Expand the SSL/TLS protocol on Trusted Platform Module

Yu, Yue; Sun, Hao; Kong, Yanan

doi:10.1109/iccasm.2010.5623264

Cited by 4 publications

(3 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One of the web service framework using attestation mechanism was proposed by Yue et al [7] which uses SSL/TLS extension to perform attestation. The extension contains an attestation data, named AttestExtData and created at each client and server.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Performance analysis for extended TLS with mutual attestation for platform integrity assurance

Aziz

Udzir

Mahmod

2014

The 4th Annual IEEE International Conference on Cyber Technology in Automation, Control and Intelligent

View full text Add to dashboard Cite

A web service is a web-based application connected via the internet connectivity. The common web-based applications are deployed using web browsers and web servers. However, the security of Web Service is a major concern issues since it is not widely studied and integrated in the design stage of Web Service standard. They are add-on modules rather a well-defined solutions in standards. So, various web services security solutions have been defined in order to protect interaction over a network. Remote attestation is an authentication technique proposed by the Trusted Computing Group (TCG) which enables the verification of the trusted environment of platforms and assuring the information is accurate. To incorporate this method in web services framework in order to guarantee the trustworthiness and security of web-based applications, a new framework called TrustWeb is proposed. The TrustWeb framework integrates the remote attestation into SSL/TLS protocol to provide integrity information of the involved endpoint platforms. The framework enhances TLS protocol with mutual attestation mechanism which can help to address the weaknesses of transferring sensitive computations, and a practical way to solve the remote trust issue at the client-server environment. In this paper, we describe the work of designing and building a framework prototype in which attestation mechanism is integrated into the Mozilla Firefox browser and Apache web server. We also present framework solution to show improvement in the efficiency level.

show abstract

Section: Related Workmentioning

confidence: 99%

“…We embed the remote attestation protocol into the TLS extension following the Yue-Hao-Yanan method [7]. We modified the NSS and OpenSSL library to add remote attestation protocol into the TLS protocol.…”

Section: A Yue-hao-yanan Implementationmentioning

confidence: 99%

Performance analysis for extended TLS with mutual attestation for platform integrity assurance

Aziz

Udzir

Mahmod

2014

The 4th Annual IEEE International Conference on Cyber Technology in Automation, Control and Intelligent

View full text Add to dashboard Cite

show abstract

“…They also do not clearly describe which TLS handshake message they use for the negotiation of the proposed channel. The approach described by Yu et al [151] also combines TPM-based platform configuration data with the TLS protocol. The authors strongly focus on the TLS renegotiation attack [see 102].…”

Section: Trusted Platform Module Based Approachesmentioning

confidence: 99%

Detecting Peripheral-based Attacks on the Host Memory

Stewin¹

2015

T-Labs Series in Telecommunication Services

View full text Add to dashboard Cite

Ich versichere von Eides statt, dass ich diese Dissertation selbständig verfasst und nur die angegebenen Quellen und Hilfsmittel verwendet habe. Datum i/ix Abstract Adversaries can deploy rootkit techniques on the target platform to persistently attack computer systems in a stealthy manner. Industrial and political espionage, surveillance of users as well as conducting cybercrime require stealthy attacks on computer systems. Utilizing a rootkit technique means, that a part of the implemented attack code is responsible for concealing the attack. Attack code that is loaded into peripherals such as the network interface card or special micro-controllers currently are the peak of the evolution of rootkits. This work examines such stealthy peripheral-based attacks on the host computer. Peripherals have a dedicated processor and dedicated runtime memory to handle their tasks. This means that these peripherals are essentially a separate system. Attackers benefit from this kind of isolation. Peripherals generally communicate with the host via the host main memory. Attackers exploit this fact. All host runtime data is present in the main memory. This includes cryptographic keys, passwords, opened files, and other sensitive data. The attacker only needs to locate such data. Subsequently, attackers can read and modify the data unbeknownst by utilizing the direct memory access mechanism of the peripheral. This allows for circumventing security software such as state-of-the-art anti-virus software and modern hardened operating system kernels. Detecting such attacks is the goal of this work. Stealthy malicious software (malware) that is based on an isolated micro-controller is implemented to conduct an attack analysis. The malware proof of concept is called DAGGER, which is derived from Direct memory Access based keystroke code loGGER. The development and analysis of this malware reveals important properties of peripheral-based mal-ware. The results of the analysis are the basis for the development of a novel runtime detector. The detector is called BARM-Bus Agent Runtime Monitor. This detector reveals stealthy peripheral-based attacks on the host main memory by exploiting certain hardware properties. A permanent and resource-efficient measurement strategy ensures that the detector is also capable of detecting transient attacks. Such transient attacks are possible when the applied measurement strategy only measures at certain points in time. The attacker exploits this measurement strategy by attacking the system in between two measurements and by destroying all attack traces before the system is measured. The detector represents an alternative solution for previously proposed preventive protection approaches, i. e., input/output memory management units. Previously proposed approaches are not necessarily effective due to practical issues. This fact as well as the threat posed by peripheral-based mal-ware demand the alternative detector solution that is presented in this work. The detector does not only reveal an attack, but al...

show abstract