Trust and Trustworthy Computing

Volume 7904 of the series Lecture Notes in Computer Science pp 37-46

Improving Trusted Tickets with State-Bound Keys

  • Jan NordholzAffiliated withTU Berlin
  • , Ronald AignerAffiliated withExtreme Computing Group, Microsoft Research
  • , Paul EnglandAffiliated withExtreme Computing Group, Microsoft Research

* Final gross prices may vary according to local VAT.

Get Access


Traditional network authentication systems like Windows’ Active Directory or MIT’s Kerberos only provide for mutual authentication of communicating entities, e.g. a user’s email client interacting with an IMAP server, while the user’s machine is inherently assumed to be trusted. While there have been first attempts to explicitly establish this trust relationship by leveraging the Trusted Platform Module, these provide no means to directly react to potentially relevant changes in the client’s system state. We expand previous designs by binding keys to the current platform state and involving these in the network authentication process, thereby guaranteeing the continued validity of the attestee.