skip to main content
10.1145/1378600.1378623acmconferencesArticle/Chapter ViewAbstractPublication PagesmobisysConference Proceedingsconference-collections
research-article

Trustworthy and personalized computing on public kiosks

Published: 17 June 2008 Publication History

Abstract

Many people desire ubiquitous access to their personal computing environments. We present a system in which a user leverages a personal mobile device to establish trust in a public computing device, or kiosk, prior to resuming her environment on the kiosk. We have designed a protocol by which the mobile device determines the identity and integrity of all software loaded on the kiosk, in order to inform the user whether the kiosk is trustworthy. Our system exploits emerging hardware security technologies, namely the Trusted Platform Module and new support in x86 processors for establishing a dynamic root of trust. We have demonstrated the viability of our approach by implementing and evaluating our system on commodity hardware. Through a brief survey, we found that respondents are generally willing to endure a delay in exchange for an increased assurance of data privacy, and that the delay incurred by our unoptimized prototype is close to the range tolerable to the respondents. We have focused on allowing the user to personalize a kiosk by running her own virtual machine there. However, our work is generally applicable to establishing trust on public computing devices before revealing any sensitive information to those devices.

References

[1]
Integrity Measurement Architecture Implementation. http://sourceforge.net/projects/linux-ima.
[2]
SurveyMonkey. http://surveymonkey.com/.
[3]
W. Arbaugh, D. Farber, and J. Smith. A Secure and Reliable Bootstrap Architecture. In Proc. of the IEEE Symposium on Security and Privacy, 1997.
[4]
D. Balfanz and E. Felten. Hand-held computers can be better smart cards. In Proc. of the USENIX Security Symposium, 1999.
[5]
L. Bauer, S. Garriss, J. M. McCune, M. K. Reiter, J. Rouse, and P. Rutenbar. Device-enabled authorization in the Grey system. In Information Security: 8th International Conference, ISC 2005, 2005.
[6]
S. Brands. Untraceable off-line cash in wallet with observers (extended abstract). In Advances in Cryptology - CRYPTO '93, Lecture Notes in Computer Science, 1993.
[7]
R. Cáceres, C. Carter, C. Narayanaswami, and M. T. Raghunath. Reincarnating PCs with Portable SoulPads. In Proc. of the ACM/USENIX Conference on Mobile Computing Systems, Applications, and Services, 2005.
[8]
Advanced Micro Devices. Secure Virtual Machine Technology. http://www.amd.com/.
[9]
S. Garriss, R. Cáceres, S. Berger, R. Sailer, L. van Doorn, and X. Zhang. Towards Trustworthy Kiosk Computing. In Proc. of the IEEE Workshop on Mobile Computing Systems and Applications (HotMobile), 2007.
[10]
Trusted Computing Group. Trusted Platform Module. https://www.trustedcomputinggroup.org/.
[11]
Intel. Trusted Execution Technology. http://www.intel.com/technology/security/.
[12]
B. Kauer. OSLO: Improving the Security of Trusted Computing. In Proc. of the USENIX Security Symposium, 2007.
[13]
S. T. King, P. M. Chen, Y. M. Wang, C. Verbowski, H. J. Wang, and J. R. Lorch. SubVirt: Implementing Malware with Virtual Machines. In Proc. of the IEEE Symposium on Security and Privacy, 2006.
[14]
M. Kozuch and M. Satyanarayanan. Internet Suspend/Resume. In Proc. of the IEEE Workshop on Mobile Computing Systems and Applications, 2002.
[15]
P. C. van Oorschot M. Mannan. Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer. In Proc. of the International Conference on Financial Cryptography and Data Security, 2007.
[16]
J. M. McCune, B. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: An Execution Infrastructure for TCB Minimization. In Proc. of the European Conference on Computer Systems (EuroSys), 2008.
[17]
J. M. McCune, A. Perrig, and M. K. Reiter. Seeing is Believing: Using Camera Phones for Human-Verifiable Authentication. In Proc. of the IEEE Symposium on Security and Privacy, 2005.
[18]
J. M. McCune, A. Perrig, and M. K. Reiter. Bump in the Ether: A Framework for Securing Sensitive User Input. In Proc. of the USENIX Annual Technical Conference, 2006.
[19]
J. M. McCune, A. Perrig, A. Seshadri, and L. van Doorn. Turtles all the way down: Research challenges in user-based attestation. In Usenix Workshop on Hot Topics in Security (HotSec'07), 2007.
[20]
Legion of the Bouncy Castle. Bouncy Castle Lightweight Cryptography API. http://www.bouncycastle.org/.
[21]
A. Oprea, D. Balfanz, G. Durfee, and D. Smetters. Securing a remote terminal application with a mobile trusted device. In Proc. of the Annual Computer Security Applications Conference, 2004.
[22]
N. Ravi, C. Narayanaswami, M. Raghunath, and M. Rosu. Towards Securing Pocket Hard Drives and Portable Personalities. IEEE Pervasive Computing, 6(4), 2007.
[23]
R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In Proc. of the USENIX Security Symposium, 2004.
[24]
D. Scott, R. Sharp, A. Madhavapeddy, and E. Upton. Using visual tags to bypass Bluetooth device discovery. Mobile Comp. and Comm. Review, 1(2), January 2005.
[25]
A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. Pioneer: Verifying Integrity and Guaranteeing Execution of Code on Legacy Platforms. In Proc. of the ACM Symposium on Operating Systems Principles, 2005.
[26]
R. Sharp, J. Scott, and A. Beresford. Secure Mobile Computing via Public Terminals. In Proc. of the International Conference on Pervasive Computing, 2006.
[27]
S. Sinclair and S. Smith. PorKI: Making User PKI Safe on Machines of Heterogeneous Trustworthiness. 2005.
[28]
A. Surie, A. Perrig, M. Satyanarayanan, and D. Farber. Rapid Trust Establishment for Pervasive Personal Computing. IEEE Pervasive Computing, 6(4), 2007.

Cited By

View all
  • (2023)Task offloading paradigm in mobile edge computing-current issues, adopted approaches, and future directionsJournal of Network and Computer Applications10.1016/j.jnca.2022.103568212:COnline publication date: 1-Mar-2023
  • (2022)Digital Twin: A Comprehensive Survey of Security ThreatsIEEE Communications Surveys & Tutorials10.1109/COMST.2022.317146524:3(1475-1503)Online publication date: Nov-2023
  • (2021)MSS: Lightweight network authentication for resource constrained devices via Mergeable Stateful Signatures2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS)10.1109/ICDCS51616.2021.00035(282-292)Online publication date: Jul-2021
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
MobiSys '08: Proceedings of the 6th international conference on Mobile systems, applications, and services
June 2008
304 pages
ISBN:9781605581392
DOI:10.1145/1378600
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 June 2008

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. integrity verification
  2. kiosk computing
  3. mobility
  4. personalized computing
  5. trusted platform module
  6. virtualization

Qualifiers

  • Research-article

Conference

Mobisys08
Sponsor:

Acceptance Rates

Overall Acceptance Rate 274 of 1,679 submissions, 16%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)17
  • Downloads (Last 6 weeks)1
Reflects downloads up to 17 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Task offloading paradigm in mobile edge computing-current issues, adopted approaches, and future directionsJournal of Network and Computer Applications10.1016/j.jnca.2022.103568212:COnline publication date: 1-Mar-2023
  • (2022)Digital Twin: A Comprehensive Survey of Security ThreatsIEEE Communications Surveys & Tutorials10.1109/COMST.2022.317146524:3(1475-1503)Online publication date: Nov-2023
  • (2021)MSS: Lightweight network authentication for resource constrained devices via Mergeable Stateful Signatures2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS)10.1109/ICDCS51616.2021.00035(282-292)Online publication date: Jul-2021
  • (2018)Computer Security and Privacy for Refugees in the United States2018 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2018.00023(409-423)Online publication date: May-2018
  • (2016)Fast, Scalable and Secure Onloading of Edge Functions Using AirBox2016 IEEE/ACM Symposium on Edge Computing (SEC)10.1109/SEC.2016.15(14-27)Online publication date: Oct-2016
  • (2016)Implementing Attestable kiosks2016 14th Annual Conference on Privacy, Security and Trust (PST)10.1109/PST.2016.7906989(722-729)Online publication date: Dec-2016
  • (2015)Energy efficient and robust allocation of interdependent tasks on mobile ad hoc computational gridConcurrency and Computation: Practice & Experience10.1002/cpe.329727:5(1226-1254)Online publication date: 10-Apr-2015
  • (2014)Cloud-Based Augmentation for Mobile Devices: Motivation, Taxonomies, and Open ChallengesIEEE Communications Surveys & Tutorials10.1109/SURV.2013.070813.0028516:1(337-368)Online publication date: Sep-2015
  • (2014)A Survey of Mobile Cloud Computing Application ModelsIEEE Communications Surveys & Tutorials10.1109/SURV.2013.062613.0016016:1(393-413)Online publication date: Sep-2015
  • (2014)Trust Extension as a Mechanism for Secure Code Execution on Commodity ComputersundefinedOnline publication date: 5-Jun-2014
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media