Brief Introduction to IMA

The content of this article comes from http://domino.research.ibm.com/comm/research_people.nsf/pages/sailer.ima.html

What is IMA:

IMA is a remote authority that allows remote users to trust that the system is running programs securely and reliably.

Another explanation: IMA is a software architecture and an implementation on Linux, he can use the current runtime attribute of another system to provide evidence that the system can be verified. This is a bit difficult, that is, the properties of other systems that we need to measure, some of these attributes can be used as IMA measurements, which can be used to measure the reliability of the software environment of other systems.

Use the evidence of IMA to ensure the reliability of the software environment of the measurement system.

How is work:

In the implementation of Linux kernel, IMA is first started, and then it can calculate the sha1 value of the program before all programs run. This sha1 can uniquely identify a program and its runtime environment.

There are three prerequisites for verifying whether the target system is trusted through IMA: 1. We need fingerprint data of a trusted system, there are various software running sha1 values 2. Then, during verification, the data cannot be modified. In this way, we can judge the reliability of a software. 3. sha1 secure hash algorithm, which ensures that the hash values of unused programs are certainly different. (Just my personal understanding)

1. the challenging party generates a random number. This random number is used to ensure that data sent from the attesting party is not modified.

2. Pass the random number nonce to the attesting party.

3. Attesting party generates the measuremeat list and {nonce, PCR} PCR of the system in the following way:

in PCR: TPM-signed aggregate from step 3in MList: Measurement list from step 3 {   uchar PCR_tmp[20] = {0...0}   for (i=0; i<MList.len; i++)        PCR_tmp = SHA1(PCR_tmp|MList[i])   if (PCR == PCR_tmp)        return OK   else        return INVALID }

4. the challenging party first verifies the digital signature of TPM. It can be verified by the nonce sent to the attesting party. If the result is successful, the attesting party gives feedback.

5. This step is used to verify whether the measurement list has been modified. If the calculated pcr_tmp is the same as the sent PCR, it proves that it has not been modified.

6. In this step, we will compare the imported list with our previous fingerprint database. If the list content can be found in the database, it will prove that the software system is trustworthy.

Trade-offs & Challenges:

It is worth mentioning that the use of nonce ensures that the measurement list sent from the attesting party must be up-to-date, otherwise it will not match the challenge party verification.

TPM plays an important role in all environments. Because TPM is a hardware device, it can be accessed only by the kernel without being modified by other software. Therefore, TPM-based authentication requires a complete set of public key infrastructure.

Welcome to my blog http://www.fuxiang90.me /? P = 534