问题
Is it possible to prove to the remote party that the application I am running in my system is the same as I am claiming that I am running using DRTM or SRTM? If yes then How?
回答1:
Theoretically: yes. The concept is called remote attestation.
The basic idea is: First you have a sound chain of trust built on your platform, like:
BIOS ==> Boot loader ==> OS ==> Applications
The resulting measurements are stored in the PCRs.
Now you can let the TPM sign this set of PCRs, that's called quote
.
You can submit this quote to a remote entity. Here the problems start:
How can you proof that the quote was signed by a hardware TPM and not an emulator?
Possible solutions: pre-shared keys or some kind of CA.
How can you be sure that the PCR values represent a trusted system state?
That's not so easy. If you have SRTM, you have to consider every possible combination of how your system load the components. E.g. in BIOS-phase, in which order are the option-ROMs loaded?
Here DRTM comes for the rescue, but it makes the matter just slightly easier. With DRTM you can forget about all the pre-DRTM stuff. If you have a small trusted environment, say like flicker, then you'll have a manageable set of trusted configurations. If you have a full-featured OS, than it's hard.
First, you have to find an OS that measures everything. IBM's IMA for the Linux kernel is one example.
Then, the slightest difference in the order of loaded components will lead to different PCR values. Furthermore consider all the combinations of states the different installed software packages might be in.
Possible solutions are to restrict the possible set of PCR values that represent a valid configuration. For example you can measure a whole OS image instead of each binary. An example is the acTvSM platform published a few years ago.
Conclusion: There is no easy, off-the-shelf solution, but you can design a system such that it fits your requirements.
来源:https://stackoverflow.com/questions/19613476/remotely-verifying-the-application-in-execution