 67--77, New York, NY, USA, 2004. ACM Press.

Digital Library

[18]

R. Sailer, T. Jaeger, X. Zhang, and L. van Doorn. Attestation-based policy enforcement for remote access. In CCS '04: Proceedings of the 11th ACM conference on Computer and communications security, pages 308--317, New York, NY, USA, 2004. ACM Press.

Digital Library

[19]

E. Shi, A. Perrig, and L. V. Doorn. BIND: A Fine-Grained Attestation Service for Secure Distributed Systems. In SP '05: Proceedings of the 2005 IEEE Symposium on Security and Privacy, pages 154--168, Washington, DC, USA, 2005. IEEE Computer Society.

Digital Library

[20]

F. Stumpf, M. Benz, M. Hermanowski, and C. Eckert. An Approach to a Trustworthy System Architecture using Virtualization. In Proceedings of the 4th International Conference on Autonomic and Trusted Computing (ATC-2007), volume 4158 of Lecture Notes in Computer Science, Hong Kong, China, 2007. Springer-Verlag.

Digital Library

[21]

F. Stumpf and C. Eckert. Enhancing Trusted Platform Modules with Hardware-Based Virtualization Techniques. In Proceedings of the Second International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2008), Cap Esterel, France, August 25--31, 2008. IEEE Computer Society.

Digital Library

[22]

F. Stumpf, O. Tafreschi, P. Röder, and C. Eckert. A Robust Integrity Reporting Protocol for Remote Attestation. In Second Workshop on Advances in Trusted Computing (WATC'06 Fall), Tokyo, Japan, November 2006.

[23]

Trusted Computing Group. TCG TPM Specification Version 1.2 Revision 103, Structure of the TPM. Technical report, TCG, 2007.

[24]

Trusted Computing Group. Infrastructure Subject Key Attestation Evidence Extension Version 1.0, Revision 5. Technical report, TCG, 2005.

[25]

Trusted Computing Group. TCG TPM Specification, Architecture Overview. Technical report, TCG, 2007.

[26]

Trusted Computing Group. Trusted Platform Module (TPM) specifications. Technical report, TCG, 2008, https://www.trustedcomputinggroup.org/specs/TPM

[27]

L. Viganò. Automated Security Protocol Analysis with the AVISPA Tool. In Proceedings of the XXI Mathematical Foundations of Programming Semantics (MFPS'05), volume 155 of ENTCS, Elsevier, 2005.

Digital Library

Cited By

Tzialla IWang JZhu JPanda AWalfish M(2024)Efficient Auditing of Event-driven Web ApplicationsProceedings of the Nineteenth European Conference on Computer Systems10.1145/3627703.3650089(1208-1224)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3627703.3650089
Zhang XChen ZZhang XShen QWu Z(2024)IPOD2: an irrecoverable and verifiable deletion scheme for outsourced dataThe Computer Journal10.1093/comjnl/bxae05367:10(2877-2889)Online publication date: 30-Jun-2024
https://doi.org/10.1093/comjnl/bxae053
Luo WRuan AShen QWu Z(2018)TProv: Towards a Trusted Provenance-Aware Service Based on Trusted ComputingWeb Services – ICWS 201810.1007/978-3-319-94289-6_5(67-83)Online publication date: 19-Jun-2018
https://doi.org/10.1007/978-3-319-94289-6_5
Show More Cited By

Index Terms

Improving the scalability of platform attestation
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
  2. Systems security
    1. Operating systems security
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Flexible Mechanisms for Remote Attestation

Remote attestation consists of generating evidence of a system’s integrity via measurements and reporting the evidence to a remote party for appraisal in a form that can be trusted. The parties that exchange information must agree on formats and ...
Analysis of existing remote attestation techniques

This paper has been written as a part of the research project that is working towards the implementation of dynamic behavioral attestation for mobile platforms. The motivation behind this paper was to analyze the existing remote attestation techniques ...
A security-enhanced remote platform integrity attestation scheme
WiCOM'09: Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing

Remote platform integrity attestation is a method by which a client attests its hardware and software configuration to a remote server. The goal of remote integrity platform attestation is to enable a remote challenger to determine the level of trust in ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

STC '08: Proceedings of the 3rd ACM workshop on Scalable trusted computing

October 2008

100 pages

ISBN:9781605582955

DOI:10.1145/1456455

General Chair:
Shouhuai Xu
University of Texas at San Antonio, USA
,
Program Chairs:
Cristina Nita-Rotaru
Purdue University, USA
,
Jean-Pierre Seifert
Samsung Electronics, USA

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 October 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS08

Sponsor:

CCS08: 15th ACM Conference on Computer and Communications Security 2008

October 31, 2008

Virginia, Alexandria, USA

Acceptance Rates

Overall Acceptance Rate 17 of 31 submissions, 55%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

31
Total Citations
View Citations
582
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)1

Reflects downloads up to 28 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Tzialla IWang JZhu JPanda AWalfish M(2024)Efficient Auditing of Event-driven Web ApplicationsProceedings of the Nineteenth European Conference on Computer Systems10.1145/3627703.3650089(1208-1224)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3627703.3650089
Zhang XChen ZZhang XShen QWu Z(2024)IPOD2: an irrecoverable and verifiable deletion scheme for outsourced dataThe Computer Journal10.1093/comjnl/bxae05367:10(2877-2889)Online publication date: 30-Jun-2024
https://doi.org/10.1093/comjnl/bxae053
Luo WRuan AShen QWu Z(2018)TProv: Towards a Trusted Provenance-Aware Service Based on Trusted ComputingWeb Services – ICWS 201810.1007/978-3-319-94289-6_5(67-83)Online publication date: 19-Jun-2018
https://doi.org/10.1007/978-3-319-94289-6_5
Santra MPeddoju SBhattacharjee AKhan A(2017)Design and Analysis of a Modified Remote Attestation Protocol2017 IEEE Trustcom/BigDataSE/ICESS10.1109/Trustcom/BigDataSE/ICESS.2017.287(578-585)Online publication date: Aug-2017
https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.287
Ruan AMartin A(2017)RepCloud: Attesting to Cloud Service DependencyIEEE Transactions on Services Computing10.1109/TSC.2016.255851310:5(675-688)Online publication date: 1-Sep-2017
https://doi.org/10.1109/TSC.2016.2558513
Rein ARieke RJäger MKuntze NCoppolino L(2016)Trust Establishment in Cooperating Cyber-Physical SystemsSecurity of Industrial Control Systems and Cyber Physical Systems10.1007/978-3-319-40385-4_3(31-47)Online publication date: 18-Jun-2016
https://doi.org/10.1007/978-3-319-40385-4_3
Kruus PChallener D(2015)On reporting of the time of attestation measurementsMILCOM 2015 - 2015 IEEE Military Communications Conference10.1109/MILCOM.2015.7357468(354-359)Online publication date: Oct-2015
https://doi.org/10.1109/MILCOM.2015.7357468
Ismail RSyed TMusa SKim DKim SLee SHanzo KIsmail R(2014)Design and implementation of an efficient framework for behaviour attestation using n-call slidesProceedings of the 8th International Conference on Ubiquitous Information Management and Communication10.1145/2557977.2558002(1-8)Online publication date: 9-Jan-2014
https://dl.acm.org/doi/10.1145/2557977.2558002
Gottert NKuntze NRudolph CWahid K(2014)Trusted neighborhood discovery in critical infrastructures2014 IEEE International Conference on Smart Grid Communications (SmartGridComm)10.1109/SmartGridComm.2014.7007775(976-981)Online publication date: Nov-2014
https://doi.org/10.1109/SmartGridComm.2014.7007775
Ruan AMartin A(2014)NeuronVisorRevised Selected Papers of the 6th International Conference on Trusted Systems - Volume 947310.1007/978-3-319-27998-5_12(184-200)Online publication date: 16-Dec-2014
https://dl.acm.org/doi/10.1007/978-3-319-27998-5_12
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents