On Reliable Platform Configuration Change Reporting Mechanisms for Trusted Computing Enabled Platforms
Kurt Dietrich (Graz University of Technology, Austria)
Abstract: One of the most important use-cases of Trusted Computing is Remote Attestation. Itallows platforms to get a trustworthy proof of the loaded software and current configuration of certain remote platforms, thereby enabling them to make decisions about the remote platforms'trust status. Common concepts like Internet Protocol security or Transport Layer Security make these decisions based on shared secrets or certificates issued by third parties. Unlike remote at-testation, these concepts do not take the current configuration or currently loaded software of the platforms into account. Consequently, combining remote attestation and existing secure channelconcepts can solve the long lasting problem of secure channels that have to rely on insecure channel endpoints. Although this gap can now be closed by Trusted Computing, one important prob-lem remains unsolved: A platform's configuration changes everytime new software is loaded. Consequently, a reliable and in-time method to provide a proof for this configuration change -especially on multiprocess machines - is required to signal the platforms involved in the communication that a configuration change of the respectively other platform has taken place. Ourresearch results show that a simple reporting mechanism can be integrated into current Trusted Platform Modules and Transport Layer Security implementations with a few additional TrustedPlatform Modules commands and a few extensions to the TLS protocol.
Keywords: TLS, platform configuration reporting, remote attestation, secure channels, trusted computing
Categories: K.6.5, L.4