Research Of Trusted Remote Attestation

In the past few decades, many software designers assume that the software can not easily be tampered with. Today, with the popularity of software applications, tamper-resistant requirements have become increasingly important. In many applications, the only legitimate, non-tampered client application can be allowed access to services. An authorized entity needs to be able to verify whether the client software on the remote platform has been tampered or not, and the client will be untrusted to the verifier if any tampering behavior is detected.Trusted remote attestation is an important characteristic of trusted computing. It can help the requesting party to confirm the identity and the configuration information of the remote platform, and also can determine the trusted of the remote platform. The verifier is able to dectect the computer changes through attestation process, thus avoiding unsafe or damaged safety computer to send a private message or command. The server uses the remote attestation mechanism to limit the client application, prevent a malicious program or defective application to be used abusely, and avoid communicating with malicious terminal. So the purpose of reinforcing the terminal trusted and system security can be achieved through these limitations.In this thesis, we carried out a detailed introduction to the definition of trusted computing, trusted computing platform and trused remote attestation. The main contribution is as follows:(1) Remote attestation model is divided into four major categories including binary-based remote attestation model, hybrid remote attestation model, software-based remote attestation models and other remote attestation model. A detailed analysis of the advantages and disadvantages of all the categories is made, and thereby make a decision that the property based remote attesatation model which is a kind of hybrid remote attestation model is a resonable model. And it is suitable for our remote attesttation model.(2) A bilinear pairing based remote attestation model (BPBA) is provided in the thesis. It inherits the ideology of the property based attestation model (PBA). There are four protocols in BPBA model:Attribute-Configuration protocol, Signing protocol, Verfication protocol and Revocation protocol. The computational efficiency of the BPBA model with respect to PBA model has increased significantly. BPBA model is established on bilinear pairing while PBA model is setup by RSA key. Bilinear pairings is based on elliptic curve cryptography, one of its significant advantages are that with respect to the RSA key, the bilinear pairings can use more shorter key length, so that we can use smaller bandwidth and memory requirements. On the other hand, BPBA model includes many trusted computing platform parameters in order to resist replay attacks, and take use of information hiding technology to hide certificates and effectively preventing anyone with a source of certificate misuse of the certificate.(3) We have a detailed study of the TPM and AIK management in the cloud computing environment and conduct cloud computing environment remote attestation protocol (CBA) based on the BPBA model. There are also four protocols defined in CBA model which play the same role as BPBA and run between different participants.(4) We compare the advantages and disadvantages of the mainstream security model, and provide a new security model with detailed definitions and rules. To verify the trusted of principal in the model, we can make use of BPBA and CBA. The model introduces BLP model and Clark Wilson model to ensure security and data integrity of principal to read and write; What’s more, the principal access scope can be controled by domain isolation axiom.