Description
Attesting the integrity of individual applications has been possible under iOS and Android devices for
some time now and is used, for example, by banking apps. Typically, application can obtain an attestation
certificate from the operating system, which contains information about the application’s state as well as
the public key of an asymmetric key the application has been provided access to use, but not read-out.
Based on the assumption of a trustworthy operating system or by attesting the operating system separately,
it allows applications to attest their identity to a remote verifier while preserving the user’s privacy on other
applications on the device.
Usually, only complete system attestation is implemented on Linux using a Trusted Platform Module
(TPM) and Integrity Measurement Architecture (IMA). Attesting the entire system’s state poses a
privacy problem, along with poor performance and scalability by IMA. For example, the verifier learns
about all installed applications. We present a few related works that aim to address this problem by,
e.g., implementing namespaces for IMA, solving the privacy problem, but not addressing the performance
issues.
The operating system is considered trustworthy in several scenarios or can be attested to independently
from the applications. Under this assumption, it is possible to implement application-specific attestation
more straightforwardly and without making, e.g., the assumption that a Trusted Execution Environment
(TEE) is available for use.
Because Linux does not have a definition of an application, we focus on attesting to the state of individual
processes. We first outline assumptions, like a trustworthy operating system, and define a number of
requirements, for which we design a system for application-specific attestation on Linux devices utilizing
the kernel keyring to give applications access to a private key without allowing it to be read out. On
request, a certificate is issued containing measurements about the process obtained from, i.e., the Process
Filesystem (ProcFS). This allows individual applications to attest their state without including information
about other applications on the device. We evaluate our design by implementing a Proof of concept
(PoC) in user space. We demonstrate that our implementation has reasonable performance and the
general viability of implementing application-specific attestation in user-space. This allows us to avoid
kernel modifications, ensuring a high compatibility with mainstream Linux distributions.
|