Recent changes to Home

WikiPage Home modified by Charles Fisher

Charles Fisher — Wed, 29 Aug 2012 15:16:00 -0000

--- v11
+++ v12
@@ -21,7 +21,9 @@
 [kernel2.6.18]
 [trousers]
 [wpa-supplicant]
+[tboot]
 [freeradius-server]
+[fast_tncs]
 [RIMM Tools]
 [RIMM Library]
 [Attestation Utilities]

WikiPage Home modified by Charles Fisher

Charles Fisher — Wed, 08 Aug 2012 21:50:24 -0000

--- v10
+++ v11
@@ -13,6 +13,8 @@
 The current implementation utilizes the IMA changes to the Linux kernel to "measure" (perform a SHA1 hash) every file prior to its being placed into execution - both executable files and files that are memory mapped for execution. This measurement is stored in a kernel maintained Integrity Measurement List (IML), and the hash value is used to extend PCR10 in the TPM.
 
 When the system requests access to the protected asset, a request is sent from the attestation server for an IMR. This request includes a 20 byte random NONCE (number once).  When the client system receives this request, it generates an IMR by requesting a QUOTE from the TPM. This QUOTE will include all of the relevant PCRs, including PCR10, as well as the NONCE. It will be signed by the TPM key reserved for signing QUOTEs. The IMR will also include the entire IML. This IMR is signed by the other TPM key, and sent to the attestation server. When the attestation server receives the IMR, it will check the signature on the report, and verify that the report was not tampered with. It will then compare the public key used to sign the report with the public key for that client system. It will then validate the quote in the IMR by verifying that the quote was signed by the same public key as the one stored for this computer system, and verifying that the PCR values match those that are safe stored. Once the quote has been validated, then the IML is checked to verify that the cumulative hash of all of the individual  IML entries matches the PCR10 value in the QUOTE, and that each of the IML entry hashes are in the table of golden values. Assuming all of these checks pass, the system is presumed to be uncompromised and access is granted.
+
+This particular implementation utilizes a piece of hardware to enforce access to the greater network. In our case it is a CICSO 3750 programmable switch. This switch is configured such that prior to the client system attesting, the only port it can talk to is a specially configured port on the attestation server that is dedicated to the attestation process. When the client system is successfully verified, freeradius notified the switch that this port may be opened , and the system will be permitted access to the other ports on the switch, presumably to access the protected asset. If the system does not authenticate, then the switch is informed to keep the port closed, and the client system will not be able to access the other ports of the switch. Programming of the switch is not a part of the this project.
 
 This implementation is broken into 15 separate modules. The modules are designed to be largely independent of each other, and it should be possible to replace a module with one that maintains the same interfaces. There are some dependencies however. For example, the logic in verifyIMR that verifies an IMR is dependent on the logic in PTS that generates the IMR. It is possible to replace both the generation code and the verification code by maintaining the same interfaces, should the presented code be not what is desired. There is a more detailed discussion of each of the 15 modules in separate pages.
 
@@ -32,4 +34,4 @@
 [Verify IMR]
 [Key Manager]
 
-
+A set of steps for using all 15 of these modules in conjunction with the switch discussed above is defined [here].

WikiPage Home modified by Charles Fisher

Charles Fisher — Tue, 07 Aug 2012 15:47:05 -0000

--- v9
+++ v10
@@ -2,7 +2,7 @@
 ======
 Secure Authentication ModuleS
 -----------------------------
-This project is a set of modules designed to facilitate remote attestation. This work is base of the work done by General Dynamics C4S for the High Assurance Platform, and is based in part on work done by many other projects, including the Integrity Measurement Architecture (IMA) logic (now included in the mainline Linux kernel, since 2.6.30), the trousers library , freeradius-server , wpa_supplicant , and the Trusted Computing Group's specifications for IF-PTS, IF-IMC, IF_TNCCS, IF-IMV, Reference_Manifest_Schema, and IntegrityReport_Schema. The freeradius and wpa-supplicant code have extensive changes written by the Applied Physics Lab at Johns Hopkins University.
+This project is a set of modules designed to facilitate remote attestation. This work is base of the work done by General Dynamics C4S for the High Assurance Platform, and is based in part on work done by many other projects, including the Integrity Measurement Architecture (IMA) logic (now included in the mainline Linux kernel, since 2.6.30), the trousers library , freeradius-server , wpa_supplicant , and the Trusted Computing Group specifications (http://www.trustedcomputinggroup.org) for IF-PTS, IF-IMC, IF_TNCCS, Reference_Manifest_Schema ), and IntegrityReport_Schema. The freeradius and wpa-supplicant code have extensive changes written by the Applied Physics Lab at Johns Hopkins University.
 
 The problem that remote attestation is designed to solve is verifying that a computer system that is requesting access to a protected asset has not been compromised. Remote attestation will be most effective in an environment where the clients systems are tightly constrained to a fixed set of software, e.g. a corporate environment or government office, where the individual users cannot install their own versions of software, but must use the software provided by a central authority. The clients systems must contain a Trusted Platform Module (TPM) as this is required for the IMA functionality.

WikiPage Home modified by Charles Fisher

Charles Fisher — Tue, 07 Aug 2012 15:20:09 -0000

--- v8
+++ v9
@@ -2,7 +2,7 @@
 ======
 Secure Authentication ModuleS
 -----------------------------
-This project is a set of modules designed to facilitate remote attestation. This work is base of the work done by General Dynamics C4S for the High Assurance Platform, and is based in part on work done by many other projects, including the Integrity Measurement Architecture (IMA) logic (now included in the mainline Linux kernel, since 2.6.30), the trousers library , freeradius-server , wpa_supplicant , and the Trusted Computing Group's specifications for IF-PTS, IF-IMC, IF_TNCCS, IF-IMV, Reference_Manifest_Schema, and IntegrityReport_Schema. The freeradius and wpa-supplicant code has extensive changes written by the Applied Physics Lab at Johns Hopkins University.
+This project is a set of modules designed to facilitate remote attestation. This work is base of the work done by General Dynamics C4S for the High Assurance Platform, and is based in part on work done by many other projects, including the Integrity Measurement Architecture (IMA) logic (now included in the mainline Linux kernel, since 2.6.30), the trousers library , freeradius-server , wpa_supplicant , and the Trusted Computing Group's specifications for IF-PTS, IF-IMC, IF_TNCCS, IF-IMV, Reference_Manifest_Schema, and IntegrityReport_Schema. The freeradius and wpa-supplicant code have extensive changes written by the Applied Physics Lab at Johns Hopkins University.
 
 The problem that remote attestation is designed to solve is verifying that a computer system that is requesting access to a protected asset has not been compromised. Remote attestation will be most effective in an environment where the clients systems are tightly constrained to a fixed set of software, e.g. a corporate environment or government office, where the individual users cannot install their own versions of software, but must use the software provided by a central authority. The clients systems must contain a Trusted Platform Module (TPM) as this is required for the IMA functionality.

WikiPage Home modified by Charles Fisher

Charles Fisher — Mon, 06 Aug 2012 15:13:22 -0000

--- v7
+++ v8
@@ -20,7 +20,7 @@
 [trousers]
 [wpa-supplicant]
 [freeradius-server]
-[RIMM tools]
+[RIMM Tools]
 [RIMM Library]
 [Attestation Utilities]
 [Client Registration]

WikiPage Home modified by Jim Harvey

Jim Harvey — Fri, 03 Aug 2012 14:59:10 -0000

--- v6
+++ v7
@@ -32,6 +32,4 @@
 [Verify IMR]
 [Key Manager]
 
-Project Adminstrators
-[[project_admins]]

WikiPage Home modified by Charles Fisher

Charles Fisher — Fri, 03 Aug 2012 00:37:05 -0000

--- v5
+++ v6
@@ -18,7 +18,7 @@
 
 [kernel2.6.18]
 [trousers]
-[wpa_supplicant]
+[wpa-supplicant]
 [freeradius-server]
 [RIMM tools]
 [RIMM Library]

WikiPage Home modified by Charles Fisher

Charles Fisher — Fri, 03 Aug 2012 00:08:44 -0000

--- v4
+++ v5
@@ -2,7 +2,7 @@
 ======
 Secure Authentication ModuleS
 -----------------------------
-This project is a set of modules designed to facilitate remote attestation. This work is base of the work done by General Dynamics C4S for the High Assurance Platform, and is based in part on work done by many other projects, including the Integrity Measurement Architecture (IMA) logic (now included in the mainline Linux kernel, since 2.6.30), the trousers library [http://sf.net/projects/trousers], freeradius-server [http:/freeradius.org], wpa_supplicant [http://hostap.epitest.fi/wpa_supplicant], and the Trusted Computing Group's specifications for IF-PTS, IF-IMC, IF_TNCCS, IF-IMV, Reference_Manifest_Schema, and IntegrityReport_Schema. The freeradius and wpa-supplicant code has extensive changes written by the Applied Physics Lab at Johns Hopkins University.
+This project is a set of modules designed to facilitate remote attestation. This work is base of the work done by General Dynamics C4S for the High Assurance Platform, and is based in part on work done by many other projects, including the Integrity Measurement Architecture (IMA) logic (now included in the mainline Linux kernel, since 2.6.30), the trousers library , freeradius-server , wpa_supplicant , and the Trusted Computing Group's specifications for IF-PTS, IF-IMC, IF_TNCCS, IF-IMV, Reference_Manifest_Schema, and IntegrityReport_Schema. The freeradius and wpa-supplicant code has extensive changes written by the Applied Physics Lab at Johns Hopkins University.
 
 The problem that remote attestation is designed to solve is verifying that a computer system that is requesting access to a protected asset has not been compromised. Remote attestation will be most effective in an environment where the clients systems are tightly constrained to a fixed set of software, e.g. a corporate environment or government office, where the individual users cannot install their own versions of software, but must use the software provided by a central authority. The clients systems must contain a Trusted Platform Module (TPM) as this is required for the IMA functionality.

WikiPage Home modified by Charles Fisher

Charles Fisher — Thu, 02 Aug 2012 23:49:43 -0000

--- v3
+++ v4
@@ -33,6 +33,5 @@
 [Key Manager]
 
 Project Adminstrators
-
 [[project_admins]]

WikiPage Home modified by Charles Fisher

Charles Fisher — Thu, 02 Aug 2012 23:49:18 -0000

--- v2
+++ v3
@@ -2,7 +2,7 @@
 ======
 Secure Authentication ModuleS
 -----------------------------
-This project is a set of modules designed to facilitate remote attestation. This work is base of the work done by General Dynamics C4S for the High Assurance Platform, and is based in part on work done by many other projects, including the Integrity Measurement Architecture (IMA) logic (now included in the mainline Linux kernel, since 2.6.30), the trousers library [http://sf.net/projects/trousers], freeradius-server [http:/freeradius.org], wpa_supplicant [http://hostap.epitest.fi/wpa_supplicant], and the Trusted Computing Group's specifications for IF-PTS, IF-IMC, IF_TNCCS, IF-IMV, Reference_Manifest_Schema, and IntegrityReport_Schema.
+This project is a set of modules designed to facilitate remote attestation. This work is base of the work done by General Dynamics C4S for the High Assurance Platform, and is based in part on work done by many other projects, including the Integrity Measurement Architecture (IMA) logic (now included in the mainline Linux kernel, since 2.6.30), the trousers library [http://sf.net/projects/trousers], freeradius-server [http:/freeradius.org], wpa_supplicant [http://hostap.epitest.fi/wpa_supplicant], and the Trusted Computing Group's specifications for IF-PTS, IF-IMC, IF_TNCCS, IF-IMV, Reference_Manifest_Schema, and IntegrityReport_Schema. The freeradius and wpa-supplicant code has extensive changes written by the Applied Physics Lab at Johns Hopkins University.
 
 The problem that remote attestation is designed to solve is verifying that a computer system that is requesting access to a protected asset has not been compromised. Remote attestation will be most effective in an environment where the clients systems are tightly constrained to a fixed set of software, e.g. a corporate environment or government office, where the individual users cannot install their own versions of software, but must use the software provided by a central authority. The clients systems must contain a Trusted Platform Module (TPM) as this is required for the IMA functionality.
 
@@ -12,7 +12,27 @@
 
 The current implementation utilizes the IMA changes to the Linux kernel to "measure" (perform a SHA1 hash) every file prior to its being placed into execution - both executable files and files that are memory mapped for execution. This measurement is stored in a kernel maintained Integrity Measurement List (IML), and the hash value is used to extend PCR10 in the TPM.
 
-When the system requests access to the protected asset, a request is sent from the attestation server for an IMR. This request includes a 20 byte random NONCE (number once).   
+When the system requests access to the protected asset, a request is sent from the attestation server for an IMR. This request includes a 20 byte random NONCE (number once).  When the client system receives this request, it generates an IMR by requesting a QUOTE from the TPM. This QUOTE will include all of the relevant PCRs, including PCR10, as well as the NONCE. It will be signed by the TPM key reserved for signing QUOTEs. The IMR will also include the entire IML. This IMR is signed by the other TPM key, and sent to the attestation server. When the attestation server receives the IMR, it will check the signature on the report, and verify that the report was not tampered with. It will then compare the public key used to sign the report with the public key for that client system. It will then validate the quote in the IMR by verifying that the quote was signed by the same public key as the one stored for this computer system, and verifying that the PCR values match those that are safe stored. Once the quote has been validated, then the IML is checked to verify that the cumulative hash of all of the individual  IML entries matches the PCR10 value in the QUOTE, and that each of the IML entry hashes are in the table of golden values. Assuming all of these checks pass, the system is presumed to be uncompromised and access is granted.
+
+This implementation is broken into 15 separate modules. The modules are designed to be largely independent of each other, and it should be possible to replace a module with one that maintains the same interfaces. There are some dependencies however. For example, the logic in verifyIMR that verifies an IMR is dependent on the logic in PTS that generates the IMR. It is possible to replace both the generation code and the verification code by maintaining the same interfaces, should the presented code be not what is desired. There is a more detailed discussion of each of the 15 modules in separate pages.
+
+[kernel2.6.18]
+[trousers]
+[wpa_supplicant]
+[freeradius-server]
+[RIMM tools]
+[RIMM Library]
+[Attestation Utilities]
+[Client Registration]
+[Platform Trust Services]
+[Integrity Measurement Collector]
+[Trusted Network Connect Client]
+[hostimserver]
+[TCG Interface Library]
+[Verify IMR]
+[Key Manager]
+
+Project Adminstrators
 
 [[project_admins]]