Abstract
Trusted Computing (TC) as envisioned by the Trusted Computing Group promises a solution to the problem of establishing a trust relationship between otherwise unrelated platforms. In order to achieve this goal the platform has to be equipped with a Trusted Platform Module (TPM), which is true for millions of contemporary personal computers. The TPM provides solutions for measuring the state of a platform and reporting it in an authentic way to another entity. The same cryptographic means that ensure the authenticity also allow unique identification of the platform and therefore pose a privacy problem. To circumvent this problem the TCG proposed a trusted third party, the Privacy Certification Authority (PrivacyCA).
Unfortunately, currently no PrivacyCA is generally available. In this paper we introduce our freely available implementation of a PrivacyCA. In addition, our PrivacyCA is itself a trusted service. It is capable of reporting its state to clients. Furthermore, we use a novel way to minimize the Trusted Computing Base of Java-based applications in conjunction with hardware-supported virtualization. We automatically generate the service interface from a structural specification. Thus, to the best of our knowledge, we were not only first to make this crucial service publicly available, but now also provide a trustworthy service whose privacy policy can be attested to its users by employing TC mechanisms.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ammons, G., Appavoo, J., Butrico, M., Silva, D.D., Grove, D., Kawachiya, K., Krieger, O., Rosenburg, B., Hensbergen, E.V., Wisniewski, R.W.: Libra: a library operating system for a jvm in a virtualized execution environment. In: VEE 2007: Proceedings of the 3rd international conference on Virtual execution environments, pp. 44–54. ACM, New York (2007)
Anderson, M.J., Moffie, M., Dalton, C.I.: Towards trustworthy virtualisation environments: Xen library os security service infrastructure. Technical Report HPL-2007-69, HP Research (2007)
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: SOSP 2003: Proceedings of the nineteenth ACM symposium on Operating systems principles, pp. 164–177. ACM, New York (2003)
Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: virtualizing the trusted platform module. In: USENIX-SS 2006: Proceedings of the 15th conference on USENIX Security Symposium, pp. 305–320 (2006)
Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., Srinivasan, D.: TVDc: managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev. 42(1), 40–47 (2008)
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: CCS 2004: Proceedings of the 11th ACM conference on Computer and communications security, pp. 132–145. ACM, New York (2004)
David Grawrock. The Intel Safer Computing Initiative. Intel Press (2006) ISBN 0-9764832-6-2
Farrell, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization (April 2002), http://www.ietf.org/rfc/rfc3281.txt
Felleisen, M., Cartwright, R.: Safety as a metric. In: Proc. 12th Conference on Software Engineering Education and Training, pp. 129–131 (1999)
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. In: SOSP 2003: Proceedings of the nineteenth ACM symposium on Operating systems principles, pp. 193–206. ACM, New York (2003)
Golm, M., Felser, M., Wawersich, C., Kleinöder, J.: A Java operating system as the foundation of a secure network operating system. Technical report tr-i4-02-05, Univ. of. Erlangen, Dept. of Comp. Science, Lehrstuhl 4 (2002)
Hohmuth, M.: The Fiasco kernel: Requirements definition. Technical Report ISSN 1430-211X, Dresden University of Technology (1998)
Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate and CRL Profile (April 2002), http://www.ietf.org/rfc/rfc3280.txt
Kerckhoffs, A.: La cryptographie militaire. Journal des sciences militaires IX (1883)
Kuhlmann, D., Landfermann, R., Ramasamy, H.V., Schunter, M., Ramunno, G., Vernizzi, D.: An open trusted computing architecture — secure virtual machines enabling user-defined policy enforcement. Research Report RZ 3655, IBM Research (2006)
Meadows, C.: Formal methods for cryptographic protocol analysis: emerging issues and trends. IEEE Journal on Selected Areas in Communications 21(1), 44–54 (2003)
Myers, M., Liu, X., Schaad, J., Weinstein, J.: Certificate Management Messages over CMS (April 2000), http://www.ietf.org/rfc/rfc2797.txt
Mysore, S.H., Hallam-Baker, P.: XML key management specification (XKMS 2.0). W3C recommendation, W3C (June 2005), http://www.w3.org/TR/2005/REC-xkms2-20050628/
Pirker, M., Toegl, R., Winkler, T., Vejda, T.: Trusted computing for the JavaTMplatform (2009), http://trustedjava.sourceforge.net/
Sadeghi, A.-R., Stüble, C., Pohlmann, N.: European multilateral secure computing base - open trusted computing for you and me. Datenschutz und Datensicherheit (DUD) (09/2004), pp. 548–554 (2004), http://www.trust.rub.de/media/publications/SaStPo2004Web.pdf
Sadeghi, A.-R., Stüble, C., Winandy, M.: Property-based TPM virtualization. In: 11th Information Security Conference (2008)
Schmidt, A., Kuntze, N., Kasper, M.: On the deployment of mobile trusted modules. In: Wireless Communications and Networking Conference, 2008. WCNC 2008, pp. 3169–3174. IEEE, Los Alamitos (2008)
Sheehy, J., Coker, G., Guttman, J., Loscocco, P., Herzog, A., Millen, J., Monk, L., Ramsdell, J., Sniffen, B.: Attestation: Evidence and trust. Technical Report 07 0186, MITRE Corporation (2007)
Singaravelu, L., Pu, C., Härtig, H., Helmuth, C.: Reducing TCB complexity for security-sensitive applications: three case studies. In: EuroSys 2006: Proceedings of the ACM SIGOPS/EuroSys European Conference on Computer Systems 2006, pp. 161–174. ACM, New York (2006)
Stumpf, F., Benz, M., Hermanowski, M., Eckert, C.: An approach to a trustworthy system architecture using virtualization (2007)
Toegl, R., Pirker, M.: An ongoing game of Tetris: Integrating trusted computing in Java, block-by-block. In: Proceedings of Future of Trust in Computing. Vieweg + Teubner (2008)
Trusted Computing Group, https://www.trustedcomputinggroup.org/
Trusted Computing Group. TCG infrastructure specifications, https://www.trustedcomputinggroup.org/specs/IWG/
Trusted Computing Group. TCG main specification version 1.1b, https://www.trustedcomputinggroup.org/specs/TPM/
Trusted Computing Group. TCG software stack specification, version 1.2 errata a, https://www.trustedcomputinggroup.org/specs/TSS/
Trusted Computing Group. TCG TPM specification version 1.2 revision 103, https://www.trustedcomputinggroup.org/specs/TPM/
Trusted Computing Group. TCG Reference Architecture for Interoperability (Version 1.0) (June 2005), https://www.trustedcomputinggroup.org/specs/IWG
Trusted Computing Group. TCG Credential Profiles Specifications (Version 1.1, rev 1.014) (May 2007), https://www.trustedcomputinggroup.org/specs/IWG
van Doorn, L.: A secure Java virtual machine. In: Proceedings of the 9th USENIX Security Symposium. USENIX Association (2000)
Zic, J., Nepal, S.: Implementing a portable trusted environment. In: Proceedings of Future of Trust in Computing. Vieweg + Teubner (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pirker, M., Toegl, R., Hein, D., Danner, P. (2009). A PrivacyCA for Anonymity and Trust. In: Chen, L., Mitchell, C.J., Martin, A. (eds) Trusted Computing. Trust 2009. Lecture Notes in Computer Science, vol 5471. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00587-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-00587-9_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00586-2
Online ISBN: 978-3-642-00587-9
eBook Packages: Computer ScienceComputer Science (R0)