MCPKI-based certificate chain extension scheme for vTPM

Zhentao Xiao; Pan Dong

doi:10.1117/12.3031946

6 June 2024 MCPKI-based certificate chain extension scheme for vTPM

Zhentao Xiao, Pan Dong

Proceedings Volume 13175, International Conference on Computer Network Security and Software Engineering (CNSSE 2024); 131751I (2024) https://doi.org/10.1117/12.3031946
Event: 4th International Conference on Computer Network Security and Software Engineering (CNSSE 2024), 2024, Sanya, China

Abstract

To meet the trust requirements of complex environments such as cloud platforms, physical trust modules are often virtualized into virtual Trusted Platform Module (vTPM) to function as the root of trust for each virtual machine or container. In remote attestation, vTPM utilize hardware-TPM-based certificate chain extension schemes to ensure its trustworthiness. Existing vTPM certificate chain extension schemes must turn to Privacy Certificates Authority (PCA) for new certificate during every attestation, however, result in excessive computational and communication overheads. To address this issue, this paper proposes a vTPM certificate chain extension scheme based on Multi-Certificate Public Key Infrastructure (MCPKI). This scheme allows unsigned sub-certificates to have the same legitimacy and identity as the root certificate through certificates correlation. In this way, vTPM can have multiple certificates with valid identity and only need to apply to PCA once, which reduces the performance loss caused by repetitive validation in traditional certificate chain extension schemes and enhances the efficiency of Privacy CA certificate issuance. Furthermore, certificate generation is handled by the local vTPM, reducing communication overheads. A new trusted third-party Verification Certificate Authority (VCA) is introduced to share the validation workload of Privacy CA and reduce the reliance on Privacy CA in certificate chain extension. The experiment results demonstrate that this scheme outperforms traditional certificate chain extension schemes in scenarios with multiple certificates requirement.

(2024) Published by SPIE. Downloading of the abstract is permitted for personal use only.

Citation Download Citation

Zhentao Xiao and Pan Dong "MCPKI-based certificate chain extension scheme for vTPM", Proc. SPIE 13175, International Conference on Computer Network Security and Software Engineering (CNSSE 2024), 131751I (6 June 2024); https://doi.org/10.1117/12.3031946

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members: $17.00

Non-members: $21.00 ADD TO CART

PROCEEDINGS
9 PAGES

DOWNLOAD PAPER SAVE TO MY LIBRARY

GET CITATION

RIGHTS & PERMISSIONS

Get copyright permission Get copyright permission on Copyright Marketplace

KEYWORDS

Principal component analysis

Clouds

Computer hardware

Cloud computing

Virtual reality

Computer security

Data privacy

Show All Keywords

Keywords/Phrases

Search In:

Publication Years