Advertisement

A Demonstrative Ad Hoc Attestation System

  • Endre Bangerter
  • Maksim Djackov
  • Ahmad-Reza Sadeghi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5222)

Abstract

Given the growing number and increasingly criminally motivated attacks on computing platforms, the ability to assert the integrity of platform becomes indispensable. The trusted computing community has come up with various remote attestation protocols that allow to assert the integrity of a remote platform over a network.

A related problem is that of ad hoc attestation, where a user walks up to a computing platform and wants to find out whether that platform in front of her is in a trustworthy state or not. ad hoc attestation is considered to be an open problem, and some very recent publications have outlined a number of open challenges in this field. Major challenges are (i) the security against platform in the middle attacks (ii) viable choice of the device used to perform attestation, and (iii) the manageability of integrity measurements on that device.

In this paper we describe a concrete implementation of an ad hoc attestation system that resolves these challenges. Most importantly, our system offers a novel and very intuitive user experience. In fact, from a user perspective, ad hoc attestation using our solution roughly consists of initiating the process on the target platform and then holding a security token to the screen of the target platform. The outcome of the ad hoc attestation (i.e., whether the platform is trustworthy or not) is then shown on the token’s display. This usage paradigm, which we refer to as demonstrative ad hoc attestation, is based on a novel security token technology, which we have used. We believe that our system has the potential to be evolved into a system for real world usage.

Keywords

Trusted computing attestation Kiosk computing platform integrity smart cards 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [ABKL93]
    Abadi, M., Burrows, M., Kaufman, C., Lampson, B.: Authentication and delegation with smart-cards. In: TACS 1991: Selected papers of the conference on Theoretical aspects of computer software, Netherlands, pp. 93–113. Elsevier Science Publishers, Amsterdam (1993)Google Scholar
  2. [ADSW99]
    Asokan, N., Debar, H., Steiner, M., Waidner, M.: Authenticating public terminals. Comput. Networks 31(9), 861–870 (1999)CrossRefGoogle Scholar
  3. [ARM]
  4. [AXS]
    Axsionics homepage, http://www.axsionics.com/
  5. [CJM07]
    Boneh, D., Jackson, C., Mitchell, J.C.: Transaction generators: Rootkits for the web. In: Proceedings of the Workshop on Hot Topics in Security (HotSec) (2007)Google Scholar
  6. [CYCY00]
    Cheng, K.S.C.Y., Yunus, J.: Authentication public terminals with smart cards. In: TENCON 2000, 24-27 September 2000, vol. 1, pp. 527–530 (2000)Google Scholar
  7. [DBW02]
    Stewart, P., Balfanz, D., Smetters, D.K., Chi, H.: Talking to strangers: Authentication in ad-hoc wireless networks. In: Symposium on Network and Distributed Systems Security (NDSS 2002) (2002)Google Scholar
  8. [DC07]
    Catherman, R., Safford, D., van Doorn, L., Challener, D., Yoder, K.: A Practical Guide to Trusted Computing. IBM Press (2007)Google Scholar
  9. [DM07]
    Drimer, S., Murdoch, S.J.: Keep your enemies close: Distance bounding against smartcard relay attacks. In: USENIX Security Symposium (August 2007)Google Scholar
  10. [ESvD05]
    Perrig, A., Shi, E., van Doorn, L.: Bind: A time-of-use attestation service for secure distributed systems. In: Proceedings of IEEE Symposium on Security and Privacy (May 2005)Google Scholar
  11. [FSE06]
    Röder, P., Stumpf, F., Tafreschi, O., Eckert, C.: A robust integrity reporting protocol for remote attestation. In: Proceedings of the Second Workshop on Advances in Trusted Computing (WATC 2006 Fall) (December 2006)Google Scholar
  12. [GPS06]
    Goldman, K., Perez, R., Sailer, R.: Linking remote attestation to secure tunnel endpoints. In: STC 2006: Proceedings of the first ACM workshop on Scalable trusted computing, pp. 21–24. ACM, New York (2006)CrossRefGoogle Scholar
  13. [Gra06]
    Grawrock, D.: The Intel Safer Computing Initiative. Intel Press (2006)Google Scholar
  14. [GSS+07]
    Gasmi, Y., Sadeghi, A.-R., Stewin, P., Unger, M., Asokan, N.: Beyond secure channels. In: STC 2007: Proceedings of the 2007 ACM workshop on Scalable trusted computing, pp. 30–40. ACM, New York (2007)CrossRefGoogle Scholar
  15. [JTS]
  16. [Kre]
    Krebs,B.: Banks: Losses from computer intrusions up in (2007)Google Scholar
  17. [Mit05]
    Mitchell, C. (ed.): Trusted Computing. The Institution of Electrical Engineers (2005)Google Scholar
  18. [MPR05]
    McCune, J.M., Perrig, A., Reiter, M.K.: Seeing-is-believing: Using camera phones for human-verifiable authentication. In: SP 2005: Proceedings of the 2005 IEEE Symposium on Security and Privacy, pp. 110–124. IEEE Computer Society, Washington (2005)Google Scholar
  19. [MPSvD07]
    McCune, J.M., Perrig, A., Seshadri, A., van Doorn, L.: Turtles all the way down: Research challenges in user-based attestation. In: Proceedings of the Workshop on Hot Topics in Security (HotSec) (2007)Google Scholar
  20. [Ope]
    Open Trusted Computing, http://www.opentc.net
  21. [Pea03]
    Pearson, S. (ed.): Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall, Englewood Cliffs (2003)Google Scholar
  22. [Ran04]
    Ranganathan, K.: Trustworthy pervasive computing: The hard security problems. In: PERCOMW 2004: Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops, p. 117. IEEE Computer Society, Washington (2004)CrossRefGoogle Scholar
  23. [RS04]
    Jaeger, T., van Doorn, L., Sailer, R., Zhang, X.: Design and implementation of a tcg-based integrity measurement architecture. In: SSYM 2004: Proceedings of the 13th conference on USENIX Security Symposium. USENIX Association, Berkeley (2004)Google Scholar
  24. [SA99]
    Stajano, F., Anderson, R.J.: The resurrecting duckling: Security issues for ad-hoc wireless networks. In: Proceedings of the 7th International Workshop on Security Protocols, London, UK, pp. 172–194. Springer, Heidelberg (1999)Google Scholar
  25. [SG07]
    Berger, S., Sailer, R., van Doorn, L., Zhang, X., Garriss, S., Caceres, R.: Towards trustworthy kiosk computing. In: Proc. of 8th IEEE Workshop on Mobile Computing Systems and Applications (HotMobile) (February 2007)Google Scholar
  26. [SS04]
    Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: NSPW 2004: Proceedings of the 2004 workshop on New security paradigms, pp. 67–77. ACM, New York (2004)Google Scholar
  27. [SS05]
    Sadeghi, A.R., Stüble, C.: Towards Multilaterally Secure Computing Platforms - With Open Source and Trusted Computing. Elesevier 10, 83–95 (2005)Google Scholar
  28. [SVNC04]
    Shapiro, J.S., Vanderburgh, J., Northup, E., Chizmadia, D.: Design of the eros trusted window system. In: SSYM 2004: Proceedings of the 13th conference on USENIX Security Symposium, p. 12. USENIX Association, Berkeley (2004)Google Scholar
  29. [Trua]
    Trusted Computing Group (TCG). About the TCG, http://www.trustedcomputinggroup.org/about/
  30. [Trub]
    Trusted Computing Group (TCG). TSS specifications, https://www.trustedcomputinggroup.org/groups/software/
  31. [Tru04]
    Trusted Computing Group. TCG Architecture Overview (April 2004)Google Scholar
  32. [Tru05]
    Trusted Computing Group (TCG). TPM Main Specification 1.2, Rev. 85 (February 2005), https://www.trustedcomputinggroup.org/groups/tpm/
  33. [TUR]

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Endre Bangerter
    • 1
  • Maksim Djackov
    • 1
  • Ahmad-Reza Sadeghi
    • 2
  1. 1.Bern University of Applied SciencesSwitzerland
  2. 2.University of BochumGermany

Personalised recommendations