Trusted Computing Serving an Anonymity Service

  • Alexander Böttcher
  • Bernhard Kauer
  • Hermann Härtig
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4968)


We leveraged trusted computing technology to counteract certain insider attacks. Furthermore, we show with one of the rare server based scenarios that an anonymity service can profit from trusted computing. We based our design on the Nizza Architecture [14] with its small kernel and minimal multi-server OS. We even avoided Nizza’s legacy container and got a much smaller, robust and hopefully more secure system, since we believe that minimizing the trusted computing base is an essential requirement for trust into software.


Trusted Platform Module Physical Access Inside Attack Trust Computing Group Trust Chain 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Project: AN.ON - Anonymity,
  2. 2.
  3. 3.
    Anonymisier-Dienst JAP ist wieder anonym,
  4. 4.
    BKA-Vorgehen gegen Anonymisierdienst JAP rechtswidrig,
  5. 5.
    JAP, die Macher und die nicht mehr so ganz garantierte Anonymitt,
  6. 6.
    Nicht mehr ganz anonym: Anonymisier-Dienst JAP protokolliert Zugriffe,
  7. 7.
    Arbaugh, W.A., Farber, D.J., Smith, J.M.: A secure and reliable bootstrap architecture. In: 1997 IEEE Symposium on Security and Privacy, Oakland, CA, May 1997, pp. 65–71 (1997)Google Scholar
  8. 8.
    Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–90 (1981)CrossRefGoogle Scholar
  9. 9.
    Feske, N., Helmuth, C.: Design of the Bastei OS architecture. Technical Report TUD-FI06-07-Dezember-2006, TU Dresden (2006)Google Scholar
  10. 10.
    Garriss, S., Cáceres, R., Berger, S., Sailer, R., van Doorn, L., Zhang, X.: Towards trustworthy kiosk computing. In: Mobile Computing Systems and Applications, 2007. HotMobile 2007, March 2007, pp. 41–45 (2007)Google Scholar
  11. 11.
    Goldschlag, D., Reed, M., Syverson, P.: Onion routing. Commun. ACM 42(2), 39–41 (1999)CrossRefGoogle Scholar
  12. 12.
    Grawrock, D.: The Intel Safer Computing Initiative, January 2006. Intel Press (2006)Google Scholar
  13. 13.
    Gross, M.: Vertrauenswürdiges Booten als Grundlage authentischer Basissysteme. In: Verläs̈liche Informationssysteme, Tagungsband, Informatikfachberichte 271. Springer, Heidelberg (1991)Google Scholar
  14. 14.
    Härtig, H., Hohmuth, M., Feske, N., Helmuth, C., Lackorzynski, A., Mehnert, F., Peter, M.: The nizza secure-system architecture. In: CollaborateCom (2005)Google Scholar
  15. 15.
    Bumler, C.G.H., Federrath, H.: Report on the proceedings by criminal prosecution authorities against the project an on anonymity online (2003)Google Scholar
  16. 16.
    Kauer, B.: OSLO: Improving the Security of Trusted Computing. In: 16th USENIX Security Symposium, pp. 229–237.Google Scholar
  17. 17.
    Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems 10(4), 265–310 (1992)CrossRefGoogle Scholar
  18. 18.
    McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Isozaki, H.: An Execution Infrastructure for TCB Minimization. Technical Report CMU-CyLab-07-018, Carnegie Mellon University (December 2007)Google Scholar
  19. 19.
    OSLO - Open Secure LOader,
  20. 20.
    Pearson, S. (ed.): Trusted Computing Platforms. Prentice Hall International, Englewood Cliffs (2002)Google Scholar
  21. 21.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. In: SSYM 2004: Proceedings of the 13th conference on USENIX Security Symposium, Berkeley, CA, USA, p. 16. USENIX Association (2004)Google Scholar
  22. 22.
    Singaravelu, L., Kauer, B., Boettcher, A., Härtig, H., Pu, C., Jung, G., Weinhold, C.: Enforcing configurable trust in client-side software stacks by splitting information flow. Technical Report GIT-CERCS-07-11, Georgia Institute of Technology, Atlanta, GA (May 2007)Google Scholar
  23. 23.
    Singaravelu, L., Pu, C., Härtig, H., Helmuth, C.: Reducing tcb complexity for security-sensitive applications: three case studies. SIGOPS Oper. Syst. Rev. 40(4), 161–174 (2006)CrossRefGoogle Scholar
  24. 24.
    Ta-Min, R., Litty, L., Lie, D.: Splitting interfaces: making trust between applications and operating systems configurable. In: OSDI 2006: Proceedings of the 7th symposium on Operating systems design and implementation, Berkeley, CA, USA, November 2006, pp. 279-292. USENIX Association (2006)Google Scholar
  25. 25.
    TCG: Trusted Computing Group,
  26. 26.
    Embassy leaks highlight pitfalls of Tor,

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Alexander Böttcher
    • 1
  • Bernhard Kauer
    • 1
  • Hermann Härtig
    • 1
  1. 1.Department of Computer Science Operating Systems GroupTechnische Universität DresdenDresdenGermany

Personalised recommendations