Towards a Backdoorless Network Architecture Based on Remote Attestation and Backdoor Inspection
This addresses security risks for systems relying on trusted hardware, but it appears incremental as it builds on existing attestation techniques.
The paper tackles the problem of backdoors embedded in devices by developers, which are not mitigated by existing network access control methods, by proposing a novel architecture that integrates remote attestation and backdoor inspection, where inspection results are stored and checked during attestation.
To keep a system secure, all devices in the system need to be benign. To avoid malicious and/or compromised devices, network access control such as authentication using a credential and remote attestation based on trusted hardware has been used. These techniques ensure the authenticity and integrity of the devices, but do not mitigate risks of a backdoor embedded in the devices by the developer. To tackle this problem, we propose a novel architecture that integrates remote attestation and backdoor inspection. Specifically, the backdoor inspection result is stored in a server and the verifier retrieves and checks the backdoor inspection result when the remote attestation is performed. Moreover, we discuss issues to deploy the proposed architecture to the real world.