RATLS: Integrating Transport Layer Security with Remote Attestation

Research output: Contribution to book/Conference proceedings/Anthology/ReportConference contributionContributedpeer-review

Contributors

  • Robert Henry Walther - , Chair of Operating Systems (Author)
  • Carsten Weinhold - , Barkhausen Institut (Author)
  • Michael Roitzsch - , Barkhausen Institut (Author)

Abstract

We present RATLS, a companion library for OpenSSL that integrates the Trusted Computing concept of Remote Attestation into Transport Layer Security (TLS). RATLS builds upon handshake extensions that are specified in version 1.3 of the TLS standard. It therefore does not require any changes to the TLS protocol or the OpenSSL library, which offers a suitable API for handshake extensions. RATLS supports remote attestation as part of a complete TLS handshake for new connections and it augments session resumption by binding session tickets to the platform state of TLS peers. We demonstrate that RATLS enables both client and server to attest their respective software stacks using widely-used Trusted Platform Modules. Our evaluation shows that the number of round trips during handshake is the same as for traditional TLS and that session resumption can reduce cryptographic overhead caused by remote attestation for frequently communicating peers.

Details

Original languageEnglish
Title of host publicationApplied Cryptography and Network Security Workshops
PublisherSpringer, Cham
Pages361–379
Number of pages19
Edition1
ISBN (electronic)978-3-031-16815-4
ISBN (print)978-3-031-16814-7
Publication statusPublished - 24 Sept 2022
Peer-reviewedYes

External IDs

Scopus 85140481071

Keywords

Keywords

  • Remote attestation, TLS, TPM, Trusted computing