Integrity Attestation Research Articles

NSGA-II-Based Granularity-Adaptive Control-Flow Attestation

Since the widespread adoption of edge computing and IoT technology, Control-Flow Hijacking (CFH) attacks targeting programs in resource-constrained embedded devices have become prevalent. While the Coarse-Grained Control-Flow integrity Attestation (CGCFA) lacks accuracy for the CFH attacks detection, the Fine-Grained Control-Flow integrity Attestation (FGCFA) detect the attacks more accurately but with high overheads, which can be a big burden (e.g., to industrial control system with strict performance requirements). In this paper, we propose a NSGA-II (Nondominated Sorting Genetic Algorithm-II) based Granularity-Adaptive Control-Flow Attestation (GACFA) for the programs in embedded devices. Specifically, we propose a Granularity-Adaptive Control-Flow representation model to reduce the complexity of programs’ control-flow graph and propose NSGA-II-based granularity-adaptive strategy generation algorithm to balance the security and performance requirements. Besides, runtime protection for the GACFA at the program end with SGX is proposed to protect the integrity and confidentiality of control-flow measurement data. The experiments show that our work can find out the best-so-far control-flow granularity with stability and provide secure program attestation for the verifier. In addition, the security/performance benefit of adopting our proposal over CGCFA is 13.7, 25.1, and 43.0 times that of adopting FGCFA over ours in different threat scenarios.

D2Gen: A Decentralized Device Genome Based Integrity Verification Mechanism for Collaborative Intrusion Detection Systems

Collaborative Intrusion Detection Systems are considered an effective defense mechanism for large, intricate, and multilayered Industrial Internet of Things against many cyberattacks. However, while a Collaborative Intrusion Detection System successfully detects and prevents various attacks, it is possible that an inside attacker performs a malicious act and compromises an Intrusion Detection System node. A compromised node can inflict considerable damage on the whole collaborative network. For instance, when a malicious node gives a false alert of an attack, the other nodes will unnecessarily increase their security and close all of their services, thus, degrading the system’s performance. On the contrary, if the spurious node approves malicious traffic into the system, the other nodes would also be compromised. Therefore, to detect a compromised node in the network, this article introduces a device integrity check mechanism based on “Digital Genome.” In medical science, a genome refers to a set that contains all of the information needed to build and maintain an organism. Based on the same concept, the digital genome is computed over a device’s vital hardware, software, and other components. Hence, if an attacker makes any change in a node’s hardware and software components, the digital genome will change, and the compromised node will be easily detected. It is envisaged that the proposed integrity attestation protocol can be used in diverse Internet of Things and other information technology applications to ensure the legitimate operation of end devices. This study also proffers a comprehensive security and performance analysis of the proposed framework.

Mutual authentication‐based RA scheme for embedded systems

To improve the security and efficiency of remote attestation (RA) for embedded systems, this study proposes mutual authentication-based RA scheme for embedded systems. Especially, the authors design an RA framework based on authentication agents and measurement agents, which combines the mutually anonymous identity authentication scheme with the platform integrity attestation. During the identity authentication period, based on the traditional direct anonymous authentication scheme, the time-stamping mechanism and the mutual direct anonymous attestation mechanism are proposed to achieve bidirectional anonymous authentication of both parties in the communication. During the platform integrity attestation period, combining with the locality principle, they improve the data structure for storing the integrity measurements of the module and propose an RA mechanism based on locality principle-based hash tree. This mechanism can shorten the length of the certification path and improve the verification efficiency of platform configuration integrity certification. Furthermore, experimental results and analysis show that the efficiency of the proposed scheme is superior to the existing schemes.

A Secure Protocol for Remote-Code Integrity Attestation of Embedded Systems: The CSP Approach

No doubt, a person of modern society relying on Embedded Systems (ESs) has increased rapidly and the era of digital machines is gaining popularity among users and also systems providers. At the same time, such instruments face substantial security challenges because they usually operate in a physically unprotected environment, and thus attract the attackers to gain unauthorized access for utilizing the system functions. Accordingly, system integrity is important and hence there is a need to propose a technique/tool to verify that the original/pure systems codes have been used in those devices. In this research, our main objective is to design a system architecture with a secure communication for code integrity attestation of an ES. Indeed, the study presents the proposed system architecture for ESs integrity attestation which includes two main phases: fetching an ES code at a server site and examining the ES at a remote site (using a designed user application). Essentially, the hash function (SHA-2) with a random key to calculate a unique digest value for a targeted system have been utilized. Also, the study used timestamps and nonce values, two secure keys, and public key algorithm to design a secure protocol in-order to prevent potential attacks during data and the associated values transfer between the server and the remote user application. As many researchers state that the formal methods are very precise and accurate for presenting system specifications; this study modeled and analyzed the proposed attestation protocol using the Communicating Sequential Processes (CSP) formal method approach. Besides, the Compiler for the Analysis of Security Protocols (Casper) has been used to translate the protocol description into the corresponding process algebra CSP model. Then, the researcher used the Failures Divergences Refinement (FDR) to evaluate the proposed protocol. Those formal method tools are considered as a reliable verification measurement in-order to figure-out potential flaws and correct them. Overall, the final output of checking all the defined secrecy and authentication assertions using FDR 4.2.0, and thus all the secrecy and authentication specifications defined in the developed Casper script are passed.

OB‐IMA: out‐of‐the‐box integrity measurement approach for guest virtual machines

SummaryInfrastructure as a Service cloud provides elasticity and scalable virtual machines (VMs) as computing service to multiple tenants, but the tenants lose the full control of their data. Measuring the integrity of critical files of the VMs and providing the integrity attestation to the tenants on the basis of TCG trusted computing techniques is an effective way to alleviate their anxiety. This paper considers how to measure the integrity of the processes run in guest VMs and files opened in guest VMs. We propose an out‐of‐the‐box integrity measurement approach to measure the integrity of critical files through system call (syscall) interception without any modification of the guest VMs. Out‐of‐the‐box integrity measurement approach can not only measure the integrity of all files that have been considered by existing approaches but also measure the integrity of the system configuration files, program loaders, and script interpreters, which affect the system behaviors and integrity. The ability of supporting both system and manual measurement policies makes our approach flexible. We implement this approach in Xen hypervisor with little modification of the existing syscall interception method, and this approach can be ported to other virtualization platform easily. Copyright © 2014 John Wiley & Sons, Ltd.

Scalable Distributed Service Integrity Attestation for Software-as-a-Service Clouds

Software-as-a-service (SaaS) cloud systems enable application service providers to deliver their applications via massive cloud computing infrastructures. However, due to their sharing nature, SaaS clouds are vulnerable to malicious attacks. In this paper, we present IntTest, a scalable and effective service integrity attestation framework for SaaS clouds. IntTest provides a novel integrated attestation graph analysis scheme that can provide stronger attacker pinpointing power than previous schemes. Moreover, IntTest can automatically enhance result quality by replacing bad results produced by malicious attackers with good results produced by benign service providers. We have implemented a prototype of the IntTest system and tested it on a production cloud computing infrastructure using IBM System S stream processing applications. Our experimental results show that IntTest can achieve higher attacker pinpointing accuracy than existing approaches. IntTest does not require any special hardware or secure kernel support and imposes little performance impact to the application, which makes it practical for large-scale cloud systems.

A Trusted Authentication Protocol based on SDIO Smart Card for DRM

Terminals security vulnerabilities makes DRM researches to focus on trusted computing technology in recent years, however, no efficient and practical trusted authentication protocol is presented, especially with formal proof. To attest the integrity when access to the DRM server, the DRM client need perform mutual authentication and key agreement with the server first, and then use the sharing key to encrypt the integrity values. A novel trusted authentication protocol based on SDIO smart card is presented together with its formal security proof. The proposed protocol is composed of registration phase, login phase, identity authentication and key agreement phase, and integrity attestation phase. In contrast to other corrective schemes through attack resisting analysis and computational cost analysis, the proposed scheme is able to provide greater security and practicality to guarantee the trust attestation for DRM.

Data Firewall: A TPM-based Security Framework for Protecting Data in Thick Client Mobile Environment

Recently, Virtual Desktop Infrastructure (VDI) has been widely adopted to ensure secure protection of enterprise data and provide users with a centrally managed execution environment. However, user experiences may be restricted due to the limited functionalities of thin clients in VDI. If thick client devices like laptops are used, then data leakage may be possible due to malicious software installed in thick client mobile devices. In this paper, we present Data Firewall, a security framework to manage and protect securitysensitive data in thick client mobile devices. Data Firewall consists of three components: Virtual Machine (VM) image management, client VM integrity attestation, and key management for Protected Storage. There are two types of execution VMs managed by Data Firewall: Normal VM and Secure VM. In Normal VM, a user can execute any applications installed in the laptop in the same manner as before. A user can access security-sensitive data only in the Secure VM, for which the integrity should be checked prior to access being granted. All the security-sensitive data are stored in the space called Protected Storage for which the access keys are managed by Data Firewall. Key management and exchange between client and server are handled via Trusted Platform Module (TPM) in the framework. We have analyzed the security characteristics and built a prototype to show the performance overhead of the proposed framework.

Design and implementation of a portable TPM scheme for general-purpose trusted computing based on EFI

In today's globalized digital world, network-based, mobile, and interactive collaborations have enabled work platforms of personal computers to cross multiple geographical boundaries. The new requirements of privacy-preservation, sensitive information sharing, portability, remote attestation, and robust security create new problems in system design and implementation. There are critical demands for highly secure work platforms and security enhancing mechanisms for ensuring privacy protection, component integrity, sealed storage, and remote attestation of platforms. Trusted computing is a promising technology for enhancing the security of a platform using a trusted platform module (TPM). TPM is a tamper-resistant microcontroller designed to provide robust security capabilities for computing platforms. It typically is affixed to the motherboard with a low pin count (LPC) bus. However, it limited in that TPM cannot be used directly in current common personal computers (PCs), and TPM is not flexible and portable enough to be used in different platforms because of its interface with the PC and its certificate and key structure. For these reasons, we propose a portable trusted platform module (PTPM) scheme to build a trusted platform for the common PC based on a single cryptographic chip with a universal serial bus (USB) interface and extensible firmware interface (EFI), by which platforms can get a similar degree of security protection in general-purpose systems. We show the structure of certificates and keys, which can bind to platforms via a PTPM and provide users with portability and flexibility in different platforms while still allowing the user and platform to be protected and attested. The implementation of prototype system is described in detail and the performance of the PTPM on cryptographic operations and time-costs of the system bootstrap are evaluated and analyzed. The results of experiments show that PTPM has high performances for supporting trusted computing and it can be used flexibly and portably by the user.

Attestation of integrity of overlay networks

Security of overlay networks requires that the integrity of the software stack of a node is attested not only when a node joins an overlay but continuously, to discover updates of its configuration due to malware. We present a framework that integrates an initial attestation and a continuous node monitoring that strongly separates the software of a node from the attestation system by running them in two virtual machines (VMs). The Monitored VM (Mon-VM) runs the applicative software while the Assurance VM (A-VM) exploits virtual machine introspection to access the status of the Mon-VM to attest and monitor the integrity of its software stack. Before a node can join an overlay, the A-VM of one overlay node interacts with the A-VM of the joining node to attest the integrity of the Mon-VM. After this start-up attestation, the A-VM continuously monitors the behavior of the Mon-VM of its node to detect the injection of malware. Monitoring strategies range from the evaluation of assertions on memory areas of the OS to the comparison of the application behavior against the expected one. The expected behavior is defined by the overlay security policy or computed by applying static tools to the application source code. To define a root-of-trust for the measurements, each node includes a TPM to attest the integrity of the A-VM and of the underlying VMM. We present the resulting system architecture and discuss the main design choices, the underlying threat model as well as the implementation of a prototype.