PlugNPlay Trust for Embedded Communication Systems

Oct 14, 2009

Download: MP4 Video Size: 350.7MB  
Watch on YouTube

Abstract

Given the proliferation of malware, the integrity of embedded communication systems is becoming a growing concern. Recent compromises to systems such as ATMs and network switches and routers provide evidence of the potential security problems of embedded communication systems. Trusted communication channels that pass sensitive information should only be established after the integrity of the remote system can be assured. Security hardware, such as the Trusted Computing Group's (TCG's) Trusted Platform Module (TPM) provides a mechanism to measure and authenticate the integrity of individual machines. This device can be readily found in many laptops today, however we are unaware of its use as a mechanism for providing or denying communication access to services based on the integrity of remote systems. In this work, we propose PlugNPlay Trust, an integrity framework which is a drop-in solution for providing a hardware root of trust for embedded applications. The PlugNPlay Trust design exploits the static nature of embedded communication systems and independently provides remote attestation and identity verification for the host application using the TPM. This framework, coupled with the attestation and dynamic firewall exception services we authored, enables remote parties to confirm the integrity of embedded communication systems, thereby limiting the effects and the proliferation of malware in compromised systems. Although there are preexisting technologies for interfacing with the TPM directly, we implemented the first prototype for allowing or denying access to networked services based on the trustworthiness of a remote system. The PlugNPlay framework simplifies the integration of existing TPM related tools and provides a ready to use platform for trusted computing research.