Andreas Schmidt

Trust in M2M communication

Machine-to-machine (M2M) communication is viewed as one of the next frontiers in wireless communications. M2M communication applications and scenarios are growing and lead the way to new business cases. Because of the nature of M2M scenarios, involving unguarded, distributed devices, new security threats emerge. The use case scenarios for M2M communication also address the new requirement on flexibility, because of deployment scenarios of the M2ME in the field. We believe that these new requirements require a paradigm shift. One important pillar of such a shift will be a new, more balanced mix of device-centric trust and traditional enforcement of security properties.

Tree-formed verification data for trusted platforms

The establishment of trust relationships to a computing platform relies on validation processes. Validation allows an external entity to build trust in the expected behaviour of the platform based on provided evidence of the platforms configuration. In a process like remote attestation, the trusted platform submits verification data created during a start up process. These data consist of hardware-protected values of platform configuration registers, containing nested measurement values, e.g., hash values, of loaded or started components. Commonly, the register values are created in linear order by a hardware-secured operation. Fine-grained diagnosis of components, based on the linear order of verification data and associated measurement logs, is not optimal. We propose a method to use tree-formed verification data to validate a platform. Component measurement values represent leaves, and protected registers represent roots of a hash tree. We describe the basic mechanism of validating a platform using tree-formed measurement logs and root registers and show a logarithmic speed-up for the search of faults. Secure creation of a tree is possible using a limited number of hardware-protected registers and a single protected operation. In this way, the security of tree-formed verification data is maintained.

Trusted computing enhanced user authentication with OpenID and trustworthy user interface

Trusted computing, used as a security technology, can establish trust between multiple parties. One implementation of trusted computing technology standardised by the Trusted Computing Group is the trusted platform module (TPM). We build on the security provided by the TPM to create a trusted variant of identity management systems based on the popular OpenID protocol. We show that it is feasible to bind OpenID identities to the trustworthiness of the device. Our concept and implementation builds on previous work which showed that trusted computing can be used to create tickets. In this work, we use such tickets as a building block to establish trust in the OpenID protocol between the identity provider and the device. Furthermore, we investigate how mutual trust can be established in the communication between device and user during authentication. The concept of trust visualisation via a trusted environment and binding to user authentication are presented.

Sender Scorecards for the prevention of unsolicited communication

Sender Scorecards are conceived as a method to enable different IP Multimedia Subsystem (IMS) domains and networks to exchange trustworthy information on sender identities and other relevant information, to allow discrimination between legitimate and unsolicited IMS communication. The approach uses a secure and interoperable scorecard about the sender of IMS calls. Such a scorecard is generated, transported, and evaluated collaboratively between different network domains. Scorecards are used to generate a standardized exchange format for sender and message related information. Depending on the outcome of the scorecard evaluation, the receiving domain can take appropriate actions such as denying or allowing a communication attempt. The present paper proposes a blueprint for an IMS architecture including scorecard elements, based on 3GPP standards. In this context, procedures operating with scorecards for prevention of unsolicited communications are presented.