Home Results
Results
NaDa Final Documents PDF Print E-mail

The final documents of the Nanodatacenter project are available in here.

 
NaDa Management Demo PDF Print E-mail

The Trusted Bit Torrent protocol, developed within the scope of NaDa, is used for the distribution of content and applications for the Set-Top-Boxes in the NaDa environment.  In contrast to the typical application scenarios of peer to peer protocols like Bit Torrent, the distribution of data in the NaDa context has to be controlled by the central NaDa management. To realize a "realistic" integration of the Trusted Bit Torrent implementation and for measurement purposes, the NaDa management was simulated by using OMF (cOntrol and Management Framework). The relevant part of the management protocol was implemented as an OMF experiment and an OMF application with an interface to the Trusted Bit Torrent application. For the test environment one management server running the OMF experiment controller and ten NaDa clients with an Atom 1.6 GHZ CPU equipped with an Infineon TPM chip were used.  As the clients normally do not run in the environment of the ISP, the state of the clients has to be checked before applications can be  ntegrated into the NaDa network. The system state of the NaDa clients is verified by remote attestation using the TPM chip of the clients. It is assumed that the Attestation Identity Keys (AIKs) of the NaDa clients are produced in a secure environment and the public AIKs are stored on the NaDa management server. The management server also stores fingerprints (SHA-1) of software which is installed on the NaDa clients (as part of an OS kernel extension) or software which has to be installed on the client like application  lices.  The software which is executed on a client is measured, the fingerprints are stored in a Stored Measurement Log (SML), and the fingerprints are inserted into a certain TPM PCR register. The current SML of the client and the signed value (using the AIK of the client) can be used to verify the valid system state by NaDa management.  To secure installation of costumer applications the NaDa OMF application of the client performs an extension of the SML using the fingerprint of the content after successful download by the Trusted Bit Torrent implementation. Thus beside executed code on the NaDa clients virtual images of customer applications become part of the system state, which has to be proved.

The results and measurements of the experiments showed that TPM technology can be successfully applied in a managed peer to peer environment like the NaDa context. The experiment description is available here.

 
Formal Description of the NaDa Architecture PDF Print E-mail

The two most common NanoDataCenter use cases described in Deliverable D 3.2 were modeled and analysed using the SH-Verification Tool. The first use case is the process of putting nodes in to service. The second use case is the exchange of virtual goods. To prove that the fundamental security assumptions suit our requirements we have created a model to determine that our concept can't reach an illegal system state. This was done by creating a system specification using Asynchronous Product Automata to simulate and verify these use cases.


Beside the basic network functionality, the basic functionality for the management and the nodes was specified. The resulting model can simulate the behaviour of unlimited (only limited by the system resources of the analysing computer) count of nodes attached to one management. For certain system configurations the complete reachability graph (graph with all system states) was computed. The first use case, putting nodes in to service, involves the authentication between multiple nodes and the dedicated management. Furthermore takes the registration process also place in this use case. The first exchange of polices, which rule the behaviour of the later exchanged goods, or measurement data are also part of this process. The second use case describes the exchange of virtual goods over a peer to peer network in particular. It's also describes the usage of the ticket mechanism which is used to built up a trustworthy connection between two or more nodes.


We could prove that the system, represented by our model, lead always to a defined system state. All security related information's are distributed always right during the boot or the exchange process. We could also identify the management system as a possible bottleneck during those two scenarios.

The SH verification tool is provided by the Fraunhofer SIT and is available on request, the NaDa model is available here.

 
<< Start < Prev 1 2 3 4 5 Next > End >>

Page 1 of 5