6,897 research outputs found
Citizen Electronic Identities using TPM 2.0
Electronic Identification (eID) is becoming commonplace in several European
countries. eID is typically used to authenticate to government e-services, but
is also used for other services, such as public transit, e-banking, and
physical security access control. Typical eID tokens take the form of physical
smart cards, but successes in merging eID into phone operator SIM cards show
that eID tokens integrated into a personal device can offer better usability
compared to standalone tokens. At the same time, trusted hardware that enables
secure storage and isolated processing of sensitive data have become
commonplace both on PC platforms as well as mobile devices.
Some time ago, the Trusted Computing Group (TCG) released the version 2.0 of
the Trusted Platform Module (TPM) specification. We propose an eID architecture
based on the new, rich authorization model introduced in the TCGs TPM 2.0. The
goal of the design is to improve the overall security and usability compared to
traditional smart card-based solutions. We also provide, to the best our
knowledge, the first accessible description of the TPM 2.0 authorization model.Comment: This work is based on an earlier work: Citizen Electronic Identities
using TPM 2.0, to appear in the Proceedings of the 4th international workshop
on Trustworthy embedded devices, TrustED'14, November 3, 2014, Scottsdale,
Arizona, USA, http://dx.doi.org/10.1145/2666141.266614
Remote attestation mechanism for embedded devices based on physical unclonable functions
Remote attestation mechanisms are well studied in the high-end computing environments; however, the same is not true for embedded devices-especially for smart cards. With ever changing landscape of smart card technology and advancements towards a true multi-application platform, verifying the current state of the smart card is significant to the overall security of such proposals. The initiatives proposed by GlobalPlatform Consumer Centric Model (GP-CCM) and User Centric Smart Card Ownership Model (UCOM) enables a user to download any application as she desire-depending upon the authorisation of the application provider. Before an application provider issues an application to a smart card, verifying the current state of the smart card is crucial to the security of the respective application. In this paper, we analyse the rationale behind the remote attestation mechanism for smart cards, and the fundamental features that such a mechanism should possess. We also study the applicability of Physical Unclonable Functions (PUFs) for the remote attestation mechanism and propose two algorithms to achieve the stated features of remote attestation. The proposed algorithms are implemented in a test environment to evaluate their performance. © 2013 The authors and IOS Press. All rights reserved
MESURE Tool to benchmark Java Card platforms
The advent of the Java Card standard has been a major turning point in smart
card technology. With the growing acceptance of this standard, understanding
the performance behavior of these platforms is becoming crucial. To meet this
need, we present in this paper a novel benchmarking framework to test and
evaluate the performance of Java Card platforms. MESURE tool is the first
framework which accuracy and effectiveness are independent from the particular
Java Card platform tested and CAD used.Comment: International Journal of Computer Science Issues, Volume 1, pp49-57,
August 200
SÀhköisen identiteetin toteuttaminen TPM 2.0 -laitteistolla
Most of the financial, healthcare, and governmental services are available on Internet, where traditional identification methods used on face-to-face identification are not possible. Identification with username and password is a mediocre solution and therefore some services require strong authentication. Finland has three approved strong authentication methods: smart cards, bank credentials, and mobile ID. Out of the three authentication methods, only the government issued smart card is available to everyone who police can identify reliably. Bank credentials require identification with an identity document from Finland or other European Economic Area (EEA) country. Mobile ID explicitly require identification with Finnish identity document. The problem with smart cards is the requirement for a reader, slow functioning, and requirement for custom driver. A TPM could function as a replacement for a smart card with accompanying software library.
In this thesis, I created a PKCS #11 software library that allows TPM to be used for browser based authentication according to draft specification by Finnish population registry. The keys used for authentication are created, stored and used securely inside the TPM. TPMs are deemed viable replacement for smart cards. The implemented system is faster to use than smart cards and has similar security properties as smart cards have. The created library contains implementations for 30% of all TPM 2.0 functions and could be used as a base for further TPM 2.0 based software.Pankki-, terveys- ja julkiset palvelut ovat suureksi osin saatavilla internetin vÀlityksellÀ. Tunnistautuminen kÀyttÀjÀtunnuksella ja salasanalla ei takaa riittÀvÀÀ luotettavuutta, vaan joissain palveluissa on kÀytettÀvÀ vahvaa tunnistautumista. Suomessa on tÀllÀ hetkellÀ kÀytössÀ kolme vahvaa tunnistautumisvÀlinettÀ: pankkien kÀyttÀmÀt verkkopankkitunnukset, VÀestörekisterikeskuksen kansalaisvarmenne ja teleyritysten mobiilivarmenteet. NÀistÀ kolmesta kansalaisvarmenne on ainoa, joka ei vaadi asiakkuutta ja on tÀten kaikille saatavilla, jotka poliisi voi luotettavasti tunnistaa. Verkkopankkitunnukset vaativat tunnistautumisen suomalaisella tai Euroopan talousalueen (ETA) valtion myöntÀmÀllÀ henkilötodistus. Mobiilivarmenne myönnetÀÀn vain henkilölle, joka voidaan tunnistaa suomalaisella henkilötodistuksella. Kansalaisvarmenne on kuitenkin Àlykortti kaikkine Àlykortin ongelmineen: sen kÀyttÀmiseen tarvitaan erillinen lukija, sen toiminta on hidasta ja se vaatii erillisen laiteajurin. TÀmÀn työn tavoitteena on luoda ratkaisu, jolla Àlykorttipohjainen tunnistautuminen voidaan toteuttaa tietokoneissa olevan TPM-piirin avulla.
TĂ€ssĂ€ diplomityössĂ€ luotiin PKCS #11 -rajapinnan tĂ€yttĂ€vĂ€ ohjelmistokirjasto, joka mahdollistaa TPM-piirin kĂ€yttĂ€misen tunnistautumiseen selaimessa VĂ€estörekisterikeskuksen laatiman mÀÀritelmĂ€n luonnoksen mukaan. Tunnistautumisavaimet luodaan, tallennetaan ja niitĂ€ kĂ€ytetÀÀn TPM:ssa, mikĂ€ varmistaa avainten luottamuksellisuuden. Ălykortin toiminnallisuudet todettiin mahdolliseksi toteuttaa TPM-piirillĂ€. Toteutettu jĂ€rjestelmĂ€ on nopeampi kĂ€yttÀÀ kuin Ă€lykortti ja se takaa Ă€lykortteja vastaavan tietoturvatason. Työn tuloksena tehty kirjasto toteuttaa 30 % kaikista TPM 2.0 -ohjelmistorajapinnoista, ja kirjastoa voidaan kĂ€yttÀÀ osana tulevia TPM 2.0 -ohjelmistoja
Mobile qualified electronic signatures and certification on demand
Despite a legal framework being in place for several years, the market share of qualified electronic signatures is disappointingly low. Mobile Signatures provide a new and promising opportunity for the deployment of an infrastructure for qualified electronic signatures. We analyzed two possible signing approaches (server based and client based signatures) and conclude that SIM-based signatures are the most secure and convenient solution. However, using the SIM-card as a secure signature creation device (SSCD) raises new challenges, because it would contain the userâs private key as well as the subscriber identification. Combining both functions in one card raises the question who will have the control over the keys and certificates. We propose a protocol called Certification on Demand (COD) that separates certification services from subscriber identification information and allows consumers to choose their appropriate certification services and service providers based on their needs. We also present some of the constraints that still have to be addressed before qualified mobile signatures are possible
Digital Trust - Trusted Computing and Beyond A Position Paper
Along with the invention of computers and interconnected networks, physical societal notions like security, trust, and privacy entered the digital environment. The concept of digital environments begins with the trust (established in the real world) in the organisation/individual that manages the digital resources. This concept evolved to deal with the rapid growth of the Internet, where it became impractical for entities to have prior offline (real world) trust. The evolution of digital trust took diverse approaches and now trust is defined and understood differently across heterogeneous domains. This paper looks at digital trust from the point of view of security and examines how valid trust approaches from other domains are now making their way into secure computing. The paper also revisits and analyses the Trusted Platform Module (TPM) along with associated technologies and their relevance in the changing landscape. We especially focus on the domains of cloud computing, mobile computing and cyber-physical systems. In addition, the paper also explores our proposals that are competing with and extending the traditional functionality of TPM specifications
Analysis of roles and position of mobile network operators in mobile payment infrastructure
A number of different mobile payment solutions have been presented the last decade. The phone subscription with its security mechanisms are used for user identification and payments. This is the case for SMS based payment and ticketing systems that are getting more and more popular. However, there are other ways to implement a Trusted Element (TE) , where a SIM card architecture is only one. It can be in the mobile phone, as a separate integrated circuit, as an optional customer deployed plug-in device (e.g., microSD) or be running as an application on a server existing entirely as software. In this paper we analyze what roles and responsibilities different actors have in different types of mobile payments solutions. The main focus is on the implications for the mobile operator business. It turns out that new types of intermediary actors in most cases play an important role. Sometimes mobile operators are not even involved. The emergence of new payment together with other non-SIM card based TE solutions opens up for many different market scenarios for mobile payment services. --
- âŠ