Unicorn: Two-factor attestation for data security

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2011, Pages 17-28

  Mannan, Mohammad ^a   Kim, Beom Heyn ^b   Ganjali, Afshar ^b   Lie, David ^b  

^a Concordia University ^*  (Canada)

^b UNIVERSITY OF TORONTO   (Canada)

Author keywords

Attestation; Authentication; Malware; Phishing; Security token; Trusted computing

Indexed keywords

ATTESTATION; MALWARES; PHISHING; SECURITY TOKENS; TRUSTED COMPUTING;

AUTHENTICATION; COMPUTER CRIME; COMPUTER HARDWARE; SOFTWARE PROTOTYPING;

SECURITY OF DATA;

EID: 80755187832     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2046707.2046712     Document Type: Conference Paper

References (37)

1. Anti-Phishing Working Group (APWG). Phishing activity trends report: 1st quarter 2010. http://www.antiphishing.org/reports/apwg-report-Q1-2010.pdf.
2. A. M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. C. Skalsky. HyperSentry: enabling stealthy in-context measurement of hypervisor integrity. In ACM CCS'10, Chicago, IL, USA, Oct. 2010.
3. D. Balfanz and E. Felten. Hand-held computers can be better smart cards. In USENIX Security Symposium, Washington, DC, USA, Aug. 1999.
4. S. Bratus, N. D'Cunha, E. Sparks, and S. W. Smith. TOCTOU, traps, and trusted computing. In Trusted Computing - Challenges and Applications (TRUST'08), Villach, Austria, Mar. 2008.
5. K. Butler, S. McLaughlin, and P. McDaniel. Kells: A protection framework for portable data. In ACSAC'10, Austin, TX, USA, Dec. 2010.
6. eWeek.com. Zeus trojan mobile variant intercepts SMS passcodes from bank sites. News article (Feb. 22, 2011).
7. T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: A virtual machine-based platform for trusted computing. In SOSP'03, Bolton Landing, NY, USA, Oct. 2003.
8. S. Garriss, R. Cáceres, S. Berger, R. Sailer, L. van Doorn, and X. Zhang. Trustworthy and personalized computing on public kiosks. In Mobile Systems, Applications and Services (Mobisys'08), Breckenridge, CO, USA, June 2008.
9. K. Goldman, R. Perez, and R. Sailer. Linking remote attestation to secure tunnel endpoints. In Scalable Trusted Computing (STC'06), Fairfax, VA, USA, Nov. 2006.
10. D. Grawrock. The Intel Safer Computing Initiative: Building Blocks for Trusted Computing. Intel Press, 2006.
11. H-online.com. Hacker extracts crypto key from TPM chip. News article (Feb. 10, 2010).
12. Intel. Intel trusted execution technology (TXT) software development guide. Technical article (Dec. 2009). http://download.intel.com/technology/ security/downloads/315168.pdf.
13. Intel. Trusted boot. Open-source project (version Oct. 5, 2010). http://sourceforge.net/projects/tboot/.
14. B. Kauer. OSLO: Improving the security of trusted computing. In USENIX Security Symposium, Boston, MA, USA, Aug. 2007.
15. G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. seL4: Formal verification of an OS kernel. In SOSP'09, Big Sky, MT, USA, Oct. 2009.
16. A. Libonati, J. M. McCune, and M. K. Reiter. Usability testing a malware-resistant input mechanism. In NDSS'11, San Diego, CA, USA, Feb. 2011.
17. P. Loscocco and S. Smalley. Integrating flexible support for security policies into the Linux operating system. In USENIX Annual Technical Conference, Boston, MA, USA, June 2001.
18. M. Mannan and P. van Oorschot. Leveraging personal devices for stronger password authentication from untrusted computers. Journal of Computer Security, 19(4):703-750, 2011.
19. J. M. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. TrustVisor: Efficient TCB reduction and attestation. In IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 2010.
20. J. M. McCune, B. Parno, A. Perrig, M. K. Reiter, and H. Isozaki. Flicker: An execution infrastructure for TCB minimization. In The European Conference on Computer Systems (EuroSys'08), Glasgow, Scotland, UK, Apr. 2008.
21. J. M. McCune, A. Perrig, and M. K. Reiter. Safe passage for passwords and other sensitive data. In NDSS'09, San Diego, CA, USA, Feb. 2009.
22. H. Nellitheertha. Reboot Linux faster using kexec. IBM technical library (May 4, 2004). http://www.ibm.com/developerworks/linux/library/l-kexec.html.
23. J. R. Okajima. Advanced multi layered unification filesystem. Open-source project (version 2.1). http://aufs.sourceforge.net/.
24. B. Parno, J. M. McCune, and A. Perrig. Bootstrapping trust in commodity computers. In IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 2010.
25. R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In USENIX Security Symposium, San Diego, CA, USA, Aug. 2004.
26. J. Samuel, N. Mathewson, J. Cappos, and R. Dingledine. Survivable key compromise in software update systems. In ACM CCS'10, Chicago, IL, USA, Oct. 2010.
27. A. Seshadri, M. Luk, N. Qu, and A. Perrig. SecVisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In SOSP'07, Stevenson, WA, USA, Oct. 2007.
28. A. Shieh, D. Williams, E. G. Sirer, and F. B. Schneider. Nexus: A new operating system for trustworthy computing. In SOSP'05, Brighton, UK, Oct. 2005.
29. C. Soghoian and S. Stamm. Certified lies: Detecting and defeating government interception attacks against SSL. In Financial Cryptography and Data Security (FC'11), St. Lucia, 2011.
30. A squashed read-only file system for Linux. Open-source project (version 4.1, Sept. 19, 2010). http://squashfs.sourceforge.net/.
31. L. St. Clair, J. Schiffman, T. Jaeger, and P. McDaniel. Establishing and sustaining system integrity via root of trust installation. In ACSAC'07, Miami, FL, USA, Dec. 2007.
32. F. Stumpf, O. Tafreschi, P. Röder, and C. Eckert. A robust integrity reporting protocol for remote attestation. In Workshop on Advances in Trusted Computing (WATC'06), Tokyo, Japan, Nov. 2006.
33. Twisted Matrix Labs. Twisted: Event-driven networking engine. Open-source project. http://twistedmatrix.com/trac/wiki.
34. P. van Oorschot and G. Wurster. Reducing unauthorized modification of digital objects. IEEE Transactions on Software Engineering, 2011. To appear.
35. A. Vasudevan, B. Parno, N. Qu, V. D. Gligor, and A. Perrig. Lockdown: A safe and practical environment for security applications. Technical Report CMU-CyLab-09-011, CyLab, Carnegie Mellon University, July 2009. http://repository.cmu.edu/cylab/5/.
36. A. Whitten and J. D. Tygar. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In USENIX Security Symposium, Washington, D.C., USA, Aug. 1999.
37. R. Wojtczuk, J. Rutkowska, and A. Tereshkin. Another way to circumvent Intel Trusted Execution Technology: Tricking SENTER into misconfiguring VT-d via SINIT bug exploitation. Technical article (Dec., 2009). http:// theinvisiblethings.blogspot.com/2009/12/another-txt-attack.html.