353 research outputs found
Tree-formed Verification Data for Trusted Platforms
The establishment of trust relationships to a computing platform relies on
validation processes. Validation allows an external entity to build trust in
the expected behaviour of the platform based on provided evidence of the
platform's configuration. In a process like remote attestation, the 'trusted'
platform submits verification data created during a start up process. These
data consist of hardware-protected values of platform configuration registers,
containing nested measurement values, e.g., hash values, of loaded or started
components. Commonly, the register values are created in linear order by a
hardware-secured operation. Fine-grained diagnosis of components, based on the
linear order of verification data and associated measurement logs, is not
optimal. We propose a method to use tree-formed verification data to validate a
platform. Component measurement values represent leaves, and protected
registers represent roots of a hash tree. We describe the basic mechanism of
validating a platform using tree-formed measurement logs and root registers and
show an logarithmic speed-up for the search of faults. Secure creation of a
tree is possible using a limited number of hardware-protected registers and a
single protected operation. In this way, the security of tree-formed
verification data is maintained.Comment: 15 pages, 11 figures, v3: Reference added, v4: Revised, accepted for
publication in Computers and Securit
Single sign-on using trusted platforms
Network users today have to remember one username/password pair for every service
they are registered with. One solution to the security and usability implications of this
situation is Single Sign-On, a mechanism by which the user authenticates only once to
an entity termed the âAuthentication Service Providerâ (ASP) and subsequently uses disparate
Service Providers (SPs) without necessarily re-authenticating. The information
about the userâs authentication status is handled between the ASP and the desired SP
in a manner transparent to the user. This paper demonstrates a method by which the
end-userâs computing platform itself plays the role of the ASP. The platform has to be
a Trusted Platform conforming to the Trusted Computing Platform Alliance (TCPA)
specifications. The relevant TCPA architectural components and security services are
described and associated threats are analysed
Revisiting software protection
We provide a selective survey on software protection, including approaches to software tamper resistance, obfuscation, software diversity, and white-box cryptography. We review the early literature in the area plus recent activities related to trusted platforms, and discuss challenges and future directions
TCG based approach for secure management of virtualized platforms: state-of-the-art
There is a strong trend shift in the favor of adopting virtualization to get business benefits. The provisioning of virtualized enterprise resources is one kind of many possible scenarios. Where virtualization promises clear advantages it also poses new security challenges which need to be addressed to gain stakeholders confidence in the dynamics of new environment. One important facet of these challenges is establishing 'Trust' which is a basic primitive for any viable business model. The Trusted computing group (TCG) offers technologies and mechanisms required to establish this trust in the target platforms. Moreover, TCG technologies enable protecting of sensitive data in rest and transit. This report explores the applicability of relevant TCG concepts to virtualize enterprise resources securely for provisioning, establish trust in the target platforms and securely manage these virtualized Trusted Platforms
Single sign-on using trusted platforms
At present, network users have to remember a username and a corresponding password for every service with which they are registered
Hardware-based Security for Virtual Trusted Platform Modules
Virtual Trusted Platform modules (TPMs) were proposed as a software-based
alternative to the hardware-based TPMs to allow the use of their cryptographic
functionalities in scenarios where multiple TPMs are required in a single
platform, such as in virtualized environments. However, virtualizing TPMs,
especially virutalizing the Platform Configuration Registers (PCRs), strikes
against one of the core principles of Trusted Computing, namely the need for a
hardware-based root of trust. In this paper we show how strength of
hardware-based security can be gained in virtual PCRs by binding them to their
corresponding hardware PCRs. We propose two approaches for such a binding. For
this purpose, the first variant uses binary hash trees, whereas the other
variant uses incremental hashing. In addition, we present an FPGA-based
implementation of both variants and evaluate their performance
Graph Based Reduction of Program Verification Conditions
Increasing the automaticity of proofs in deductive verification of C programs
is a challenging task. When applied to industrial C programs known heuristics
to generate simpler verification conditions are not efficient enough. This is
mainly due to their size and a high number of irrelevant hypotheses. This work
presents a strategy to reduce program verification conditions by selecting
their relevant hypotheses. The relevance of a hypothesis is determined by the
combination of a syntactic analysis and two graph traversals. The first graph
is labeled by constants and the second one by the predicates in the axioms. The
approach is applied on a benchmark arising in industrial program verification
A secure archive for Voice-over-IP conversations
An efficient archive securing the integrity of VoIP-based two-party
conversations is presented. The solution is based on chains of hashes and
continuously chained electronic signatures. Security is concentrated in a
single, efficient component, allowing for a detailed analysis.Comment: 9 pages, 2 figures. (C) ACM, (2006). This is the author's version of
the work. It is posted here by permission of ACM for your personal use. Not
for redistribution. The definitive version was published in Proceedings of
VSW06, June, 2006, Berlin, German
- âŠ