Client and server authentication with trusted computing

Abstract

Trusted Platform Module (TPM) is a security token embedded in every business laptop and computers. It can securely store artifacts used to authenticate the platform (PC or laptop). These artifacts can include passwords, certificates, or encryption keys. A TPM can also be used to store platform measurements that help ensure that the platform remains trustworthy. Authentication (ensuring that the platform can prove that it is what it claims to be) and attestation (a process helping to prove that a platform is trustworthy and has not been breached) are necessary steps to ensure safer computing in all environments. The objective of the project is to develop a prototype system to demonstrate the authentication of a TPM-ready machine.

The system consists of 2 machines – one as a challenger where it will challenge the identity of the verifying machine, and one as a verifier to verify its identity for which it claims to be. Both the TPM-ready client (verifier) and server (challenger) are installed with the Fedora 11 operating system with an Integrity Measurement Architecture (IMA) patched kernel to allow for measurement executable(s). Both also contain an application to encrypt and decrypt data.

The system functions as follow to ensure the identity of the transmitter so that secure transmission of message can take place:

- The client (verifier) requests to join the closed network.

- The server (challenger) authenticates the client. If the client configuration is valid, it will be allowed to join the network. Otherwise, authorization to join the closed network is forbidden.