Property-based Remote Attestation System On Trusted Platform

With the rapid development of Internet and highly popularity of computer, resources sharing and collaborative computing in network environment play an increasingly important role in human activity. Before collaboration, it is necessary to determine the authenticity and creditability of hardware and software configuration of the remote platforms, to ensure that the remote hosts'behaviour will be in the context of expectations. Widely used access control and authentication technologies based on cryptography and PKI don't consider this goal. Simple remote attestation mechanism defined by TCG attempt to solve this problem, while it proves to have defects in management and version control because it is based on measurement values, which brings on the difficulty in practical applications.To address the issues above, property and policy are introduced into remote attestation in PRAS (Property-based Remote Attestation System on trusted platform). Concern of users on the remote host is not only what hardware or software configuration and measurement value it has, more importantly, what security-related property it can provide. To confirm the legitimacy of properties, property certificate, property authority and platform authority are also introduced into PRAS. Property certificate represents the legitimate attribute set. Both property authority and platform authority are established on trusted platform; the former is responsible for issuing property certificate, and the latter for issuing identity certificate of platforms or application. In order to timely detect changes of platforms or applications, PRAS designs the dynamic wiretapping mechanism for collecting property sets using asynchronous signal processing technology, which makes the property certificate reflect the latest state of certain platform or application. The signed property certificates are bound with the platforms'state using Seal/UnSeal encryption mechanism of trusted platform to ensure their safety. Before attesting credibility of remote platforms or application, users should define their security requirements for the attested objectives in the form of credibility assessing policy. Sine then, PRAS client will analyse the credibility of property certificate according to the policy defined previously. In addition, data transfer protocol is designed base on TPM (Trusted Platform Module) in PRAS, to enhance data security when transferring in network environment. Based on the Linux operating system, PRAS is implemented using the programming languages such C, Java, JSP. Also, the system performance is tested. Test results show that PRAS proves to play a functional role in detecting illegal tamper and legal upgrading of applications and other changes. The PRAS client's total spending time are close 14.8s, which users can bear. Pressure test shows that PRAS server has strong handling ability, with the largest handling number between 16 and 18 each second. The exact rate of PRAS in detecting tamper, upgrading and rolling back of applications is between 0.97 and 0.99, which meets the users'requirements well.