Abstract
Traditional network authentication systems like Windows’ Active Directory or MIT’s Kerberos only provide for mutual authentication of communicating entities, e.g. a user’s email client interacting with an IMAP server, while the user’s machine is inherently assumed to be trusted. While there have been first attempts to explicitly establish this trust relationship by leveraging the Trusted Platform Module, these provide no means to directly react to potentially relevant changes in the client’s system state. We expand previous designs by binding keys to the current platform state and involving these in the network authentication process, thereby guaranteeing the continued validity of the attestee.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
TrouSerS - the open-source software stack, http://trousers.sourceforge.net
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 132–145. ACM, New York (2004), http://doi.acm.org/10.1145/1030083.1030103
Corporation, M.: TPM and BitLocker drive encryption, http://msdn.microsoft.com/en-us/library/windows/hardware/gg487306.aspx
Corporation, M.: TPM platform crypto-provider toolkit, http://research.microsoft.com/en-us/downloads/74c45746-24ad-4cb7-ba4b-0c6df2f92d5d/default.aspx
Corporation, M.: Secured Boot and Measured Boot: Hardening Early Boot components against malware. Tech. rep., Microsoft Corporation (2012)
Goldman, K.A., Perez, R., Sailer, R.: Linking Remote Attestation to Secure Tunnel Endpoints. IBM Technical Paper (2006), http://domino.research.ibm.com/library/cyberdig.nsf/1e4115aea78b6e7c......85256b360066f0d4/fb0d5a04296a0bee852571ff0054f9fb
Group, T.I.W.: A CMC profile for AIK certificate enrollment. Tech. rep., Trusted Computing Group (2011)
Group, T.P.C.W.: TCG PC client specific implementation specification for conventional BIOS. Tech. rep., Trusted Computing Group (2012)
Group, T.C.: TCG Software Stack (TSS) Specification Version 1.2 level 1. Tech. rep., Trusted Computing Group (2007), http://www.trustedcomputinggroup.org/files/resource_files/6479CD77-1D09-3519-AD89EAD1BC8C97F0/TSS_1_2_Errata_A-final.pdf
Group, T.C.: TPM main specification level 2 version 1.2 revision 116. Tech. rep., Trusted Computing Group (2011), http://www.trustedcomputinggroup.org/resources/tpm_main_specification
Leicher, A., Kuntze, N., Schmidt, A.U.: Implementation of a trusted ticket system. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol. 297, pp. 152–163. Springer, Heidelberg (2009), http://dx.doi.org/10.1007/978-3-642-01244-0_14
Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th USENIX Security Symposium, pp. 223–238. ACM (2004)
Zhu, L., Tung, B.: Rfc4556: Public key cryptography for initial authentication in kerberos (PKINIT) (2006), http://tools.ietf.org/html/rfc4556
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nordholz, J., Aigner, R., England, P. (2013). Improving Trusted Tickets with State-Bound Keys. In: Huth, M., Asokan, N., Čapkun, S., Flechais, I., Coles-Kemp, L. (eds) Trust and Trustworthy Computing. Trust 2013. Lecture Notes in Computer Science, vol 7904. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38908-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-38908-5_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38907-8
Online ISBN: 978-3-642-38908-5
eBook Packages: Computer ScienceComputer Science (R0)