METHOD AND ATTESTATION SYSTEM FOR PREVENTING ATTESTATION REPLAY ATTACK

US 20090013181A1
Filed: 05/13/2008
Published: 01/08/2009
Est. Priority Date: 07/03/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for preventing an attestation replay attack by an attestation target system in an attestation system including the attestation target system and an attestation request system, the method comprising:

measuring associated components when an event that affects the integrity of the attestation target system occurs;

perceiving identity information in the attestation target system and verifying the perceived identity information;

extending the measured components and the identity information to the size of the register and recording the components and the identity information in a log;

generating an attestation response message including the log and a value of the register when an attestation request message is received from the attestation request system; and

transmitting the generated attestation request message to the attestation request system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are a method and an attestation system for preventing an attestation replay attack. The method for preventing an attestation replay attack in an attestation system including an attestation target system and an attestation request system, the method including: measuring associated components when an event that affects the integrity of the attestation target system occurs; perceiving own identity information and verifying the perceived identity information; extending the measured component and the identity information into a register and logging the measured component and the identity information; generating an attestation response message including values of the log and the register when an attestation request message is received from the attestation request system; and transmitting the generated attestation response message to the attestation request system. Therefore, the method and an attestation system may be useful to provide an additional simple mathematical operation in verifying an attestation message by preventing an attestation replay attack, and thus to minimize performance degradation in the attestation system, compared to the conventional attestation processing mechanisms.

38 Citations

View as Search Results

13 Claims

1. A method for preventing an attestation replay attack by an attestation target system in an attestation system including the attestation target system and an attestation request system, the method comprising:
- measuring associated components when an event that affects the integrity of the attestation target system occurs;
  
  perceiving identity information in the attestation target system and verifying the perceived identity information;
  
  extending the measured components and the identity information to the size of the register and recording the components and the identity information in a log;
  
  generating an attestation response message including the log and a value of the register when an attestation request message is received from the attestation request system; and
  
  transmitting the generated attestation request message to the attestation request system.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the perceiving of identity information and the verifying of the perceived identity information comprises:
    - detecting whether the identity information is initially set or changed;
      
      verifying whether the detected identity information is counterfeited; and
      
      extending the identity information into the size of the register and recording the extended identity information in the log when the verification of the identity information is successful.
  - 3. The method of claim 2 wherein the verifying of whether the detected identity information is counterfeited comprises:
    - perceiving a network address for the use as the identity information;
      
      generating a random number;
      
      transmitting the random number to a trusted third party (TTP) by using the perceived network address as a source address;
      
      receiving signature for the generated random number and the source address from the trusted third party (TTP) and verifying the received signature; and
      
      confirming that the perceived network address is a valid address that is able to communicate with external networks when the verification of the signature is successful.
  - 4. The method of claim 1, wherein the attestation response message includes the log and the register value, the signature for the random number included in the request message and the register value, and a certificate for a public key that is able to confirm the signature.

5. A method for preventing an attestation replay attack by an attestation request system in an attestation system including an attestation target system and the attestation request system, the method comprising:
- transmitting an attestation request message including a random number to the attestation target system;
  
  receiving the transmitted attestation request message including a log recording identity information of the attestation target system, and a value of a register extending the identity information; and
  
  verifying the attestation request message to confirm reliability of the attestation target system.
- View Dependent Claims (6)
- - 6. The method of claim 5, wherein the verifying of the attestation request message to confirm reliability of the attestation target system comprises:
    - verifying the signature and a certificate for an attestation identity key that is able to confirm the signature in the attestation request message;
      
      reconstructing a register'"'"'s own value using the log recording the identity information when the verification of the signature and the certificate is successful;
      
      confirming whether the reconstructed register value is equal to the register value in the attestation request message; and
      
      determining the attestation target system to be trusted when the verification of the identity information is successful by judging reliability of all components recorded in the log and verifying whether the identity information in the log is equal to the identity information of the attestation target system when the two register values are equal to each other.

7. An attestation system for preventing an attestation replay attack including an attestation target system and an attestation request system for making an attestation request to the attestation target system, wherein the attestation target system comprises:
- an integrity measurement block for measuring associated components when an event that affects the integrity of the attestation target system occurs;
  
  an identity information verification block for perceiving identity information of the attestation target system and verifying the perceived identity information;
  
  an information recording block for recording the measured component and the identity information in a log;
  
  a security block including a register for extending and storing the measured components and the identity information; and
  
  an attestation service block for generating an attestation response message including the register value and the log in which the identity information is recorded, andwherein the attestation request system receives an attestation response message from the attestation target system on the attestation request and confirms that the attestation response message is generated in the attestation target system.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The attestation system of claim 7, wherein the identity information contains a network address, a serial number, a domain name and a host name.
  - 9. The attestation system of claim 7, wherein the identity information verification block detects the identity information and verifies whether the identity information is counterfeited when the identity information is initially set or changed.
  - 10. The attestation system of claim 9, wherein the identity information verification block generates a random number, sets the network address into a source address, receives signature for the generated random number and the source address from a trusted third party (TTP), and verifies the received signature to confirm that the perceived network address is a valid address that is able to communicate with external networks.
  - 11. The attestation system of claim 7, wherein the information recording block extends the identity information by converting a value of the identity information into a size of the register by using a predetermined algorithm when a size of the identity information is great than the size of the register.
  - 12. The attestation system of claim 7, wherein the attestation response message includes the register value and the log in which the identity information is recorded, the signature for the random number included in the request message and the register value, and a certificate for a public key that is able to confirm the signature.
  - 13. The attestation system of claim 12, wherein the attestation request system verifies the signature for the register value using the certificate and the public key, reconstructs the register value using the log, compares the reconstructed register value with the signed register value to check the reconstructed register value equal to the signed register value, determines if all the components recorded in the log are trusted, and determines whether the attestation target system is able to be trusted when the verification of the identity information is successful by verifying whether the identity information in the log is equal to the identity information of the attestation target system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute
Original Assignee
Electronics and Telecommunications Research Institute
Inventors
Han, Jin Hee, Jun, Sung Ik, Choi, Su Gil

Application Number

US12/120,154
Publication Number

US 20090013181A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/123 received data contents, e.g...

METHOD AND ATTESTATION SYSTEM FOR PREVENTING ATTESTATION REPLAY ATTACK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

38 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND ATTESTATION SYSTEM FOR PREVENTING ATTESTATION REPLAY ATTACK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links