CFP last date
20 January 2025
Reseach Article

Dynamic Change Reporting of Platform Configuration

by Hoda Ghazaghi, Mohammad-ali Doostari
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 77 - Number 8
Year of Publication: 2013
Authors: Hoda Ghazaghi, Mohammad-ali Doostari
10.5120/13416-1083

Hoda Ghazaghi, Mohammad-ali Doostari . Dynamic Change Reporting of Platform Configuration. International Journal of Computer Applications. 77, 8 ( September 2013), 29-36. DOI=10.5120/13416-1083

@article{ 10.5120/13416-1083,
author = { Hoda Ghazaghi, Mohammad-ali Doostari },
title = { Dynamic Change Reporting of Platform Configuration },
journal = { International Journal of Computer Applications },
issue_date = { September 2013 },
volume = { 77 },
number = { 8 },
month = { September },
year = { 2013 },
issn = { 0975-8887 },
pages = { 29-36 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume77/number8/13416-1083/ },
doi = { 10.5120/13416-1083 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:49:45.357077+05:30
%A Hoda Ghazaghi
%A Mohammad-ali Doostari
%T Dynamic Change Reporting of Platform Configuration
%J International Journal of Computer Applications
%@ 0975-8887
%V 77
%N 8
%P 29-36
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

TCG group introduced the Remote Attestation Protocol, which has a weak point that makes it vulnerable to a masquerade attack. In this paper, a new method is introduced for improving the security of this protocol against masquerading attacks. The security of the improved protocol is analyzed using AVISPA tools. Advantages of the improved protocol include a reduced number of messages and lower cost, which prevents useless communication. Furthermore, an improved mechanism for measuring and reporting the changes is recommended. Combining the above mentioned, improved protocol with the improved integrity measurement and reporting mechanism can solve the existing problem in certain critical applications.

References
  1. Aarthi Nagarajan, Vijay Varadharajan, Michael Hitchens, Eimear Gallery, 2009, Property Based Attestation and Trusted Computing: Analysis and Challenges, Third International Conference on Network and System Security. IEEE.
  2. Ahmad-Reza Sadeghi, 2008, Trusted Computing Special Aspects and Challenges, SOFSEM 2008, LNCS 4910. Springer-Verlag Berlin Heidelberg, 2008; pp. 98–117.
  3. David Safford, Mimi Zohar, A Trusted Linux Client (TLC), T. J. Watson Research Center IBM, Final report.
  4. Elaine Shi, Adrian Perrig, Leendert Van Doorn, 2005, BIND: A Fine-grained Attestation Service for Secure Distributed Systems, Security and Privacy, IEEE.
  5. E. Brickell, J. Camenisch, and L. Chen, 2004, Direct Anonymous Attestation, In Proceeding of the 11th ACM conference on computer and communication security, pp. 132-145.
  6. Frederic Stumpf, Omid Tafreschi, Patrick R¨oder, Claudia Eckert, December 2006, A Robust Integrity Reporting Protocol for Remote Attestation, Second Workshop on Advances in Trusted Computing (WATC '06 Fall), Tokyo, Japan.
  7. George Coker, Joshua Guttman, Peter Loscocco, Amy Herzog, June 2011, Principles of Remote Attestation, International Journal of Information Security - Special Issue:10th International Conference on Information and Communications Security, Springer-Verlag Berlin, Heidelberg, 2(10): 63-81.
  8. Reiner Sailer, 2011, Integrity Measurement Architecture (IMA), IBM research.
  9. Jan Camenisch, Better Privacy for Trusted Computing Platforms, Final report, IBM Research. Zurich Research Laboratory, CH-8803 R¨uschlikon, Switzerland.
  10. Liang Gu, Yueqiang Cheng, Xuhua Ding, Robert H. Deng, Yao Guo, Weizhong Shao, 2009, Remote Attestation on Function Execution.
  11. Luca Vigan, 2006, Automated Security Protocol Analysis with the AVISPA Tool, Electronic Notes in Theoretical Computer Science, Elsevier; 155:61-86.
  12. Martin Pirker, Ronald Toegl, Daniel Hein, Peter Danner, 2009 A PrivacyCA for Anonymity and Trust, Trust 2009, LNCS 5471. Springer-Verlag Berlin Heidelberg. pp, 101–119.
  13. Reiner Sailer, Xiaolan Zhang, Trent Jaeger, Leendert van Doorn, August 2004, Design and Implementation of a TCG-based Integrity Measurement Architecture, In 13th USENIX Security Symposium, IBM T. J. Watson Research Center.
  14. Reiner Sailer, Scarsdale, Leendert Peter van Doorn, Xiaolan Zhang, 2011, METHOD AND SYSTEM FOR MEASURING STATUS AND STATE OF REMOTELY EXECUTING PROGRAMS, International Business Machines corporation, assignee, United States Patent: US 7,882, 221 B2.
  15. Shane Balfe, Eimear Gallery, Chris J. Mitchell, Kenneth G. Paterson, 2008, Challenges for Trusted Computing, Final report, Royal Holloway: University of Londo.
  16. SHEN ChangXiang, ZHANG HuanGuo, WANG HuaiMin, WANG Ji, ZHAO Bo, YAN Fei, YU FaJiang, ZHANG LiQiang, XU MingDi, 2010, Research on trusted computing and its development, Science China Press and Springer-Verlag Berlin Heidelberg, 53: 405–433.
  17. Song Cheng, Liu Bing, Xin Yang, Yang Yixian , Li Zhongxian, Yin Han, 2009, A Security-Enhanced Remote Platform Integrity Attestation Scheme, IEEE.
  18. TCG Group, TPM Main Part 1 Design Principle [Internet], Specification Version 1. 2, July 2007, Available from: www. trustedcomputinggroup. org.
  19. Trent Jaeger, Reiner Sailer, Umesh Shankar, 2006, PRIMA: PolicyReduced Integrity Measurement Architecture, SACMAT'06, ACM, Lake Tahoe, California, USA.
  20. Xinwen Zhang, Songqing Chen, Ravi Sandhu, 2005, Enhancing Data Authenticity and Integrity in P2P Systems, George Mason University: IEEE internet computing.
  21. Yacine Gasmi, Ahmad-Reza Sadeghi, Patrick Stewin, Martin Unger, N. Asoka, 2007, Beyond Secure Channels, ACM workshop on Scalable trusted computing.
  22. Yan Jianhong, Peng Xinguang, 2010, Protocol for Dynamic Component-Property Attestation in Trusted Computing, Second International Conference on Networks Security, Wireless Communications and Trusted Computing, IEEE computer society, p. 369-372.
Index Terms

Computer Science
Information Sciences

Keywords

remote attestation Trusted Platform Module integrity measurement masquerading attack formal analysis