ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
An efficient implementation of trusted channels based on openssl
Full text PdfPdf (478 KB)
Source
Conference on Computer and Communications Security archive
Proceedings of the 3rd ACM workshop on Scalable trusted computing table of contents
Alexandria, Virginia, USA
SESSION: Trusted computing building blocks table of contents
Pages 41-50  
Year of Publication: 2008
ISBN:978-1-60558-295-5
Authors
Frederik Armknecht  Ruhr University Bochum, Bochum, Germany
Yacine Gasmi  Ruhr University Bochum, Bochum, Germany
Ahmad-Reza Sadeghi  Ruhr University Bochum, Bochum, Germany
Patrick Stewin  Ruhr University Bochum, Bochum, Germany
Martin Unger  Ruhr University Bochum, Bochum, Germany
Gianluca Ramunno  Politecnico di Torino, Torino, Italy
Davide Vernizzi  Politecnico di Torino, Torino, Italy
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 14,   Downloads (12 Months): 172,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1456455.1456462
What is a DOI?

ABSTRACT

Security breaches on the Internet rarely involve compromising secure channels - typically based on protocols like Transport Layer Security (TLS) or Internet Protocol Security (IPsec) - because communication endpoints are much easier to compromise. Recent approaches aiming to solve this problem rely on the TLS protocol to additionally provide integrity information of the involved endpoints. However, these solutions have shortcomings with regard to either security, functionality or compliance to the TLS specification. This prevents that those approaches are deployed in practice. In this paper, we present an implementation of a security architecture for establishing Trusted Channels based on OpenSSL that resolves the deficiencies of the previous solutions. It provides the possibility to convey reliable integrity information of the involved endpoints and offers the high security standards of former approaches while being flexible, scalable and efficient to enable widespread deployment.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Blake-Wilson, S. et al. Transport Layer Security(TLS) Extensions. IETF RFC 4366, Apr. 2006.
 
2
Chess, D., Dyer, J., Itoi, N., Kravitz, J.,Palmer, E., Perez, R., and Smith, S. Usingtrusted co-servers to enhance security of webinteraction, Mar. 2007.
 
3
Dierks, T., and Rescorla, E. The Transport LayerSecurity (TLS) Protocol Version 1.1. IETF RFC 4346,Apr. 2006.
 
4
D. Eastlake, 3rd , P. Jones, US Secure Hash Algorithm 1 (SHA1), RFC Editor, 2001
 
5
EMSCB Project. Towards Trustworthy Systemswith Open Standards and Trusted Computing, 2008.
 
6
Michael Franz , Deepak Chandra , Andreas Gal , Vivek Haldar , Christian W. Probst , Fermín Reig , Ning Wang, A portable virtual machine target for proof-carrying code, Science of Computer Programming, v.57 n.3, p.275-294, September 2005  [doi>10.1016/j.scico.2004.09.001]
7
Yacine Gasmi , Ahmad-Reza Sadeghi , Patrick Stewin , Martin Unger , N. Asokan, Beyond secure channels, Proceedings of the 2007 ACM workshop on Scalable trusted computing, November 02-02, 2007, Alexandria, Virginia, USA  [doi>10.1145/1314354.1314363]
8
Kenneth Goldman , Ronald Perez , Reiner Sailer, Linking remote attestation to secure tunnel endpoints, Proceedings of the first ACM workshop on Scalable trusted computing, November 03-03, 2006, Alexandria, Virginia, USA  [doi>10.1145/1179474.1179481]
 
9
Vivek Haldar , Deepak Chandra , Michael Franz, Semantic remote attestation: a virtual machine directed approach to trusted computing, Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium, p.3-3, May 06-07, 2004, San Jose, California
 
10
R. Housley , W. Ford , W. Polk , D. Solo, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC Editor, 1999
 
11
IETF. SSL 3.0 specification, May 2008.
 
12
S. Jiang , S. Smith , K. Minami, Securing Web Servers against Insider Attack, Proceedings of the 17th Annual Computer Security Applications Conference, p.265, December 10-14, 2001
 
13
Kent, S., and Seo, K. Security Architecture for theInternet Protocol. IETF RFC 4301, Dec. 2005.
 
14
Kuhlmann, D., Landfermann, R., Ramasamy, H.,Schunter, M., Ramunno, G., and Vernizzi, D. AnOpen Trusted Computing Architecture -- Securevirtual machines enabling user--defined policyenforcement, 2006.
 
15
M. Leech , M. Ganis , Y. Lee , R. Kuris , D. Koblas , L. Jones, SOCKS Protocol Version 5, RFC Editor, 1996
 
16
John Marchesini , Sean W. Smith , Omen Wild , Josh Stabiner , Alex Barsamian, Open-Source Applications of TCPA Hardware, Proceedings of the 20th Annual Computer Security Applications Conference, p.294-303, December 06-10, 2004  [doi>10.1109/CSAC.2004.25]
 
17
Ned M. Smith. System and method for combininguser and platform authentication in negotiated channel security protocols, Sept. 2005.
 
18
OpenSSL Project. The OpenSSL ProjectHomepage, 2007.
 
19
OpenTC Project. The OpenTC Project Homepage,2008.
 
20
ORSA laboratories. Public-Key CryptographyStandards (PKCS), May 2008.
21
Ahmad-Reza Sadeghi , Christian Stüble, Property-based attestation for computing platforms: caring about properties, not mechanisms, Proceedings of the 2004 workshop on New security paradigms, September 20-23, 2004, Nova Scotia, Canada  [doi>10.1145/1065907.1066038]
 
22
Sadeghi, A.-R., Stuble, C., and Pohlmann, N. European multilateral secure computing base -- open trusted computing for you and me. Datenschutz und Datensicherheit DuD 28, 9 (2004), 548--554. Verlag Friedrich Vierweg & Sohn, Wiesbaden.
 
23
Sadeghi, A.-R., Stuble, C., Wolf, M., Asokan, N., and Ekberg, J.-E. Enabling Fairer Digital Rights Management with Trusted Computing. ISC '07 Proceedings, 2007.
 
24
Sailer, R., Valdez, E., Jaeger, T., Perez, R., van Doorn, L., Griffin, J. L., and Berger, S. sHype: Secure hypervisor approach to trusted virtualized systems. Techn. Rep. RC23511, Feb. 2005. IBM Research Division.
 
25
Reiner Sailer , Xiaolan Zhang , Trent Jaeger , Leendert van Doorn, Design and implementation of a TCG-based integrity measurement architecture, Proceedings of the 13th conference on USENIX Security Symposium, p.16-16, August 09-13, 2004, San Diego, CA
 
26
Santesson, S. TLS Handshake Message for Supplemental Data. IETF RFC 4680, Sept. 2006.
 
27
Selhorst, M. TrustedGRUB -- Details, Apr. 2008.
 
28
Squid-cache.org. Squid: Optimising Web Delivery, May 2008.
 
29
Stumpf, F., Tafreschi, O., Roder, P., and Eckert, C. A robust Integrity Reporting Protocol for Remote Attestation. WATC '06 Proceedings, Dec. 2006.
 
30
TCG Infrastructure Working Group (IWG). TCG Infrastructure Workgroup Subject Key Attestation Evidence Extension, June 2005. Specification Version 1.0 Revision 7.
 
31
TCG Infrastructure Working Group (IWG). TCG Infrastructure Working Group Reference Architecture for Interoperability (Part I), June 2005. Specification Version 1.0 Revision 1.
 
32
Trusted Computing Group. TCG Specification Architecture Overview, Mar. 2003. Specification Revision 1.3 28th March 2007.
 
33
Trusted Computing Group. TCG Software Stack (TSS) Specification Version 1.2, Jan. 2006. Specification Version 1.2 Level 1 Final.
 
34
Trusted Computing Group. TCG TPM Main Part 2 TPM Structures, Mar. 2006. Specification Version 1.2 Level 2 Revision 94.
 
35
Trusted Computing Group. TCG TPM Main Part 3 Commands, July 2007. Specification Version 1.2 Level 2 Revision 103.
 
36
Trusted Network Connect Work Group. TCG Trusted Network Connect TNC Architecture for Interoperability, May 2007. Specification Version 1.2 Revision 4.
 
37
United States Computer Security Readiness Team. Technical Cyber Security Alert TA08-137A, June 2008.
 
38
VMware Incorporated. VMware Virtualization Software, 2008.
 
39
Xen Project. The Xen Hypervisor Open Source Project Homepage, 2007.

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.2 Network Protocols

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection


General Terms:
Design, Economics, Measurement, Security, Standardization


Keywords:
attestation, openSSL, transport layer security (TLS), trusted channel, trusted computing (TC)

Collaborative Colleagues:
Frederik Armknecht: colleagues
Yacine Gasmi: colleagues
Ahmad-Reza Sadeghi: colleagues
Patrick Stewin: colleagues
Martin Unger: colleagues
Gianluca Ramunno: colleagues
Davide Vernizzi: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player