Trusted computing enhanced openid

Abstrac

Tree-formed Verification Data for Trusted Platforms

The establishment of trust relationships to a computing platform relies on validation processes. Validation allows an external entity to build trust in the expected behaviour of the platform based on provided evidence of the platform's configuration. In a process like remote attestation, the 'trusted' platform submits verification data created during a start up process. These data consist of hardware-protected values of platform configuration registers, containing nested measurement values, e.g., hash values, of loaded or started components. Commonly, the register values are created in linear order by a hardware-secured operation. Fine-grained diagnosis of components, based on the linear order of verification data and associated measurement logs, is not optimal. We propose a method to use tree-formed verification data to validate a platform. Component measurement values represent leaves, and protected registers represent roots of a hash tree. We describe the basic mechanism of validating a platform using tree-formed measurement logs and root registers and show an logarithmic speed-up for the search of faults. Secure creation of a tree is possible using a limited number of hardware-protected registers and a single protected operation. In this way, the security of tree-formed verification data is maintained.Comment: 15 pages, 11 figures, v3: Reference added, v4: Revised, accepted for publication in Computers and Securit

A Survey on M2M Service Networks

The number of industrial applications relying on the Machine to Machine (M2M) services exposed from physical world has been increasing in recent years. Such M2M services enable communication of devices with the core processes of companies. However, there is a big challenge related to complexity and to application-specific M2M systems called “vertical silos”. This paper focuses on reviewing the technologies of M2M service networks and discussing approaches from the perspectives of M2M information and services, M2M communication and M2M security. Finally, a discussion on technologies and approaches potentially enabling future autonomic M2M service networks are provided. According to our conclusions, it is seen that clear definition of the architectural principles is needed to solve the “vertical silo” problem and then, proceeding towards enabling autonomic capabilities for solving complexity problem appears feasible. Several areas of future research have been identified, e.g., autonomic information based services, optimization of communications with limited capability devices, real-time messaging, creation of trust and end to end security, adaptability, reliability, performance, interoperability, and maintenance