Parallel Architectures, Algorithms and Programming, International Symposium on (2010)
Dalian, Liaoning China
Dec. 18, 2010 to Dec. 20, 2010
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/PAAP.2010.41
In current Xen environment, platform attests its integrity to remote customer through signing the measurements of itself by Attestation Identity Key (AIK) from virtual TPM instance. They believe that this evidence of the platform is credible since the signature of AIK can not be faked. However, this approach ignores the privileged domain and its administrator. Since they could access arbitrary memory address of the platform, they could steal the AIK and forge the measurements therefore cheats the customer. In this paper, we design and implement a dual AIK signing scheme which makes use of the AIK from hardware TPM. Through signing the measurements of platform and upper-level virtual machine separately, rogue platform could not tamper with the integrity evidence of the platform. We also present a virtual AIK certificate mechanism and a new remote integrity attestation protocol for this dual AIK signing scheme. Finally, we perform a security analysis of our approach to show that it has built a correct trust model in the trusted virtualization platform and it is truly secure.
trusted virtualization platform, vTPM, Trusted Computing Base (TCB), Attestation Identity Key (AIK)
M. Li, Y. Sun and C. Song, "Design and Implementation of Dual AIK Signing Scheme in Virtual TPM," Parallel Architectures, Algorithms and Programming, International Symposium on(PAAP), Dalian, Liaoning China, 2010, pp. 183-187.