Improving Trusted Tickets with State-Bound Keys
- Cite this paper as:
- Nordholz J., Aigner R., England P. (2013) Improving Trusted Tickets with State-Bound Keys. In: Huth M., Asokan N., Čapkun S., Flechais I., Coles-Kemp L. (eds) Trust and Trustworthy Computing. Trust 2013. Lecture Notes in Computer Science, vol 7904. Springer, Berlin, Heidelberg
Traditional network authentication systems like Windows’ Active Directory or MIT’s Kerberos only provide for mutual authentication of communicating entities, e.g. a user’s email client interacting with an IMAP server, while the user’s machine is inherently assumed to be trusted. While there have been first attempts to explicitly establish this trust relationship by leveraging the Trusted Platform Module, these provide no means to directly react to potentially relevant changes in the client’s system state. We expand previous designs by binding keys to the current platform state and involving these in the network authentication process, thereby guaranteeing the continued validity of the attestee.
Unable to display preview. Download preview PDF.