Peer-to-peer and Trusted Computing
2.2.2006 / Security, Trusted Computing /
Here’s another example of how Trusted Computing can be used to provide application-level security guarantees.
Zhang, Chen and Sandhu investigate how Trusted Computing can be used to improve the integrity and authenticity properties of a distributed P2P network.
…we focus on the specific problems of data authenticity and integrity instead of discussing P2P security in general. We propose a general architecture that enhances the authenticity and integrity of data shared in these systems by using trusted computing (TC) technologies… Specifically, we propose a trusted reference monitor (TRM) in the platform of each peer beyond necessary trusted hardware and supporting functions. A TRM can monitor and verify the information a peer provides to ensure data authenticity.
They present an abstract architecture where every peer is endowed with a trusted reference monitor (TRM) that can gather and then transmit configuration data about its node to other peers (in the paper, they use Windows registry keys as an example). The TRM also acts as a mediator for access control decisions.
The basic trusted component is the trusted hardware including a TPM. A TRM is an application or service component running in the operating system’s user space, enforcing access control policies in general client-side platforms. The hardware, cooperating with the security kernel, provides necessary functions to the TRM, from basic cryptographic functions to platform and program attestation, and sealed storage for sensitive data.
(diagram taken from their paper)
Currently, most P2P systems are ridiculously easy to game. There are simply no checks on what a node says, and it could be saying anything at all. This is precisely the reason that we picked Gnutella as one of the example applications in our original paper on semantic remote attestation. As they point out in their paper, semantic remote attestation is one of the underlying techniques that could be used as a concrete implementation of their trusted reference monitor.
Complete citation for the paper:
Leave a Comment: