It is becoming increasingly important that a computer that seeks to communicate with another computer be able to ensure that the other computer can be trusted. For example, information for financial transactions and other sensitive information are increasingly being transferred between computers over public networks such as the Internet. In order to ensure the authenticity and security of this data, it is important that a level of trust be established between the sending and receiving computers.
To meet this need various solutions have been proposed. For example, the Trusted Computing Group (TCG) has defined a set of specifications for establishing trust between two or more computing devices, which are hereby incorporated herein by reference. The specifications define a set of information (e.g., measurements) that are maintained by a computing device and a solution for maintaining and communicating these measurements in a secure manner. The measurements represent the components of the computing device and the configuration thereof. For example, the measurements typically reflect the various pieces of a basic input output system (BIOS) and firmware that are implemented on the computing device as well as the configuration information that controls the behavior of these pieces (e.g., “BIOS settings”). The measurements also reflect the hardware itself, such as a type and version of a processor, a size of the main memory, types of peripheral controllers present in input/output (I/O) bus slots, and/or the like. The measurements are kept in a “log” that is secured by a set of Program Configuration Registers (PCRs). The PCRs serve as cryptographic proof that the log is intact and has not been tampered.
FIG. 1 shows a prior art computing infrastructure 100 for evaluating trust between computing devices 102 and 104. Using the TCG architecture as an exemplary solution, validation system 106 on computing device 102 (e.g., “the challenger”) requests an attestation from another computing device 104. The attestation comprises the measurements and the corresponding PCR values (e.g., device measurements 110) combined and cryptographically signed by an attestation system 108 of the computing device 104. In the TCG architecture, attestation system 108 is referred to as a Trusted Platform Module (TPM), and comprises a chip built into a motherboard for computing device 104. Subsequently, validation system 106 evaluates the attestation using a set of reference measurements 112, which represent all approved results. If the evaluation indicates that the computing device 104 may have been tampered with, a transaction can be aborted before any sensitive information is exchanged. Otherwise, the transaction can proceed with computing device 102 having established a certain level of trust with computing device 104.
In another application, the TCG architecture can be used to ensure that various computing devices 104 conform to an appropriate policy. To this extent, computing device 102 can be used by a system administrator or the like, and can query multiple computing devices 104 in a network and compare the device measurements 110 received for each computing device 104 to a “golden master” set of reference measurements 112. In this case, if device measurements 110 match reference measurements 112, the corresponding computing device 104 is considered conformant and/or trustworthy. However, when device measurements 110 do not match reference measurements 112, the corresponding computing device 104 can be isolated from the remaining computing devices 104 and/or repaired.
Since the process of validating measurements must account for variability in the measurements received from various computing devices 104, e.g., different ordering of entries in a log, the validation process can be very complex. As a result, current solutions provide a centralized approach, in which a single computing device 102, often with the direct interaction of a system administrator, evaluates numerous other computing devices 104 and/or provides any required fixes. However, these solutions do not scale well and are subject to failures and/or delays that create security lapses.
To this extent, a need exists for a solution for evaluating trust in a computer infrastructure that addresses the problems discussed herein and/or other problems recognizable by one in the art.