nach oben

Telecommunication Systems

Erschienen in:

09.05.2018

Using mobile phones to enhance computing platform trust

verfasst von: Wei Feng, Yu Qin, Dengguo Feng

Erschienen in: Telecommunication Systems | Ausgabe 2/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

This paper presents a new method to enhance the trust of traditional computing device by using the popular mobile phone. We first propose a formal method to analyze the platform trust establishment process based on trusted computing technology, and the formal results reveal possible attack and suggest potential solutions. Then, we design an improved solution, in which the mobile phone is extended to support three trusted computing functions: using mobile phone as a root of trust instead of Trusted Platform Module, as a local investigator to obtain evidences from the local computing platform, and as a trusted agent to build a secure communication channel with an external entity in the remote attestation applications. Finally, to describe the feasibility and efficiency, a prototype of the trusted mobile phone is implemented and evaluated based on an ARM development board.

Vorheriger Artikel A probabilistic model for anonymity analysis of anonymous communication networks

Nächster Artikel Steganalysis of BCH code based stego schemes

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SecretKeyFactory.

http://www.thesycon.de/eng/usb_cdcacm.shtml#demo.

http://qt.digia.com/Product/.

The host for the chip is IBM ThinkCentre M52 81114, and the TPM chip conforms to the TPM 1.2 standard of TCG.

The host for the chip is Lenovo ThinkCentre M4000t, and the TCM chip conforms to the TCM specification of State Cryptography Administration.

Trusted Computing Group. (2011). TPM main specification level 2 version 1.2, revision 116.

Ryan, Mark. (2009). Introduction to the TPM 1.2. DRAFT of March 24.

Parno, B., McCune, J. M., & Perrig, A. (2010). Bootstrapping trust in commodity computers. In Proceedings of the IEEE symposium on security and privacy (pp. 414–429).

Parno, B. (2012). Trust extension for commodity computers. Journal of Communications of the ACM, 55, 76–85.CrossRef

Hein, D. M., Toegl, R., Pirker, M., Gatial, E., Balogh, Z., Brandl, H., & Hluchy, L. (2012). Securing mobile agents for crisis management support. In Proceedings of the seventh ACM workshop on Scalable trusted computing.

McCune, J. M., Perrig, A., Seshadri, A., & van Doorn, L. (2007). Turtles all the way down: Research challenges in user-based attestation. In Proceedings of the 2nd USENIX workshop on Hot Topics in Security. USENIX.

Feng, W., Qin, Y., & Feng, D. G., et al. (2013). Mobile trusted agent (MTA): Build user-based trust for general-purpose computer platform. In Proceedings of network and system security. Berlin, Heidelberg: Springer.

Zhang, D., Han, Z., & Yan, G. (2010). A portable TPM based on USB key. In Proceedings of the 17th ACM conference on computer and communications security (pp. 750–752).

Dietrich, K., & Winter, J. (2009). Implementation aspects of mobile and embedded trusted computing. In Proceedings of the 2nd international conference on trusted computing. Berlin, Heidelberg: Springer.

10.

Winter, J. (2008). Trusted computing building blocks for embedded linux-based ARM trustzone platforms. In Proceedings of the 3rd ACM workshop on scalable trusted computing (pp. 21–30).

11.

ARM Limited. (2009). ARM security technology: Building a secure system using trustzone technology. ARM Technical White Paper.

12.

Dietrich, K. (2007). An integrated architecture for trusted computing for java enabled embedded devices. In Proceedings of the 2007 ACM workshop on Scalable trusted computing (pp. 2–6).

13.

Feng, W., Feng, D. G., & Wei, G., et al. (2013). TEEM: A user-oriented trusted mobile device for multi-platform security applications. In Proceedings of trust and trustworthy computing. Berlin, Heidelberg: Springer.

14.

State Cryptography Administration. (2007). Functionality and interface specification of cryptographic support platform for trusted computing (in Chinese)

15.

Microsoft Corporation. (2009). User Guide for COFEE v1.1.2. September.

16.

TCG Trusted Network Connect. (2009). TNC architecture for interoperability, version 1.4, revision 4.

17.

Bryan, P. (2008). Bootstrapping trust in a “trusted” platform. In Proceedings of the 3rd USENIX workshop on hot topics in security. USENIX.

18.

Sparks, E. R. (2007). A security assessment of trusted platform modules. Technical Report TR2007-597, Dartmouth College.

19.

Datta, A., Franklin, J., Garg, D., & Kaynar, D. (2009). A logic of secure systems and its application to trusted computing. In Proceedings of the 30th IEEE symposium on security and privacy (pp. 221–236).

20.

Toegl, R., & Hutter, Michael. (2011). An approach to introducing locality in remote attestation using near field communications. The Journal of Supercomputing, 55(2), 207–227.CrossRef

21.

Vasudevan, A., Owusu, E., Zhou, Z., Newsome, J., & McCune, J. M. (2012). Trustworthy execution on mobile devices: What security properties can my mobile platform give me?. In Proceedings of trust and trustworthy computing. Berlin, Heidelberg: Springer.

22.

Chen, L. (2009). SP 800-108—Recommendation for key derivation using pseudorandom functions (Revised). Technical Report, National Institute of Standards & Technology, Gaithersburg, MD. ACM. https://dl.acm.org/citation.cfm?id=2206195.

23.

Yao, F. F., & Yin, Y. L. (2005). Design and analysis of password-based key derivation functions. In A. Menezes (Ed.), Proceedings of the 2005 international conference on Topics in Cryptology (pp. 245-261). Berlin, Heidelberg: Springer.

24.

Trusted Computing Group. (2013). Trusted platform module library: part 1–part 4. Family 2.0, Level 00 Revision 00.96.

25.

Real210. (2011). http://www.realarm.cn/pic/?78_490.html.

26.

Open Virtualization. http://www.openvirtualization.org/.

27.

Strasser, M. (2014). TPM emulator. http://tpm-emulator.berlios.de.

28.

Software TPM Introduction (IBM). http://ibmswtpm.sourceforge.net.

29.

Intel. Mobile Platform Vision Guide (2002)

30.

Nepal, S., Zic, J., Liu, D., & Jang, J. (2010). Trusted computing platform in your pocket. In Proceedings of the 2010 IEEE/IFIP international conference on embedded and ubiquitous computing (pp. 812–817).

31.

Moreland, D., Nepal, S., Hwang, H., & Zic, J. (2010). A snapshot of trusted personal devices applicable to transaction processing. Journal of Personal and Ubiquitous Computing, 14(4), 347–361.CrossRef

32.

TCG Mobile Phone Working Group. (2010). TCG mobile trusted module specification. Version 1.0, Revision 7.02.

33.

Ekberg, J.-E., & Bugiel, S. (2009). Trust in a small package: minimized MRTM software implementation for mobile secure environments. In Proceedings of the 2009 ACM workshop on scalable trusted computing (pp. 9–18).

34.

Aaraj, N., Raghunathan, A., & Jha, N. K. (2008). Analysis and design of a hardware/software trusted platform module for embedded systems. ACM Transactions on Embedded Computing Systems, 8(1), 1–31.CrossRef

35.

Aaraj, N., Raghunathan, A., Ravi, S., & Jha, A. K. (2007). Energy and execution time analysis of a software-based trusted platform module. In Proceedings of the conference on design, automation and test in Europe. IEEE.

36.

Winkler, T., & Rinner, B. (2011). Securing embedded smart cameras with trusted computing. EURASIP Journal on Wireless Communications and Networking,. https://doi.org/10.1155/2011/530354.

37.

Santos, N., Raj, H., Saroiu, S., & Wolman, A. (2011). Trusted language runtime (TLR): enabling trusted applications on smartphones. In Proceedings of the 12th workshop on mobile computing systems and applications. ACM.

38.

Mannan, M., Kim, B. H., Ganjali, A., & Lie, D. (2011). Unicorn: Two-factor attestation for data security. In Proceedings of the ACM conference on computer and communications security (pp. 17–28). New York, NY, USA.

39.

Millen, J., Guttman, J., Ramsdell, J., Sheehy, J., Sniffen, B. (2007). Analysis of a measured launch. The MITRE corporation.

40.

Ramsdell, J. D., Guttman, J. D., Millen, J. K., & O’Hanlon, B. (2009). An analysis of the CAVES attestation protocol using CPSA. Mitre Technical Report.

41.

Coker, G., & Guttman, J. (2011). Principles of remote attestation. International Journal of Information Security, 10(2), 63–81.CrossRef

42.

Eichhorn, I., Koeberl, P., & van der Leest, V. (2011). Logically reconfigurable PUFs: Memory-based secure key storage. In Proceedings of the sixth ACM workshop on Scalable trusted computing (pp. 59–64). ACM, New York, NY, USA.

Titel: Using mobile phones to enhance computing platform trust
verfasst von: Wei Feng
Yu Qin
Dengguo Feng
Publikationsdatum: 09.05.2018
Verlag: Springer US
Erschienen in: Telecommunication Systems / Ausgabe 2/2018
Print ISSN: 1018-4864
Elektronische ISSN: 1572-9451
DOI: https://doi.org/10.1007/s11235-018-0456-y

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Nachhaltigkeitsaward Key Visual/© Cometis AG/Global ESG Monitor | Daniel Rupp | Generiert mit KI, Search Icon, Banner Hanser, Jonas Klose/© Pine Valley Capital GmbH, Carina Kießling von der Strategieberatung Roland Berger/© Monika Walther Fotografie | ATZ, Beijing Auto Show 2024: Deutsche Hersteller wollen angreifen./© EKH-Pictures / Generated with AI / Stock.adobe.com, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 2/2018

A secure wireless mission critical networking system for unmanned aerial vehicle communications

Age-based anonymity: a randomized routing approach to communication unobservability

ID-based proxy re-signature without pairing

A probabilistic model for anonymity analysis of anonymous communication networks

Introduction to the special issue on secure communications

Steganalysis of BCH code based stego schemes

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.