[go: up one dir, main page]

WO2013028059A1 - Verification system for trusted platform - Google Patents

Verification system for trusted platform Download PDF

Info

Publication number
WO2013028059A1
WO2013028059A1 PCT/MY2012/000185 MY2012000185W WO2013028059A1 WO 2013028059 A1 WO2013028059 A1 WO 2013028059A1 MY 2012000185 W MY2012000185 W MY 2012000185W WO 2013028059 A1 WO2013028059 A1 WO 2013028059A1
Authority
WO
WIPO (PCT)
Prior art keywords
verification system
verification
stage
attestation
client platform
Prior art date
Application number
PCT/MY2012/000185
Other languages
French (fr)
Inventor
Mohd Anuar Bin MAT ISA
Mohd Azuddin PARMAN
Azhar Bin Abu Talib
Wira Zanoramy Ansiry Bin ZAKARIA
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2013028059A1 publication Critical patent/WO2013028059A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Definitions

  • the present invention relates to a verification system for detecting tampering and performing attestation on a client platform in a communication between a client machine and a server machine.
  • proprietary operating system of a computer does not provide a single security measure to detect any tempering on a client platform either at hardware, firmware, boot loader, kernel or user layers.
  • the existing system performs attestation at application layer only as such attestation between layers in a client platform are not performed. This may risk the computer as some proprietary software may include defects or malicious features which would compromise sensitive information in the computer system.
  • the computer is exposed to security vulnerabiUties since the computer is connected to a network. Since most proprietary software restrict use and modification of the source code, it is not possible to detect the malicious features or look for security vulnerabilities.
  • a verification system is needed to validate the integrity information of the individual software and hardware components of a client platform. This is yery cruicial in a client-server network because most people use prorietory system in their computers to perform online transaction such as online banking and online shopping.
  • a verification system in a computer system that comprises a chain of trust that uses remote verification for detecting tampering and performing attestation on every layer (stage) of a client platform to ensure that each layer runs in trusted computing environment.
  • a chain of trust is established by validating individual hardware and software components to ensure that only trusted software and hardware have access to a resource on a network. For instance, hardware will only boot from software that is digitally , signed or verified. This verification process will continue for several layers before a client platform can have access to the network.
  • the verification of individual hardware and software components of a client platform is based on overall score generated by an integrity report which collects digests from the components. An integrity score generated and compared to a threshold to determine whether the client platform should be granted access to a resource or service on a network.
  • the verification process according to the present invention is based on the server instructions whereby the verification system provides the proprietary operating system with integrity information to allow remote server to perform necessary security action on a client platform. It is an objective of the present invention to provide a chain of trust on a client platform using remote verification in every stage of the running platform and to perform attestation in every stage in order to ensure that each stage runs in a trusted state. It is yet another objective of the present invention to provide a verification system for detecting tampering and performing attestation on every layer (stage) of a client platform to ensure that each layer runs in trusted computing environment.
  • a verification system for detecting tampering and performing attestation on a client platform in a communication between a client machine and server machine.
  • the client machine is referred to as a user computer which includes computer unit with and without Trusted Platform Module (TPM) chip.
  • the verification system comprises a chain of trust that use remote verification for detecting tampering and performing atesttation on every layer (stage) of a client platform to ensure that each layer runs in trusted computing environment wherein the system provide integrity information to a remote server in the server machine to perform a remote attestation process.
  • the verification system will first perform verification on booting areas and bios configuration integrity. Next, the verification system will run as part of the operating system and measure the intergrity information in order to provide trusted element in kernel and user environment. After the verification system is up and running, the verification system will check integrity of each files (machine instructions) running in the operating system. The existing integrity value will be checked and compared with substantiation evidences values at a database (security descriptors). If the value is different from the substantiation evidences, the verification system of the present invention will invoke integrity validation to make security decision via remote attestation.
  • Fig. 1 shows a diagram of a verification system according to the present invention.
  • the present invention provides a verification system for detecting tampering and performing attestation on a client platform in a communication between a client machine and server machine.
  • the verification system (105) as shown in Fig. 1 comprises a chain of trust on the client platform, a remote verification in every stage of the chain of trust wherein the system provide integrity information to a remote server to perform a remote attestation process.
  • a client platform is shown with four layers.
  • Stage 0 (101) is a layer for collecting integrity, measuring integrity and attestation of hardware and firmware in a client platform.
  • Stage 1 (102) is a layer for collecting integrity, measuring integrity and attestation of boot loader in a client platform.
  • Stage 2 (103) is a layer for collecting integrity, measuring integrity and attestation of kernel and operating system in the client platform.
  • Stage 3 (104) is a layer for collecting integrity, measuring integrity and attestation of application in the client platform.
  • Each stage transfers sequence of digests and integrity measurements to the verification system using a secured communication channel. Each stage is measured and verified before executing further instruction in the client platform.
  • the verification system (105) performs attestation on client platform in every stage to detect any tempering on every stage of the client platform.
  • the verification system (105) comprises a chain of trust performed between the layers. To maintain the chain of trust, the initial layer must verify integrity of the corresponding layer whether the corresponding layer can be trusted or not before passing control to the corresponding layer. Remote attestation will ensure each stage runs in secure and trusted environment. Each stage must complete the attestation process before proceed to a corresponding stage. An integrity baseline from the server machine storage is used for attestation process and stages verification.
  • vTPM Virtual Trusted Platform Module
  • TPM Trusted Platform Module
  • Data storage (107) is the primary information used for verification and attestation. This storage (107) is protected from unauthorized access. It can be protected via encryption algorithms. This storage may contain files, configurations and policies that describing the evidence of the platform including sequence of information, integrity digests, platform behavior, platform properties and platform trusted measurements. The communication between client and server must be running in the trusted and encrypted channel.
  • the verification system of the present system also supports virtual machine or hypervisor as a part of software stages in the client platform.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A verification system (105) used in a communication between a client machine and server machine wherein the system performs attestation to detect any tempering on a client platform prior to allowing the client platform to have access a resource or service on a network. The attestation process will verify integrity information of the client platform and perform necessary security decision.

Description

Verification System for Trusted Platform
Field of the Invention
The present invention relates to a verification system for detecting tampering and performing attestation on a client platform in a communication between a client machine and a server machine.
Background of the Invention
Most computer systems use proprietary software and hardware components. Typically, proprietary operating system of a computer does not provide a single security measure to detect any tempering on a client platform either at hardware, firmware, boot loader, kernel or user layers. In addition, the existing system performs attestation at application layer only as such attestation between layers in a client platform are not performed. This may risk the computer as some proprietary software may include defects or malicious features which would compromise sensitive information in the computer system. Furthermore, the computer is exposed to security vulnerabiUties since the computer is connected to a network. Since most proprietary software restrict use and modification of the source code, it is not possible to detect the malicious features or look for security vulnerabilities.
In view of the above, a verification system is needed to validate the integrity information of the individual software and hardware components of a client platform. This is yery cruicial in a client-server network because most people use prorietory system in their computers to perform online transaction such as online banking and online shopping.
According to the present invention, a verification system is provided in a computer system that comprises a chain of trust that uses remote verification for detecting tampering and performing attestation on every layer (stage) of a client platform to ensure that each layer runs in trusted computing environment. A chain of trust is established by validating individual hardware and software components to ensure that only trusted software and hardware have access to a resource on a network. For instance, hardware will only boot from software that is digitally , signed or verified. This verification process will continue for several layers before a client platform can have access to the network.
In US2007/0143629, the verification of individual hardware and software components of a client platform is based on overall score generated by an integrity report which collects digests from the components. An integrity score generated and compared to a threshold to determine whether the client platform should be granted access to a resource or service on a network. In the contrary, the verification process according to the present invention is based on the server instructions whereby the verification system provides the proprietary operating system with integrity information to allow remote server to perform necessary security action on a client platform. It is an objective of the present invention to provide a chain of trust on a client platform using remote verification in every stage of the running platform and to perform attestation in every stage in order to ensure that each stage runs in a trusted state. It is yet another objective of the present invention to provide a verification system for detecting tampering and performing attestation on every layer (stage) of a client platform to ensure that each layer runs in trusted computing environment.
Summary of the Invention
According to the present invention, a verification system is provided for detecting tampering and performing attestation on a client platform in a communication between a client machine and server machine. The client machine is referred to as a user computer which includes computer unit with and without Trusted Platform Module (TPM) chip. The verification system comprises a chain of trust that use remote verification for detecting tampering and performing atesttation on every layer (stage) of a client platform to ensure that each layer runs in trusted computing environment wherein the system provide integrity information to a remote server in the server machine to perform a remote attestation process.
In operation, the verification system will first perform verification on booting areas and bios configuration integrity. Next, the verification system will run as part of the operating system and measure the intergrity information in order to provide trusted element in kernel and user environment. After the verification system is up and running, the verification system will check integrity of each files (machine instructions) running in the operating system. The existing integrity value will be checked and compared with substantiation evidences values at a database (security descriptors). If the value is different from the substantiation evidences, the verification system of the present invention will invoke integrity validation to make security decision via remote attestation. Brief Description of the Drawing
The present invention will be further described by way of example with reference to the accompanying drawing, in which:
Fig. 1 shows a diagram of a verification system according to the present invention.
Detailed Description of the Invention
The present invention provides a verification system for detecting tampering and performing attestation on a client platform in a communication between a client machine and server machine. The verification system (105) as shown in Fig. 1 comprises a chain of trust on the client platform, a remote verification in every stage of the chain of trust wherein the system provide integrity information to a remote server to perform a remote attestation process.
In Fig. 4, a client platform is shown with four layers. As shown, Stage 0 (101) is a layer for collecting integrity, measuring integrity and attestation of hardware and firmware in a client platform. Stage 1 (102) is a layer for collecting integrity, measuring integrity and attestation of boot loader in a client platform. Stage 2 (103) is a layer for collecting integrity, measuring integrity and attestation of kernel and operating system in the client platform. Stage 3 (104) is a layer for collecting integrity, measuring integrity and attestation of application in the client platform. Each stage transfers sequence of digests and integrity measurements to the verification system using a secured communication channel. Each stage is measured and verified before executing further instruction in the client platform. The verification system (105) performs attestation on client platform in every stage to detect any tempering on every stage of the client platform. The verification system (105) comprises a chain of trust performed between the layers. To maintain the chain of trust, the initial layer must verify integrity of the corresponding layer whether the corresponding layer can be trusted or not before passing control to the corresponding layer. Remote attestation will ensure each stage runs in secure and trusted environment. Each stage must complete the attestation process before proceed to a corresponding stage. An integrity baseline from the server machine storage is used for attestation process and stages verification.
This attestation process is performed by using Virtual Trusted Platform Module (vTPM) (106) which is a virtualized of physical hardware of Trusted Platform Module (TPM). Data storage (107) is the primary information used for verification and attestation. This storage (107) is protected from unauthorized access. It can be protected via encryption algorithms. This storage may contain files, configurations and policies that describing the evidence of the platform including sequence of information, integrity digests, platform behavior, platform properties and platform trusted measurements. The communication between client and server must be running in the trusted and encrypted channel. The verification system of the present system also supports virtual machine or hypervisor as a part of software stages in the client platform.

Claims

Claims
1. Verification system (105) for detecting tampering and performing attestation on a client platform in a communication between a client machine and server machine comprising
a chain of trust on the client platform,
a remote verification in every stage of the chain of trust wherein the system provide integrity information to a remote server to perform a remote attestation process.
2. Verification system (105) as claimed in claim 1 wherein each stage
transfers sequence of digests and integrity measurements to the verification system using a secured communication channel.
3. Verification system (105) as claim in claim 1 wherein each stage are
measured and verified before executing further instruction in the client platform.
4. Verification system (105) as claimed in claim 3 wherein the each stage
must complete the attestation process before proceed to a corresponding stage.
5. Verification system (105) as claimed in claim 3 wherein an integrity
baseline from a server machine storage is used for attestation process and stages verification.
6. Verification system as claimed in claim 3 wherein operations, logs, and results of the attestation process are stored in a storage (107) in the server machine for re- verification process.
PCT/MY2012/000185 2011-08-25 2012-06-29 Verification system for trusted platform WO2013028059A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2011004006 2011-08-25
MYPI2011004006 2011-08-25

Publications (1)

Publication Number Publication Date
WO2013028059A1 true WO2013028059A1 (en) 2013-02-28

Family

ID=46750405

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2012/000185 WO2013028059A1 (en) 2011-08-25 2012-06-29 Verification system for trusted platform

Country Status (1)

Country Link
WO (1) WO2013028059A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015138246A1 (en) * 2014-03-13 2015-09-17 Intel Corporation Symmetric keying and chain of trust
US9348997B2 (en) 2014-03-13 2016-05-24 Intel Corporation Symmetric keying and chain of trust
US9521125B2 (en) 2014-03-13 2016-12-13 Intel Corporation Pseudonymous remote attestation utilizing a chain-of-trust
CN112955888A (en) * 2019-01-08 2021-06-11 慧与发展有限责任合伙企业 Protecting a group of nodes

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070107046A1 (en) * 2005-11-07 2007-05-10 International Business Machines Corporation Method, system and program product for remotely verifying integrity of a system
US20070143629A1 (en) 2004-11-29 2007-06-21 Hardjono Thomas P Method to verify the integrity of components on a trusted platform using integrity database services
US20070230504A1 (en) * 2006-03-29 2007-10-04 Smith Ned M Generating a chain of trust for a virtual endpoint

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070143629A1 (en) 2004-11-29 2007-06-21 Hardjono Thomas P Method to verify the integrity of components on a trusted platform using integrity database services
US20070107046A1 (en) * 2005-11-07 2007-05-10 International Business Machines Corporation Method, system and program product for remotely verifying integrity of a system
US20070230504A1 (en) * 2006-03-29 2007-10-04 Smith Ned M Generating a chain of trust for a virtual endpoint

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015138246A1 (en) * 2014-03-13 2015-09-17 Intel Corporation Symmetric keying and chain of trust
US9348997B2 (en) 2014-03-13 2016-05-24 Intel Corporation Symmetric keying and chain of trust
US9509502B2 (en) 2014-03-13 2016-11-29 Intel Corporation Symmetric keying and chain of trust
US9521125B2 (en) 2014-03-13 2016-12-13 Intel Corporation Pseudonymous remote attestation utilizing a chain-of-trust
US9768951B2 (en) 2014-03-13 2017-09-19 Intel Corporation Symmetric keying and chain of trust
CN112955888A (en) * 2019-01-08 2021-06-11 慧与发展有限责任合伙企业 Protecting a group of nodes
US12393691B2 (en) 2019-01-08 2025-08-19 Hewlett Packard Enterprise Development Lp Securing node groups

Similar Documents

Publication Publication Date Title
US11176255B2 (en) Securely booting a service processor and monitoring service processor integrity
US11503030B2 (en) Service processor and system with secure booting and monitoring of service processor integrity
US10318724B2 (en) User trusted device for detecting a virtualized environment
US8850212B2 (en) Extending an integrity measurement
US10176330B2 (en) Global platform health management
US11714910B2 (en) Measuring integrity of computing system
Xue et al. RootAgency: A digital signature-based root privilege management agency for cloud terminal devices
JP5957004B2 (en) System, method, computer program product, and computer program for providing validation that a trusted host environment is compliant with virtual machine (VM) requirements
US9202062B2 (en) Virtual machine validation
WO2012064171A1 (en) A method for enabling a trusted platform in a computing system
WO2013028059A1 (en) Verification system for trusted platform
Boeck et al. Towards more trustable log files for digital forensics by means of “trusted computing”
Fernandez et al. A cluster of patterns for trusted computing
Frazelle Securing the boot process
Sailer et al. The role of TPM in enterprise security
Haas et al. The State of Boot Integrity on Linux-a Brief Review
CN115879087B (en) A secure and reliable startup method and system for power terminals
Park et al. A tiny hypervisor-based trusted geolocation framework with minimized TPM operations
US20180089415A1 (en) User trusted device for detecting a virtualized environment
Syed et al. A sense of others: behavioral attestation of unix processes on remote platforms
Nie et al. Design and implementation of security operating system based on trusted computing
Alsayed et al. Realizing Macro Based Technique for Behavioral Attestation on Remote Platform
Futral et al. Introduction to Trust and Intel® Trusted Execution Technology
Huang et al. Building Root of Trust for Report with Virtual AIK and Virtual PCR Usage for Cloud
Ismail et al. Realization of dynamic behavior using remotely verifiable n-call slides in Unix process execution trace

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12751141

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12751141

Country of ref document: EP

Kind code of ref document: A1