PRACTICAL VERIFICATION OF UNTRUSTED TERMINALS USING REMOTE ATTESTATION

Simone Lupetti, Gianluca Dini

Abstract

We present a technique based on Trusted Computing’s remote attestation to enable the user of a public terminal to determine whether its configuration can be considered trustworthy or not. In particular, we show how the user can verify the software status of an untrusted terminal and be securely informed about the outcome of the verification. We present two flavors of this technique. In the first, the user makes use of a personal digital device with limited computing capabilities and a remote trusted server that performs the actual verification. In the second, the personal device is assumed to have enough computing power (as in the case of smart-phones and PDAs) to autonomously perform the verification procedure.

References

  1. Abadi, M., Burrows, M., Kaufman, C., and Lampson, B. W. (1991). Authentication and delegation with smartcards. In TACS 7891: Proceedings of the International Conference on Theoretical Aspects of Computer Software, pages 326-345, London, UK. Springer-Verlag.
  2. Anderson, R. (2003). Cryptography and competition policy: issues with 'trusted computing'. In PODC 7803: Proceedings of the twenty-second annual symposium on Principles of distributed computing, pages 3-10, New York, NY, USA. ACM Press.
  3. Berta, I. Z., Buttyán, L., and Vajda, I. (2005). A framework for the revocation of unintended digital signatures initiated by malicious terminals. IEEE Trans. Dependable Secur. Comput., 2(3):268-272.
  4. Bottoni, A., Dini, G., and Kranakis, E. (2006). Credentials and beliefs in remote trusted platforms attestation. In WOWMOM 7806: Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks, pages 662-667, Washington, DC, USA. IEEE Computer Society.
  5. Clarke, D. E., Gassend, B., Kotwal, T., Burnside, M., van Dijk, M., Devadas, S., and Rivest, R. L. (2002). The untrusted computer problem and camera-based authentication. In Pervasive 7802: Proceedings of the First International Conference on Pervasive Computing, pages 114-124, London, UK. Springer-Verlag.
  6. King, J. and dos Santos, A. (2005). A user-friendly approach to human authentication of messages. In FC 2005: Proccesings of the 9th International Conference on Financial Cryptography and Data Security, volume LNCS 3570/2005, pages 225-239. Springer Berlin / Heidelberg.
  7. McCune, J. M., Perrig, A., and Reiter, M. K. (2005). Seeing-is-believing: Using camera phones for humanverifiable authentication. In SP 7805: Proceedings of the 2005 IEEE Symposium on Security and Privacy, pages 110-124, Washington, DC, USA. IEEE Computer Society.
  8. Oppliger, R. and Rytz, R. (2005). Does trusted computing remedy computer security problems? IEEE Security and Privacy, 3(2):16-19.
  9. Pearson, S. (2002). Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall PTR, Upper Saddle River, NJ, USA.
  10. Reid, J. F. and Caelli, W. J. (2005). DRM, trusted computing and operating system architecture. In ACSW Frontiers 7805: Proceedings of the 2005 Australasian workshop on Grid computing and e-research , pages 127- 136, Darlinghurst, Australia, Australia. Australian Computer Society, Inc.
  11. Sailer, R., Zhang, X., Jaeger, T., and Doorn, L. V. (2004). Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the 13th USENIX Security Symposium, pages 223-238.
  12. Stabell-Kulø, T., Arild, R., and Myrvang, P. H. (1999). Providing authentication to messages signed with a smart card in hostile environments. In Proceedings of the 1st USENIX Workshop on Smartcard Technology.
Download


Paper Citation


in Harvard Style

Lupetti S. and Dini G. (2007). PRACTICAL VERIFICATION OF UNTRUSTED TERMINALS USING REMOTE ATTESTATION . In Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007) ISBN 978-989-8111-12-8, pages 402-407. DOI: 10.5220/0002123304020407


in Bibtex Style

@conference{secrypt07,
author={Simone Lupetti and Gianluca Dini},
title={PRACTICAL VERIFICATION OF UNTRUSTED TERMINALS USING REMOTE ATTESTATION},
booktitle={Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)},
year={2007},
pages={402-407},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002123304020407},
isbn={978-989-8111-12-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)
TI - PRACTICAL VERIFICATION OF UNTRUSTED TERMINALS USING REMOTE ATTESTATION
SN - 978-989-8111-12-8
AU - Lupetti S.
AU - Dini G.
PY - 2007
SP - 402
EP - 407
DO - 10.5220/0002123304020407