Skip to main content
Springer Nature Link
Log in

Key Attestation from Trusted Execution Environments

  • Conference paper
Trust and Trustworthy Computing (Trust 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6101))

Included in the following conference series:

Abstract

Credential platforms implemented on top of Trusted Execution Environments (TrEEs) allow users to store and use their credentials, e.g., cryptographic keys or user passwords, securely. One important requirement for a TrEE-based credential platform is the ability to attest that a credential has been created and is kept within the TrEE. Credential properties, such as usage permissions, should be also attested. Existing attestation mechanisms are limited to attesting which applications outside the TrEE are authorized to use the credential. In this paper we describe a novel key attestation mechanism that allows attestation of both TrEE internal and external key usage permissions. We have implemented this attestation mechanism for mobile phones with M-Shield TrEE.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. ARM. Trustzone technology overview (2009), http://www.arm.com/products/security/trustzone/index.html

  2. Baiardi, F., Cilea, D., Sgandurra, D., Ceccarelli, F.: Measuring semantic integrity for remote attestation. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 81–100. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  3. Costan, V., Sarmenta, L.F.G., van Dijk, M., Devadas, S.: The trusted execution module: Commodity general-purpose trusted computing. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 133–148. Springer, Heidelberg (2008), http://people.csail.mit.edu/devadas/pubs/cardis08tem.pdf

    Chapter  Google Scholar 

  4. Internet Crime Complaint Center. Internet crime report (2008), http://www.ic3.gov/media/annualreport/2008_IC3Report.pdf

  5. Itoi, N., Arbaugh, W.A., Pollack, S.J., Reeves, D.M.: Personal secure booting. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 130–144. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  6. JavaCard Technology, http://java.sun.com/products/javacard/

  7. Kostiainen, K., Ekberg, J.-E., Asokan, N., Rantala, A.: On-board credentials with open provisioning. In: Proc. of ACM Symposium on Information, Computer & Communications Security, ASIACCS 2009 (2009)

    Google Scholar 

  8. The Programming Language Lua, http://www.lua.org/

  9. Petroni Jr., N.L., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot - a coprocessor-based kernel runtime integrity monitor. In: Proceedings of the 13th USENIX Security Symposium, August 2004, pp. 179–194. USENIX (2004)

    Google Scholar 

  10. Nokia. Symbian OS platform security, http://www.forum.nokia.com/Technology_Topics/Device_Platforms/S60/Platform_Security/

  11. Rundgren, A.: Subject key attestation in keygen2 (2009), http://webpki.org/papers/keygen2/keygen2-key-attestation-1.pdf

  12. SANS Institute. SANS Top-20 2007 Security Risks (November 2008), http://www.sans.org/top20/2007/top20.pdf

  13. Smith, S.W.: Outbound authentication for programmable secure coprocessors. International Journal of Information Security 3, 28–41 (2004)

    Article  Google Scholar 

  14. Srage, J., Azema, J.: M-Shield mobile security technology, TI White paper (2005), http://focus.ti.com/pdfs/wtbu/ti_mshield_whitepaper.pdf

  15. Trusted Computing Group, https://www.trustedcomputinggroup.org/home

  16. TCG Infrastructure Workgroup. Subject Key Attestation Evidence Extension Specification Version 1.0 Revision 7 (June 2005), https://www.trustedcomputinggroup.org/specs/IWG/

  17. Trusted Platform Module (TPM) Specifications, https://www.trustedcomputinggroup.org/specs/TPM/

Download references

Author information

Authors and Affiliations

  1. Nokia Research Center, Helsinki, Finland

    Kari Kostiainen, Jan-Erik Ekberg & N. Asokan

  2. Horst Görtz Institute for IT Security, Ruhr-University, Bochum, Germany

    Alexandra Dmitrienko & Ahmad-Reza Sadeghi

Authors
  1. Kari Kostiainen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexandra Dmitrienko
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jan-Erik Ekberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ahmad-Reza Sadeghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. N. Asokan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Heinz College, Carnegie Mellon University, 5000 Forbes Avenue, HBH 2105C, 15213, Pittsburgh, PA, USA

    Alessandro Acquisti

  2. Department of Computer Science, 6211 Sudikoff Laboratory, Dartmouth College, 03755-3510, Hanover, NH, USA

    Sean W. Smith

  3. System Security Lab, Ruhr University Bochum, Universitätsstr. 150, 44780, Bochum, Germany

    Ahmad-Reza Sadeghi

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kostiainen, K., Dmitrienko, A., Ekberg, JE., Sadeghi, AR., Asokan, N. (2010). Key Attestation from Trusted Execution Environments. In: Acquisti, A., Smith, S.W., Sadeghi, AR. (eds) Trust and Trustworthy Computing. Trust 2010. Lecture Notes in Computer Science, vol 6101. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13869-0_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-13869-0_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-13868-3

  • Online ISBN: 978-3-642-13869-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics