System and Method for Measuring Staleness of Attestation Measurements
The Trusted Computing Group (TCG), a not-for-profit organization formed to develop industry standards, has defined mechanisms for achieving trusted computing by using hardware and software components that help identify software and to enforce behavior to allow only known and trusted software to execute. A number of solutions have been developed that use a trusted platform module (TPM) to provide for attestation of the state of a computer system to another party. One problem that occurs during attestation is that, although a second party gets an attestation of measurements taken from an attesting computer system, it does not get any indication as to when those measurements were made. The time elapsed between the measurement of the values and the reporting of the values can be large--days or even months (in the case of a server). It is widely believed that a longer time between when the measurements are taken and when they are reported corresponds to a reduction in the reliability of those measurements; a longer time between measurement and reporting means that there was a longer time for something to have gone wrong, and for the machine to have been successfully attacked. Knowing when these measurements were taken may help determine the trust level in the attesting computer system, which may translate to the level of access granted to a network and other computing resources.
Researchers at The John Hopkins University Applied Physics Laboratory (APL) have developed a mechanism to prove the freshness of attestation measurements stored with a TPM, allowing a third party to determine the time elapsed between when an attester's measurement was taken and when it was reported. With information on this time difference, the third party will be suited to make access control decisions based on the trusted state of the attester. This objective was achieved through the development of software that uses the tickStamping function of the TPM. To prove reliably the freshness of attestation measurements, the software integrates the TPM's tickStamp into the storage of integrity measurements held within the TPM. The technique will use both the tickCount and tickNonce elements of the tickStamp as a means of proving the relative time to boot at which a measurement was locally taken and stored in a TPM.
Patent Status: U.S. patents pending.CONTACT:
Mr. M. T. Hickman