Distributing Trust Verification to Increase Application Performance * Mariano Ceccato 1 , Jasvir Nagra 2 , Paolo Tonella 1 1 Fondazione Bruno Kessler—IRST, Trento, Italy 2 University of Trento, Italy {ceccato, tonella}@fbk.eu, jas@dit.unitn.it Abstract The remote trust problem aims to address the issue of verifying the execution of a program running on an un- trusted host which communicates regularly with a trusted server. One proposed solution to this problem relies on a centralized scheme using assertions and replication to with- hold usable services from a tampered client. We show how to extend such a scheme to a distributed trusted hardware such as tamper-resistant smartcards. We compared the per- formance and security of the proposed distributed system to the original centralized scheme on a case study. Our results indicate that, compared to a centralized scheme, our dis- tributed trust scheme has dramatically lower network traf- fic, and smaller memory and computational requirements on the trusted server. 1 Introduction There are two key trust issues that arise in an open dis- tributed computing setting. Firstly, a client that joins a dis- tributed system may wish to be sure that the code it receives to execute has not been tampered and when executed it is not malicious. Secondly, a server would want to be sure that any computation it requests from a client is performed ac- cording to the conditions and rules prescribed by the server. The server is not willing to provide its services to untrusted clients, which may behave maliciously or unfairly with re- spect to the other clients. While cryptographic signature schemes and sandboxed clients largely address the first of these concerns, the lat- ter concern – that of software integrity – remains an open problem. The Remote trusting problem is a particular in- stance of the software integrity problem in which a trusted host (server) wishes to verify that an untrusted host (client) is executing according to its expectations at the point when the client requests a service. * This work was supported by funds from the European Commission (contract N o 021186-2 for the RE-TRUST project) A solution to the remote trusting problem is based on moving the tamper-sensitive part of the client computation to the server. Such a solution was investigated by Zhang and Gupta [13], in the context of protection from illegal software copying. Copy-sensitive parts of the clients are sliced and moved to the server so as to make copying inef- fective, if based on the client code only. Another solution, investigated in [2], focuses on the notion of invalid state and exploits the barrier slicing technique to move the invalid- sensitive part of the client state to the server. Both solutions are based on the assumption that the core of trust is in the server and that every computation moved to the server be- comes intrinsically safe. The main problem of these two solutions based on slic- ing is that the server, which is the only reliable source of trust, is overloaded with computations that cannot be per- formed safely on the client. When the server is accessed by a high number of clients concurrently, it might be impossi- ble to ensure an adequate quality of service. In this paper, we propose a distributed trust architecture, which takes advantage of trusted hardware, such as smart- cards, residing on each client. The core of trust is split be- tween central trusted server and local trusted hardware, so as to delegate to the local trusted hardware everything that does not need a centralized service. The server keeps only its original services, which by design cannot be distributed, so that its load is unchanged, compared to the original ap- plication. Additional trust is achieved by means of the lo- cal trusted computations performed by the smartcards. The slices of trust-sensitive code are moved to the local trusted hardware. 2 Background In this section we summarize the remote entrusting prob- lem and the centralized solution. More details are available in the previous paper [2].