隨著科技的快速發展，諸如電子商務與數位版權管理等系統皆被應用在各式各樣存有敏感性資料的儲存平台上，因此在進行交易或使用應用程式前，先行確保運算平台的狀態與完整性是必需的。為了驗證遠端運算平台完整性，可信賴運算集團(trusted computing group)提出了基於可信賴平台模組所設計的完整性回報系統(trusted platform module based integrity reporting scheme)。然而該方法卻無法抵抗偽裝攻擊(masquerading attack)，除此之外，其他可以抵擋偽裝攻擊的一些現有方法卻會遭受金鑰洩漏攻擊(key disclosure attack)。另一類透過Secure Sockets Layer (SSL)或Transport Layer Security (TLS)來建立安全通道並鎖定身份的方法被使用來抵擋偽裝攻擊，但是該類方法卻嚴重缺乏對隱私性的保護。身份相關訊息的洩漏能使攻擊者輕易的進行社交工程攻擊。因此在本論文中，我們提出一個強化隱私保護並成功抵擋偽裝攻擊以及金鑰洩漏攻擊的完整性回報系統。同時，我們也透過對隱私性的保護，大幅降低攻擊者成功進行社交工程攻擊的可能性。

With the rapid development of information technology, many digital applications take place on heterogeneous platforms storing sensitive data, such as e-commerce, on-line banking, enterprise security, and digital rights management. Ensuring the configurations and system status of the computing platforms is crucial before carrying out the applications. The trusted computing group proposed a trusted platform module based integrity reporting scheme used for verifying the configurations of a remote computing platform. Unfortunately, such scheme is vulnerable to a masquerading attack and existing solutions addressing the masquerading attack however suffered from a key disclosure attack. Alternative identity-based approach had been suggested by employing a secure channel (e.g., the SSL and TLS) for defending the masquerading attack, but the approach however was short of privacy protection. The leakage of identity information may be subject to a social engineering attack. In this thesis, we propose an enhanced integrity reporting scheme with user privacy protection and is free from the masquerading and key disclosure attacks that previous studies are vulnerable to.

[1] F. Armknecht, Y. Gasmi, A.R. Sadeghi, P. Stewin, M. Unger, G. Ramunno, and D. Vernizzi, “An Efficient Implementation of Trusted Channels based on
Openssl,” Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, pp. 41-50, 2008.
[2] N. Aziz, N. Udzir, and R. Mahmod, “Extending TLS with Mutual Attestation for Platform Integrity Assurance,” Journal of Communications, vol. 9, no. 1, pp. 63-72, 2014.
[3] B. Bruno, “Automatic Veri_cation of Correspondences for Security Protocols,” Journal of Computer Security vol. 17, no. 4, pp. 363-434, 2009.
[4] E. Brickell, J. Camenisch, and L. Chen, “Direct Anonymous Attestation,” Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 132-145, 2004.
[5] B. Balacheff, L. Chen, S. Pearson, D. Plaquin, and G. Proudler, “Trusted
Computing Platforms,” Hewlett-Packard Company, 2003.
[6] W. Diffie and M. Hellman, “New Directions in Cryptography,” IEEE Transactions on Information Theory, vol. 22, no. 6, pp. 644-654, 1976.
[7] T. Dierks and E. Rescorla, “The Transport Layer Security (TLS) Protocol
Version 1.2,” IETF RFC 5246, 2008.
[8] A. Freier, P. Karlton, and P. Kocher, “The Secure Sockets Layer (SSL) Protocol Version 3.0,” IETF RFC 6101, 2011.
[9] FIPS 198, “The Keyed-Hash Message Authentication Code (HMAC),” NIST, US Department of Commerce, Washington, D.C., 2002.
[10] K. Goldman, R. Perez, and R. Sailer, “Linking Remote Attestation to Secure Tunnel Endpoints,” Proceedings of the 1st ACM workshop on Scalable Trusted Computing, pp. 21-24, 2006.
Y. Gasmi, A.R. Sadeghi, P. Stewin, M. Unger, and N. Asokan, “Beyond Secure Channels,” Proceedings of the 2007 ACM Workshop on Scalable Trusted
Computing, pp. 30-40, 2007.
[12] ISO/IEC 11889, “Information Technology-Trusted Platform Module,” first edition, 2009.
[13] H. Krawczyk, M. Bellare, and R. Canetti, “HMAC: Keyed-Hashing for Message Authentication,” IETF RFC 2104, 1997.
[14] S. Kent and K. Seo, “Security Architecture for the Internet Protocol,” IETF
RFC 4301, 2005.
[15] M. Dworkin, “Recommendation for Block Cipher Modes of Operation-Methods and Techniques,” http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf,
2001 Edition.
[16] F.B.M. Nor, K.A. Jalil, and J.L.A. Manan, “Remote User Authentication
Scheme with Hardware-Based Attestation,” Proceedings of 4th International
Conference on Software Engineering and Computer Systems, pp. 437-447, 2009.
[17] B. Parno, “The Trusted Platform Module (TPM) and Sealed Storage,” RSA Laboratories' Technical Notes, 2007.
[18] C. Song, B. Liu, Y. Xin, Y. Yang, Z. Li, and H. Yin, “A Security-enhanced
Remote Platform Integrity Attestation Scheme,” Proceedings of the 5th International Conference on Wireless Communications, Networking and Mobile
Computing, pp. 4420-4423, 2009.
[19] A.R. Sadeghi and S. Schulz, “Extending IPsec for Efficient Remote Attestation,” Proceedings of the 14th International Conference on Financial Cryptography and Data Security,, pp. 150-165, 2010.
[20] F. Stumpf, O. Tafreschi, P. Roder, and C. Eckert, “A Robust Integrity Reporting Protocol for Remote Attestation,” Proceedings of the 2nd Workshop on
Advances in Trusted Computing, pp. 25-36, 2006.
[21] R. Sailer, X. Zhang, T. Jaeger, and L.V. Doorn, “Design and Implementation of a TCG-based Integrity Measurement Architecture,” Proceedings of 13th USENIX Security Symposium, pp. 16-16, 2004.
[22] T. Wu, “The Secure Remote Password Protocol,” Proceedings of the Internet Society Network and Distributed Systems Security Symposium, pp. 97-111, 1998.
[23] L. Zhu, Z. Zhang, L. Liao, and C. Guo, “A Secure Robust Integrity Reporting Protocol of Trusted Computing for Remote Attestation under Fully Adaptive Party Corruptions,” Proceedings of Future Wireless Networks and Information Systems, vol. 143 of Lecture Notes in Electrical Engineering, pp. 211-217, 2012.