854 research outputs found
On Making Emerging Trusted Execution Environments Accessible to Developers
New types of Trusted Execution Environment (TEE) architectures like TrustLite
and Intel Software Guard Extensions (SGX) are emerging. They bring new features
that can lead to innovative security and privacy solutions. But each new TEE
environment comes with its own set of interfaces and programming paradigms,
thus raising the barrier for entry for developers who want to make use of these
TEEs. In this paper, we motivate the need for realizing standard TEE interfaces
on such emerging TEE architectures and show that this exercise is not
straightforward. We report on our on-going work in mapping GlobalPlatform
standard interfaces to TrustLite and SGX.Comment: Author's version of article to appear in 8th Internation Conference
of Trust & Trustworthy Computing, TRUST 2015, Heraklion, Crete, Greece,
August 24-26, 201
Profiling Users by Modeling Web Transactions
Users of electronic devices, e.g., laptop, smartphone, etc. have
characteristic behaviors while surfing the Web. Profiling this behavior can
help identify the person using a given device. In this paper, we introduce a
technique to profile users based on their web transactions. We compute several
features extracted from a sequence of web transactions and use them with
one-class classification techniques to profile a user. We assess the efficacy
and speed of our method at differentiating 25 users on a dataset representing 6
months of web traffic monitoring from a small company network.Comment: Extended technical report of an IEEE ICDCS 2017 publicatio
Citizen Electronic Identities using TPM 2.0
Electronic Identification (eID) is becoming commonplace in several European
countries. eID is typically used to authenticate to government e-services, but
is also used for other services, such as public transit, e-banking, and
physical security access control. Typical eID tokens take the form of physical
smart cards, but successes in merging eID into phone operator SIM cards show
that eID tokens integrated into a personal device can offer better usability
compared to standalone tokens. At the same time, trusted hardware that enables
secure storage and isolated processing of sensitive data have become
commonplace both on PC platforms as well as mobile devices.
Some time ago, the Trusted Computing Group (TCG) released the version 2.0 of
the Trusted Platform Module (TPM) specification. We propose an eID architecture
based on the new, rich authorization model introduced in the TCGs TPM 2.0. The
goal of the design is to improve the overall security and usability compared to
traditional smart card-based solutions. We also provide, to the best our
knowledge, the first accessible description of the TPM 2.0 authorization model.Comment: This work is based on an earlier work: Citizen Electronic Identities
using TPM 2.0, to appear in the Proceedings of the 4th international workshop
on Trustworthy embedded devices, TrustED'14, November 3, 2014, Scottsdale,
Arizona, USA, http://dx.doi.org/10.1145/2666141.266614
ABAKA : a novel attribute-based k-anonymous collaborative solution for LBSs
The increasing use of mobile devices, along with advances in telecommunication systems, increased the popularity of Location-Based Services (LBSs). In LBSs, users share their exact location with a potentially untrusted Location-Based Service Provider (LBSP). In such a scenario, user privacy becomes a major con- cern: the knowledge about user location may lead to her identification as well as a continuous tracing of her position. Researchers proposed several approaches to preserve users’ location privacy. They also showed that hiding the location of an LBS user is not enough to guarantee her privacy, i.e., user’s pro- file attributes or background knowledge of an attacker may reveal the user’s identity. In this paper we propose ABAKA, a novel collaborative approach that provides identity privacy for LBS users considering users’ profile attributes. In particular, our solution guarantees p -sensitive k -anonymity for the user that sends an LBS request to the LBSP. ABAKA computes a cloaked area by collaborative multi-hop forwarding of the LBS query, and using Ciphertext-Policy Attribute-Based Encryption (CP-ABE). We ran a thorough set of experiments to evaluate our solution: the results confirm the feasibility and efficiency of our proposal
Open-TEE - An Open Virtual Trusted Execution Environment
Hardware-based Trusted Execution Environments (TEEs) are widely deployed in
mobile devices. Yet their use has been limited primarily to applications
developed by the device vendors. Recent standardization of TEE interfaces by
GlobalPlatform (GP) promises to partially address this problem by enabling
GP-compliant trusted applications to run on TEEs from different vendors.
Nevertheless ordinary developers wishing to develop trusted applications face
significant challenges. Access to hardware TEE interfaces are difficult to
obtain without support from vendors. Tools and software needed to develop and
debug trusted applications may be expensive or non-existent.
In this paper, we describe Open-TEE, a virtual, hardware-independent TEE
implemented in software. Open-TEE conforms to GP specifications. It allows
developers to develop and debug trusted applications with the same tools they
use for developing software in general. Once a trusted application is fully
debugged, it can be compiled for any actual hardware TEE. Through performance
measurements and a user study we demonstrate that Open-TEE is efficient and
easy to use. We have made Open- TEE freely available as open source.Comment: Author's version of article to appear in 14th IEEE International
Conference on Trust, Security and Privacy in Computing and Communications,
TrustCom 2015, Helsinki, Finland, August 20-22, 201
- …