The Journal of Supercomputing

, Volume 55, Issue 2, pp 207–227 | Cite as

An approach to introducing locality in remote attestation using near field communications

Article

Abstract

Remote Attestation, as devised by the Trusted Computing Group, is based on a secure hardware component—the Trusted Platform Module (TPM). It allows to reach trust decisions between different network hosts. However, attestation cannot be applied in an important field of application—the identification of physically encountered, public computer platforms. Unfortunately, such computer terminals are especially exposed and the software running on them cannot be assumed unaltered and secure.

Three challenges arise. The cryptographic protocols that actually perform the attestation do not provide for human-intelligible trust status analysis, easily graspable conveyance of results, nor the intuitive identification of the computer platform involved. Therefore, the user needs a small portable device, a token, to interact with local computer platforms. It can perform an attestation protocol, report the result to the user, even if the display the user faces cannot be trusted and may be connected to the platform under scrutiny. In addition, the token must establish that the particular machine faced actually contains the TPM that performs the attestation.

In this paper, we demonstrate an attestation token architecture which is based on a commodity smart phone and which is more efficient and flexible than previous proposals. Furthermore, we introduce an autonomic and low-cost Near Field Communication (NFC) compatible interface to the TPM that provides a direct channel for proof of the TPM’s identity and local proximity to the attestation token.

Keywords

Trusted computing Remote attestation Near field communication 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Atmel Corporation (August 2007) 8-bit AVR microcontroller with 128K bytes in-system programmable flash. Available online at http://www.atmel.com/dyn/resources/prod_documents/doc2467.pdf
  2. 2.
    Bangerter E, Djackov M, Sadeghi A-R (2008) A demonstrative ad hoc attestation system. In: Wu T-C, Lei C-L, Rijmen V, Lee D-T (eds) ISC. Lecture notes in computer science, vol 5222. Springer, Berlin, pp 17–30 Google Scholar
  3. 3.
    Brickell E, Camenisch J, Chen L (2004) Direct anonymous attestation. In: Proceedings of the 11th ACM conference on computer and communications security, Washington DC, USA, 2004. ACM, New York, pp 132–145 CrossRefGoogle Scholar
  4. 4.
    Cáceres R, Carter C, Narayanaswami C, Raghunath M (2005) Reincarnating PCs with portable soulpads. In: Proceedings of the 3rd international conference on mobile systems, applications, and services, Seattle, Washington, 2005. ACM, New York, pp 65–78 CrossRefGoogle Scholar
  5. 5.
    Chen L, Landfermann R, Löhr H, Rohe M, Sadeghi A-R, Stüble C (2006) A protocol for property-based attestation. In: STC ’06: Proceedings of the first ACM workshop on scalable trusted computing Google Scholar
  6. 6.
    Coker G, Guttman J, Loscocco P, Sheehy J, Sniffen B (2008) Attestation: Evidence and trust. In: ICICS’08: Proceedings of the 10th international conference on information and communications security. Springer, Berlin, pp 1–18 Google Scholar
  7. 7.
    Grawrock D (2006) The intel safer computing initiative. Intel Press, Hillsboro. ISBN 0-9764832-6-2 Google Scholar
  8. 8.
    Grawrock D (2009) Dynamics of a trusted platform: a building block approach. Intel Press, Hillsboro. ISBN 978-1934053171 Google Scholar
  9. 9.
    ECMA International (December 2008) ECMA standard 385-2008: NFC-SEC: NFCIP-1 security services and protocol Google Scholar
  10. 10.
    ECMA International (December 2008) ECMA Standard 386-2008: NFC-SEC-01: NFC-SEC cryptography standard using ECDH and AES Google Scholar
  11. 11.
    EMSCB Project Consortium (2004) The European multilaterally secure computing base (EMSCB) project. http://www.emscb.org/
  12. 12.
    England P (2008) Practical techniques for operating system attestation. In: Trust ’08: Proceedings of the 1st international conference on trusted computing and trust in information technologies. Springer, Berlin, pp 1–13 Google Scholar
  13. 13.
    Garfinkel T, Pfaff B, Chow J, Rosenblum M, Boneh D (2003) Terra: A virtual machine-based platform for trusted computing. In: Proceedings of the 19th symposium on operating system principles (SOSP 2003). ACM Press, New York, pp 193–206 CrossRefGoogle Scholar
  14. 14.
    Garriss S, Cáceres R, Berger S, Sailer R, van Doorn L, Zhang X (2008) Trustworthy and personalized computing on public kiosks. In: Grunwald D, Han R, de Lara E, Ellis CS (eds) MobiSys. ACM, New York, pp 199–210 CrossRefGoogle Scholar
  15. 15.
    Hancke G (2008) Eavesdropping attacks on high-frequency RFID tokens. In: Workshop on RFID security 2008 (RFIDSec08), July 9–11, Budapest, Hungary, Vol RFIDsec 2008, pp 100–113 Google Scholar
  16. 16.
    IEEE (2000) IEEE standard 1363-2000: IEEE standard specifications for public-key cryptography. Available online at http://ieeexplore.ieee.org/servlet/opac?punumber=7168
  17. 17.
    International Organisation for Standardization (ISO) (1995) ISO/IEC 7816-4: Information technology—identification cards—integrated circuit(s) cards with contacts—Part 4: Interindustry commands for interchange. Available online at http://www.iso.org
  18. 18.
    International Organisation for Standardization (ISO) (2003) ISO/IEC 7810: Identification cards—Physical characteristics Google Scholar
  19. 19.
    International Organization for Standardization (ISO) (2000) ISO/IEC 14443: Identification cards—Contactless integrated circuit(s) cards—proximity cards Google Scholar
  20. 20.
    Kauer B (2007) Oslo: improving the security of trusted computing. In: SS’07: Proceedings of 16th USENIX security symposium, Berkeley, CA, USA, 2007. USENIX Association, pp 1–9 Google Scholar
  21. 21.
    Kühn U, Selhorst M, Stüble C (2007) Realizing property-based attestation and sealing with commonly available hard- and software. In STC ’07: Proceedings of the 2007 ACM workshop on scalable trusted computing Google Scholar
  22. 22.
    Li F, Wang W, Ma J, Ding Z (2008) Enhanced architecture of TPM. In: Young computer scientists, 2008. ICYCS 2008. The 9th international conference for, pp 1532–1537 Google Scholar
  23. 23.
    Lindner F (2007) Toying with barcodes. In: 24th chaos communication congress Google Scholar
  24. 24.
    Lyle J, Martin A (2009) On the feasibility of remote attestation for web services. In: Proceedings of the 2009 international conference on computational science and engineering, vol 03. IEEE, New York, pp 283–288 CrossRefGoogle Scholar
  25. 25.
    McCune J, Perrig A, Reiter M (2005) Seeing-is-believing: Using camera phones for human-verifiable authentication. In: Security and privacy, 2005 IEEE symposium on, pp 110–124 Google Scholar
  26. 26.
    McCune JM, Perrig A, Seshadri A, van Doorn L (August 2007) Turtles all the way down: Research challenges in user-based attestation. In: Proceedings of the workshop on hot topics in security (HotSec) Google Scholar
  27. 27.
    NFC Forum (March 2007) NFC forum type 4 tag operation—technical specification Google Scholar
  28. 28.
    OpenTC Project Consortium (2005–2009) The open trusted computing (OpenTC) project. http://www.opentc.net/
  29. 29.
    Oprea A, Balfanz D, Durfee G, Smetters DK (2004) Securing a remote terminal application with a mobile trusted device. In: ACSAC Google Scholar
  30. 30.
    Parno B (2008) Bootstrapping trust in a “trusted” platform. In: Proceedings of the 3rd conference on hot topics in security, San Jose, CA, 2008. USENIX Association, pp 1–6 Google Scholar
  31. 31.
    Pirker M, Toegl R, Hein D, Danner P (2009) A PrivacyCA for anonymity and trust. In: Chen L, Mitchell CJ, Andrew M (eds) Trust ’09: Proceedings of the 2nd international conference on trusted computing. Lecture notes in computer science, vol 5471. Springer, Berlin Google Scholar
  32. 32.
    Sadeghi A-R, Stüble C (2004) Property-based attestation for computing platforms: Caring about properties, not mechanisms. In: Hempelmann C, Raskin V (eds) NSPW. ACM, New York, pp 67–77 Google Scholar
  33. 33.
    Sailer R, Zhang X, Jaeger T, van Doorn L (2004) Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th conference on USENIX security symposium, vol 13, San Diego, CA, 2004. USENIX Association, pp 16–16 Google Scholar
  34. 34.
    Sharp R, Scott J, Beresford AR (2006) Secure mobile computing via public terminals. In: Fishkin KP, Schiele B, Nixon P, Quigley AJ (eds) Pervasive. Lecture notes in computer science, vol 3968. Springer, Berlin, pp 238–253 CrossRefGoogle Scholar
  35. 35.
    Trusted Computing Group (2007) TCG software stack specification, version 1.2 errata a. https://www.trustedcomputinggroup.org/specs/TSS/
  36. 36.
    Trusted Computing Group (2007) TCG TPM specification version 1.2 revision 103. https://www.trustedcomputinggroup.org/specs/TPM/

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria

Personalised recommendations