New Results for Timing-Based Attestation

November 2011
Topics: Computer Security, Information Security Risk Management, Information Security Technologies
Xeno Kovah, The MITRE Corporation
Corey Kallenberg, The MITRE Corporation
Chris Weathers, The MITRE Corporation
Amy L. Herzog, The MITRE Corporation
Matthew Albin, The MITRE Corporation
John Butterworth, The MITRE Corporation
Download PDF (809.86 KB)

In this paper, we present a comprehensive timingbased attestation system suitable for typical enterprise use and evidence of that systems performance. This system, similar to Pioneer [19] but built with relaxed assumptions suitable for an enterprise setting, successfully detects attacks on code integrity over 6 hops of an enterprise network, even with an average of 1.7% time overhead for the attacker. We also present the first implementation and evaluation of a Trusted Platform Module (TPM) hardware timing-based attestation protocol. We describe the set-up and results of a set of experiments showing the effectiveness of our timing-based system; the data address previous work questioning the efficacy of timing-based attestation in practical settings. While it is our firm belief that system measurement itself is an worthwhile goal, and timing-based attestation systems can provide equally-trustworthy measurements a hardware-based attestation systems, we feel that Time Of Check, Time Of Use (TOCTOU) attacks have not gotten appropriate attention in the literature. To address this topic, we present the three conditions required to execute such an attack, and how past attacks and defenses relate to these conditions.


Publication Search