Skip to main content

An approach to introducing locality in remote attestation using near field communications

Abstract

Remote Attestation, as devised by the Trusted Computing Group, is based on a secure hardware component—the Trusted Platform Module (TPM). It allows to reach trust decisions between different network hosts. However, attestation cannot be applied in an important field of application—the identification of physically encountered, public computer platforms. Unfortunately, such computer terminals are especially exposed and the software running on them cannot be assumed unaltered and secure.

Three challenges arise. The cryptographic protocols that actually perform the attestation do not provide for human-intelligible trust status analysis, easily graspable conveyance of results, nor the intuitive identification of the computer platform involved. Therefore, the user needs a small portable device, a token, to interact with local computer platforms. It can perform an attestation protocol, report the result to the user, even if the display the user faces cannot be trusted and may be connected to the platform under scrutiny. In addition, the token must establish that the particular machine faced actually contains the TPM that performs the attestation.

In this paper, we demonstrate an attestation token architecture which is based on a commodity smart phone and which is more efficient and flexible than previous proposals. Furthermore, we introduce an autonomic and low-cost Near Field Communication (NFC) compatible interface to the TPM that provides a direct channel for proof of the TPM’s identity and local proximity to the attestation token.

This is a preview of subscription content, access via your institution.

References

  1. Atmel Corporation (August 2007) 8-bit AVR microcontroller with 128K bytes in-system programmable flash. Available online at http://www.atmel.com/dyn/resources/prod_documents/doc2467.pdf

  2. Bangerter E, Djackov M, Sadeghi A-R (2008) A demonstrative ad hoc attestation system. In: Wu T-C, Lei C-L, Rijmen V, Lee D-T (eds) ISC. Lecture notes in computer science, vol 5222. Springer, Berlin, pp 17–30

    Google Scholar 

  3. Brickell E, Camenisch J, Chen L (2004) Direct anonymous attestation. In: Proceedings of the 11th ACM conference on computer and communications security, Washington DC, USA, 2004. ACM, New York, pp 132–145

    Chapter  Google Scholar 

  4. Cáceres R, Carter C, Narayanaswami C, Raghunath M (2005) Reincarnating PCs with portable soulpads. In: Proceedings of the 3rd international conference on mobile systems, applications, and services, Seattle, Washington, 2005. ACM, New York, pp 65–78

    Chapter  Google Scholar 

  5. Chen L, Landfermann R, Löhr H, Rohe M, Sadeghi A-R, Stüble C (2006) A protocol for property-based attestation. In: STC ’06: Proceedings of the first ACM workshop on scalable trusted computing

  6. Coker G, Guttman J, Loscocco P, Sheehy J, Sniffen B (2008) Attestation: Evidence and trust. In: ICICS’08: Proceedings of the 10th international conference on information and communications security. Springer, Berlin, pp 1–18

    Google Scholar 

  7. Grawrock D (2006) The intel safer computing initiative. Intel Press, Hillsboro. ISBN 0-9764832-6-2

    Google Scholar 

  8. Grawrock D (2009) Dynamics of a trusted platform: a building block approach. Intel Press, Hillsboro. ISBN 978-1934053171

    Google Scholar 

  9. ECMA International (December 2008) ECMA standard 385-2008: NFC-SEC: NFCIP-1 security services and protocol

  10. ECMA International (December 2008) ECMA Standard 386-2008: NFC-SEC-01: NFC-SEC cryptography standard using ECDH and AES

  11. EMSCB Project Consortium (2004) The European multilaterally secure computing base (EMSCB) project. http://www.emscb.org/

  12. England P (2008) Practical techniques for operating system attestation. In: Trust ’08: Proceedings of the 1st international conference on trusted computing and trust in information technologies. Springer, Berlin, pp 1–13

    Google Scholar 

  13. Garfinkel T, Pfaff B, Chow J, Rosenblum M, Boneh D (2003) Terra: A virtual machine-based platform for trusted computing. In: Proceedings of the 19th symposium on operating system principles (SOSP 2003). ACM Press, New York, pp 193–206

    Chapter  Google Scholar 

  14. Garriss S, Cáceres R, Berger S, Sailer R, van Doorn L, Zhang X (2008) Trustworthy and personalized computing on public kiosks. In: Grunwald D, Han R, de Lara E, Ellis CS (eds) MobiSys. ACM, New York, pp 199–210

    Chapter  Google Scholar 

  15. Hancke G (2008) Eavesdropping attacks on high-frequency RFID tokens. In: Workshop on RFID security 2008 (RFIDSec08), July 9–11, Budapest, Hungary, Vol RFIDsec 2008, pp 100–113

  16. IEEE (2000) IEEE standard 1363-2000: IEEE standard specifications for public-key cryptography. Available online at http://ieeexplore.ieee.org/servlet/opac?punumber=7168

  17. International Organisation for Standardization (ISO) (1995) ISO/IEC 7816-4: Information technology—identification cards—integrated circuit(s) cards with contacts—Part 4: Interindustry commands for interchange. Available online at http://www.iso.org

  18. International Organisation for Standardization (ISO) (2003) ISO/IEC 7810: Identification cards—Physical characteristics

  19. International Organization for Standardization (ISO) (2000) ISO/IEC 14443: Identification cards—Contactless integrated circuit(s) cards—proximity cards

  20. Kauer B (2007) Oslo: improving the security of trusted computing. In: SS’07: Proceedings of 16th USENIX security symposium, Berkeley, CA, USA, 2007. USENIX Association, pp 1–9

  21. Kühn U, Selhorst M, Stüble C (2007) Realizing property-based attestation and sealing with commonly available hard- and software. In STC ’07: Proceedings of the 2007 ACM workshop on scalable trusted computing

  22. Li F, Wang W, Ma J, Ding Z (2008) Enhanced architecture of TPM. In: Young computer scientists, 2008. ICYCS 2008. The 9th international conference for, pp 1532–1537

  23. Lindner F (2007) Toying with barcodes. In: 24th chaos communication congress

  24. Lyle J, Martin A (2009) On the feasibility of remote attestation for web services. In: Proceedings of the 2009 international conference on computational science and engineering, vol 03. IEEE, New York, pp 283–288

    Chapter  Google Scholar 

  25. McCune J, Perrig A, Reiter M (2005) Seeing-is-believing: Using camera phones for human-verifiable authentication. In: Security and privacy, 2005 IEEE symposium on, pp 110–124

  26. McCune JM, Perrig A, Seshadri A, van Doorn L (August 2007) Turtles all the way down: Research challenges in user-based attestation. In: Proceedings of the workshop on hot topics in security (HotSec)

  27. NFC Forum (March 2007) NFC forum type 4 tag operation—technical specification

  28. OpenTC Project Consortium (2005–2009) The open trusted computing (OpenTC) project. http://www.opentc.net/

  29. Oprea A, Balfanz D, Durfee G, Smetters DK (2004) Securing a remote terminal application with a mobile trusted device. In: ACSAC

  30. Parno B (2008) Bootstrapping trust in a “trusted” platform. In: Proceedings of the 3rd conference on hot topics in security, San Jose, CA, 2008. USENIX Association, pp 1–6

  31. Pirker M, Toegl R, Hein D, Danner P (2009) A PrivacyCA for anonymity and trust. In: Chen L, Mitchell CJ, Andrew M (eds) Trust ’09: Proceedings of the 2nd international conference on trusted computing. Lecture notes in computer science, vol 5471. Springer, Berlin

    Google Scholar 

  32. Sadeghi A-R, Stüble C (2004) Property-based attestation for computing platforms: Caring about properties, not mechanisms. In: Hempelmann C, Raskin V (eds) NSPW. ACM, New York, pp 67–77

    Google Scholar 

  33. Sailer R, Zhang X, Jaeger T, van Doorn L (2004) Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th conference on USENIX security symposium, vol 13, San Diego, CA, 2004. USENIX Association, pp 16–16

  34. Sharp R, Scott J, Beresford AR (2006) Secure mobile computing via public terminals. In: Fishkin KP, Schiele B, Nixon P, Quigley AJ (eds) Pervasive. Lecture notes in computer science, vol 3968. Springer, Berlin, pp 238–253

    Chapter  Google Scholar 

  35. Trusted Computing Group (2007) TCG software stack specification, version 1.2 errata a. https://www.trustedcomputinggroup.org/specs/TSS/

  36. Trusted Computing Group (2007) TCG TPM specification version 1.2 revision 103. https://www.trustedcomputinggroup.org/specs/TPM/

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Ronald Toegl.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Toegl, R., Hutter, M. An approach to introducing locality in remote attestation using near field communications. J Supercomput 55, 207–227 (2011). https://doi.org/10.1007/s11227-010-0407-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-010-0407-1

Keywords

  • Trusted computing
  • Remote attestation
  • Near field communication