2011 Seventh International Conference on Computational Intelligence and Security

Property-Based Remote Attestation

Oriented to Cloud Computing

Siyuan Xin

Yong Zhao, Yu Li

Zhengzhou Information Science and Technology

Institute
Zhengzhou, China
laoxin213@yahoo.com

College of Computer Science

Beijing University of Technology
Beijing, China
zhaoyonge_mail@sina.com

AbstractAs the new computing service pattern of cloud

computing develops rapidly, the security problem of cloud
computing has become a hot research topic. Before the user
passes important data or computing task to the cloud, the user
of the cloud may want to verify the trusted status of the
platform which actually carries out the computing task in the
cloud. And the remote attestation mechanism in Trusted
Computing is suited for the cloud users verification need. In
this paper, the property-based remote attestation mechanism
in Trusted Computing is imported into clouding computing,
and a property-based remote attestation method oriented to
cloud computing is designed based on the characteristics of
cloud computing. In this method, through the attestation
proxy, the remote attestation of the computing platform's
security property is realized without disclosing the platforms
configuration, and users can validate the security property of
the actual computing platform in the virtual cloud computing
environment.

the enterprise and users computing and storage burden, it

also imports security problem into the cloud, how to
guarantee the security of important data and computing task
in cloud computing by means of different kinds of security
mechanisms becomes important research content of cloud
computing. In this paper, the property-based remote
attestation mechanism in trusted computing is imported into
cloud computing, and a remote attestation method oriented to
cloud computing is proposed in view of the special requests
in cloud computing environment. Through property-based
remote attestation, we realize the validation of cloud
computing service platforms trusted state, enable users to
prove effectively the security property of cloud computing
service platform before user submit computing task to the
cloud computing service provider, and guarantee the
computing task to run in the trusted computing platform.

Keywords-cloud
computing;
property-based
attestation; security property; attestation proxy

The remote attestation technology is a kind of method

which proves the trusted state and configuration of terminal
computing platform environment to remote platform. When
platform A attempts to entrust platform B to carry out some
kind of task, or when platform A requests to visit the
resources on platform B, before A submits the task to B or A
carries on the visit, besides traditional identity authentication
and privilege confirmation, platform A also needs to confirm
whether the state of platform B is trusted. This process of
measurement and attesting to the platforms trusted state is
called the remote attestation of computing platform. In the
remote attestation process, we call platform A the verifier,
call platform B is the attester.
TCG is an international trusted computing platform
alliance organization. In the TCG specifications, the core of
computing platform technology is a security chip called
TPM (Trusted Platform Module), which is an embedded
system with encryption computing unit and secure storage
components. TPM has the hardware protection function,
namely it can be realized to visit TPM interior object only
through the TPM specified interface, and these objects only
can be visited by its the host computer through secure way.
The trusted computing platform uses its embedded
TPMs AIK (Attestation Identity Key) to show its identity,
and uses its AIK private key to sign message, proving its

I.

II.

remote

INTRODUCTION

Cloud computing is a new pattern of computing service,

and it transforms the processor, storage device and other
physical resources on Internet to virtual resources which is
expandable and can be shared. The traditional computing
mode puts the computing task on the local computer or the
remote server, while the cloud computing distributes the
computing task on the massive distributed computers which
constitute the enterprise's data storage and processing center.
Cloud computing is a kind of pay-per-use service pattern,
which enables the enterprise to switch the needed resources
for application and visit computing service and memory
system according to the demand. Computing and storage
tasks are given to the cloud computing service provider,
which can reduce the computing and storage burden of the
users computing device and enhance the enterprise
resources utility and computing efficiency.
At present, this emerging service pattern of cloud
computing develops rapidly, all kinds of manufacturers are
developing different cloud computing services, the security
problem in cloud computing gradually becomes a problem
urgently waiting to research. While cloud computing reduces
978-0-7695-4584-4/11 $26.00 2011 IEEE
DOI 10.1109/CIS.2011.229

1028

TCG REMOTE ATTESTATION MECHANISM

III.

origin. There is a group of PCR (Platform Configuration

Register) in TPM, each PCR is defined as only associated
with specific system event of computing platform. Each time
when the event occurs, the computing platform preserves the
event record, and expands the hash value of the event record
to the PCR which is associated with the event in TPM. The
process to expand hash value R to PCR [n] is: PCR [n] =hash
(PCR [n] +R). Obviously, the PCR value is related to the
event history process, and is related to event order.
Therefore, its value actually reflects the events historical
order.
In the remote attestation mechanism of TCG
specification [1], the verifier requests the remote computing
platform to submit its related attestation information, namely
the event records log SML(Stored Measurement Log) and
the corresponding PCR value. The proxy on the remote
computing platform responds the verifiers request, gathers
the related event record, and simultaneously requests the
TPM on the platform to carry on the signature of
corresponding PCRs with its AIK public key, then the proxy
sends the signature contents, the event record and platform
certificate to the verifier. Then, the verifier verifies the
submitted content, determined the remote computing
platforms status and the reporting contents authenticity.
The remote attestation mechanism in TCG specification
provides a kind of platform remote attestation mechanism
based on trusted computing, and realizes the challenge and
attestation of platforms running status and configuration
information interpellation using TPM. However, regarding
the cloud computing environment, this remote attestation
method has the following problems:
In the cloud computing environment, the verifier
does not know which concrete platform provides the
computing service for it when requesting service.
The attester is indefinite for the verifier, so the
remote attestation can not be implemented by direct
way.

The verifier needs to know the platforms possible

configuration information to confirm the attestation,
but this method is suitable for the enterprise network
environment, and for the opening environment such
as cloud computing, these information is difficult to
collect and manage.

In the process of attestation, the attester platforms

configuration information will be exposed to the
verifier, and its prone to being attacked.

A verifier expects a particular hash-value of a

particular implementation. This fixes the
implementation configuration instead of the security
properties. The usual verifier will expect a particular
implementation from a particular vendor. This will
put other implementations from other vendors at a
disadvantage even if these implementations provide
the same or even a higher level of security.

PROPERTY-BASED REMOTE ATTESTATION

The literature [2-4] proposed property-based remote

attestation method, namely it proves that a platforms
configuration satisfies certain security property, but does not
pay attention to which kind of concrete configuration the
platform has. Security property means a property consistent
with some security nature that can be verified by both sides.
In contrast to TCGs remote attestation mechanism,
property-based attestation attests to properties of the
underlying platform and applications instead of revealing the
binary information about them. Loosely speaking, a property
of a platform describes an aspect of the behavior of that
platform regarding certain requirements, such as securityrelated requirements (e.g., that a platform has built-in
measures for Multilevel Security or privacy protection, or it
has a security kernel providing isolation of applications).
Attesting properties means that the attestation should only
determine whether a platform (or its configuration) fulfills a
desired property, instead of revealing the concrete
configuration of its software and hardware components.
Attesting properties has the advantage that different
platforms with different components may have different
configurations while they may all offer the same properties
and consequently fulfill the same requirements. In particular,
this solution also allows a more flexible way of handling
system patches and updates. However, due to the virtual
characteristics of cloud computing, the proposed propertybased remote attestation methods are not completely suitable
for cloud computing. Thus, based on the thought of propertybased remote attestation, we propose a new remote
attestation method oriented to cloud computing.
IV.

REMOTE ATTESTATION METHOD ORIENTED TO

CLOUD COMPUTING

A. Outlines
In the cloud computing service pattern, before the user
passes the important data or complex computation duty to
the cloud, the user needs to carry on the attestation on the
trusted status of cloud computings virtual environment, so
that he can make sure the computing platform providing
service is credible and trusted. After the user has completed
the cloud computing platforms trusted attestation, the trust
of cloud computing service can be established, and the user
can enjoy the cloud computing service to accomplish the
computation duty, and pay due to the amount of service.
In order to study the remote attestation process and the
method in cloud computing environment, we first describe
the scene we research. The user requests service from the
cloud computing provider, and the user request to confirm
the security property of cloud computing service platform. In
this kind of scene, both sides have the following trust policy
and confidential policy: the verifier (user) is willing to
publicize its trust policy, but is not willing to publicize his
concrete safety request; but the attesters(clouding
computing platform) confidential policy requests to prohibit
the verifier receiving its configuration information, namely
platform measurement log.

1029

In the remote attestation of cloud computing, the verifier

is definite, but as a result of cloud computings virtual and
the migratory nature, the attester is indefinite. The user did
not know which concrete computing platform provides the
computing service for it, to realize remote attestation in this
transparent computing mode, we need to refer to some
middle medium and carry on the attestation by indirect way.
Therefore, using the property-based remote attestation
thought, we propose one kind of property-based remote
attestation method oriented to cloud computing (PRAOCC).

and send it to the attestation proxy. After the attestation

proxy receives this measure quote, it transforms the
measurement to the concrete platform configuration
information through configuration verifier, further
transforms configuration information into property
information through property verifier, the security property is
verified by the property certificate which issued by the
property certificate center.
Configuration Directory: Configuration Directory saves
and provides the computing platforms configuration
information, which is used for inquiring configuration
information.
Property Certificate Center (CCC): The CCC describes
and attests to the connection relations between the platforms
security property and configuration information, and it
accomplish its task through issuing the property certificates.
Property Verifier: Property Verifier is the function
module in the verifier platform to accomplish property
verification. It receives the security property demand and
trust policy as its input, and completes the property match
function in the attestation process.

B. Overall Structure
The structure of remote attestation oriented cloud
computing is shown in fig.1, it includes:
Cloud Computing Administrative Center (CCAC): The
CCAC accepts the service and attestation requests, assigns
the computing task to certain other platform through certain
dispatch algorithm, and transmits the attestation request and
the assigned computing platforms AIK public key to
attestation proxy according to dispatching algorithm and
AIK directory which is constructed in the could nodes
register process.

C. Assumption
The attestation proxy is the key element of remote
attestation, which is in the core of remote attestation trust.
The attester platform needs to trust the attestation proxys
operation correctness, authentication reliability as well as
secrecy. Thus the verifier needs to trust the attestation
proxys integrity and reliability and believes the attester
platforms security property information. In addition, the
verifier also should know attestation proxys signature
verifying key.
We describe the trust relations between various entities
through signature verifying key.
The attestation proxy has its signature key pair VP.
Attester platform has the status key build-in TPM Attestation
Identity Key (AIK), and knows the attestation proxy public
key VP. The attester trusts VPs owner protects its platform
configuration measure information secrecy. And the
attestation proxy is the only entity to which the attester is
willing to disclose its configuration information. The cloud
computing administrative center knows the attestation proxy
public key VP, which is used in confirming the attestation
proxys message and encryption of information transmitted
to the attestation proxy. The administrative center knows the
AIK public key of the computing platform actually carrying
on the computation task, and it believes the measure
information signed and issued by represents platform
configuration information assured by the TPM, even if it has
not seen the configuration information.

Figure.1 Architecture of PRAOCC

Attestation Proxy: It is a trusted third party in the remote

attestation. From the view of attester, the attestation proxy
serves as a verifier. And from the view of the true verifier,
the attestation proxy serves as the attester to attest to the
status of the platform. The attestation proxy is the key to
realize remote attestation in the cloud computing
environment. The attestation proxy works in the process of
attestation as follows: When the attestation proxy receives
the cloud computing administrative centers attestation
request and the platform AIK, the attestation proxy gets the
attester platform by looking up the AIK directory which is
constructed in the cloud node register process. Then the
attestation proxy sends the complete measure request to the
attester platform which will actually execute the task, the
attester produces the measure quote platform through TPM

D. The Remote Attestation Protocol oriented to Cloud

Computing
We describe the attestation process in cloud computing in
this section. The attestation process is started by the verifier
who requests for cloud computing service and attestation of
cloud computing platforms security property. And we
suppose that the security and trustiness of attestation proxy is

1030

guaranteed. We explain the attestation protocol through the

participants of attestation and the basic message flow.
1 The verifier transmits a request message to the CCAC,
the request message contains a randomly generated 160-bit
challenge, the cloud computing service that the verifier
requests, as well as its trust policy.
2 CCAC determines the computing platform who
executes the computing task and sends the platforms public
AIK key to the attestation proxy through a confidential
channel.
3 Through an authenticated channel, the attestation proxy
sends the challenge message and the AIK key to the attester,
and the transmission content is signed by the proxy uses its
signature key. Next, the attester decides whether to continue
to complete the attestation based on its trust policy. We
suppose the attester trusts the attestation proxy, and knows
the attestation proxys public key VP. Note that, the
challenges used among the attestation proxy,CCAC, attester
and TPM do not need to be the same challenge which is used
between the verifier and the CCAC.

E. Analysis of Remote Attestation Method

The property-based remote attestation method oriented to
cloud computing solves the attestation of trusted status of
cloud computing service platform in cloud computing
environment condition, compared with the TCG remote
attestation
mechanism,
property-based
attestation
mechanism, it has following characteristic.
1st, Through the attestation proxy and the cloud
computing administrative center, we solve the indefinite
attester problem of remote attestation in the cloud computing
environment. The cloud computing administrative center
fixes the computing platform through its inside dispatch
mechanism and the AIK directory, and further returns the
platform information to the attestation proxy, effectively
realizes the determination of attester in remote attestation
under the cloud computing environment.
2nd, We introduce property-based remote attestation into
cloud computing, through the attestation of security property,
we avoid the problems such as expositions of platform
configuration information, merchant discrimination and so
on.
3rd, In the remote attestation process, there is no need to
manage massive configurations information, only the
attestation proxy know the attesters configuration
information, and the verifier can only receive security
property of the attester as the attestation proof. This
simplifies the user's attestation process, and attest to the
platforms trust status directly and simply.
4th, We effectively use trusted computing technology to
provide the cloud computing service with trusted assurance.
Trusted computing technology not only provides effective
security safeguard for the cloud computing providers, but
also provides the user of cloud computing with the ability to
verify the platforms security status.
V.

Figure.2 Remote Attestation Protocol

CONCLUSION

The cloud computing is one kind of emerging computing

service pattern which reduces the burden of both enterprise
and user and enhances the use efficiency of computing
resources. At the same time, it leads the security problem
into the cloud. This article introduces attestation of trust
platform into cloud computing service using the thought of
property-based remote attestation. In view of the special
request of cloud computing environment, we propose
property remote attestation method oriented to cloud
computing, which solve the problem of indefinite attester
under the cloud computing environment and establish the
users trust on the cloud computing service platform. For the
further research, the problem of attestation proxys efficiency
and system bottleneck, and the attestation of the users
platform need further study.

4 The attester platform requests and receives TPM quote

signed by the TPMs AIK private key.
5 The attester platform transmits the quote and the log
file (SML) to the attestation proxy through secure tunnel.
6 The attestation proxy judges the TPM quotes
authenticity and freshness. The attestation proxy reconstructs
the platform configuration information using the
authenticated PCR quote, the SML and the configuration
description information signed by key in TPv. The attestation
proxy verifies the security property of the attester by the
property certificates signed by keys in TPv, so that it can
transform the platform configuration information into the
platform security property information.
7 The attestation proxy returns a signed platform
property message to the CCAC. CCAC retransmit the
message to the verifier. The verifier verifies whether it is the
message signed by the trusted attestation proxy according to
its trust strategy. If it is, the verifier believes that the platform
bound with the AIK has the security property.

ACKNOWLEDGMENT
This research is funded by 863 National High Tech
Research and Develop Plan Project (2009AA01Z437), 973
National Key Fundamental Research Development Plan
Project (2007CB311100), Open Research Project of State
Key Laboratory of Information Security in Institute of

1031

Software Chinese Academy of Sciences, and Doctor Launch

Fund
in
Beijing
University
of
Technology
(X0007999200901).

[3]

[4]

REFERENCES
[1]
[2]

Trusted Computing Group. TCG TPM Specication, Architecture

Overview. Technical report, TCG, 2007.
A. R. Sadeghi, C. Stuble. Property based attestation for computing
platforms:caring about properties, not mechanisms. Proceedings of

[5]

1032

the 2004 workshop on new security paradigms.New York:ACM

Press, 2004, pp.67-77.
J. Poritz, M. Schunter, E. V. Herreweghen, et a1.Property attestationscalable and privacy-friendly security assessment of peer computers,
RZ3548. Switzerland:IBM Zurich Research Laboratory, 2004.
Chen Liqun, Landfermann R, Lohr H, et a1.A protocol for propertybased attestation. Proceedings of the first ACM workshop on Scalable
trusted computing.NewYork:ACM Press, pp:7 - 16,2006,
Chen Liqun, H. Lohr, M Manulis, A Sadeghi, Property-Based
Attestation without a Trusted Third Party, Information Security
Conference (ISC) 2008, Taipei