Trusted computing: Security and applications

Cryptologia

Volumn 33, Issue 3, 2009, Pages 217-245

  Gallery, Eimear ^a   Mitchell, Chris J ^a  

^a NONE

Author keywords

Computer security; Trust; Trusted computing

Indexed keywords

EID: 68149092220     PISSN: 01611194     EISSN: 15581586     Source Type: Journal    
DOI: 10.1080/01611190802231140     Document Type: Article

References (94)

1. 3rd Generation Partnership Project (3GPP). 2002. Global System for Mobile Communications (GSM) - Technical Specification Group Services and System Aspects, Sophia Antipolis, France, Personalisation of mobile equipment (ME), Mobile functionality specification (release 5).
2. Abraham, D., J. Jackson, S. Muthrasanallur, G. Neiger, G. Regnier, R. Sankaran, I. Schionas, R. Uhlig, B. Vembu, and J. Wiegert. 2006. "Intel Virtualization Technology for Directed I=O," Intel Technology Journal, 10(3):179-192.
3. Anderson, R. 2003. Cryptography and competition policy - Issues with "trusted computing," Proceedings of PODC '03, July 13-16, 2003, Boston, Massachsetts, USA, ACM, pp. 3-10.
4. Arbaugh, B. 2002. "Improving the TCPA Specification," IEEE Computer 35(8):77-79.
5. Arbaugh, W. A., D. J. Farber, and J. M. Smith. 1997. A Secure and Reliable Bootstrap Architecture. In Proceedings of the 1997 IEEE Symposium on Security and Privacy (S&P 1997) (Oakland, California, USA). Los Alamitos, California: IEEE Computer Society Press, pp. 65-71.
6. Balacheff, B., L. Chen, S. Pearson, G. Proudler, and D. Chan. 2000. "Computing Platform Security in Cyberspace," Information Security Technical Report, 5(1):54-63.
7. Balacheff, B., L. Chen, D. Plaquin, and G. Proudler. 2001. A Trusted Process to Digitally Sign a Document. In Proceedings of the 2001 New Security Paradigms Workshop, edited by V. Raskin and C. F. Hempelmann. New York, NY: ACM Press, pp. 79-86.
8. Balfe, S. and E. Gallery. 2007. Mobile agents and the deus ex machina. In Proceedings of the 2007 IEEE International Symposium on Ubisafe Computing (UBISAFE 2007). Los Alamitos, CA: IEEE Computer Society, Vol. 2, pp. 486-492.
9. Balfe, S., E. Gallery, C. J. Mitchell, and K. G. Paterson. 2008. Challenges for Trusted Computing. Tech. Report RHUL-MA-2008-14, Department of Mathematics, Royal Holloway, University of London.
10. Balfe, S., E. Gallery, C. J. Mitchell, and K. G. Paterson. 2008. Crimeware and Trusted Computing. In Crimeware: Understanding New Attacks and Defenses, edited by M. Jakobsson and Z. Ramzan. Upper Saddle River, NJ: Addison-Wesley, pp. 457-472.
11. Balfe, S., A. D. Lakhani, and K. G. Paterson. 2005. Securing Peer-to-Peer Networks using Trusted Computing. In Trusted Computing edited by C. J. Mitchell. London: IEE Press, pp. 271-298.
12. S. Balfe and K. G. Paterson. 2005. Augmenting internet-based card notpresent transactions with trusted computing: An analysis. Tech. Report RHUL-MA-2006-9, Department of Mathematics, Royal Holloway, University of London.
13. Balfe, S. and K. G. Paterson. 2005. e-EMV: Emulating EMV for internet payments using trusted computing technology. Tech. Report RHUL-MA-2006-10, Department of Mathematics, Royal Holloway, University of London.
14. Barham, P., B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauery, I. Pratt, and A. Warfield. 2003. XEN and the art of virtualization. Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP 2003), Bolton Landing, New York, USA, 19-22 October 2003. New York: ACM Press, pp. 164-177.
15. Brickell, E., J. Camenisch, and L. Chen. June 2004. Direct anonymous attestation, Tech. Report HPL-2004-93, Hewlett-Packard Laboratories, Available at http://www.hpl.hp.com/techreports/. (Accessed May 20, 2009)
16. Brickell, E., J. Camenisch, and L. Chen. 2004. Direct Anonymous Attestation. In Proceedings of CCS '04, edited by B. Pfitzmann and P. Liu. ACM Press, pp. 132-145.
17. Brickell, E., J. Camenisch, and L. Chen. 2005. The DAA scheme in context. In Trusted Computing, edited by C. J. Mitchell. London: IEE Press, pp. 143-174.
18. Camenisch, J. 2004. Better privacy for trusted computing platforms (extended abstract). Computer Security - ESORICS 2004, 9th European Symposium on Research in Computer Security, Sophia Antipolis, France, September 13-15, 2004, Proceedings, In P. Samarati, D. Gollmann, and R. Molva, eds., Lecture Notes in Computer Science, Berlin: Springer-Verlag, Vol. 3193 pp. 73-88.
19. Chen, H., J. Chen, W. Mao, and F. Yan. 2007. "Daonity - Grid Security from Two Levels of Virtualisation," Information Security Technical Report, 12(3):123-138.
20. Chen, L., S. Pearson, G. Proudler,D. Chan, and B. Balacheff. 2000.How can you trust a computing platform? In Proceedings of Information Security Solutions Europe. Barcelona: ISSE.
21. Chen, L., S. Pearson, and A. Vamvakas. 2000. On Enhancing Biometric Authentication with Data Protection. In Proceedings of the Fourth International Conference on Knowledge-Based Intelligent Engineering Systems and Allied Technologies, edited by R. J. Howlett and L. C. Jain. New York, NY: IEEE, Vol. 1, pp. 249-252.
22. P. C. Clark and L. J. Hoffman. 1994. "BITS: A smartcard protected operating system," Communications of the ACM, 37:66-94.
23. A. Cooper and A. Martin. 2006. Towards a Secure, Tamper-Proof Grid Platform. In Proceedings of the 6th IEEE International Symposium on Cluster Computing and the Grid. Singapore, May 2006, New York, NY: IEEE Press, pp. 373-380.
24. A. Cooper and A. Martin. 2006. Towards an Open, Trusted Digital Rights Management Platform. In Proceedings of the ACM Workshop on Digital Rights Management (DRM '06), Alexandria, Virginia, USA, October 30, 2006, ACM Press, pp. 79-88.
25. Crane, S. 2004. Privacy preserving trust agents. Tech. Report HPL-2004-197, Bristol, UK: Hewlett-Packard Laboratories.
26. Dent, A. W. and C. J. Mitchell. 2005. User's Guide to Cryptography and Standards. Boston, MA: Artech House.
27. EMVCo. 2004. Book 1 - Application independent ICC to terminal interface requirements. Version 4.1.
28. EMVCo. Book 2 - Security and Key Management. Version 4.1.
29. EMVCo. Book 3 - Application Specification. Version 4.1.
30. EMVCo. Book 4 - Cardholder, Attendant, and Acquirer Interface Requirements. Version 4.1.
31. England, P., B. Lampson, J. Manferdelli, M. Peinado, and B. Willman. 2003. "A Trusted Open Platform," IEEE Computer, 36(7):55-62.
32. England, P. and M. Peinado. 2002. Authenticated operation of open computing devices. Information Security and Privacy, 7th Australasian Conference, ACISP 2002, Melbourne, Australia, July 3-5, 2002, Proceedings, In L. Batten and J. Seberry, eds., Lecture Notes in Computer Science. Berlin: Springer-Verlag, pp. 346-361.
33. Ferguson, N. 2006. AES-CBC+Elephant diffuser: A disk encryption algorithm for Windows Vista. Microsoft Corporation.
34. Gallery, E. 2007. Authorisation issues for mobile code in mobile systems. Tech. Report RHUL-MA-2007-3, Department of Mathematics, Royal Holloway, University of London.
35. Gallery, E. and A. Tomlinson. 2005. Protection of downloadable software on SDR devices. In Proceedings of the 4th Software Defined Radio Forum Technical Conference (SDR 2005), (Orange County, California, USA), Software Defined Radio Forum (SDRF).
36. Gallery, E. and A. Tomlinson. 2005. Secure delivery of conditional access applications to mobile receivers. In Trusted Computing, edited by C. J. Mitchell. London, UK: The Institute of Electrical Engineers (IEE), pp. 195-238.
37. Garfinkel, T., M. Rosenblum, and D. Boneh. 2003. Flexible OS support and applications for trusted computing. In Proceedings of HotOS IX: The 9th Workshop on Hot Topics in Operating Systems, Lihue, May 18-21. Berkeley, CA: USA: USENIX Association, pp. 145-150.
38. Gutmann, P. 2002. "PKI: It's Not Dead, Just Resting," IEEE Computer 35(8):41-49.
39. Intel. 2003. LaGrande technology architectural overview. Tech. Report 252491-001, Intel Corporation.
40. International Organization for Standardization. 1997. ISO=IEC 10116: 2006, Information technology - Security techniques - Modes of operation for an n-bit block cipher, 3rd ed. Genève, Switzerland: ISO.
41. International Organization for Standardization. 2007. ISO=IEC FCD 19772, Information technology - Security techniques - Authenticated encryption mechanisms. Genève, Switzerland: ISO.
42. Itoi, N., W. A. Arbaugh, S. J. Pollack, and D. M. Reeves. 2001. Personal secure booting. Information Security and Privacy, 6th Australasian Conference, ACISP 2001, Sydney, Australia, July 11-13 2001, Proceedings. In V. Varadharajan and Y. Mu, eds., Lecture Notes in Computer Science Berlin: Springer-Verlag, Vol. 2119, pp. 130-144.
43. Kinateder, M. and S. Pearson. 2003. A privacy-enhanced peer-to-peer reputation system. E-Commerce and Web Technologies, 4th International Conference, EC-Web, Prague, Czech Republic, September 2-5, 2003, Proceedings. In K. Bauknecht, A. Min Tjoa, and G. Quirchmayr, eds., Lecture Notes in Computer Science. Berlin: Springer-Verlag, pp. 206-216.
44. Kuhlmann, D., R. Landfermann, H. Ramasamy, M. Schunter, G. Ramunno, and D. Vernizzi. 2006. An open trusted computing architecture - secure virtual machines enabling user-defined policy enforcement, www.opentc.net. (Accessed May 20, 2009)
45. Leung, A., L. Chen, and C. J. Mitchell. 2007. On a possible privacy flaw in Direct Anonymous Attestation (DAA). Tech. Report RHUL-MA-2007-10, Mathematics Department, Royal Holloway, University of London.
46. Lie, D. 2003. Architectural support for copy and tamper resistant software, Ph.D. thesis, Department of Electrical Engineering, Stanford University, Stanford, California, USA, December 2003.
47. Lie, D., C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz. 2000. Architectural support for copy and tamper resistant software. In Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems, (ASPLOS-IX), Cambridge, MA, New York: ACM Press, pp. 169-177.
48. Löhr, H., H. V. Ramasamy, A.-R. Sadeghi, S. Schulz, M. Schunter, and C. Stüble. 2007. Enhancing Grid security using trusted virtualization. Proceedings of the 4th International Conference on Autonomic and Trusted Computing (ATC 2007), Lecture Notes in Computer Science. Berlin: Springer-Verlag, Vol. 4610, pp. 372-384.
49. Mao, W., F. Yan, and C. Chen. 2006. Daonity: Grid security with behaviour conformity from trusted computing. Proceedings of the 1st ACM workshop on Scalable Trusted Computing (STC 2006). New York: ACM Press, pp. 43-46.
50. Martin, A. and P.-W. Yau. 2007. "Grid Security: Next Steps," Information Security Technical Report, 12(3):113-122.
51. McCune, J., A. Perrig, A. Seshadri, and L. van Doorn. 2007. Turtles all the way down: Research challenges in user-based attestation. Proceedings of 2nd USENIX Workshop on Hot Topics in Security (HotSec 2007), August 2007.
52. Mont, M. C., S. Pearson, and P. Bramhall. 2003. Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. 14th International Workshop on Database and Expert Systems Applications (DEXA '03), September 1-5, 2003, Prague, Czech Republic: IEEE Computer Society, pp. 377-382.
53. Mont, M. C., S. Pearson, and P. Bramhall. 2003. Towards accountable management of privacy and identity information. Computer Security - ESORICS 2003, 8th European Symposium on Research in Computer Security, Gjövik, Norway, October 13-15, 2003, Proceedings. (In E. Snekkenes and D. Gollmann, eds.), Lecture Notes in Computer Science, Berlin: Springer-Verlag, Vol. 2808, pp. 146-161.
54. National Institute of Standards and Technology. 2007. USA, Announcing request for candidate algorithm nominations for a new cryptographic hash algorithm (SHA-3) family. November 2007, Docket No. 070911510-7512-01, Gaithersburg, MD: NIST.
55. National Institute of Standards and Technology. 2001. Federal information processing standards publication 197 (fips pub 197): Specification for the advanced encryption standard (aes). November 2001, Gaithersburg, MD: NIST.
56. The Open Mobile Alliance. 2004. DRM architecture v2.0. July 2004, San Diego: OMA.
57. A. Pashalidis and C. J. Mitchell. 2003. Single sign-on using trusted platforms. Information Security, 6th International Conference, ISC 2003, Bristol, UK, October 1-3, 2003, Proceedings. In C. Boyd and W. Mao, eds., Lecture Notes in Computer Science. Berlin: Springer-Verlag, Vol. 2851, pp. 54-68.
58. Pearson, S. 2002. Trusted Agents that Enhance user Privacy by Self-Profiling. Tech. Report HPL-2002-196, Bristol, UK: Hewlett-Packard Laboratories, July 2002.
59. Pearson, S. ed. 2002. Trusted Computing Platforms: TCPA Technology in Context. Upper Saddle River, NJ: Prentice Hall PTR.
60. Pearson, S. ed. 2002. Trusted computing platforms, the Next security solution. Tech. Report HPL-2002-221, Hewlett-Packard Laboratories, November 2002, http://www.hpl.hp.com/techreports/. (Accessed May 20, 2009).
61. Pearson, S. 2005. How trusted computers can enhance for privacy preserving mobile applications. Proceedings of the 1st International IEEE WoWMoM Workshop on Trust, Security and Privacy for Ubiquitous Computing (WOWMOM '05). Washington, DC: IEEE Computer Society, pp. 609-613.
62. Peinado, M., Y. Chen, P. England, and J. Manferdelli. 2004. NGSCB: A trusted open system. Information Security and Privacy, 9th Australasian Conference, ACISP 2004, Sydney, Australia, July 13-15, 2004, Proceedings. In H. Wang, J. Pieprzyk, and V. Varadharajan, eds., Lecture Notes in Computer Science. Berlin: Springer-Verlag, Vol. 3108, pp. 86-97.
63. Peinado, M., P. England, and Y. Chen. 2005. An overview of NGSCB, Trusted Computing. In IEE Professional Applications of Computing Series 6, edited by C. J. Mitchell. London: The Institute of Electrical Engineers (IEE), pp. 115-141.
64. Pfitzmann, B., J. Riordan, C. Stuble, M. Waidner, and A. Weber. 2001. The PERSEUS system architecture. Tech. Report RZ 3335 (#93381), IBM Research Division, Zurich Laboratory, April 2001.
65. Price, G. 2005. PKI - An insider's view (extended abstract). Technical Report RHULMA-2005-8, Department of Mathematics, Royal Holloway, University of London, June 2005.
66. Pridgen, A. and C. Julien. 2006. A secure modular mobile agent system. Proceedings of the 2006 international workshop on Software engineering for large-scale multi-agent systems (SELMAS '06), New York: ACM Press, pp. 67-74.
67. Reid, J., J. M. Gonzalez Nieto, and E. Dawson. 2003. Privacy and trusted computing. 14th International Workshop on Database and Expert Systems Applications (DEXA '03), September 1-5, 2003, Prague, Czech Republic, IEEE Computer Society, pp. 383-388.
68. Rudolph, C. 2007. Covert identity information in Direct Anonymous Attestation (DAA), New Approaches for Security, Privacy and Trust in Complex Environments: Proceedings of the IFIP TC-11 22nd International Information Security Conference (SEC 2007), 14-16 May 2007, Sandton, South Africa. In H. Venter, M. Eloff, L. Lebuschagne, J. Eloff, and R. von Solms, eds., IFIP International Federation for Information Processing, Boston: Springer, Vol. 232, pp. 443-448.
69. Sadeghi, A.-R., M. Selhorst, C. Stüble, C. Wachsmann, and M. Winandy. 2006. TCG inside? a note on TPM specification compliance, Proceedings of the 1st ACM workshop on Scalable trusted computing (STC 2006) (Alexandria, Virginia, USA), New York: ACM, pp. 47-56.
70. Sadeghi, A.-R. and C. Stüble. 2004. Property-based attestation for computing platforms: Caring about properties, not mechanisms. In C. F. Hempelmann, ed., Proceedings of the 2004 Workshop on New Security Paradigms (NSPW 2004). New York: ACM, pp. 67-77.
71. Sadeghi, A.-R. and C. Stüble. 2004. Taming "trusted platforms" by operating system design. Information Security Applications, 4th International Workshop, WISA 2003, Jeju Island, Korea, August 25-27, 2003, Revised Papers. In K. Chae and M. Yung, eds., Lecture Notes in Computer Science. Berlin: Springer-Verlag, Vol. 2908, pp. 286-302.
72. Sadeghi, A.-R., C. Stüble, and N. Pohlmann. 2004. European multilateral secure computing base - open trusted computing for you and me, White paper, www.emscb.de
73. Sandhu, R. and X. Zhang. 2005. Peer-to-peer access control architecture using trusted computing technology. In E. Ferrari and G.-J. Ann, eds., Proceedings of the 10th ACM symposium on Access control models and technologies (SACMAT 2005). New York: ACM, pp. 147-158.
74. Schechter, S. E., R. A. Greenstadt, and M. D. Smith. 2003. Trusted computing, peer-to-peer distribution, and the economics of pirated entertainment. In Proceedings of the Second Annual Workshop on Economics and Information Security. College Park, MD, May 29-30.
75. Smyth, B., M. Ryan, and L. Chen. 2007. Direct anonymous attestation (DAA): Ensuring privacy with corrupt administrators. Security and Privacy in Ad-hoc and Sensor Networks: 4th European Workshop, ESAS 2007, Cambridge, UK, July 2-3, 2007, Proceedings In F. Stajano, C. Meadows, S. Capkun, and T. Moore, eds., Lecture Notes in Computer Science, Berlin: Springer-Verlag, Vol. 4572, pp. 218-231.
76. Software Defined Radio Forum (SDRF), Overview and definition of software download for RF reconfiguration. August 2002.
77. Spalka, A., A. B. Cremers, and H. Langweg. 2001. Protecting the creation of digital signatures with trusted computing platform technology against attacks by Trojan Horse programs. Trusted Information: The New Decade Challenge, IFIP TC11 Sixteenth Annual Working Conference on Information Security (IFIP=Sec '01), June 11-13, 2001, Paris, France. In M. Dupuy and P. Paradinas, eds., IFIP Conference Proceedings. Boston: Kluwer Academic Publishers, Vol. 193, pp. 403-419.
78. Sparks, E. 2007. A security assessment of trusted platform modules. Tech. Report TR-2007-597, Department of Computer Science, Dartmouth College, Jun 2007.
79. Suh, E., D. Clarke, B. Gassend, M. van Dyke, and S. Devadas. 2003. The AEGIS processor architecture for tamper-evident and tamper-resistant processing, In 17th Annual ACM International Conference on Supercomputing (ICS '03) 23-26 June 2003, San Francisco, California, USA, New York: ACM Press, pp. 160-171.
80. Trusted Computing Group. 2005. Mobile Phone Working Group, Portland. OR, Use case scenarios, September 2005, Version 2.7.
81. Trusted Computing Group (TCG). 2005. Portland, OR, TCG PC client specific implementation specification for conventional BIOS July 2005, Version 1.2 Final.
82. Trusted Computing Group (TCG). 2006. Beaverton, OR, Mobile trusted module specification overview document.
83. Trusted Computing Group (TCG). 2006. Portland, OR, TCG EFI platform - for TPM family 1.1 or 1.2 June 2006, Version 1.2 Final.
84. Trusted Computing Group (TCG). 2006. Portland, OR, The TCG mobile trusted module specification September 2006.
85. Trusted Computing Group (TCG). 2006. Portland, OR, TPM main, Part 1: Design principles March 2006, Version 1.2 Revision 94.
86. Trusted Computing Group (TCG). 2006. Portland, OR, TPM main, Part 2: TPM data structures March 2006, Version 1.2 Revision 94.
87. Trusted Computing Group (TCG). 2006. Portland, OR, TPM Main, Part 3: Commands March 2006, Version 1.2 Revision 94.
88. Trusted Computing Group (TCG). 2007. Portland, OR, TCG credential profiles May 2007, Version 1.1 Revision 1.014 For TPM Family 1, 2; Level 2.
89. Trusted Computing Group (TCG). 2007. Portland, OR, TNC architecture for interoperability September 2007.
90. Tygar, J. and B. Yee. 1991. Dyad: A system for using physically secure coprocessors, Technical Report CMU-CS-91-140R, Carnigie Mellon University, Pittsburgh, PA, May 1991.
91. Wang, X., Y. L. Yin, and X. Yu. 2005. Finding collisions in the full SHA-1 Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings. In V. Shoup, ed., Lecture Notes in Computer Science. Berlin: Springer, vol. 3621, pp. 17-36.
92. Wilhelm, U. G., S. Staamann, and L. Butty. 1999. Introducing trusted third parties to the mobile agent paradigm. Secure Internet Programming: Security Issues for Mobile and Distributed Objects. In J. Vitek and C. Jensen, eds., Lecture Notes In Computer Science. Berlin: Springer-Verlag, vol. 1603, pp. 469-489.
93. Yan, Z. and Z. Cofta. 2004. A method for trust sustainability among trusted computing platforms. Trust and Privacy in Digital Business: First International Conference, Trust-Bus 2004, Zaragoza, Spain, August 30 - September 1, 2004, Proceedings. In S. Katsikas, J. Lopez, and G. Pernul, eds., Lecture Notes in Computer Science. Berlin: Springer- Verlag, Vol. 3184, pp. 11-19.
94. Yau, P.-W. and A. Tomlinson. 2007. Using trusted computing in commercial grids. In B. Akhgar, ed., Proceedings of the 15th International Workshop on Conceptual Structures (ICCS 2007), Sheffield, UK, July 22-27, 2007. Berlin: Springer-Verlag, pp. 31-36.