Multiplexing TPM Integrity Measurements among Virtual Machines

Measuring the integrity of critical operating system components and securely storing these measurements in a hardware-protected Trusted Platform Module (TPM) is a well-known approach for improving system security. However, currently it is not possible to securely extend this approach to TPMs used in virtualized environments while maintaining the same level of security.

In our research, we investigated how to multiplex integrity measurements originating from arbitrarily many Virtual Machines (VMs) with just a single standard TPM. In contrast to existing approaches such as Virtual Trusted Platform Module (vTPM), our approach achieves a higher level of security since measurements, once stored, will never be held in software but are fully hardware-protected by the TPM at all times.

We developed a remote attestation protocol that enables the integrity reporting of individual VMs. We established an integrity-protected mapping between each measurement and its respective VM such that it is not possible for an attacker to alter this mapping during remote attestation without being detected. Furthermore, all measurements are be stored in the TPM in a concealed manner in order to prevent information leakage of other VMs during remote attestation.

The experimental results of our proof of concept implementation show the feasibility of our approach.

Further information

Fraunhofer AISEC

Fraunhofer Institute for Applied and Integrated Security AISEC under the responsibility of Prof. Dr. Claudia Eckert is one of the leading research institutions in Europe. Fraunhofer AISEC is focused on development of application-oriented security solutions and their precise and tailored integration into existing systems. Core competences of over 90 scientific and technical members of staff lie in the areas of hardware security and the security of embedded systems, product and intellectual property protection, network security, and security in cloud- and service-oriented computing. Fraunhofer AISEC’s clients operate in a variety of industrial sectors, such as the chip card industry, telecommunications, the automotive industry, and mechanical engineering, as well as the software and healthcare industries. The main goal is to support and improve the competitiveness of our clients and partners in the manufacturing and service sectors as well as those in the public sector.

Newsletter Subscribe