Beyond secure channels

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Beyond secure channels

Full text

Pdf (964 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 2007 ACM workshop on Scalable trusted computing table of contents

Alexandria, Virginia, USA

SESSION: Trusted platform, channel, and storage table of contents

Pages: 30 - 40

Year of Publication: 2007

ISBN:978-1-59593-888-6

Authors

Yacine Gasmi	Ruhr-University Bochum
Ahmad-Reza Sadeghi	Ruhr-University Bochum
Patrick Stewin	Ruhr-University Bochum
Martin Unger	Ruhr-University Bochum
N. Asokan	Nokia Research Center

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 15, Downloads (12 Months): 149, Citation Count: 5

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1314354.1314363 What is a DOI?

ABSTRACT

A Trusted Channel is a secure communication channel which is cryptographically bound to the state of the hardware and software configurations of the endpoints. In this paper, we describe secure and flexible mechanisms to establish and maintain Trusted Channels which do not have the deficiencies of previous proposals. We also present a concrete implementation proposal based on Transport Layer Security (TLS) protocol, and Trusted Computing technology. We use Subject Key Attestation Evidence extensions to X.509v3 certificates to convey configuration information during key agreement (TLS handshake). The resulting session key is kept within the Trusted Computing Base, and is updated in a predetermined manner to reflect any detected change in the local configuration. This allows an endpoint to detect changes in the configuration of the peer endpoint while the Trusted Channel is in place, and to decide according to a local policy whether to maintain or tear down the Trusted Channel

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Advanced Micro Devices, Inc. IOMMU Architectural Specification. Advanced Micro Devices, Inc.: http://www.amd.com/us-en/assets/content_type/ white_papers_and_tech_docs/34434.pdf, Feb. 2007. PID 34434 Rev 1.20.
	2	Steven M. Bellovin, Problem areas for the IP security protocols, Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography, p.21-21, July 22-25, 1996, San Jose, California
	3	D. Chess, J. Dyer, N. Itoi, J. Kravitz, E. Palmer, R. Perez, and S. Smith. Using trusted co-servers to enhance security of web interaction. United States Patent 7,194,759: http://www.freepatentsonline.com/7194759.html, Mar. 2007.
	4	T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.1. Internet Engineering Task Force: http://www.ietf.org/rfc/rfc4346.txt, Apr. 2006. Network Working Group RFC 4346.
	5	S. B.-W. et al. Transport Layer Security (TLS) Extensions. Internet Engineering Task Force: http://www.ietf.org/rfc/rfc3546.txt, June 2003. Network Working Group RFC 3546.
	6	Kenneth Goldman , Ronald Perez , Reiner Sailer, Linking remote attestation to secure tunnel endpoints, Proceedings of the first ACM workshop on Scalable trusted computing, November 03-03, 2006, Alexandria, Virginia, USA [doi>10.1145/1179474.1179481]
	7	Intel Corporation. Intel Trusted Execution Technology - Preliminary Architecture Specification. Intel.com: http://download.intel.com/technology/security/ downloads/31516803.pdf, Nov. 2006. Preliminary Architecture Specification and Enabling Considerations.
	8	S. Jiang , S. Smith , K. Minami, Securing Web Servers against Insider Attack, Proceedings of the 17th Annual Computer Security Applications Conference, p.265, December 10-14, 2001
	9	S. Kent , R. Atkinson, Security Architecture for the Internet Protocol, RFC Editor, 1998
	10	John Marchesini , Sean W. Smith , Omen Wild , Josh Stabiner , Alex Barsamian, Open-Source Applications of TCPA Hardware, Proceedings of the 20th Annual Computer Security Applications Conference, p.294-303, December 06-10, 2004 [doi>10.1109/CSAC.2004.25]
	11	Jonathan M. McCune , Bryan Parno , Adrian Perrig , Michael K. Reiter , Arvind Seshadri, Minimal TCB Code Execution, Proceedings of the 2007 IEEE Symposium on Security and Privacy, p.267-272, May 20-23, 2007 [doi>10.1109/SP.2007.27]
	12	Ned M. Smith. System and method for combining user and platform authentication in negotiated channel security protocols. United States Patent Application 20050216736: http://www.freepatentsonline.com/20050216736.html, Sept. 2005.
	13	Ahmad-Reza Sadeghi , Christian Stüble, Property-based attestation for computing platforms: caring about properties, not mechanisms, Proceedings of the 2004 workshop on New security paradigms, September 20-23, 2004, Nova Scotia, Canada [doi>10.1145/1065907.1066038]
	14	A.-R. Sadeghi, C. Stüble, and N. Pohlmann. European multilateral secure computing base - open trusted computing for you and me. Datenschutz und Datensicherheit DuD, 28(9):548--554, 2004. Verlag Friedrich Vierweg & Sohn, Wiesbaden.
	15	A.-R. Sadeghi, C. Stüble, M. Wolf, N. Asokan, and J.-E. Ekberg. Enabling Fairer Digital Rights Management with Trusted Computing, 2007. To be presented at ISC07, Information Security Conference 2007.
	16	R. Sailer, E. Valdez, T. Jaeger, R. Perez, L. van Doorn, J. L. Griffin, and S. Berger. sHype: Secure hypervisor approach to trusted virtualized systems. Techn. Rep. RC23511, Feb. 2005. IBM Research Division.
	17	Reiner Sailer , Xiaolan Zhang , Trent Jaeger , Leendert van Doorn, Design and implementation of a TCG-based integrity measurement architecture, Proceedings of the 13th conference on USENIX Security Symposium, p.16-16, August 09-13, 2004, San Diego, CA
	18	K. Smith. Creating Secure Web Service Sessions. SOA World Magazine: http://webservices.syscon.com/read/250516_1.htm, Aug. 2006.
	19	G. Spafford. Attributed to in Risks Digest 19.37 review of LARGE, by David H. Freedman and Charles C. Mann, Sept. 1997. http://catless.ncl.ac.uk/Risks/19.37.html.
	20	F. Stumpf, O. Tafreschi, P. Röder, and C. Eckert. A robust Integrity Reporting Protocol for Remote Attestation. In Proceedings of the Second Workshop on Advances in Trusted Computing (WATC ¿06 Fall), Tokyo, Dec. 2006.
	21	TCG Infrastructure Working Group (IWG). TCG Infrastructure Workgroup Subject Key Attestation Evidence Extension. Trusted Computing Group: https://www.trustedcomputinggroup.org/specs/IWG/IWG_SKAE_Extension_1-00.pdf, June 2005. Specification Version 1.0 Revision 7.
	22	TCG Infrastructure Working Group (IWG). TCG Infrastructure Working Group Reference Architecture for Interoperability (Part I). Trusted Computing Group: https://www.trustedcomputinggroup.org/ specs/IWG/IWG_Architecture_v1_0_r1.pdf, June 2005. Specification Version 1.0 Revision 1.
	23	Trusted Computing Group. TCG Specification Architecture Overview. Trusted Computing Group: https://www.trustedcomputinggroup.org/groups/TCG_1_3_Architecture_Overview.pdf, Mar. 2003. Specification Revision 1.3 28th March 2007.
	24	Trusted Computing Group. TPM v1.2 Specification Changes. Trusted Computing Group: https://www.trustedcomputinggroup.org/groups/tpm/TPM_1_2_Changes_final.pdf, Oct. 2003
	25	Trusted Computing Group. TCG TPM Main Part 2 TPM Structures. Trusted Computing Group: https://www.trustedcomputinggroup.org/specs/TPM/Main_Part2_Rev94.zip, Mar. 2006. Specification Version 1.2 Level 2 Revision 94.
	26	Trusted Computing Group. TCG TPM Main Part 3 Commands. Trusted Computing Group: https://www.trustedcomputinggroup.org/specs/TPM/Main_Part3_Rev94.zip, Mar. 2006. Specification Version 1.2 Level 2 Revision 94.
	27	Trusted Network Connect Work Group. TCG Trusted Network Connect TNC Architecture for Interoperability. Trusted Computing Group: https://www.trustedcomputinggroup.org/specs/TNC/TNC_Architecture_v1_2_r4.pdf, May 2007. Specification Version 1.2 Revision 4.
	28	David Wagner , Bruce Schneier, Analysis of the SSL 3.0 protocol, Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce, p.4-4, November 18-21, 1996, Oakland, California

CITED BY 5

	Shane Balfe , Kenneth G. Paterson, e-EMV: emulating EMV for internet payments with trusted computing technologies, Proceedings of the 3rd ACM workshop on Scalable trusted computing, October 31-31, 2008, Alexandria, Virginia, USA
	Yacine Gasmi , Ahmad-Reza Sadeghi , Patrick Stewin , Martin Unger , Marcel Winandy , Rani Husseiki , Christian Stüble, Flexible and secure enterprise rights management based on trusted virtual domains, Proceedings of the 3rd ACM workshop on Scalable trusted computing, October 31-31, 2008, Alexandria, Virginia, USA
	Frederik Armknecht , Yacine Gasmi , Ahmad-Reza Sadeghi , Patrick Stewin , Martin Unger , Gianluca Ramunno , Davide Vernizzi, An efficient implementation of trusted channels based on openssl, Proceedings of the 3rd ACM workshop on Scalable trusted computing, October 31-31, 2008, Alexandria, Virginia, USA
	Frederic Stumpf , Andreas Fuchs , Stefan Katzenbeisser , Claudia Eckert, Improving the scalability of platform attestation, Proceedings of the 3rd ACM workshop on Scalable trusted computing, October 31-31, 2008, Alexandria, Virginia, USA
	Marko Wolf , Andre Osterhues , Christian Stueble, Secure offline superdistribution for mobile platforms, International Journal of Applied Cryptography, v.1 n.4, p.251-263, August 2009