33 research outputs found
Trustworthy content push
Delivery of content to mobile devices gains increasing importance in
industrial environments to support employees in the field. An important
application are e-mail push services like the fashionable Blackberry. These
systems are facing security challenges regarding data transport to, and storage
of the data on the end user equipment. The emerging Trusted Computing
technology offers new answers to these open questions.Comment: 4 pages, 4 eps figure
Non-Repudiation in Internet Telephony
We present a concept to achieve non-repudiation for natural language
conversations over the Internet. The method rests on chained electronic
signatures applied to pieces of packet-based, digital, voice communication. It
establishes the integrity and authenticity of the bidirectional data stream and
its temporal sequence and thus the security context of a conversation. The
concept is close to the protocols for Voice over the Internet (VoIP), provides
a high level of inherent security, and extends naturally to multilateral
non-repudiation, e.g., for conferences. Signatures over conversations can
become true declarations of will in analogy to electronically signed, digital
documents. This enables binding verbal contracts, in principle between
unacquainted speakers, and in particular without witnesses. A reference
implementation of a secure VoIP archive is exhibited.Comment: Accepted full research paper at IFIP sec2007, Sandton, South Africa,
14-16 May 200
A secure archive for Voice-over-IP conversations
An efficient archive securing the integrity of VoIP-based two-party
conversations is presented. The solution is based on chains of hashes and
continuously chained electronic signatures. Security is concentrated in a
single, efficient component, allowing for a detailed analysis.Comment: 9 pages, 2 figures. (C) ACM, (2006). This is the author's version of
the work. It is posted here by permission of ACM for your personal use. Not
for redistribution. The definitive version was published in Proceedings of
VSW06, June, 2006, Berlin, German
Trusted Computing in Mobile Action
Due to the convergence of various mobile access technologies like UMTS, WLAN,
and WiMax the need for a new supporting infrastructure arises. This
infrastructure should be able to support more efficient ways to authenticate
users and devices, potentially enabling novel services based on the security
provided by the infrastructure. In this paper we exhibit some usage scenarios
from the mobile domain integrating trusted computing, which show that trusted
computing offers new paradigms for implementing trust and by this enables new
technical applications and business scenarios. The scenarios show how the
traditional boundaries between technical and authentication domains become
permeable while a high security level is maintained.Comment: In: Peer-reviewed Proceedings of the Information Security South
Africa (ISSA) 2006 From Insight to Foresight Conference, 5 to 7 July 2006,
Sandton, South Afric
Employing Trusted Computing for the forward pricing of pseudonyms in reputation systems
Reputation and recommendation systems are fundamental for the formation of
community market places. Yet, they are easy targets for attacks which disturb a
market's equilibrium and are often based on cheap pseudonyms used to submit
ratings. We present a method to price ratings using trusted computing, based on
pseudonymous tickets.Comment: Refereed contribution to the 4th International Workshop for
Technical, Economic and Legal Aspects of Business Models for Virtual Goods,
December 13 -15, 2006 on AXMEDIS 2006 in Leeds, England. 5 pages, 3 figures,
final versio
Trust for Location-based Authorisation
We propose a concept for authorisation using the location of a mobile device
and the enforcement of location-based policies. Mobile devices enhanced by
Trusted Computing capabilities operate an autonomous and secure location
trigger and policy enforcement entity. Location determination is two-tiered,
integrating cell-based triggering at handover with precision location
measurement by the device.Comment: To appear in: Proceedings of the Wireless Communications and
Networking Conference, IEEE WCNC 2008, Las Vegas, USA, 31 March - 2 April
200
On the deployment of Mobile Trusted Modules
In its recently published TCG Mobile Reference Architecture, the TCG Mobile
Phone Work Group specifies a new concept to enable trust into future mobile
devices. For this purpose, the TCG devises a trusted mobile platform as a set
of trusted engines on behalf of different stakeholders supported by a physical
trust-anchor. In this paper, we present our perception on this emerging
specification. We propose an approach for the practical design and
implementation of this concept and how to deploy it to a trustworthy operating
platform. In particular we propose a method for the take-ownership of a device
by the user and the migration (i.e., portability) of user credentials between
devices.Comment: To appear in: Proceedings of the Wireless Communications and
Networking Conference, IEEE WCNC 2008, Las Vegas, USA, 31 March - 2 April
200