|
New Results for Timing-Based Attestation
November 2011
Xeno Kovah, The MITRE Corporation
Corey Kallenberg, The MITRE Corporation
Chris Weathers, The MITRE Corporation
Amy Herzog, The MITRE Corporation
Matthew Albin, The MITRE Corporation
John Butterworth, The MITRE Corporation
ABSTRACT
In this paper, we present a comprehensive timingbased
attestation system suitable for typical enterprise use and
evidence of that systems performance. This system, similar to
Pioneer [19] but built with relaxed assumptions suitable for an
enterprise setting, successfully detects attacks on code integrity
over 6 hops of an enterprise network, even with an average
of 1.7% time overhead for the attacker. We also present
the first implementation and evaluation of a Trusted Platform
Module (TPM) hardware timing-based attestation protocol.
We describe the set-up and results of a set of experiments
showing the effectiveness of our timing-based system; the data
address previous work questioning the efficacy of timing-based
attestation in practical settings. While it is our firm belief that
system measurement itself is an worthwhile goal, and timing-based
attestation systems can provide equally-trustworthy measurements
a hardware-based attestation systems, we feel that
Time Of Check, Time Of Use (TOCTOU) attacks have not
gotten appropriate attention in the literature. To address this
topic, we present the three conditions required to execute such
an attack, and how past attacks and defenses relate to these
conditions.
Additional Search Keywords
remote attestation, software-based attestation, timing-based attestation, trusted platform module, TOCTOU attack
|
