Securing a Remote Terminal Application with a Mobile Trusted Device
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Property-based attestation for computing platforms: caring about properties, not mechanisms
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Reincarnating PCs with portable SoulPads
Proceedings of the 3rd international conference on Mobile systems, applications, and services
A protocol for property-based attestation
Proceedings of the first ACM workshop on Scalable trusted computing
Detecting relay attacks with timing-based protocols
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Realizing property-based attestation and sealing with commonly available hard- and software
Proceedings of the 2007 ACM workshop on Scalable trusted computing
Turtles all the way down: research challenges in user-based attestation
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
OSLO: improving the security of trusted computing
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Trustworthy and personalized computing on public kiosks
Proceedings of the 6th international conference on Mobile systems, applications, and services
Practical Techniques for Operating System Attestation
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Wireless Communications & Mobile Computing
Attestation: Evidence and Trust
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Formal Analysis of a TPM-Based Secrets Distribution and Storage Scheme
ICYCS '08 Proceedings of the 2008 The 9th International Conference for Young Computer Scientists
Bootstrapping trust in a "trusted" platform
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
A PrivacyCA for Anonymity and Trust
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
SessionJuggler: secure web login from an untrusted terminal using session hijacking
Proceedings of the 21st international conference on World Wide Web
Specification and Standardization of a Java Trusted Computing API
Software—Practice & Experience
| Hi-index | 0.00 |
Public kiosk computers are especially exposed and the software running on them usually cannot be assumed to be unaltered and secure. The Trusted Platform Module (TPM) as a root of trust in an otherwise untrusted computer allows a machine to report the integrity and the configuration of a platform to a remote host on the Internet. A natural usage scenario is to perform such an Attestation prior to handling sensitive or private data on a public terminal. Two challenges arise. First, the human user needs to reach her trust decision on the basis of the TPM's cryptographic protocols. She cannot trust the public machine to display authentic results. Second, there is currently no way for the user to establish that the particular machine faced actually contains the TPM that performs the Attestation. In this paper we demonstrate an Attestation token architecture which is based on a commodity smart phone and more efficient and flexible than previous proposals. Further, we propose to add a low-cost Near Field Communication (NFC) compatible autonomic interface to the TPM, providing a direct channel for proof of the TPM's identity and local proximity to the Attestation token.