Home > Published Issues > 2014 > Volume 9, No. 1, January 2014 >

Extending TLS with Mutual Attestation for Platform Integrity Assurance

NorazahAbd Aziz1,2, NurIzura Udzir1, and Ramlan Mahmod1
1.Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, 43400 UPM Serdang, SelangorDarulEhsan, Malaysia
2.MIMOS Berhad, Technology Park Malaysia, 57000 Kuala Lumpur

Abstract—Normally, secure communication between client-server applications is established using secure channel technologies such as Transport Layer Security (TLS). TLS is cryptographic protocol which ensures secure transmission of data and authenticity of communication at each endpoint platform. However, the protocol does not provide any trustworthiness assurance of the involved endpoint. This paper incorporates remote attestation in the TLS key exchange protocol to solve this issue.The proposed embedded attestation extensionin TLS protocolwill provide assurance of sender's platforms integrity to receiver, and vice versa.The CA responsibility in TLSis replaced using own Trusted Certificate Authority (TCA) in our protocol. The credibility of the proposed protocol is studied to secure against replay attack and collusion attack. The proof is performed using AVISPA with High Level Protocol Specification (HLPSL) through Dolev-Yao intruder model implementation of the proposed protocol.

Index Terms—SSL/TLS extension, integrity, TPM, remote attestation, certificate Authority (CA)

Cite: NorazahAbd Aziz, NurIzura Udzir, and Ramlan Mahmod, "Extending TLS with Mutual Attestation for Platform Integrity Assurance," Journal of Communications, vol. 9, no. 1, pp. 63-72, 2014. Doi: 10.12720/jcm.9.1.63-72