Ethemba | extending trust.

Platform Validation Demo

Modern mobile computing platforms like smart phones and tablets are open systems on which software and configurations are managed by multiple stakeholders including the user, device manufacturer, and the network operator. Security on such platforms are harder to achieve, let alone to remotely validate and mange by a remote party like the access network operator, than was the case with previous, ‘dumber’, device generations.

Ideally, we would like to have validation of device configurations and components on each (change of) network access. TCG proposes to use their Trusted Network Connect (TNC) specifications for that, but those are somewhat heavyweight for mobile platforms which include a wide variety of different device types, form smart phones over machine-to-machine communication equipment, to wireless sensor nodes.

Validation of a remote mobile platform may put significant load on the access networks and require infrastructure investments by the operators who already sense increased pressure to curb operating expenditures. Therefore, a lightweight infrastructure and procedure for remote platform validation and management (PVM) is desired.

The figure picture the placement of PVM entities and functionality in an access network which is also providing access to content and application services. The sketched model allows PVM entities to serve the access network as well as Content/Application Servers (AS) in an outsourcing fashion. A Platform Validation Entity (PVE) is responsible for receiving validation data from the platform and make assessments on its state. Remediation actions can then be taken by a Device Management Server (DMS). Information on the platform validation state may also be delivered to Security Gateways protecting the access network (e.g., by quarantining the device), and access control servers (ACS) which may throttle access to services and content accordingly.

While we have presented general architecture concepts for PVM in previous work [1,2], we demonstrate in this chapter a concrete approach to achieve this goal. The central idea is to replace remote platform attestation procedure, which is well-known in trusted computing, with an interactive interrogation between platform and network, allowing for adjustable granularity in platform validation. The key tool to realize the idea is a representation of the platform state in a binary tree of hash values – viz. a Merkle hash tree. The tree is built during a secure start-up procedure by the platform and then used in an interrogation procedure with the network performing a tree descent. This minimizes the data transferred in remote validation and still allows fine-granular PVM on the level of single components. A demonstration implementation on an emulated Android platform shows the feasibility of the concept of PVM with tree-formed validation data.

Find it!

Theme Design by

Tag Cloud


    To top