A secured TPM integration scheme towards smart embedded system based collaboration network

Abstract

To achieve more powerful task processing capabilities, the smart embedded systems (SES) are interconnected via wireless network to form a collaboration system. However, due to the limitations on system hardware, the SES device are usually built with the consideration of software functions instead of enough security mechanisms, that exposes the SESs under the security threats from malware or malicious users, such as software or data tampering. To address this issue, a Trusted Platform Module (TPM) is brought in the SES device to guarantee the integrity of the system, with which any unauthorized modifications towards the SES system can be detected by measurement operations of TPM. However, from the perspective of the external visitors, a SES collaboration network performs as a complete system. Thus, to unify the root-of-trust of the network, all the TPMs need to be integrated into a logical one, which can provide more efficient way to attest the external visitors. This brings two distinct advantages: (1) any nodes of the network can be the access node for the visitor, and (2) once a visitor has been successfully attested, it can access the network via any nodes without extra attestation. To achieve TPM integration, we have proposed five protocols to orchestrate the distributed TPMs, including Synchronization Protocol (SYNP), Node Accessing Protocol (NAP), Crossing-Node Access Protocol (CNAP), Updating Protocol (UPDP) and Node-Removing Protocol (NRP). We have built a prototype system composed of Raspberry Pis and Infineon TPM2.0 chips, in which these protocols are implemented and deployed. Then, we evaluate the protocols’ performance on time consumption, and the results show the feasibility and availability of these protocols. Finally, our analysis on experimental results gives the guidance for appropriate use of these protocols.