Linking remote attestation to secure tunnel endpoints

Scalable Trusted Computing Pub Date : 2006-11-03 DOI:10.1145/1179474.1179481

Kenneth A. Goldman, R. Perez, R. Sailer

{"title":"Linking remote attestation to secure tunnel endpoints","authors":"Kenneth A. Goldman, R. Perez, R. Sailer","doi":"10.1145/1179474.1179481","DOIUrl":null,"url":null,"abstract":"Client-Server applications have become the backbone of the Internet and are processing increasingly sensitive information. We have come to rely on the correct behavior and trustworthiness of online banking, online shopping, and other remote access services. These services are implemented as cooperating processes on different platforms. To trust distributed services, one must trust each cooperating process and their interconnection.Common practice today is to establish secure tunnels to protect the communication between local and remote processes. Typically, a user controls the local system. The user also controls the security of the tunnel through negotiation and authentication protocols. Ongoing and published work examines how to create and monitor properties of remote systems. What is missing is the link or binding between such properties and the actual remote tunnel endpoint.We examine here how to link specific properties of a remote system \"gained through TPM-based attestation\" to secure tunnel endpoints to counter attacks where a compromised authenticated SSL endpoint relays the TPM-based attestation to another system. We show how the proposed mechanism can be deployed in virtualized environments to create inexpensive SSL endpoint certificates and instant revocation that scales Internet-wide.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"126","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Scalable Trusted Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1179474.1179481","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 126

Abstract

Client-Server applications have become the backbone of the Internet and are processing increasingly sensitive information. We have come to rely on the correct behavior and trustworthiness of online banking, online shopping, and other remote access services. These services are implemented as cooperating processes on different platforms. To trust distributed services, one must trust each cooperating process and their interconnection.Common practice today is to establish secure tunnels to protect the communication between local and remote processes. Typically, a user controls the local system. The user also controls the security of the tunnel through negotiation and authentication protocols. Ongoing and published work examines how to create and monitor properties of remote systems. What is missing is the link or binding between such properties and the actual remote tunnel endpoint.We examine here how to link specific properties of a remote system "gained through TPM-based attestation" to secure tunnel endpoints to counter attacks where a compromised authenticated SSL endpoint relays the TPM-based attestation to another system. We show how the proposed mechanism can be deployed in virtualized environments to create inexpensive SSL endpoint certificates and instant revocation that scales Internet-wide.

查看原文本刊更多论文

连接远程认证到安全隧道端点

客户机-服务器应用程序已经成为Internet的骨干，并且正在处理越来越敏感的信息。我们已经开始依赖于网上银行、网上购物和其他远程访问服务的正确行为和可信度。这些服务被实现为不同平台上的协作流程。要信任分布式服务，必须信任每个协作进程及其互连。目前的常见做法是建立安全隧道，以保护本地和远程进程之间的通信。通常，用户控制本地系统。用户还可以通过协商协议和认证协议控制隧道的安全性。正在进行和已发表的工作将研究如何创建和监视远程系统的属性。缺少的是这些属性与实际的远程隧道端点之间的链接或绑定。在这里，我们将研究如何将“通过基于tsm的认证获得”的远程系统的特定属性链接到安全隧道端点，以对抗攻击，在这种攻击中，已通过身份验证的SSL端点将基于tsm的认证转发给另一个系统。我们将展示如何在虚拟化环境中部署所建议的机制，以创建廉价的SSL端点证书和可扩展到internet范围的即时撤销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Scalable Trusted Computing

自引率

0.00%

发文量