ASYNCHRONOUS ATTESTATION SCHEME FOR PRESERVING THE INTEGRITY OF LONG-TERM DIGITAL ARCHIVES
Open Access
- Author:
- Mani, Dhivakar
- Graduate Program:
- Computer Science and Engineering
- Degree:
- Master of Science
- Document Type:
- Master Thesis
- Date of Defense:
- March 04, 2009
- Committee Members:
- Trent Ray Jaeger, Thesis Advisor/Co-Advisor
Trent Ray Jaeger, Thesis Advisor/Co-Advisor
Patrick Drew Mcdaniel, Thesis Advisor/Co-Advisor - Keywords:
- Asynchronous Attestation
Integrity
TPM - Abstract:
- Increasing number of organizations want to retain data like customer records, business application data, e-mail and databases, for well over 50 or 100 years. In most cases the lifespan of the storage devices and the applications are far less than the perceived time of data retention. The archived data may have to be physically and logically migrated from one device or format to another at intermediate points in time to prevent data corruption. In this report the challenge of asserting the integrity of the archived data in the future even in the absence of the originator of the data is discussed. The Trusted Platform Module along with a Trusted Time Server is used to attest and verify the integrity of an archive tool running in the user domain of a Xen Virtual Machine. The root of trust installation is followed for the root domain (Dom-0) of the Xen Virtual Machine Monitor and a virtual Trusted Platform Module (vTPM) is used to attest the integrity of the system state of the user domain (Dom-U) created in the Dom-0. A trusted Time Server is used to create time-stamped Dom-U attestations. The attestations provide an integrity proof of the system state of Dom-U and Dom-0 by including the PCR values of the vTPM and the integrity state of the archive by including the Merkle hash tree of the file-system that was archived. An archive manager is used to manage the security information of the archives. The archive manager does a verifiable, periodic re-keying of the content proofs with a new signing key pair. It also generates proofs from the content proofs in response to a challenge from a remote verifier. The proofs can be used to verify the integrity of the system state of Dom-U and Dom-0, the archive tool and the archive content over a period of time. The protocol of the archive process, the archive manager and the trusted time server is detailed and analyzed in this report. The proposed protocol will enable the archive manager to prove the integrity of archive content proofs (which were created years ago) to a remote third party.