International Conference on Computing and Intelligence Systems

Pages: 1242 1245

Volume: 04, Special Issue: March 2015

ISSN: 2278-2397

Trusted Attestation Key with Windows

Management using Direct Anonymous
Attestation Protocol
E.Padma1, S.Rajalakshmi2
1

Research Scholar, SCSVMV, University, Enathur Kanchipuram, TamilNadu.

Director, SJCAC, SCSVMV, University, Enathur, Kanchipuram, Tamil Nadu.
Email: mailtopadma@kanchiuniv.ac.in rajalakshmi.s@kanchiuniv.ac.in

Abstract-The Trusted Platform Module (TPM)

is a hardware chip designed to enable computers
to achieve a greater level of security. The TPM is
at the heart of the Trusted Computing initiative,
and thus it provides the root of trust for many
applications. In the Distributed Environment all
the systems are connected together with a limited
bandwidth.The security feature deals with the root
of trust using Trusted Attestation Key. The
Trusted Attestation Key will increase the security
feature by the concept of DAA protocol. Direct
anonymous attestation (DAA) protocol is a special
digital signature primitive, which provides a
balance between signer, authentication and system
privacy. An issuer is in charge of verifying the
legitimacy of users and DAA credential issued to
each signer. Trusted Attestation Key can be used
as a tool for authenticity. The TAK is the
authenticated key generated for each individual
and holds the secret signing key in the remote
server database. Authentication can be applied at
the
level
of
Windows
Management
Instrumentation (WMI) for accessing the
information through remote connection. WMI
tools can be implemented using Distributed
Management Task Force (DMTF). The
authentication to the distributed system
environment with Distributed Shared Memory
(DSM) can be modeled with the Trusted Platform
Technology.
Keywords - Trusted Platform Module, Trusted
Attestation Key, Direct Anonymous Attestation,
Authentication, Distributed Shared Memory
I. INTRODUCTION
The distributed environment and network
computing are widely used in the organization of
computer system. The security feature for the remote
accessing system has become an important problem
for various users. To provide more security for the
verification and authentication of the user Trusting
Computing can be widely used [3]. The Trusted
Computing as a hardware chip enables the security
feature with limited exemptions. The TPM is designed
to protect against or mitigate the probable damage

International Journal of Computing Algorithm (IJCOA)

created by various kinds of threats and attacks.

Trusted Computing in the field of software using the
Direct Anonymous Attestation protocol [16] will
prove the model to be more secure. The security for
the distributed systems will be provided enormously
using the verification and attestation key.
The DAA credentials have to be assigned to each
individual. In the distributed environment, Digital
Signature deals with coordination of different
resources [13]. Trusted Attestation Key provides a
facility for accessing large number of users remotely
using Windows Management Instrumentation. The
Trusted Computing Platform (TCP) has to be
integrated with Trusted Platform Module (TPM), in
order to protect the sensitive information [9].The TCP
can improve the security feature of Virtual Private
Environment by providing proper authentication using
the Attestation Key with Shared memory space.
Windows Driver Model provides set of extensions for
the
concept
of
Windows
Management
Instrumentation.
The driver model provides an operating system
interface for the information and notification provided
by the instrumented components. Web-Based
Enterprise Management (WBEM) and Common
Information Model (CIM)is the implementation tool
of Windows Management Instrumentation which has
been basically designed from the Distributed
Management Task Force (DMTF) [18]. The
Authenticity can be matched using Machine
Authentication Code. The purpose of WMI is to
define a proprietary set of environment-independent
specifications which allow management information
to be shared between management applications. The
Authentication code can be generated using the Secure
Hashing Key. Windows Management Instrumentation
Tool such as MOF compiler MOFComp.exe compiler,
WMI Administrative Tools, WBEMTest.exe, WMI
command line tool (WMIC), WBEMDump.exe,
WMIDiag.vbs serve as an authentication provider for
remote calling [18].

1242

International Conference on Computing and Intelligence Systems

Pages: 1242 1245
II. WORK RELATED TO TPM AND
DISTRIBUTED COMPUTING ENVIRONMENT
A. Current Security Model of Distributed Computing
The existing Trusted Platform Module with
distributed system gives less performance feature[17].
The Trusted Computing Group provides large number
of services for more number of distributed systems to
be accessed. The Security model of Distributed
System alone deals with Secrecy, Integrity,
Availability and Accountability. The Secrecy feature
deals with controlling the read information. Integrity
deals with how Information changes are used. The
term Availability prompts access to information and
resources. The Accountability service provides
information about the individual users who had
accessingright [11]. The Security of Information is
concerned with human user authentication, and peerto-peer
authentication.
In
the
distribution
environment, the communication demands more
security between entities. The Security messages with
full protection can be transported. The process of
cryptographic computing reduces the performance of
the system.In the distributed computing environment,
the protection given to the certificates are not secured
[3]. In the current scenario, the distributed system
does not define the root of trust. The Challenges of
the exempted performance can be defined in future
using the attestation and verification for each user
individually.
B. Challenges of Distributed Computing Environment
The challenges for distributed computing with
growingdemands for various applications are
increasing. Apart from reliability, performance,
availability and many other entities such as security,
privacy, trustworthiness, situation awareness,
flexibility and rapid development of various
applications have also become important [2].
Research in security, storage systems, simplifying
management, and reliability is likely to lead to the
creation of important new knowledge and design
[10].The Security policies for the distributed users
using their resources are limited. The scope of the
security mechanism has to be implemented with
proper services. Each individual user has to maintain
their own verifiers for accessing any available
resources with the prescribed mechanism. The
requirements for the distributed users are to be
enhanced with the feature of Attestation.
III. TRUSTED COMPUTING TECHNOLOGY
The basic features of TPM include configuration
management and basic cryptographic operation. The
configuration management is the main design goal of
TPM [9]. The hierarchical policies of security
features are enforced by Trusted Platform
Module.The various confidence and trustworthiness
levels for authenticated platform are focused by

International Journal of Computing Algorithm (IJCOA)

Volume: 04, Special Issue: March 2015

ISSN: 2278-2397

trusted computing system.In the proposed work WMI

concept combined with Trusted Computing Group
(TCG) has been adopted for higher security.The
distinguishing feature of TCG technology is arguably
the incorporation of roots of trust into computer
platforms[3].In turn, the trusted software services are
concerned with the authenticated features for various
system modules.Platform Configuration Registers
(PCR) with more security feature can be adopted to
evaluate each componentof the system [1 & 4]. The
trusted computing can be combined with Windows
Management Instrumentation to provide security for
remote connection. The information can be remotely
stored using Common Information Model.
IV. PROPOSED METHODOLOGY
In the proposed methodology, the attestation
key algorithm plays a role of attesting the authorized
user to access the data remotely and to maintain the
integrity with proper Efficiency Factor. Remote
connections can be established between various users
for accessing the information by issuing attested key.
The key will be generated using Secure Hash Code.
The generated key will be used by each individual to
share the distributed resources and database for
remote users. Therole of Distributed Management
Task Force is to manage remote calls in a server. The
information can be stored in Distributed Shared
Virtual Memory (DSVM) for various users as each
individual has separate local shared memory. The
attestation algorithm checks for the authorization and
then grants the right for accessing the information
temporarily stored as buffered data. The algorithm
then checks for the verification phase by the trusted
user with the encrypted attested key. In this phase, the
signature of the trusted party will be verified using the
cryptographic cryptosystem. The TAK Algorithm
along with Direct Anonymous Attestation protocol
can measure the efficiency of resources that are
accessed from the virtual memory for large scale of
memory access. Remote server maintains all
information about each individual user. WMI tools
use Common Information Model to store the
information more secure. WMI administrative tool
then manages separate identification for the users to
access the necessary information. The security
features for the integrity and trustworthiness can be
measured using the algorithm.
A.Algorithm
Begin
Step 1: Enter the login information
Step 2: Check for the Intruders
If password matches with encrypted data
Go to step 3
Else
Go to step1
End if
Step 3: Allocation of space in distributed shared
memory

1243

International Conference on Computing and Intelligence Systems

Pages: 1242 1245
Step 4: grant permission from WMI
Step 5: check for the size of information to be
accessed
If size exceeds the relevant fixed size
Go to step3
Else
Go to step6
End if
Step6: Access information
End

Volume: 04, Special Issue: March 2015

ISSN: 2278-2397

TPM

Distributed
Environment
DAA

FIG 2: DISTRIBUTED ENVIRONMENTWITH DAA

Computer
A

A connectstoB

Computer
B

,,

FIG1:REMOTE
CONNECTION

B.Algorithm Explanation
The proposed algorithm first allows the user to
login to the system. It then checks for the intruders. If
intruders try to access the information it will not
permit to proceed. Again it will check for the
authorization of the user. After checking the system
will allocate space in distributed shared memory and
also it grants permission from windows management
instrumentation. The information tobe accessed by the
user should not exceed the fixed size. The encrypted
data stored in the server will check for the Machine
Authentication Code before it allows to access the
information.
V. ROLE OF DAA IN DISTRIBUTED
COMPUTING ENVIRONMENT
Direct Anonymous Attestation (DAA) is a scheme
developed by Brickell, Camenisch, and Chen [12] for
remote authentication of a security hardware module
called Trusted Platform Module (TPM) which is the
core component of trusted computing platform [7].
The remote authenticity can be verified using security
in Windows Management Instrumentation (WMI).
The Distributed Component Object Model handles
remote calls for Trusted Attestation Key. TAK plays
a major role in designing the verifier and signer
authenticity. The password based authentication can
be generated as an anonymous permission to all
authenticated users. Distributed Environment has the
capacity of Fault Tolerance rather than network
operating environment [6 & 8]. In distributed
environment the local memory of different machines
can be integrated into a single logical entity by
cooperating processes on multiple sites. The shared
memory exists virtually for each process.

International Journal of Computing Algorithm (IJCOA)

DAA Algorithm deals with the concept of

Attestation key. The keys involved in DAA provide
signing and verifying authority for all the distributed
users. The Algorithm contains full protection with
password based authentication. The Distributed
Computing Environment needs more security feature
to protect from the intruders [14& 15]. As a view the
Trusted Attestation Key has been designated as a
protected key for remote access. DAA Algorithm
deals with distributed resource sharing in the form of
allocating each system a privacy enhancing measure.
The counter value is kept for easy identification of
each and every system using Trusted Attestation Key
(TAK). The Trusted party alone can have the access
with the shared resource. The Algorithm finds the
intruder while signing in. Remotely the Authorisation
can be verified using the Concept of Distributed
Management Task Force. When large number of
distributed users sign in at the moment and access the
system, the DMTF will grant permission only to the
authenticated users. To track the efficiency factor a
register is maintained separately called Efficient
Configuration Register (ECR). The ECR will maintain
the record of individual user from the distributed
environment and work with full trustiness feature. The
Efficiency factor can be calculated using the register
value along with the counter value that has been
generated. All the system remotely accessed can be
given identification to know the trustworthiness.

Trusted
Attestation Key
Distributed
Shared
Memory
Distributed
Environment

FIG 3: ARCHITECTURE OF DISTRIBUTED

ENVIRONMENT WITH DSM AND
TRUSTEDATTESTATION KEY

1244

International Conference on Computing and Intelligence Systems

Pages: 1242 1245
VI. BUILD TRUSTED ENVIRONMENT WITH
ATTESTATION KEY

[2]

The trusted computing mechanism provides a way

to establish a secure environment. The trusted
computing model is designed to provide privacy and
trust for authenticated users [3]. Distributed
computing should involve a large amount of entities,
such as users and resources from different sources.
The attestation process is important for
authentication. The model for direct anonymous
attestation is varied based on the signature. Each
system is digitized with verification and signing. In
this paper the new concept of DAA with Trusted
Attestation Key as a security feature has been adopted
for the distributed system to work without any
interruption of the intruders. Theroot of trust for all
the users and how far the accessing varies with one
user to another user can also be measured with the
Attestation. The ECR will maintain separate register
for all the users who are connected together to access
the system. There are some pitfalls with the generated
attested keys which are stored in the server for
Distributed Shared Memory security. The DAA plays
a role to rectify the vast amount of unauthorized
authorities to access the system [5]. The trusted
environment can be build with the authentication
protocol which can be exchanged between the user
and the server.

[3]

VII. CONCLUSION
In this paper Attestation key for DAA scheme
called Trusted Attestation Key has been defined to
measure the usage of authorized remote users for
accessing the information stored in Distributed
Shared Memory. The Authentication can be
confirmed with the signing model. The limitation of
this work is allocating Distributed Shared Virtual
Memory and bandwidth for more number of users
which can be taken up as future work. The distributed
computing environment works with heterogeneity
feature. The DSM systems built for single user
environment need not address the heterogeneity
issues. The Trusted Computing environment has the
root of trust with the DAA protocol. The performance
feature of the distributed system has to be further
redesigned as a future work. The security mechanism
for Trusted Attestation Key has to be further
measured
with
Windows
Management
Instrumentation. The Efficiency Factor for distributed
shared memory with large scale performance has to
be configured with Distributed Component Object
Model as a future work.

[1]

[4]

[5]

[6]

[7]

[8]

[9]
[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

Volume: 04, Special Issue: March 2015

ISSN: 2278-2397

Yau, Stephen S , High Performance Computing and

Communications (HPCC), 2011 IEEE 13th International
Conference on 2-4 Sept. 2011.
Zhidong Shen, Qiang Tong ,The Security of Cloud
Computing System enabled by Trusted Computing
Technology, 2010 2nd International Conference on Signal
Processing Systems (ICSPS)
Stueble C, Zaerin A. TSS A simplified trusted software
stack. Proceedings of the 3rd International Conference on
Trust and Trustworthy Computing (TRUST 2010), no. 6101 in
LNCS, Springer Verlag, 2010.
C. Latze, U. Ultes-Nitsche, F. Baumgartner, Extensible
Authentication Protocol Method for Trusted Computing
Groups (TCG) Trusted Platform Modules, Work in
Progress, 2009.
Pirker M, Toegl R, Hein D, Danner P. A Privacy CAfor
anonymity and trust. Proc. Trust 09, LNCS, Vol.
5471.Springer, 2009.
CHEN Xiaofeng and FENG Dengguo, Direct Anonymous
Attestation for Next Generation TPM JOURNAL OF
COMPUTERS, VOL.3, NO. 12, DECEMBER 2008.
Microsoft. TPM Base Services. Microsoft Developer
Network, 2007. http://msdn.microsoft.com/en-us/library/
aa446796(VS.85).aspx [27 May 2011]
Tian Haibo, Wang YuminThe Future Network Security,
China Communications August 2006.
M. Frans Kaashoek Barbara Liskov David Andersen Mike
Dahlin Carla Ellis Steve Gribble Anthony Joseph Hank Levy
Andrew Myers Jeff Mogul Ion Stoica Amin Vahdat, Report
of the NSF Workshop on Research Challenges in Distributed
Computer Systems, Dec 4 2005.
Claus Fritzner,Leif Nilsen And smund Skomedal ,Protecting
SecurityInformationinDistributedSystems,GH29868\91/000
0/0245$01.00@1991 IEEE.
Ernest F. Brickell, Jan Camenisch, Liqun Chen: Direct
anonymous attestation. ACM Conference on Computer and
Communications Security 2004: 132-145.
Elaine Shi, Adrian Perrig, Leendert Van Doorn BIND: A
Fine-grained Attestation Service forSecure Distributed
Systems 2013.
E.Padma, Dr.S.Rajalakshmi The Privacy Feature of Trusted
Computing Technology using the Concept of Direct
Anonymous Attestation with Cloud as a Technique
International Journal of Computer Engineering and
Technology(IJCET), ISSN 0976-6367(Print), ISSN 09766375(Online) Volume 5, Issue 2, February 2014 pp 140-144.
E.Padma, Dr.S.Rajalakshmi An Effective Approach for
Trusted Attestation Key in Distributed Computing
Environment using TPM International Journal of Applied
Engineering Research(IJAER), ISSN 0973-4562 Volume 9,
Number 22(2014) pp 12087-12096
Marwan Ibrahim Alshare, Rossilawati Sulaiman, Mohd
Rosmadi Mukhtar and Abdullah Mohd Zin, A User
Protection Model for the Trusted Computing Environment,
Journal of Computer Science 10(9): 1692-1702, 2014.
Klenk, A., H. Kinkelin, C. Eunicke and G. Carle, Preventing
identity theft with electronic identity cards and the trusted
platform module, Proceedings of the 2nd European
Workshop on System Security, Mar. 31-31, ACM,
Nuremburg,
Germany,
pp:
4451.
DOI:
10.1145/1519144.1519151, 2009.
http://en.wikipedia.org/wiki/Windows_Management_Instrum
entation.

REFERENCES
Ronald Toegl, Thomas Winkler, Mohammad Nauman and
Theodore W. Hong Specification and Standardization of a
Java Trusted Computing API SOFTWARE PRACTICE
AND EXPERIENCESoftw. Pract. Exper. 2011 Published
online in Wiley Online Library (wileyonlinelibrary.com).

International Journal of Computing Algorithm (IJCOA)

1245