@ARTICLE{CoSe_TFV1, author = {Andreas U. Schmidt and Andreas Leicher and Andreas Brett and Yogendra Shah and Inhyok Cha}, title = {Tree-formed verification data for trusted platforms}, journal = {Computers \& Security}, year = {2013}, volume = {32}, pages = {19-35}, abstract = {The establishment of trust relationships to a computing platform relies on validation processes. Validation allows an external entity to build trust in the expected behaviour of the platform based on provided evidence of the platform's configuration. In a process like remote attestation, the 'trusted' platform submits verification data created during a start up process. These data consist of hardware-protected values of platform configuration registers, containing nested measurement values, e.g., hash values, of loaded or started components. Commonly, the register values are created in linear order by a hardware secured operation. Fine-grained diagnosis of components, based on the linear order of verification data and associated measurement logs, is not optimal. We propose a method to use tree-formed verification data to validate a platform. Component measurement values represent leaves, and protected registers represent roots of a hash tree. We describe the basic mechanism of validating a platform using tree-formed measurement logs and root registers and show a logarithmic speed-up for the search of faults. Secure creation of a tree is possible using a limited number of hardware-protected registers and a single protected operation. In this way, the security of tree-formed verification data is maintained.}, doi = {10.1016/j.cose.2012.09.004}, url = {http://arxiv.org/pdf/1007.0642v4} }