A practical property-based bootstrap architecture

Authors:
René/ Korthaus;Ahmad-Reza Sadeghi;Christian Stü/ble;Jing Zhan
Affiliations:
Horst Gö/rtz Institute for IT-Security, Ruhr-University Bochum, Germany, Bochum, Germany;Horst Gö/rtz Institute for IT-Security, Ruhr-University Bochum, Germany, Bochum, Germany;Horst Gö/rtz Institute for IT-Security, Ruhr-University Bochum, Germany, Bochum, Germany;Horst Gö/rtz Institute for IT-Security, Ruhr-University Bochum, Germany/ Computer School, Wuhan University, Bochum, Germany
Venue:
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Year:
2009

Citing 9
Cited 4

Building the IBM 4758 Secure Coprocessor

Computer
Outbound Authentication for Programmable Secure Coprocessors

ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
A secure and reliable bootstrap architecture

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Open-Source Applications of TCPA Hardware

ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Property-based attestation for computing platforms: caring about properties, not mechanisms

NSPW '04 Proceedings of the 2004 workshop on New security paradigms
A protocol for property-based attestation

Proceedings of the first ACM workshop on Scalable trusted computing
Semantic remote attestation: a virtual machine directed approach to trusted computing

VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
Realizing property-based attestation and sealing with commonly available hard- and software

Proceedings of the 2007 ACM workshop on Scalable trusted computing
Model-based behavioral attestation

Proceedings of the 13th ACM symposium on Access control models and technologies

Extending IPsec for efficient remote attestation

FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
Practical property-based attestation on mobile devices

TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Usage control enforcement - a survey

ARES'11 Proceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems
Plug-n-trust: practical trusted sensing for mhealth

Proceedings of the 10th international conference on Mobile systems, applications, and services

Quantified Score

Hi-index	0.00

Visualization

Abstract

Binary attestation, as proposed by the Trusted Computing Group (TCG), is a pragmatic approach for software integrity protection and verification. However, it has also various shortcomings that cause problems for practical deployment such as scalability, manageability and privacy: On the one hand, data bound to binary values remain inaccessible after a software update and the verifier of an attestation result has to manage a huge number of binary versions. On the other hand, the binary values reveal information on platform configuration that may be exploited maliciously. In this paper we focus on property-based bootstrap architectures with an enhanced boot loader. Our proposal improves the previous work in a way that allows a practical and efficient integration into existing IT infrastructures. We propose a solution of the version rollback problem that, in contrast to the existing approaches, is secure even if the TPM owner of the attested platform is untrusted without requiring an interaction with a trusted third party. Finally, we show how our architecture can be applied to secure boot mechanisms of Mobile Trusted Modules (MTM) to realize a "Property-Based Secure Boot". This is especially important for human users, since with secure boot, users can rely on the fact that a loaded system is also in a trustworthy state.