Abstract
Given the growing number and increasingly criminally motivated attacks on computing platforms, the ability to assert the integrity of platform becomes indispensable. The trusted computing community has come up with various remote attestation protocols that allow to assert the integrity of a remote platform over a network.
A related problem is that of ad hoc attestation, where a user walks up to a computing platform and wants to find out whether that platform in front of her is in a trustworthy state or not. ad hoc attestation is considered to be an open problem, and some very recent publications have outlined a number of open challenges in this field. Major challenges are (i) the security against platform in the middle attacks (ii) viable choice of the device used to perform attestation, and (iii) the manageability of integrity measurements on that device.
In this paper we describe a concrete implementation of an ad hoc attestation system that resolves these challenges. Most importantly, our system offers a novel and very intuitive user experience. In fact, from a user perspective, ad hoc attestation using our solution roughly consists of initiating the process on the target platform and then holding a security token to the screen of the target platform. The outcome of the ad hoc attestation (i.e., whether the platform is trustworthy or not) is then shown on the token’s display. This usage paradigm, which we refer to as demonstrative ad hoc attestation, is based on a novel security token technology, which we have used. We believe that our system has the potential to be evolved into a system for real world usage.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Burrows, M., Kaufman, C., Lampson, B.: Authentication and delegation with smart-cards. In: TACS 1991: Selected papers of the conference on Theoretical aspects of computer software, Netherlands, pp. 93–113. Elsevier Science Publishers, Amsterdam (1993)
Asokan, N., Debar, H., Steiner, M., Waidner, M.: Authenticating public terminals. Comput. Networks 31(9), 861–870 (1999)
Arm secure core processor family, http://www.arm.com/products/cpus/families/securcorefamily.html
Axsionics homepage, http://www.axsionics.com/
Boneh, D., Jackson, C., Mitchell, J.C.: Transaction generators: Rootkits for the web. In: Proceedings of the Workshop on Hot Topics in Security (HotSec) (2007)
Cheng, K.S.C.Y., Yunus, J.: Authentication public terminals with smart cards. In: TENCON 2000, 24-27 September 2000, vol. 1, pp. 527–530 (2000)
Stewart, P., Balfanz, D., Smetters, D.K., Chi, H.: Talking to strangers: Authentication in ad-hoc wireless networks. In: Symposium on Network and Distributed Systems Security (NDSS 2002) (2002)
Catherman, R., Safford, D., van Doorn, L., Challener, D., Yoder, K.: A Practical Guide to Trusted Computing. IBM Press (2007)
Drimer, S., Murdoch, S.J.: Keep your enemies close: Distance bounding against smartcard relay attacks. In: USENIX Security Symposium (August 2007)
Perrig, A., Shi, E., van Doorn, L.: Bind: A time-of-use attestation service for secure distributed systems. In: Proceedings of IEEE Symposium on Security and Privacy (May 2005)
Röder, P., Stumpf, F., Tafreschi, O., Eckert, C.: A robust integrity reporting protocol for remote attestation. In: Proceedings of the Second Workshop on Advances in Trusted Computing (WATC 2006 Fall) (December 2006)
Goldman, K., Perez, R., Sailer, R.: Linking remote attestation to secure tunnel endpoints. In: STC 2006: Proceedings of the first ACM workshop on Scalable trusted computing, pp. 21–24. ACM, New York (2006)
Grawrock, D.: The Intel Safer Computing Initiative. Intel Press (2006)
Gasmi, Y., Sadeghi, A.-R., Stewin, P., Unger, M., Asokan, N.: Beyond secure channels. In: STC 2007: Proceedings of the 2007 ACM workshop on Scalable trusted computing, pp. 30–40. ACM, New York (2007)
Krebs,B.: Banks: Losses from computer intrusions up in (2007)
Mitchell, C. (ed.): Trusted Computing. The Institution of Electrical Engineers (2005)
McCune, J.M., Perrig, A., Reiter, M.K.: Seeing-is-believing: Using camera phones for human-verifiable authentication. In: SP 2005: Proceedings of the 2005 IEEE Symposium on Security and Privacy, pp. 110–124. IEEE Computer Society, Washington (2005)
McCune, J.M., Perrig, A., Seshadri, A., van Doorn, L.: Turtles all the way down: Research challenges in user-based attestation. In: Proceedings of the Workshop on Hot Topics in Security (HotSec) (2007)
Open Trusted Computing, http://www.opentc.net
Pearson, S. (ed.): Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall, Englewood Cliffs (2003)
Ranganathan, K.: Trustworthy pervasive computing: The hard security problems. In: PERCOMW 2004: Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops, p. 117. IEEE Computer Society, Washington (2004)
Jaeger, T., van Doorn, L., Sailer, R., Zhang, X.: Design and implementation of a tcg-based integrity measurement architecture. In: SSYM 2004: Proceedings of the 13th conference on USENIX Security Symposium. USENIX Association, Berkeley (2004)
Stajano, F., Anderson, R.J.: The resurrecting duckling: Security issues for ad-hoc wireless networks. In: Proceedings of the 7th International Workshop on Security Protocols, London, UK, pp. 172–194. Springer, Heidelberg (1999)
Berger, S., Sailer, R., van Doorn, L., Zhang, X., Garriss, S., Caceres, R.: Towards trustworthy kiosk computing. In: Proc. of 8th IEEE Workshop on Mobile Computing Systems and Applications (HotMobile) (February 2007)
Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: NSPW 2004: Proceedings of the 2004 workshop on New security paradigms, pp. 67–77. ACM, New York (2004)
Sadeghi, A.R., Stüble, C.: Towards Multilaterally Secure Computing Platforms - With Open Source and Trusted Computing. Elesevier 10, 83–95 (2005)
Shapiro, J.S., Vanderburgh, J., Northup, E., Chizmadia, D.: Design of the eros trusted window system. In: SSYM 2004: Proceedings of the 13th conference on USENIX Security Symposium, p. 12. USENIX Association, Berkeley (2004)
Trusted Computing Group (TCG). About the TCG, http://www.trustedcomputinggroup.org/about/
Trusted Computing Group (TCG). TSS specifications, https://www.trustedcomputinggroup.org/groups/software/
Trusted Computing Group. TCG Architecture Overview (April 2004)
Trusted Computing Group (TCG). TPM Main Specification 1.2, Rev. 85 (February 2005), https://www.trustedcomputinggroup.org/groups/tpm/
Turaya OS homepage, http://www.emscb.com/content/pages/turaya.htm
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bangerter, E., Djackov, M., Sadeghi, AR. (2008). A Demonstrative Ad Hoc Attestation System. In: Wu, TC., Lei, CL., Rijmen, V., Lee, DT. (eds) Information Security. ISC 2008. Lecture Notes in Computer Science, vol 5222. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85886-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-85886-7_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85884-3
Online ISBN: 978-3-540-85886-7
eBook Packages: Computer ScienceComputer Science (R0)