Ethemba Trusted Host EnvironmentMainly Based on Attestation

Ethemba provides a framework and demonstrator for TPM applications.

💡 Research Summary

The paper presents Ethemba, a comprehensive framework and demonstrator for Trusted Platform Module (TPM) applications, focusing on attestation‑based trusted host environments. Authored by Andreas Brett and Andreas Leicher in 2008, the work is supported by the CREA‑TE‑NET project and Fraunhofer‑SIT. The authors structure the system into several functional layers, each implemented as Java modules that build on the jTSS (Java TPM Software Stack).

1. TPM Ownership Tools – The “ClearOwnership” and “TakeOwnership” utilities wrap the original jTpmtools commands. ClearOwnership resets a TPM to its factory state, optionally using a fixed‑mode switch (/f) that reads a globally configured owner password. TakeOwnership sets a new owner password, creates a new Storage Root Key (SRK), and stores the SRK password. Both tools accept command‑line arguments and provide usage help when invoked without parameters.

2. Known‑Hashes Management – The “ManageKnownHashesList” application processes IMA‑formatted measurement files, converting them into a persistent “KnownHashesList”. It supports append mode (/a), overwrite mode (/o), and an interactive console for viewing, searching, and deleting entries. This database is later used by the Remote Attestation (RA) server to verify that a client’s measured software matches a trusted baseline.

3. AIK Certification (PCA) – The PCAclient and PCAserver implement the Attestation Identity Key (AIK) certification protocol. The client creates an AIK via TPM_CollateIdentityRequest, encrypts the AIK public part and the Endorsement Certificate (EK) with the server’s public key, and sends them to the server. The server decrypts, validates the EK, generates a random nonce, and returns a package containing: (i) a symmetric session key and the hash of the AIK public key encrypted with the EK public key, (ii) the nonce encrypted with the session key. The client activates the identity (TPM_ActivateIdentity) to retrieve the nonce, proves possession of the AIK, and sends the decrypted nonce back. Upon verification, the server creates an AIK certificate, encrypts it with an AES key, wraps the AES key as before, and sends the three‑part response. The client finally decrypts the AES key, retrieves the AIK certificate, stores it in a UUID‑labeled entry in client.TpmKeyDB, and registers the AIK in client.CertDB.

4. Remote Attestation (RA) – The RAclient and RAserver realize the remote measurement protocol. The client obtains a TPM Quote (nonce‑signed PCR values) via the QuoteRetrieval module and sends it, together with a measurement log, to the server. The server uses the pre‑populated KnownHashesList to compare the received measurements against trusted hashes. QuoteValidation checks the signature and nonce freshness. Successful verification yields an attestation of trust; failures are reported with detailed diagnostics.

5. Modular Architecture –

• client package: classes for key creation, certification, data binding/unbinding, quote retrieval, and TPM key database handling.
• server package: corresponding services (PCAserver, RAserver, QuoteValidation, CertifyKeyValidation, ExternalDataBinding, KeyStorage, QuoteValidation).
• net package: NetEntity and NetCommand abstract TCP communication, handling object serialization, encryption, and command framing.
• utils package: cryptographic helpers – AES (encryption/decryption, key/IV generation), SHA‑1 hashing, byte‑hex conversion, object persistence utilities.
• types package: domain objects such as MeasurementList and KnownHashesList, providing constructors, file I/O, search, and containment checks.

6. Supporting Scripts – Two demonstration scripts (demogood.sh and demoevil.sh) showcase a normal attestation flow and a malicious scenario, respectively, allowing users to experiment with both success and failure cases.

7. Configuration & Deployment – Global settings (owner/SRK passwords, server IP/port, etc.) are stored in a configuration file, enabling a “fixed mode” for automated testing. Each component can be packaged as an independent JAR, facilitating deployment in heterogeneous environments.

Key Insights

• The framework tightly integrates TPM command handling with higher‑level security protocols, offering a ready‑to‑use stack for researchers and developers.
• By providing both the client‑side and server‑side implementations, Ethemba enables end‑to‑end testing of AIK certification and remote attestation without requiring external services.
• The inclusion of a KnownHashesList management tool bridges the gap between low‑level TPM measurements and policy‑driven trust decisions.
• Hybrid cryptography (EK‑based asymmetric encryption for session keys, AES for bulk data) is employed consistently, preserving confidentiality and integrity across the network.
• The modular design, clear separation of concerns, and extensive documentation make the framework extensible for future TPM features (e.g., TPM 2.0, sealed storage, or policy‑based access control).

In summary, Ethemba delivers a full‑featured, Java‑based TPM ecosystem that covers ownership provisioning, AIK certification, remote attestation, measurement management, and supporting cryptographic utilities. It serves as both a pedagogical platform and a practical foundation for building trusted computing solutions that rely on TPM‑backed attestation.