DocumentCode :
2533093
Title :
Design and Implementation of Dual AIK Signing Scheme in Virtual TPM
Author :
Sun, Yuqiong ; Song, Cheng ; Li, Mengqian
Author_Institution :
Sch. of Comput., Beijing Univ. of Posts & Telecommun., Beijing, China
fYear :
2010
fDate :
18-20 Dec. 2010
Firstpage :
183
Lastpage :
187
Abstract :
In current Xen environment, platform attests its integrity to remote customer through signing the measurements of itself by Attestation Identity Key (AIK) from virtual TPM instance. They believe that this evidence of the platform is credible since the signature of AIK can not be faked. However, this approach ignores the privileged domain and its administrator. Since they could access arbitrary memory address of the platform, they could steal the AIK and forge the measurements therefore cheats the customer. In this paper, we design and implement a dual AIK signing scheme which makes use of the AIK from hardware TPM. Through signing the measurements of platform and upper-level virtual machine separately, rogue platform could not tamper with the integrity evidence of the platform. We also present a virtual AIK certificate mechanism and a new remote integrity attestation protocol for this dual AIK signing scheme. Finally, we perform a security analysis of our approach to show that it has built a correct trust model in the trusted virtualization platform and it is truly secure.
Keywords :
authorisation; cryptography; data integrity; parallel architectures; storage management; virtual machines; Xen environment; attestation identity key; dual AIK signing scheme; memory address; remote customer; remote integrity attestation protocol; rogue platform; security analysis; virtual AIK certificate mechanism; virtual TPM; virtual machine; Current measurement; Hardware; Kernel; Privacy; Protocols; Security; Virtual machining; Attestation Identity Key (AIK); Trusted Computing Base (TCB); trusted virtualization platform; vTPM;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Parallel Architectures, Algorithms and Programming (PAAP), 2010 Third International Symposium on
Conference_Location :
Dalian
Print_ISBN :
978-1-4244-9482-8
Type :
conf
DOI :
10.1109/PAAP.2010.41
Filename :
5715082
Link To Document :
بازگشت