Article

Linking remote attestation to secure tunnel endpoints

Authors:

Kenneth Goldman,

Ronald Perez,

Reiner SailerAuthors Info & Claims

STC '06: Proceedings of the first ACM workshop on Scalable trusted computing

Pages 21 - 24

https://doi.org/10.1145/1179474.1179481

Published: 03 November 2006 Publication History

Get Access

Abstract

Client-Server applications have become the backbone of the Internet and are processing increasingly sensitive information. We have come to rely on the correct behavior and trustworthiness of online banking, online shopping, and other remote access services. These services are implemented as cooperating processes on different platforms. To trust distributed services, one must trust each cooperating process and their interconnection.Common practice today is to establish secure tunnels to protect the communication between local and remote processes. Typically, a user controls the local system. The user also controls the security of the tunnel through negotiation and authentication protocols. Ongoing and published work examines how to create and monitor properties of remote systems. What is missing is the link or binding between such properties and the actual remote tunnel endpoint.We examine here how to link specific properties of a remote system "gained through TPM-based attestation" to secure tunnel endpoints to counter attacks where a compromised authenticated SSL endpoint relays the TPM-based attestation to another system. We show how the proposed mechanism can be deployed in virtualized environments to create inexpensive SSL endpoint certificates and instant revocation that scales Internet-wide.

References

[1]

T. Dierks, E. Rescorla: The Transport Layer Security (TLS) Protocol Version 1.1. April 2006.

Google Scholar

[2]

S. Kent, K. Seo: Security Architecture for the Internet Protocol. December 2005.

Google Scholar

[3]

Peter Gutmann: PKI -- It's Not Dead, Just Resting. IEEE Computer Magazine, August 2002 (Vol. 35, No. 8), pp. 41--49.

Digital Library

Google Scholar

[4]

Trusted Computing Group. TCG TPM Specification Version 1.2. Parts I-III, 2005.

Google Scholar

[5]

Reiner Sailer, Xiaolan Zhang, Trent Jaeger, Leendert van Doorn: Design and Implementation of a TCG-based Integrity Measurement Architecture. 13th Usenix Security Symposium, San Diego, California, 2004.

Digital Library

Google Scholar

[6]

Trusted Computing Group. Trusted Network Connect (TNC) Architecture, Version 1.1, May 2006.

Google Scholar

[7]

Ahmad-Reza Sadeghi, Christian Stueble: Property-based Attestation for Computing Platforms: Caring about properties, not mechanisms; New Security Paradigm Workshop, 2004.

Digital Library

Google Scholar

[8]

Stefan Berger, Ram�n C�ceres, Kenneth Goldman, Ronald Perez, Reiner Sailer and Leendert van Doorn: vTPM -- Virtualizing the Trusted Platform Module. 15th Usenix Security Symposium, Vancouver, Canada, July 2006.

Digital Library

Google Scholar

[9]

Jonathan M. McCune, Stefan Berger, Ram�n C�ceres, Trent Jaeger, Reiner Sailer: Shamon -- A System for Distributed Mandatory Access Control. ACSAC, 2006.

Digital Library

Google Scholar

[10]

Reiner Sailer, Trent Jaeger, Xiaolan Zhang, Leendert van Doorn: Attestation-based Policy Enforcement for Remote Access. 11th ACM Conference on Computer and Communications Security (CCS), October, 2004.

Digital Library

Google Scholar

[11]

Tal Garfinkel, Mendel Rosenblum: A Virtual Machine Introspection Based Architecture for Intrusion Detection. Network and Distributed Systems Security Symposium, 2003.

Google Scholar

Cited By

View all

Patel AJhaveri RShah KPatel ARathore RPaliwal MAbhishek KThakker D(2024)Security Trends in Internet-of-things for Ambient Assistive Living: A ReviewRecent Advances in Computer Science and Communications10.2174/012666255827031423112905145617:7Online publication date: Oct-2024
https://doi.org/10.2174/0126662558270314231129051456
Bae YBanerjee SLee SPeinado M(2023)Spacelord: Private and Secure Smart Space SharingDigital Threats: Research and Practice10.1145/36378795:2(1-27)Online publication date: 19-Dec-2023
https://dl.acm.org/doi/10.1145/3637879
Bae YBanerjee SLee SPeinado M(2022)Spacelord: Private and Secure Smart Space SharingProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3564637(427-439)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3564637
Show More Cited By

Index Terms

Linking remote attestation to secure tunnel endpoints
1. Security and privacy
  1. Security services
    1. Authentication
  2. Systems security
    1. Operating systems security

Recommendations

A security-enhanced remote platform integrity attestation scheme
WiCOM'09: Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing

Remote platform integrity attestation is a method by which a client attests its hardware and software configuration to a remote server. The goal of remote integrity platform attestation is to enable a remote challenger to determine the level of trust in ...
Credibility Attestation of Property Remote Attestation Method
FITME '09: Proceedings of the 2009 Second International Conference on Future Information Technology and Management Engineering

During the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of ...
Analysis of existing remote attestation techniques

This paper has been written as a part of the research project that is working towards the implementation of dynamic behavioral attestation for mobile platforms. The motivation behind this paper was to analyze the existing remote attestation techniques ...

Comments

Information & Contributors

Information

Published In

STC '06: Proceedings of the first ACM workshop on Scalable trusted computing

November 2006

66 pages

ISBN:1595935487

DOI:10.1145/1179474

General Chair:
Ari Juels
RSA Laboratories
,
Program Chairs:
Gene Tsudik
University of California, Irvine, CA
,
Shouhuai Xu
University of Texas, San Antonio, TX
,
Moti Yung
RSA Labs and Columbia University

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS06

Sponsor:

CCS06: 13th ACM Conference on Computer and Communications Security 2006

November 3, 2006

Virginia, Alexandria, USA

Acceptance Rates

Overall Acceptance Rate 17 of 31 submissions, 55%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

85
Total Citations
View Citations
2,101
Total Downloads

Downloads (Last 12 months)39
Downloads (Last 6 weeks)6

Reflects downloads up to 17 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Patel AJhaveri RShah KPatel ARathore RPaliwal MAbhishek KThakker D(2024)Security Trends in Internet-of-things for Ambient Assistive Living: A ReviewRecent Advances in Computer Science and Communications10.2174/012666255827031423112905145617:7Online publication date: Oct-2024
https://doi.org/10.2174/0126662558270314231129051456
Bae YBanerjee SLee SPeinado M(2023)Spacelord: Private and Secure Smart Space SharingDigital Threats: Research and Practice10.1145/36378795:2(1-27)Online publication date: 19-Dec-2023
https://dl.acm.org/doi/10.1145/3637879
Bae YBanerjee SLee SPeinado M(2022)Spacelord: Private and Secure Smart Space SharingProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3564637(427-439)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3564637
Ozga WLe Quoc DFetzer C(2021)TRIGLAV: Remote Attestation of the Virtual Machine's Runtime Integrity in Public Clouds2021 IEEE 14th International Conference on Cloud Computing (CLOUD)10.1109/CLOUD53861.2021.00013(1-12)Online publication date: Sep-2021
https://doi.org/10.1109/CLOUD53861.2021.00013
Rhahla MAllegue SAbdellatif T(2021)Guidelines for GDPR compliance in Big Data systemsJournal of Information Security and Applications10.1016/j.jisa.2021.10289661:COnline publication date: 1-Sep-2021
https://dl.acm.org/doi/10.1016/j.jisa.2021.102896
Fotiadis GMoreira JGiannetsos TChen LR�nne PRyan MRyan P(2021)Root-of-Trust Abstractions for�Symbolic Analysis: Application to�Attestation ProtocolsSecurity and Trust Management10.1007/978-3-030-91859-0_9(163-184)Online publication date: 4-Dec-2021
https://doi.org/10.1007/978-3-030-91859-0_9
Niemi APop VEkberg J(2021)Trusted Sockets Layer: A TLS 1.3 Based Trusted Channel ProtocolSecure IT Systems10.1007/978-3-030-91625-1_10(175-191)Online publication date: 13-Nov-2021
https://doi.org/10.1007/978-3-030-91625-1_10
Gregor FOzga WVaucher SPires RLe Quoc DArnautov SMartin ASchiavoni VFelber PFetzer C(2020)Trust Management as a Service: Enabling Trusted Execution in the Face of Byzantine Stakeholders2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN48063.2020.00063(502-514)Online publication date: Jun-2020
https://doi.org/10.1109/DSN48063.2020.00063
Wagner PBirnstill PBeyerer J(2020)Establishing Secure Communication Channels Using Remote Attestation with TPM 2.0Security and Trust Management10.1007/978-3-030-59817-4_5(73-89)Online publication date: 16-Sep-2020
https://doi.org/10.1007/978-3-030-59817-4_5
Sethi MPeltonen AAura TGalbraith SRussello GSusilo WGollmann DKirda ELiang Z(2019)Misbinding Attacks on Secure Device Pairing and BootstrappingProceedings of the 2019 ACM Asia Conference on Computer and Communications Security10.1145/3321705.3329813(453-464)Online publication date: 2-Jul-2019
https://dl.acm.org/doi/10.1145/3321705.3329813
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

A security-enhanced remote platform integrity attestation scheme

Credibility Attestation of Property Remote Attestation Method

Analysis of existing remote attestation techniques