Project

General

Profile

Linux Integrity Measurement Architecture (IMA)

Using Trusted Network Connect (TNC) via IKEv2 EAP-TTLS transport, a TNC Server can do a TPM-based remote attestation of the IMA measurement data collected on a Linux TNC Client.

Activate IMA in the Linux Kernel

Ubuntu 14.04 LTS is one of the few Linux distributions which have IMA capability already compiled into their Linux kernel (CONFIG_IMA=y). This has the advantage that no special kernel must be built which can become quite involved if you intend to use IMA in conjunction with Secure Boot requiring a signed kernel. With Ubuntu 14.04 LTS, activating IMA in the kernel is a piece of cake; just add the boot option ima_tcb to the /etc/default/grub configuration file

GRUB_CMDLINE_LINUX="ima_tcb" 

and automatically generate an updated /boot/grub/grub.cfg file using the command
sudo update-grub

Since SHA-1 has been "shattered" we recommend to use SHA-256 for the file measurement hashes
GRUB_CMDLINE_LINUX="ima_tcb ima_hash=sha256" 

although with the IMA implementation does not support SHA-256 PCR banks yet, so the SHA-256 file hashes are extended into SHA-1 PCR registers.

Configure the IMA Policy

The default IMA policy that is hard-coded into the kernel causes quite a lot of measurement violations which corrupt the content of the PCR10 register so that reliable remote attestation becomes impossible. The cause for the violations is the following default policy entry

measure func=FILE_CHECK mask=MAY_READ uid=0

which measures all files which are read by root. These are mainly configuration files, some of which seem to change during the actual measurement thus causing the violations. We want to overwrite the default IMA policy at the earliest possible boot stage which can be done by adding the following ima_policy script to the /etc/initramfs-tools/scripts/init-top/ directory
#!/bin/sh

PREREQ="" 

prereqs()
{
    echo "$PREREQ" 
}

case $1 in
# get pre-requisites
prereqs)
    prereqs
    exit 0
    ;;
esac

# mount securityfs
SECURITYFSDIR="/sys/kernel/security" 
mount -t securityfs securityfs ${SECURITYFSDIR} >/dev/null 2>&1

# set IMA policy
cat << @EOF > ${SECURITYFSDIR}/ima/policy
# PROC_SUPER_MAGIC
dont_measure fsmagic=0x9fa0
# SYSFS_MAGIC
dont_measure fsmagic=0x62656572
# DEBUGFS_MAGIC
dont_measure fsmagic=0x64626720
# TMPFS_MAGIC
dont_measure fsmagic=0x01021994
# RAMFS_MAGIC
dont_measure fsmagic=0x858458f6
# SECURITYFS_MAGIC
dont_measure fsmagic=0x73636673
# MEASUREMENTS
measure func=BPRM_CHECK
measure func=FILE_MMAP mask=MAY_EXEC
measure func=MODULE_CHECK uid=0
@EOF

Make this script executable
  sudo chmod a+x /etc/initramfs-tools/scripts/init-top/ima_policy

and include it in the initramfs of the latest kernel by executing
sudo update-initramfs -u

IMA-NG SHA-1 Measurement Log

With the updated /boot/grub/grub.cfg boot menu and /boot/initrd.img-3.13.0-xx-generic initramfs in place, you can reboot the Linux client and you should then be able to see the IMA-NG measurement log based on SHA-1 file measurement hashes

ls /sys/kernel/security/ima
ascii_runtime_measurements  binary_runtime_measurements  runtime_measurements_count  violations

sudo cat /sys/kernel/security/ima/runtime_measurements_count
1271

sudo less /sys/kernel/security/ima/ascii_runtime_measurements
10 ef2be9c304d9bbbd8ecb40f0d296176d2b5d3078 ima-ng sha1:4663ed64e5dbbb9755a0914b1a15fa76a1797806 boot_aggregate
10 ef411bae164fd624ea94fc9ef82f892c82d78dcd ima-ng sha1:bbe98e20b850f3907611fb96354b5e007a9179f4 /init
10 bd32e452e14f84eb22d6ac9e9e1c61eeac3cd7a4 ima-ng sha1:dc3e621c72cde19593c42a7703e143fd3dad5320 /bin/sh
10 eefd4a6bebd6b001ff587c2335a3dd03535d5a17 ima-ng sha1:d11ce2e31ab441be705df3061a3d6fb7e41a504e /lib64/ld-linux-x86-64.so.2
10 8e8844cba6dc9df17c6980122890487f818e4b28 ima-ng sha1:34efdbd6d562ac04f7e02195022c3f65f7553bd2 /etc/ld.so.cache
10 1f60da15c941fe25a18ee4e8378f0bf3b447a0ab ima-ng sha1:65228a2bbff8ca52d2040ac55499b348f648cc81 /lib/x86_64-linux-gnu/libc.so.6
10 223eb68bfb9f72922506747d3bc4dd76d813b5da ima-ng sha1:65030975e1f3887efd00fbb568f00409b7c256d0 /conf/arch.conf
10 f548183aeb29921c995b625a93c4acd3ef7faaec ima-ng sha1:feb140057713c4f1e383d79b71f6efdafbed7476 /conf/initramfs.conf
10 de528d81c1c203a597c313f54bbe45d54fd0cc18 ima-ng sha1:2231aa397f5b6327973d8fcaf540735fd1e39496 /conf/conf.d/resume
10 cf9a07066457e26219a6f345957a727b07096d8b ima-ng sha1:2199e965dcc97c6814b78528e5a5e690a29c0fd5 /scripts/functions
10 246635237cb7beaec50809203292f8623db6a83f ima-ng sha1:c7c7f8b3ae433ebe08189f143840f737d7711936 /scripts/init-top/ORDER
10 d0dc06f1a392d4505448572cd520b1ba6e53ff14 ima-ng sha1:4975101256fea3bf1e9a6a9ea5a4d97947f4097d /scripts/init-top/all_generic_ide
10 e2aab17444614530ec77595ef3f361bb00490100 ima-ng sha1:76dfee4b97d5327820a87ad4ec99a132a5f32cca /scripts/init-top/blacklist
10 a3dd75cea37a4330c6abefdeaa291feace1ee3a4 ima-ng sha1:869c43fa9e2c561d612c657ff45eb743beadc873 /scripts/init-top/ima_policy
10 465108cd35c590785a52eaecd9e997a0f570ada5 ima-ng sha1:a3f4886df912c0550f4e32cec1814e7f92e0218b /sbin/init
10 c78f4cecff4b004c9956c84628e6514a4d39881d ima-ng sha1:d11ce2e31ab441be705df3061a3d6fb7e41a504e /lib/x86_64-linux-gnu/ld-2.19.so
10 847203248af633d214e91dd1b3397e9d462771c7 ima-ng sha1:26837b475d0fb26d4256ce1744f52b264d67b58f /lib/x86_64-linux-gnu/libnih.so.1.0.0
10 367f76edbab585e2441bed7ee66fab6c7a1c0dad ima-ng sha1:d52c92a8019c259f40ae1240372dd598c2a1c54c /lib/x86_64-linux-gnu/libnih-dbus.so.1.0.0
10 b35e07f368b2d129dc9f3fd8ae325a9e3cf01a36 ima-ng sha1:d3892d8e70b27c4638ca8fbeceeed0386b7d672e /lib/x86_64-linux-gnu/libdbus-1.so.3.7.6
10 465a4a6342823c30427ca8374de54acb26bbb9fb ima-ng sha1:580764ad1cb67e7c37f49581ebf6369456795440 /lib/x86_64-linux-gnu/libselinux.so.1
10 5e8baf31a7f08a8e103f0f8174a3432e39161262 ima-ng sha1:91de58ef6be75cf952caecab0f2830c5b3527bbc /lib/x86_64-linux-gnu/libjson-c.so.2.0.0
10 d482b0fa3c1755c99380c279d73b77088c2a5d62 ima-ng sha1:011ea7ea14e6874e9da0245e4e6ed472d02814ed /lib/x86_64-linux-gnu/librt-2.19.so
10 a2733a6feac3a4d293af84f2ce47c1305cabc870 ima-ng sha1:65228a2bbff8ca52d2040ac55499b348f648cc81 /lib/x86_64-linux-gnu/libc-2.19.so
10 5da2378816b820601c8c708614784a7b5de5e8b8 ima-ng sha1:9ecd4089b74f1036c9825c2d082356e9ffb964f3 /lib/x86_64-linux-gnu/libpthread-2.19.so
10 cb8fc9859356d3802b365108d4a8baadf9251135 ima-ng sha1:9afccef2b8c4944cd78d25b87bc9198a3cb82406 /lib/x86_64-linux-gnu/libpcre.so.3.13.1
10 a3d30aa5bc7a24c3dd341d2eaa2ae4824915245a ima-ng sha1:cf26e327ee6f69694b080ae66c2572a6cb9c9c66 /lib/x86_64-linux-gnu/libdl-2.19.so
10 8b39d375a031075939a1621b2b470d0284c1f534 ima-ng sha1:c799f2ccebf69f87afc91520793631b3f0b9692b /lib/x86_64-linux-gnu/libnss_compat-2.19.so
10 ffab1636ff997c9b5040b637fe1cbfeae36988a5 ima-ng sha1:b74430744e6927384b34fd93385f8229b53e2dd7 /lib/x86_64-linux-gnu/libnsl-2.19.so
10 980f0b3422677f12d5af8850067e0b777358a013 ima-ng sha1:7fe4a578af95b0ebf1426573d088f110e5cdd8fe /lib/x86_64-linux-gnu/libnss_nis-2.19.so
10 60bd11e71fcd550996d557efaf1206832fe60cc5 ima-ng sha1:e12cc6838353f93bf43663081293d5891479f96f /lib/x86_64-linux-gnu/libnss_files-2.19.so
10 214c1d89e94ef8e89248a9b010cb7c050b6eef37 ima-ng sha1:8599d27418cf321a855d0c79091f1dfd5bec202d /bin/hostname
10 cb69d6e743aa7b96f011e7b74a37493bca7c5c26 ima-ng sha1:647437c3d7543c7c8d381903834c9ef42eb4cf69 /bin/sh
10 8327121efedbc427cf3f1c80d2d02a015fe422b0 ima-ng sha1:99085b3a04ebce2c38b2dee931a23f088e84bb16 /bin/plymouth-upstart-bridge
10 5cd0c8ff35ffe9948c379ee132ba60963875d9f1 ima-ng sha1:7b655b7d4919cbe1948e40fe04ce442217ce1fd9 /lib/x86_64-linux-gnu/libtinfo.so.5.9
10 2d8f5f5298011a4b895d1417da60c07243e0afbc ima-ng sha1:1484087bd1949292c0c01dce666e03a4bfd0de57 /sbin/ureadahead
10 73a0e5567d03f9a010c3172823ec62d4bb6d13e1 ima-ng sha1:9ff8c658248661954e6b4da063284dc18abe2aa5 /lib/x86_64-linux-gnu/libply.so.2.1.0
...
10 815ace588c5cba9c560cbd44f8a805b658b21d22 ima-ng sha1:399e44c073a182583fcb34bff9f1ef22fbe5b03d /lib/modules/3.13.0-24-generic/kernel/drivers/acpi/video.ko
10 dbae20839a6395223f903297da6319a612d6db71 ima-ng sha1:040dbd5ded576311cc48f26263375497bc8db406 /lib/modules/3.13.0-24-generic/kernel/drivers/macintosh/mac_hid.ko
10 78d4061ae87e40df0dae8e32936c021544591356 ima-ng sha1:ea65564f325a81d9e0f70ef99b9edde6ac8c9e77 /lib/modules/3.13.0-24-generic/kernel/sound/soundcore.ko
10 9e970c33401f9894c08d2fc7eeb49aedf5a53771 ima-ng sha1:37a5ab56786ca71e32ab27908284f31e70e08047 /lib/modules/3.13.0-24-generic/kernel/drivers/char/lp.ko
10 485003485053de26f333f86899c2e3fe5089ed23 ima-ng sha1:32f4cb4902bd0dd582b66d0bc1e8b9add55caf3b /usr/bin/python3
10 cdd7d2565cde332628d79244d81f72f9850354f8 ima-ng sha1:d8637c4e8344a8cb70ceb44b108b11a3bea68948 /usr/sbin/rsyslogd
...

Of the 1271 measurement entries only a few of them are shown above. At the outset, with the default IMA policy still in place, a few configuration files such as /conf/arch.conf or /conf/initramfs.conf are measured. But immediately after the installation of the new IMA policy through the execution of the /scripts/init-top/ima_policy initramfs script, only executable files, dynamic libraries and kernel modules are measured. The listing above shows that since Ubuntu 14.04 LTS comes with a Linux 3.13 kernel, the new ima-ng format is used. It can also easily be easily checked that no violations have occured
sudo cat /sys/kernel/security/ima/violations
0

IMA-NG SHA-256 Measurment Log

With the ima_hash=sha256 boot option SHA-256 file measurement hashes are computed before they are extended into the SHA-1 based PCR 10 TPM register

10 ef2be9c304d9bbbd8ecb40f0d296176d2b5d3078 ima-ng sha1:4663ed64e5dbbb9755a0914b1a15fa76a1797806 boot_aggregate
10 c3fa0b0d107aed63fb79c565094c620155dda457 ima-ng sha256:3119179b394d74f83738121cab4276c1d6146f87188835e8f2a171827884d70b /init
10 f8379e4ddbeca9ca68b4cfb01914b7a1773e13be ima-ng sha256:769359bc64a1ffd439f46aa475e92875c3dd630c2dea7b06f750e8c3266ea14c /bin/sh
10 ff896bd90c902ce921b212614b1a2674c82f2acc ima-ng sha256:130a98698ecefb20d4a39e6bb3d37971135197116eedd7d8bef74ee6254f2a5c /lib64/ld-linux-x86-64.so.2
10 d7a77dadf0e8b4bc13443a5551613cc900da87ab ima-ng sha256:5659f1f40a50bda0fa7ae2bba343cc7825afd8bd2ada821750432163a9f0b55c /etc/ld.so.cache
10 a4eaa00d9a70f46f9676a39ecb733a0b58f8ddcc ima-ng sha256:699db793a68e26def43095e6c63366f8104fbef3990d309056fe6ac25d7db2e1 /lib/x86_64-linux-gnu/libc.so.6
10 0f8b2256c6159adfec34fc26b0f70f62b189e9a6 ima-ng sha256:91f2413151b7b0451ce0b6cedc7e5919931acf792d9a26645c0deb3bc230d9fe /conf/arch.conf
10 8780eccc25a7b8788e13eb04f6262315b57c8dd5 ima-ng sha256:383670b244912357c2f2cb8d833521e16b6f49d2cdeee9738f507b8f0a8c87fd /conf/initramfs.conf
10 a347cffebcbd2ef1e253345bd298893a32b47e33 ima-ng sha256:529e29e0dc3e44b5cfd84913015f816614ccc06e60c15a3ce4c886adab4901db /conf/conf.d/resume
10 b39d692c43f4b3c051808fc76aec82c2d4e71e42 ima-ng sha256:5979501cbd4f9ea8e523892d9ddab4592070ebeb6363bd28c7abc9de0f8cc655 /scripts/functions
10 c9a7311a41ab0cfe901c927ea68e016a616e606a ima-ng sha256:1d777386821dcd0a4eac6ca0fb0ee55a34d8e9ab6feb7c7e236ff3f0cde36a4a /scripts/init-top/ORDER
10 2f2cff22a7037335b0a5f7c619e637c172d8121c ima-ng sha256:281e38c908dc03a01105b02c413a7678f5b672dc6b1110875b29051b13c1c59f /scripts/init-top/all_generic_ide
10 dcaaf7d10e0ee90905667424f0a4ee1a4538a3ef ima-ng sha256:7a74c1144fc3838d9ccd22318baf5f8be372f1a478bfb31606d084f771fdf36d /scripts/init-top/blacklist
10 b77eb148007c0f37ac73752c6df723090899118a ima-ng sha256:d2b6e7640229045f014a7c94e5eeb6551f62ca4e029c483a2151bea278d94c70 /scripts/init-top/ima_policy
10 1d4a4f88cc8a1ec220294a77658c44139c5d7494 ima-ng sha256:dac58f4a1852c2b285eac5d56f4944aab373e1df02d3835bdabdf749b59bc3bb /sbin/init
10 2aa2f6f9ae1195ed17ed71bbaa0afcc400de658f ima-ng sha256:130a98698ecefb20d4a39e6bb3d37971135197116eedd7d8bef74ee6254f2a5c /lib/x86_64-linux-gnu/ld-2.19.so
10 a49b885c7abaa1fa514ce133a28095f4fd2b3534 ima-ng sha256:9dad934f022f86d3c38e4e69b9bb27b19fc3616e5d225b5746e35a6bac3559b4 /lib/x86_64-linux-gnu/libnih.so.1.0.0
10 16e38707cb68ee00a77e85b1d77fd0da8f7ce2d2 ima-ng sha256:525ecda56064bab46cb2c15e712b95ed183e1bf983009c76f350526b258b7c19 /lib/x86_64-linux-gnu/libnih-dbus.so.1.0.0
10 3cd0b2acd4f9bbebfdbc19fc29a6abfba13694d7 ima-ng sha256:aa69pki --gen --type rsa --size 2048 aikCaKey80d18c94a64747b058b5a1de06386efcde5b1813408cdc3b3d5a949059fc /lib/x86_64-linux-gnu/libdbus-1.so.3.7.6
10 604ef3d7878bf2d1159e7acc12a71cdee3c6f0db ima-ng sha256:ace311632f0595269750f2ccf6d7b48677b36667ecc0f9a8a55af48e3949f7eb /lib/x86_64-linux-gnu/libselinux.so.1
10 8e57cbbd64ee7f8b35799dfc516f52bf23ef075b ima-ng sha256:42e60674bc1c5e2c93fae14b2f77df9981e4f5a4917fd98fda2b28649de9ba5e /lib/x86_64-linux-gnu/libjson-c.so.2.0.0
10 9aa7d42bf8edc26e9b5b6b4d31843f87eec081c0 ima-ng sha256:aa68f1e8997572b1b15b5f23896183797604c6f24162e8196e688811b481eb98 /lib/x86_64-linux-gnu/librt-2.19.so
10 7ea95197fa906a62ac7a6376d469a1b67b8777c7 ima-ng sha256:699db793a68e26def43095e6c63366f8104fbef3990d309056fe6ac25d7db2e1 /lib/x86_64-linux-gnu/libc-2.19.so
10 dfcf489a4edb9e7bd5f16c87de3b08e5f409a4c3 ima-ng sha256:887098b6012ca53233b2b9f8a1b197db92cf84fa22102ef0a0d0939fde5cc4e7 /lib/x86_64-linux-gnu/libpthread-2.19.so
10 1863860facf716f1375717f8af356f2681b2b2e4 ima-ng sha256:52309d8667704b4f13e9489c5e1cf456a409c3e1b0cf50599b43a0293eafa965 /lib/x86_64-linux-gnu/libpcre.so.3.13.1
10 c3d1f711f903df633a3d7b968639b28598c45088 ima-ng sha256:5db3352b2a01e6b40ff89033e11de7ff82328f7190755be58e46ff283e877254 /lib/x86_64-linux-gnu/libdl-2.19.so
10 5ad591c96158731d7df1c22b6f1ef5e8be7658b2 ima-ng sha256:5c225df00d87a912e483486f047e8d95ed4f5f77122f19c1e026a2a85df3d719 /lib/x86_64-linux-gnu/libnss_compat-2.19.so
10 57d42615d9156587c5df6ca1e705a40ad7934fd3 ima-ng sha256:005703c04fb2044918f49265c851884f3553e06d7e1038ce7568fd6a4d3718ac /lib/x86_64-linux-gnu/libnsl-2.19.so
10 6cd272b1de86ea8e2561c6c37e925dd5733c6f4d ima-ng sha256:4f80010343bcabe62f15a47f4976c1e16db0e6d216b583282e0a28af9d53742e /lib/x86_64-linux-gnu/libnss_nis-2.19.so
10 d31a090754d1ed3dd7972dbc5aa1e9b432a685f2 ima-ng sha256:1635ce50bbfd373777948d72ab8e6c7a5800d385ffcdabac0adc86f2290866fc /lib/x86_64-linux-gnu/libnss_files-2.19.so
10 3dece818ccfba88ceba3e58284620064aa464618 ima-ng sha256:455b569b7267b6adaaa3045a4320565a84fa9906537ea2444ecc78cfc0524f5d /bin/hostname
10 ed893fef90b04e422b079e0c38398b79a0a85dc6 ima-ng sha256:2934648ffdb7b77f507a6dbd3b2b3fbffdbf56c39e29e21849edd2cd5f390b76 /bin/sh
10 317ab93d5a48b7febdff9f60147a7ab82c757450 ima-ng sha256:51d0920b72d7ea12ce3afdb80f361800005c289055ded35c4a8acdb51f9565de /bin/plymouth-upstart-bridge
10 1fab4ecdb4d9fa8d95773a1fdccfda51ebf293aa ima-ng sha256:d554851f0dba84714c1caeb6c30a53577b39d4e9db84c9d03a0b9e9aeb5536e3 /lib/x86_64-linux-gnu/libtinfo.so.5.9
10 855dddedace3549fcc9d1e57f9a8c804975f4f79 ima-ng sha256:2acbebb0af6806ef6e02f8c609d71e9fbdfdd41556e117c54c8d4dcd29604ea2 /sbin/ureadahead
10 7d2b6bba7208b095c47022cf11fc77e26786422b ima-ng sha256:79d91811f0d0a59419500bfbbf7fc7014397d0a59b2679b58b01a2079e2fd999 /lib/x86_64-linux-gnu/libply.so.2.1.0
...

Activate the Trusted Platform Module (TPM)

The strongSwan Attestation Integrity Measurement Collector (IMC) as well as various TPM tools need the TrouSerS open source implementation of the TCG Software Stack (TSS) in order to communicate with the Trusted Platform Module (TPM). Therefore make sure the following packages have been installed.

sudo apt-get install trousers tpm-tools

After installation the tcsd daemon should automatically be started in the background. You can check this by typing
tpm_version
  TPM 1.2 Version Info:
  Chip Version:        1.2.13.8
  Spec Level:          2
  Errata Revision:     3
  TPM Vendor ID:       STM 
  Vendor Specific data: 48
  TPM Version:         01010000
  Manufacturer Info:   53544d20

which should return detailed information on your TPM chip. Next, if you haven't done so yet, you must take ownership of your TPM with the command
sudo tpm_takeownership --owner-well-known --srk-well-known

Currently the TPM Owner and Storage Root Key passwords must be set to 20 zero bytes using the --owner-well-known (-y) and --srk-well-known (-z) options, respectively, since a couple of TPM tools depend on these default values. If the take_ownership command returns with an error saying that the TPM has not been enabled, shut down the host, change into the BIOS menu, enable the Trusted Platform Module or "Security Chip" and reboot.

Set up a Privacy CA

For remote attestation we don't need anyonymity. Quite to the contrary we want to uniquely identify each hardware platform by its Attestation Identity Key (AIK). Therefore we create our own Privacy CA using the pki tool from the strongSwan project. The openssl command could be used as well. This is should be done on a safe computer which is not connected to any network so the private key of the Privacy CA cannot be compromised.

First we generate the private key for the Privacy CA. With a version 1.2 TPM this must be a 2048 bit RSA key.

pki --gen --type rsa --size 2048 > aikCaKey.der

With the current version of the strongSwan aikgen tool it is sufficient to extract the public key of the Privacy CA from the private key file.

pki --pub --in aikCaKey.der > aikCaPub.der

But if you prefer you can nicely embed the public key in a self-signed Privacy CA certificate that is generated with the command

pki --self --in aikCaKey.der --dn "C=CH, O=strongSwan Project, CN=strongSwan Privacy CA" --lifetime 3650 --ca --digest sha256 > aikCaCert.der

Set up the Attestation Client

Required Ubuntu Packages

The build of the strongSwan client software requires the following Ubuntu packages

sudo apt-get install build-essential libcurl4-openssl-dev libtspi-dev

Install the strongSwan VPN/TNC Client

IMA-NG support and the aikgen tool were introduced with strongSwan 5.2.0 which is currently available as a developers release. Download and unpack the latest tarball with the following commands:

wget http://download.strongswan.org/strongswan-5.2.0dr6.tar.bz2
tar xjvf strongswan-5.2.0dr6.tar.bz2
cd strongswan-5.2.0dr6

Configure the strongSwan software with the following options
./configure --prefix=/usr --sysconfdir=/etc --disable-gmp --disable-aes --disable-md5 --disable-sha1 --disable-sha2 \
            --disable-fips-prf --enable-curl --enable-openssl --enable-eap-identity --enable-eap-md5 --enable-eap-mschapv2 \
            --enable-eap-tnc --enable-eap-ttls --enable-eap-dynamic --enable-tnccs-20 --enable-tnc-imc --enable-imc-os \
            --enable-imc-attestation --enable-aikgen --with-tss=trousers

and then compile and install the combined VPN/TNC client with
make
sudo make install

Generate an Attestation Identity Key (AIK)

Now we generate an Attestation Identity Key bound to the client platform's TPM. The SHA-1 fingerprint or keyid of the AIK will be used as the hardware identity for our client device. We recommend to store the AIK in the /etc/pts/ directory of the Attestation client

sudo mkdir /etc/pts

but you can use any other location of your choice. First copy either the public key aikCaPub.der or the self-signed certificate aikCaCert.der of your Privacy CA to the Attestation Client. The AIK is then generated with the new aikgen tool introduced with the strongSwan 5.2.0 release
sudo aikgen --capubkey /etc/pts/aikCaPub.der --aikblob /etc/pts/aikBlob.bin --aikpubkey /etc/pts/aikPub.der
Generating identity key...
AIK private key blob written to '/etc/pts/aikBlob.bin' (559 bytes)
AIK public key written to '/etc/pts/aikPub.der' (294 bytes)
AIK keyid: 36:18:cb:85:d8:32:43:5a:44:d0:bf:4e:a2:e9:23:f2:c7:9e:3c:e2

or alternatively

sudo aikgen --cacert /etc/pts/aikCaCert.der --aikblob /etc/pts/aikBlob.bin --aikpubkey /etc/pts/aikPub.der

Note down the AIK keyid which will be used as the device identity of the Attestation Client. You will need the keyid in order to register the client as a trusted device with the Attestation Server. Don't worry, the keyid can retrieved from the AIK public key at any time with the strongSwan pki tool
pki --print --type pub --in aikPub.der
pubkey:    RSA 2048 bits
keyid:     36:18:cb:85:d8:32:43:5a:44:d0:bf:4e:a2:e9:23:f2:c7:9e:3c:e2

Configure the Integrity Measurement Collectors (IMCs)

For IMA-based remote attestation to work, the Operating System (OS) and the Attestation Integrity Measurment Collectors are needed. The path to the two IMC dynamic libraries must be defined in /etc/tnc_config:

IMC "OS"           /usr/lib/ipsec/imcvs/imc-os.so
IMC "Attestation"  /usr/lib/ipsec/imcvs/imc-attestation.so

The IMC properties are defined in the libimcv section of /etc/strongswan.conf
libimcv {
  plugins {
    imc-os {
      device_pubkey = /etc/pts/aikPub.der
    }
    imc-attestation {
      aik_blob = /etc/pts/aikBlob.bin
      aik_pubkey = /etc/pts/aikPub.der
    }
  }
}

The AIK public key is used as a device identity by the OS IMC and together with the AIK private key blob for a TPM-based Quote signature by the Attestation IMC. The pcr_info = no option helps to save network bandwidth because the PCR states before and after a measurement is extended into the PCR are not transmitted with the measurement hash.

Configure the strongSwan TNC Client

The options defining the behaviour of the combined VPN/TNC strongSwan client go into the charon section of /etc/strongswan.conf

charon {
  plugins {
    eap-ttls {
      max_message_count = 0
    }
    eap-tnc {
      max_message_count = 0
    } 
   tnccs-20 {
      max_batch_size = 32754
      max_message_size = 32722
    }
  }
}

Because we are going to send quite a large number of EAP-TNC messages transported through an IKEv2 EAP-TTLS tunnel, the default restrictions on the maximum message count must be disabled. And in order to prevent IKEv2 message retransmissions due to large TNC server-side processing delays, we restrict the IF-TNCCS 2.0 (PB-TNC) maximum batch size to 32 kB so that the overall performance is optimized.

Since the OpenSSL crypto library that strongSwan is using with the enabled openssl plugin automatically detects the presence of the Intel AES-NI instruction set and thus accelerates the AES-GCM authenticated encryption algorithm in an astounding way, we want the VPN client in its IKEv2 EAP-TTLS handshake to proposes the TLS 1.2 AEAD cipher suites, only . This is achieved by the following libtls section in /etc/strongswan.conf

libtls {
  suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
}

Configure the VPN connection

The VPN connection definition goes into /etc/ipsec.conf

config setup
     charondebug="tnc 2, imc 2, pts 2" 

conn %default
        ike=aes128-sha256-ecp256,aes256-sha384-ecp384!
        esp=aes128gcm128-ecp256,aes256gcm128-ecp384!
        keyexchange=ikev2

conn home
        left=%any
        leftid=carol@strongswan.org
        leftauth=eap
        leftfirewall=yes
        right=192.168.0.1
        rightid=moon.strongswan.org
        rightauth=any
        rightsendcert=never
        rightsubnet=10.1.0.0/16
        auto=start

The VPN server moon is authenticating itself with a server certificate. Therefore the Root CA certificate strongswanCert.pem must be stored in /etc/ipsec.d/cacerts/.
pki --print --type x509 --in /etc/ipsec.d/cacerts/strongswanCert.pem
cert:      X509
subject:  "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 
issuer:   "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 
validity:  not before Sep 10 12:01:18 2004, ok
           not after  Sep 07 12:01:18 2019, ok (expires in 1951 days)
serial:    00
flags:     CA CRLSign self-signed 
pathlen:   1
authkeyId: 5d:a7:dd:70:06:51:32:7e:e7:b6:6d:b3:b5:e5:e0:60:ea:2e:4d:ef
subjkeyId: 5d:a7:dd:70:06:51:32:7e:e7:b6:6d:b3:b5:e5:e0:60:ea:2e:4d:ef
pubkey:    RSA 2048 bits
keyid:     ae:09:6b:87:b4:48:86:d3:b8:20:97:86:23:da:bd:0e:ae:22:eb:bc
subjkey:   5d:a7:dd:70:06:51:32:7e:e7:b6:6d:b3:b5:e5:e0:60:ea:2e:4d:ef

The authentication of the client carol is based on an EAP-MD5 password which is stored in /etc/ipsec.secrets

carol@strongswan.org : EAP "Ar3etTnp" 

Set up the Attestation Server

Required Ubuntu Packages

The build of the strongSwan server software requires the following Ubuntu packages

sudo apt-get install build-essential libcurl4-openssl-dev libtspi-dev libsqlite3-dev

Install the strongSwan VPN/TNC Server

IMA-NG support was introduced with strongSwan 5.2.0 which is currently available as a developers release. Download and unpack the latest tarball with the following commands:

wget http://download.strongswan.org/strongswan-5.2.0dr6.tar.bz2
tar xjvf strongswan-5.2.0dr6.tar.bz2
cd strongswan-5.2.0dr6

Configure the strongSwan software with the following options
./configure --prefix=/usr --sysconfdir=/etc --disable-gmp --disable-aes --disable-md5 --disable-sha1 --disable-sha2 \
            --disable-fips-prf --enable-curl --enable-openssl --enable-eap-identity --enable-eap-md5 --enable-eap-mschapv2 \
            --enable-eap-tnc --enable-eap-ttls --enable-eap-dynamic --enable-tnccs-20 --enable-tnc-imv --enable-imv-attestation \
            --with-tss=trousers --enable-sqlite

and then compile and install the combined VPN/TNC server with
make
sudo make install

Configure the Integrity Measurement Verifiers (IMVs)

For IMA-based remote attestation to work, only the Attestation Integrity Measurment Verifier is needed since the OS functionality is included. The path to the Attestation IMV dynamic library must be defined in /etc/tnc_config:

IMV "Attestation"  /usr/lib/ipsec/imcvs/imv-attestation.so

The IMV properties are defined in the libimcv section of /etc/strongswan.conf
libimcv {
  database = sqlite:///etc/pts/config.db
  policy_script = ipsec imv_policy_manager

  plugins {
    imv-attestation {
      hash_algorithm = sha1
    }
  }
}

The Attestation IMV must have access to the /etc/pts/config.db database shared with the strongTNC Policy Manager. With a version 1.2 TPM the hash algorithm must be set to SHA-1.

Configure the strongSwan TNC Server

The options defining the behaviour of the combined VPN/TNC strongSwan client go into the charon section of /etc/strongswan.conf

charon {
  half_open_timeout = 300 

  plugins {
    eap-ttls {
      phase2_method = md5
      phase2_piggyback = yes
      phase2_tnc = yes
      max_message_count = 0
    }
    eap-tnc {
      max_message_count = 0
    } 
  }
}

We set the timeout for half open IKEv2 connections to 300 seconds so that even in the presence of serious network congestion we have enough time to transmit all attestation data before the IKE SA times out.

Configure the VPN connection

The VPN connection definition goes into /etc/ipsec.conf

config setup
     charondebug="tnc 2, imv 2, pts 2" 

conn %default
        ike=aes128-sha256-ecp256,aes256-sha384-ecp384!
        esp=aes128gcm128-ecp256,aes256gcm128-ecp384!
        keyexchange=ikev2

conn rw-allow
        rightgroups=allow
        leftsubnet=10.1.0.0/28
        also=rw-eap
        auto=add

conn rw-isolate
        rightgroups=isolate
        leftsubnet=10.1.0.16/28
        also=rw-eap
        auto=add

conn rw-eap
        left=192.168.0.1
        leftcert=moonCert.pem
        leftid=moon.strongswan.org
        leftauth=pubkey
        leftfirewall=yes
        right=%any
        rightauth=eap-ttls

The VPN server moon is authenticating itself with the server certificate moonCert.pem which is stored in /etc/ipsec.d/certs/.
pki --print --type x509 --in /etc/ipsec.d/certs/moonCert.pem 
cert:      X509
subject:  "C=CH, O=Linux strongSwan, CN=moon.strongswan.org" 
issuer:   "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 
validity:  not before Aug 27 12:03:32 2009, ok
           not after  Aug 26 12:03:32 2014, ok (expires in 113 days)
serial:    17
altNames:  moon.strongswan.org
flags:     serverAuth 
CRL URIs:  http://crl.strongswan.org/strongswan.crl
authkeyId: 5d:a7:dd:70:06:51:32:7e:e7:b6:6d:b3:b5:e5:e0:60:ea:2e:4d:ef
subjkeyId: 6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1:fa:c3:64:9d:29:2e
pubkey:    RSA 2048 bits
keyid:     6e:55:dc:7e:9c:a5:58:d9:5b:e3:c7:13:14:e1:43:51:e4:fa:10:94
subjkey:   6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1:fa:c3:64:9d:29:2e

The server moon authenticates itself using a digital signature generated with the private key stored in /etc/ipsec.d/private/moonKey.pem.

pki --print --type rsa-priv --in /etc/ipsec.d/private/moonKey.pem 
private key with:
pubkey:    RSA 2048 bits
keyid:     6e:55:dc:7e:9c:a5:58:d9:5b:e3:c7:13:14:e1:43:51:e4:fa:10:94
subjkey:   6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1:fa:c3:64:9d:29:2e

The authentication of the client carol and other clients is based on EAP-MD5 passwords stored in /etc/ipsec.secrets
: RSA moonKey.pem

carol@strongswan.org : EAP "Ar3etTnp" 
dave@strongswan.org  : EAP "W7R0g3do" 

The Root CA certificate strongswanCert.pem is stored in /etc/ipsec.d/cacerts/.

pki --print --type x509 --in /etc/ipsec.d/certs/moonCert.pem
cert:      X509
subject:  "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 
issuer:   "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" 
validity:  not before Sep 10 12:01:18 2004, ok
           not after  Sep 07 12:01:18 2019, ok (expires in 1951 days)
serial:    00
flags:     CA CRLSign self-signed 
pathlen:   1
authkeyId: 5d:a7:dd:70:06:51:32:7e:e7:b6:6d:b3:b5:e5:e0:60:ea:2e:4d:ef
subjkeyId: 5d:a7:dd:70:06:51:32:7e:e7:b6:6d:b3:b5:e5:e0:60:ea:2e:4d:ef
pubkey:    RSA 2048 bits
keyid:     ae:09:6b:87:b4:48:86:d3:b8:20:97:86:23:da:bd:0e:ae:22:eb:bc
subjkey:   5d:a7:dd:70:06:51:32:7e:e7:b6:6d:b3:b5:e5:e0:60:ea:2e:4d:ef

Collect File Measurement Reference Values

  • Set up a clean Ubuntu 14.04 distribution on a host not connected to any network so that it cannot get corrupted.
  • Install strongSwan on it with a configuration similar to the strongSwan TNC server installation. Required is the sqlite plugin as well as the attest tool and the build-database.sh script found in the src/libpts/plugins/imv_attestation/ directory.
  • Copy the /etc/pts/config.db database of the strongTNC Policy Manager to the /etc/pts/ directory of the reference platform.
  • In the attest section of /etc/strongswan.conf specify the path to the database.
    attest {
      database = sqlite:///etc/pts/config.db
    }
    
  • Execute the build-database-sh script
    #!/bin/sh
    
    p="Ubuntu 14.04 x86_64" 
    a="x86_64-linux-gnu" 
    k="3.13.0-24-generic" 
    
    for hash in sha1 sha256
    do
      ipsec attest --add --product "$p" --$hash --dir  /sbin
      ipsec attest --add --product "$p" --$hash --dir  /usr/sbin
      ipsec attest --add --product "$p" --$hash --dir  /bin
      ipsec attest --add --product "$p" --$hash --dir  /usr/bin
    
      ipsec attest --add --product "$p" --$hash --file /etc/init.d/rc
      ipsec attest --add --product "$p" --$hash --file /etc/init.d/rcS
      ipsec attest --add --product "$p" --$hash --dir  /etc/network/if-pre-up.d
      ipsec attest --add --product "$p" --$hash --dir  /etc/network/if-up.d
      ipsec attest --add --product "$p" --$hash --dir  /etc/ppp/ip-down.d
      ipsec attest --add --product "$p" --$hash --dir  /etc/rcS.d
      ipsec attest --add --product "$p" --$hash --dir  /etc/rc2.d
      ipsec attest --add --product "$p" --$hash --file /etc/rc.local
      ipsec attest --add --product "$p" --$hash --dir  /etc/resolvconf/update.d
      ipsec attest --add --product "$p" --$hash --file /etc/resolvconf/update-libc.d/avahi-daemon
      ipsec attest --add --product "$p" --$hash --dir  /etc/update-motd.d
    
      ipsec attest --add --product "$p" --$hash --dir  /lib
      ipsec attest --add --product "$p" --$hash --file /lib/crda/setregdomain
      ipsec attest --add --product "$p" --$hash --dir  /lib/ebtables
      ipsec attest --add --product "$p" --$hash --file /lib/init/apparmor-profile-load
      ipsec attest --add --product "$p" --$hash --file /lib/resolvconf/list-records
      ipsec attest --add --product "$p" --$hash --dir  /lib/ufw
      ipsec attest --add --product "$p" --$hash --dir  /lib/udev
      ipsec attest --add --product "$p" --$hash --dir  /lib/systemd
      ipsec attest --add --product "$p" --$hash --dir  /lib/xtables
      ipsec attest --add --product "$p" --$hash --dir  /lib/$a
      ipsec attest --add --product "$p" --$hash --dir  /lib/$a/plymouth
      ipsec attest --add --product "$p" --$hash --dir  /lib/$a/plymouth/renderers
      ipsec attest --add --product "$p" --$hash --dir  /lib/$a/security
    
      ipsec attest --add --product "$p" --$hash --file /lib64/ld-linux-x86-64.so.2
    
      for file in `find /usr/lib -name *.so`
      do
        ipsec attest --add --product "$p" --$hash --file $file
      done
    
      ipsec attest --add --product "$p" --$hash --dir  /usr/lib
      ipsec attest --add --product "$p" --$hash --dir  /usr/lib/accountsservice
      ipsec attest --add --product "$p" --$hash --dir  /usr/lib/at-spi2-core
      ipsec attest --add --product "$p" --$hash --file /usr/lib/avahi/avahi-daemon-check-dns.sh
      ipsec attest --add --product "$p" --$hash --file /usr/lib/dbus-1.0/dbus-daemon-launch-helper
      ipsec attest --add --product "$p" --$hash --dir  /usr/lib/gvfs
      ipsec attest --add --product "$p" --$hash --dir  /usr/lib/NetworkManager
      ipsec attest --add --product "$p" --$hash --dir  /usr/lib/pm-utils/power.d
      ipsec attest --add --product "$p" --$hash --file /usr/lib/policykit-1/polkitd
      ipsec attest --add --product "$p" --$hash --dir  /usr/lib/ubuntu-release-upgrader
      ipsec attest --add --product "$p" --$hash --dir  /usr/lib/update-notifier
    
      ipsec attest --add --product "$p" --$hash --dir  /usr/lib/$a
      ipsec attest --add --product "$p" --$hash --file /usr/lib/$a/mesa/libGL.so.1.2.0
      ipsec attest --add --product "$p" --$hash --dir  /usr/lib/$a/samba
      ipsec attest --add --product "$p" --$hash --dir  /usr/lib/$a/sasl2
    
      ipsec attest --add --product "$p" --$hash --dir  /usr/share/language-tools
    
      ipsec attest --add --product "$p" --$hash --file /init \
                         --measdir /usr/share/initramfs-tools
    
      ipsec attest --add --product "$p" --$hash --file /scripts/functions \
                         --measdir /usr/share/initramfs-tools/scripts
    
      for file in `find /lib/modules/$k -name *.ko`
      do
        ipsec attest --add --product "$p" --$hash --file $file
      done
    done
    

    with the command
    sudo ./build-database.sh
    
  • The collected SHA-1 and SHA-256 hashes can be viewed with the command
    ipsec attest --hashes --sha1 --product "Ubuntu 14.04 x86_64" 
      839: /
    11624:   init
    29527:     bb:e9:8e:20:b8:50:f3:90:76:11:fb:96:35:4b:5e:00:7a:91:79:f4
        1: /bin
       98:   bash
     7119:     96:66:72:a5:3b:ec:6b:0e:43:13:7e:18:7d:9b:c5:dc:e0:5d:84:43
      151:   bunzip2
     7175:     da:e8:d8:c3:67:14:9f:4b:71:f5:ea:22:61:73:34:31:f9:d9:ab:0a
    ...
    11678:   set-language-helper
    29594:     dd:60:1f:44:fe:d0:f8:30:00:33:c2:c3:37:59:79:20:35:8a:a4:3f
    11684:   update-langlist
    29600:     65:db:ba:c4:d7:ff:68:1d:fb:ca:a5:8d:66:29:4c:31:ef:aa:03:b0
    12110 SHA1 values found for product 'Ubuntu 14.04 x86_64'
    

    and
    ipsec attest --hashes --sha256 --product "Ubuntu 14.04 x86_64" 
      839: /
    11624:   init
    29529:     31:19:17:9b:39:4d:74:f8:37:38:12:1c:ab:42:76:c1:d6:14:6f:87:18:88:35:e8:f2:a1:71:82:78:84:d7:0b
        1: /bin
       98:   bash
    13821:     b2:6d:a5:4d:b8:48:6c:b9:2a:e5:c1:2c:d8:21:91:0d:eb:e7:6b:e6:c6:f3:57:f0:d1:fa:87:b6:02:a1:59:dc
      151:   bunzip2
    13877:     42:b6:50:67:a8:b8:4f:24:13:ed:da:da:c7:80:e4:53:c3:8e:31:0e:e8:b9:dc:b7:c5:d6:8c:85:31:bf:8e:ec
    ...
    11678:   set-language-helper
    29653:     0f:fe:cd:a9:06:49:2f:07:64:92:4e:ff:d8:9d:42:7b:0b:31:65:69:1d:8c:49:f5:e0:24:f5:8a:e5:2a:7c:8f
    11684:   update-langlist
    29659:     29:1c:e0:6b:cf:f6:5b:f5:74:0f:f8:77:a2:33:c8:1e:ea:03:82:16:5b:28:85:e7:34:a8:fd:81:3d:d1:de:5f
    12110 SHA256 values found for product 'Ubuntu 14.04 x86_64'
    

    respectively
  • Copy back the augmented config.db database to the strongSwan Policy Manager.

Connection Setup

Start the TNC Server

The combined strongSwan VPN/TNC server on moon is started with

moon> sudo ipsec start

Start the TNC Client

The combined strongSwan VPN/TNC client is started with

carol> sudo ipsec start

and a connection is automatically set up.

Register the Device with the strongTNC Policy Manager

  • You will see a new device with the ID 3618cb85d832435a44d0bf4ea2e923f2c79e3ce2 which is the fingerprint of the AIK we generated earlier for the client.
  • Select the device, enter a short description and after verifying the AIK keyid set the Trusted flag to yes.
  • Then assign the TPM BIOS/IMA group to the device and save the changes.

The client is now ready for IMA measurements.

strongTNC devices view

strongTNC devices view after enabling trust and saving changes

IMA Measurements

TNC Client and Server Logs

The following links show the complete and annotated logs of the TNC Client and Server doing IMA remote attestation measurements

  • Log of the Linux TNC Client
  • Log of the Linux TNC Server

Session result on strongTNC policy server

The attestation result is summarized by the strongTNC policy server.

strongTNC result view

strongTNC_devices.png View - strongTNC devices view (159 KB) Andreas Steffen, 04.05.2014 18:57

strongTNC_result.png View - strongTNC result view (1.73 MB) Andreas Steffen, 15.12.2014 22:46