No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Mobile Trusted Agent (MTA): Build User-Based Trust for General-Purpose Computer Platform
Abstract
Trusted computing technology can establish trust in the local computer platform by a trusted boot, and can further transfer the trust to a remote verifier through a remote attestation mechanism. However, no standard solution is provided to convey the trust information to users in a friendly manner. Existing methods have no implementation, or need users to buy a specific USB device (an additional purchasing burden for users). To establish user-based trust, we summarize possible solutions and classify the related works according to each solution. After comparing these solutions, we provide a better method “Mobile Trusted Agent (MTA)”, which uses a general mobile device as a reliable medium to establish a secure channel between the local user and the remote verifier. Finally, we have implemented MTA using an ARM SoC device and evaluated the performance of the protocol for secure channel. The evaluation results demonstrate that MTA has high quality and flexibility for building user-based trust.
... Thirdly, in the local application scenario, a local trusted device (as a verifier) is missing now and can only be established based on some special hardware token [6]. Finally, in the remote application scenario, the platform information does not propagate back to user if a malicious attestor exists in the computing device, and a trusted channel between the local user and the remote verifier is needed [7,8]. These problems have hindered the widespread use of trusted platforms to some extent, even that the TPMs are widely available in various computing devices. ...
... Remote attestation applications also face a series of security threats. In [7], we found the platform trust cannot be transferred to users with a compromised local attestor. Moveover, for the platforms without any TPM/TCM chip, how to make a remote attestation remains a challenge. ...
... In Mobile Trust Agent (MTA) [7], we analyzed the platform trust establishment process informally, and summarized and classified the existing solutions. As a result, we designed a mobile phone to achieve user-based trust. ...
This paper presents a new method to enhance the trust of traditional computing device by using the popular mobile phone. We first propose a formal method to analyze the platform trust establishment process based on trusted computing technology, and the formal results reveal possible attack and suggest potential solutions. Then, we design an improved solution, in which the mobile phone is extended to support three trusted computing functions: using mobile phone as a root of trust instead of Trusted Platform Module, as a local investigator to obtain evidences from the local computing platform, and as a trusted agent to build a secure communication channel with an external entity in the remote attestation applications. Finally, to describe the feasibility and efficiency, a prototype of the trusted mobile phone is implemented and evaluated based on an ARM development board.
Trusted computing (TC) is an emerging technology to enhance the security of various computing platforms by a dedicated secure chip (TPM/TCM), which is widely accepted by both the industrial and academic world. This paper attempts to sketch the evolution of TC from the view of our theoretical and engineering work. In theory, we focus on protocol design and security analysis. We have proposed the first ECDAA protocol scheme based on q-SDH assumption, which highlights a new way to design direct anonymous attestation scheme. In technical evolution, we discuss the key technologies of trust chain, trusted network connection and TC testing and evaluation. We break through several key technologies such as trusted boot, OS measurement and remote attestation, and implement a TC system from TPM/TCM to network. We also design and implement a testing and evaluation system of TC platform, which is the first one put into practical application in China. Finally, with the rapid development of cloud computing and mobile applications, TC is moving toward some new directions, such as the trust in cloud and mobile environments, new TPM standard, and flexible trust execution environment trust establishment method.
Current trusted computing technologies allow computing devices to verify each other, but in a networked world, there is no reason to trust one computing device any more than another. Treating these devices as turtles, the user who seeks a trustworthy system from which to verify others quickly realizes that it's turtles all the way down because of the endless loop of trust dependencies. We need to provide the user with one initial turtle (the iTurtle) which is axiomatically trustworthy, thereby breaking the dependency loop. In this paper, we present some of the research challenges involved in designing and using such an iTurtle.
An important security challenge is to protect the execution of security-sensitive code on legacy systems from malware that may infect the OS, applications, or system devices. Prior work experienced a tradeoff between the level of security achieved and efficiency. In this work, we leverage the features of modern processors from AMD and Intel to overcome the tradeoff to simultaneously achieve a high level of security and high performance. We present TrustVisor, a special-purpose hypervisor that provides code integrity as well as data integrity and secrecy for selected portions of an application. TrustVisor achieves a high level of security, first because it can protect sensitive code at a very fine granularity, and second because it has a very small code base (only around 6K lines of code) that makes verification feasible. TrustVisor can also attest the existence of isolated execution to an external entity. We have implemented TrustVisor to protect security-sensitive code blocks while imposing less than 7% overhead on the legacy OS and its applications in the common case.
We present Flicker, an infrastructure for executing security- sensitive code in complete isolation while trusting as few as 250 lines of additional code. Flicker can also provide mean- ingful, ne-grained attestation of the code executed (as well as its inputs and outputs) to a remote party. Flicker guar- antees these properties even if the BIOS, OS and DMA- enabled devices are all malicious. Flicker leverages new commodity processors from AMD and Intel and does not require a new OS or VMM. We demonstrate a full imple- mentation of Flicker on an AMD platform and describe our development environment for simplifying the construction of Flicker-enabled code.
Cloud computing is a disruptive trend that is changing the way we use computers. The key underlying technology in cloud infrastructures is virtualization -- so much so that many consider virtualization to be one of the key features rather than simply an implementation detail. Unfortunately, the use of virtualization is the source of a significant security concern. Because multiple virtual machines run on the same server and since the virtualization layer plays a considerable role in the operation of a virtual machine, a malicious party has the opportunity to attack the virtualization layer. A successful attack would give the malicious party control over the all-powerful virtualization layer, potentially compromising the confidentiality and integrity of the software and data of any virtual machine. In this paper we propose removing the virtualization layer, while retaining the key features enabled by virtualization. Our NoHype architecture, named to indicate the removal of the hypervisor, addresses each of the key roles of the virtualization layer: arbitrating access to CPU, memory, and I/O devices, acting as a network device (e.g., Ethernet switch), and managing the starting and stopping of guest virtual machines. Additionally, we show that our NoHype architecture may indeed be "no hype" since nearly all of the needed features to realize the NoHype architecture are currently available as hardware extensions to processors and I/O devices.
Supporting emergency responders with mobile software agents promise increasing the efficiency of crisis management. While mobile agents offer many advantages, they also pose new challenges to security. However, security is a key prerequisite in crisis situations. A main security requirement is to create an agent execution environment that will not attack the agents.
To secure mobile agents we have created an architecture that uses Trusted Computing to create a trusted execution environment for mobile agents on commodity-of-the-shelf computing hardware. We protect the load-time integrity of the trusted execution environment by measuring its software configuration and using a local attestation verification token to verify the software configuration. This token is the Secure Docking Module, a security chip protecting the cryptographic resources required to join the mobile agent software platform and authorize mobile agents. The SDM is implemented on a modern security chip. With our security architecture we can provide a mobile agent platform that is resilient against malicious agent execution environments, making the use of mobile agents in crisis management viable.
Trusted computing is a promising technology for enhancing the security of platform by the TPM. The TPM is a tamper-resistant microcontroller designed to provide robust security capabilities for the trusted platform. It typically is affixed to the motherboard with LPC bus. However, It is so limitary that TPM can't be directly used in currently common PC, TPM isn't flexible and portable to be used in different platforms because of its interface with PC and its structure of certifications and keys. For these reasons, we propose a portable trusted platform module (PTPM) scheme to build a trusted platform for common PC based on a single crypto chip with the interface of USB and extensible firmware interface (EFI), by which users can get almost the same degree of security protection in general-purpose system. We also show that the structure of certifications and keys can bind to platforms with PTPM and provide portability and flexibility in different platforms to users while still allowing the user and platform to be protected and attested.
We describe, build, and evaluate Lockdown, a system that significantly increases the level of security for online transactions, even on a platform infested with malicious code. Lockdown provides the user with a highly-protected, yet also highly-constrained trusted environment for performing online transactions, as well as a high-performance, general-purpose environment for all other (non-security-sensitive) applications. A simple, user-friendly external in-terface allows the user to securely learn which environment is active and easily switch between them. We focus on making Lockdown deployable and usable today. Lockdown works with both Windows and Linux, and provides immediate improvements to security-sensitive tasks while imposing, on average, only 3% memory overhead and 2–7% storage overhead on non-security-related tasks.
Nowadays, trusted platform modules (TPMs) are usually deployed together with desktop PCs and notebooks. However, these platforms
are not the only ones that can host TPMs. Mobile and embedded platforms like cell phones can also host TPMs but may have different
requirements and different use-case scenarios. In contrast to common TPMs, TPMs for mobile platforms do not need to be implemented
as micro controllers, leading to different security assumptions. In order to find these differences, we have designed and
implemented two approaches for mobile TPMs that are analyzed in detail in the context of this paper.
Trusted computing technology aims to enhance the security of platform by the TPM. But there are some drawbacks of TCG's Trusted Computing architecture for user-based applications. This paper presents a new concept of portable TPM (PTM) based on USB Key to solve those problems. At first, we use PTM to establish a trusted path between the verifier and the user in remote attestation so as to propagate the trust chain to the end user. Secondly, we design the trust model and platform management mechanism of PTM. In this model the single point failure of TPM and frequent sensitive data migrations between different platforms are avoided based on PTM. At last, we implement the PTM on the USB Key with Java Card Runtime Environment. The test results show that the PTM scheme is feasible for user-based application.
Trusted platforms have been proposed as a promising approach to en- hance the security of general-purpose computing systems. However, for many resource-constrained embedded systems, the size and cost over- heads of a separate Trusted Platform Module (TPM) chip are not ac- ceptable. One alternative is to use a software-based TPM (SW-TPM), which implements TPM functions using software that executes in a pro- tected execution domain on the embedded processor itself. However, since many embedded systems have limited processing capabilities and are battery-powered, it is also important to ensure that the computational and energy requirements for SW-TPMs are acceptable. In this work, we perform an evaluation of the energy and execution time overheads for a SW-TPM implementation on a Sharp Zaurus PDA. We characterize the execution time and energy required by each TPM command through actual measurements on the target platform. In addi- tion, we also evaluate the overheads of using SW-TPM in the context of various end applications, including trusted boot of the Linux oper- ating system (OS), secure file storage, secure VoIP client, and secure web browser. Furthermore, we observe that for most TPM commands, the overheads are primarily due to the use of 2048-bit RSA operations that are performed within SW-TPM. In order to alleviate SW-TPM over- heads, we evaluate the use of Elliptic Curve Cryptography (ECC) as a replacement for the RSA algorithm specified in the Trusted Computing Group (TCG) standards. Our experiments indicate that this optimiza- tion can significantly reduce SW-TPM overheads (an average of 6.51X execution time reduction and 6.75X energy consumption reduction for individual TPM commands, and an average of 10.25X execution time reduction and 10.75X energy consumption reduction for applications). Our work demonstrates that ECC-based SW-TPMs are a viable approach to realizing the benefits of trusted computing in resource-constrained embedded systems.
For the last few years, many commodity computers have come equipped with a Trusted Platform Module (TPM). Ex- isting research shows that the TPM can be used to establish trust in the software executing on a computer. However, at present, there is no standard mechanism for establish- ing trust in the TPM on a particular machine. Indeed, any straightforward approach falls victim to a cuckoo attack. In this work, we propose a formal model for establishing trust in a platform. The model reveals the cuckoo attack problem and suggests potential solutions. Unfortunately, no insta n- tiation of these solutions is fully satisfying, and hence, w e pose the development of a fully satisfactory solution as an open question to the community.
Trusting a computer for a security-sensitive task (such as checking email or banking online) requires the user to know something about the computer's state. We examine research on securely capturing a computer's state, and consider the utility of this information both for improving security on the local computer (e.g., to convince the user that her computer is not infected with malware) and for communi- cating a remote computer's state (e.g., to enable the user to check that a web server will adequately protect her data). Although the recent "Trusted Computing" initiative has drawn both positive and negative attention to this area, we consider the older and broader topic of bootstrapping trust in a computer. We cover issues rang- ing from the wide collection of secure hardware that can serve as a foundation for trust, to the usability issues that arise when trying to convey computer state information to humans. This approach unifies disparate research efforts and highlights opportunities for additional work that can guide real-world improvements in computer security.
Trusted platforms have been proposed as a promising approach to enhance the security of general-purpose computing systems. However, for many resource-constrained embedded systems, the size and cost overheads of a separate Trusted Platform Module (TPM) chip are not acceptable. One alternative is to use a software-based TPM, which implements TPM functions using software that executes in a protected execution domain on the embedded processor itself. However, since many embedded systems have limited processing capabilities and are battery-powered, it is also important to ensure that the computational and energy requirements for SW-TPMs are acceptable. In this article, we perform an evaluation of the energy and execution time overheads for a SW-TPM implementation on a handheld appliance (Sharp Zaurus PDA). We characterize the execution time and energy required by each TPM command through actual measurements on the target platform. We observe that for most commands, overheads are primarily due to the use of 2,048-bit RSA operations that are performed within the SW-TPM. In order to alleviate SW-TPM overheads, we evaluate the use of Elliptic Curve Cryptography (ECC) as a replacement for the RSA algorithm specified in the Trusted Computing Group (TCG) standards. In addition, we also evaluate the overheads of using the SW-TPM in the context of various end applications, including trusted boot of the Linux operating system (OS), a secure VoIP client, and a secure Web browser. Furthermore, we analyze the computational workload involved in running SW-TPM commands using ECC. We then present a suite of hardware and software enhancements to accelerate these commands—generic custom instructions and exploitation of parallel processing capabilities in multiprocessor systems-on-chip (SoCs). We report results of evaluating the proposed architectures on a commercial embedded processor (Xtensa from Tensilica). Through uniprocessor and multiprocessor optimizations, we could achieve speed-ups of up to 5.71X for individual TPM commands.
A security assessment of trusted platform modules
- E R Sparks
Introduction to the TPM 1
- M Ryan
Implementation Aspects of Mobile and Embedded Trusted Computing
- K Dietrich
- J Winter
AMD64 architecture programmer’ manual System programming AMD Publication no. 24593 rev
- Micro Advanced
- Devices