Improved TLS protocol for platform integrity assurance using mutual attestation

Normally, secure communication between client-server applications is established using secure channel technologies such as Transport Layer Security (TLS). TLS is a cryptographic protocol which ensures secure transmission of data and authenticity of communication at each endpoint platform. However, t...

Full description

Bibliographic Details
Main Author: Abd Aziz, Norazah
Format: Thesis
Language:English
English
Published: 2014
Subjects:
Online Access:http://psasir.upm.edu.my/id/eprint/50054/1/FSKTM%202014%204RR_organized.pdf
Description
Summary:Normally, secure communication between client-server applications is established using secure channel technologies such as Transport Layer Security (TLS). TLS is a cryptographic protocol which ensures secure transmission of data and authenticity of communication at each endpoint platform. However, the protocol does not provide any trustworthiness assurance of the involved endpoint. So, they are not able to handle the security risks due to potential malicious software or any third parties who may penetrate the platform. Furthermore, there is no mechanism for a computing platform to address the trustworthiness of platform integrity such as free from any malware or spyware. Remote attestation is an authentication technique proposed by the Trusted Computing Group (TCG) which enables the verification of the trusted environment of platforms and assuring the information is accurate. To incorporate this method in web services framework in order to guarantee the trustworthiness and security of web-based applications, a new framework called TrustWeb is proposed. The Trust-Web framework integrates the remote attestation into TLS protocol to provide integrity information of the involved endpoint platforms. The framework improves TLS protocol with mutual attestation (MA) mechanism, named TLS+MA which can help to address the weaknesses of transferring sensitive computations, and a practical way to solve the remote trust issue at the client-server environment. In this thesis, we study the foundations of the credibility of the TLS+MA protocol and TrustWeb approach before we describe the work of designing and building a framework prototype in which attestation mechanism is integrated into the Mozilla Firefox browser and Apache web server. We analyse the security of our protocol using Automated Validation of Internet Security Protocols and Applications (AVISPA)to show that it meets the security goals. Analysis on TLS+MA protocol shows that it is resistant against replay and collusion attacks. For performance analysis, we also compared the TLS+MA with previous protocol. The results show that our protocol only incurs 11.2% of performance overhead in secure connection, which lower than the previous protocol. Despite that, our protocol is 50% more efficient.