Mutual Attestation Research Articles

ZKSA: Secure mutual Attestation against TOCTOU Zero-knowledge Proof based for IoT Devices

With the widespread adoption of Internet of Things (IoT) devices, remote attestation is crucial for ensuring their security. However, current schemes that require a central verifier or interactive approaches are expensive and inefficient for collaborative autonomous systems. Furthermore, the security of the software state cannot be guaranteed before or between successive attestations, leaving devices vulnerable to Time-Of-Check-Time-Of-Use (TOCTOU) attacks, as well as confidentiality issues arising from pre-sharing software information with the verifier. Therefore, we propose the Secure mutual Attestation against TOCTOU Zero-Knowledge proof based for IoT devices (ZKSA), which allows devices to mutually attest without a central verifier, and the attestation result is transparent while preserving confidentiality. We implement a ZKSA prototype on a Raspberry Pi 3B, demonstrating its feasibility and security. Even if malware is removed before the next attestation, it will be detected and the detection time is typically constant. Simulations show that compared to other schemes for mutual attestation, such as DIAT and CFRV, ZKSA exhibits scalability. When the prover attests to numerous verifier devices, ZKSA reduces the verification time from linear to constant.

Extending TLS with Mutual Attestation for Platform Integrity Assurance

Normally, secure communication between client-server applications is established using secure channel technologies such as Transport Layer Security (TLS). TLS is cryptographic protocol which ensures secure transmission of data and authenticity of communication at each endpoint platform. However, the protocol does not provide any trustworthiness assurance of the involved endpoint. This paper incorporates remote attestation in the TLS key exchange protocol to solve this issue.The proposed embedded attestation extension in TLS protocol will provide assurance of sender's platforms integrity to receiver, and vice versa.The CA responsibility in TLS is replaced using own Trusted Certificate Authority (TCA) in our protocol. The credibility of the proposed protocol is studied to secure against replay attack and collusion attack. The proof is performed using AVISPA with High Level Protocol Specification (HLPSL) through Dolev-Yao intruder model implementation of the proposed protocol.

Evaluation of Unified Security, Trust and Privacy Framework (UnifiedSTPF) for Federated Identity and Access Management (FIAM) Mode

identity and access management systems such as Shibboleth may symbolize a boost: (i) to bring the efficiency and effectiveness in collaboration for governments, enterprises and academia, and (iii) conserve the home domain user's identity privacy in a privacy-enhanced fashion. However, the consternation is about the absence of a trusted computing based mutual trust and security establishment in the Shibboleth infrastructure. The Trusted Computing based mutual attestation notion may assist to add-on the mutual trust and security but raises bidirectional platform privacy concerns. Therefore, to enjoy effectively the federated identity and resource (service) access by the home and foreign domain organizations it is necessary to provide an access control that may coalesced at least some security, trust and privacy aspects in a cohesive fashion. The objective of the work appearing in this paper is to provide a viable and feasible unified security, trust and privacy framework access control solution for federated identity and access management systems by fusing the Shibboleth authentication and authorization access control with the trusted computing based trustworthy mutual attestation.

Trustworthy Mutual Attestation Protocol for Local True Single Sign-On System: Proof of Concept and Performance Evaluation

In a traditional Single Sign-On (SSO) scheme, the user and the Service Providers (SPs) have given their trust to the Identity Provider (IdP) or Authentication Service Provider (ASP) for the authentication and correct assertion. However, we still need a better solution for the local/native true SSO to gain user confidence, whereby the trusted entity must play the role of the ASP between distinct SPs. This technical gap has been filled by Trusted Computing (TC), where the remote attestation approach introduced by the Trusted Computing Group (TCG) is to attest whether the remote platform integrity is indeed trusted or not. In this paper, we demonstrate a Trustworthy Mutual Attestation (TMutualA) protocol as a proof of concept implementation for a local true SSO using the Integrity Measurement Architecture (IMA) with the Trusted Platform Module (TPM). In our proposed protocol, firstly, the user and SP platform integrity are checked (i.e., hardware and software integrity state verification) before allowing access to a protected resource sited at the SP and releasing a user authentication token to the SP. We evaluated the performance of the proposed TMutualA protocol, in particular, the client and server attestation time and the round trip of the mutual attestation time.

Secure System Architecture for Wide Area Surveillance Using Security, Trust and Privacy (STP) Framework

Mobile computing emerged in the market for the past few years to provide solution for various platforms that range from smart phone, tablet, laptop, desktop computer, server to virtual computing systems such as cloud computing. The design approach and development of solutions for mobile computing continues to evolve in fulfilling the needs of diverse applications that run on various platforms. Recently, a new framework was introduced to provide a unified approach to resolve Security, Trust and Privacy (STP) enhancement on these platforms. This new framework emerged to enable a better way of dealing with security, trust and privacy conflicting aspects in pervasive environment such as mobile computing. This framework will be useful for system architects, engineers, designers and developers that are still struggling to create a secure, trustworthy, and privacy preserved environment to create confidence amongst users to do business transactions and collaborations especially in a more challenging environment such as cloud computing. In this paper, we discuss and propose new Secure System Architecture for strengthening surveillance activities in Wide Area using a combination of Trusted Computing (TC) via mutual attestation process to ensure integrity of components of the system, and Surveillance System. We further propose using Intel AMT chip that will generate a heartbeat pulse and transmit the signal through network interface to detect any possible physical intrusion. A failure to provide this pulse within a given time frame will trigger an action by the trusted security system for further analysis such as thievery detection.

SWATT 기법을 이용한 센서 노드 간 상호 검증 프로토콜

ABSTRACT Prevention of attacks being made through program modification in sensor nodes is one of the important security issues. The software-based attestation technology that verifies the running code by checking whether it is modified or not in sensor nodes is being used to solve the attack problem. However, the current software-based attestation techniques are not appropriate in sensor networks because not only they are targeting static networks that member nodes does not move, but also they lacks consideration on the environment that the trusted verifier may not exist. This paper proposes a mutual attestation protocol that is suitable for sensor networks by using SWATT(Software-based ATTestation) technique. In the proposed protocol, sensor nodes periodically notify its membership to neighbor nodes and carry out mutual attestation procedure with neighbor nodes by using SWATT technique. With the proposed protocol, verification device detects the sensor nodes compromised by malicious attacks in the sensor network environments without trusted verifier and the sensor networks can be composed of only the verified nodes.Key Words:Sensor network, Sensor network security, Mutual Attestation, SWATT(Software-based ATTestation)