Kurt Dietrich

Implementation Aspects of Mobile and Embedded Trusted Computing

Nowadays, trusted platform modules (TPMs) are usually deployed together with desktop PCs and notebooks. However, these platforms are not the only ones that can host TPMs. Mobile and embedded platforms like cell phones can also host TPMs but may have different requirements and different use-case scenarios. In contrast to common TPMs, TPMs for mobile platforms do not need to be implemented as micro controllers, leading to different security assumptions. In order to find these differences, we have designed and implemented two approaches for mobile TPMs that are analyzed in detail in the context of this paper.

Lightweight anonymous authentication with TLS and DAA for embedded mobile devices

Although anonymous authentication has been extensively studied, so far no scheme has been widely adopted in practice. A particular issue with fully anonymous authentication schemes is that users cannot easily be prevented from copying and sharing credentials. In this paper, we propose an anonymous authentication scheme for mobile devices that prevents copying and sharing of credentials based on hardware security features. Our system is an optimized adaptation of an existing direct anonymous attestation (DAA) scheme, specifically designed for resource-constrained mobile devices. Our solution provides (i) anonymity and untraceability of mobile embedded devices against service providers, (ii) secure device authentication even against collusions of malicious service providers, and (iii) allows for revocation of authentication credentials. We present a new cryptographic scheme with a proof of security, as well as an implementation on ARM TrustZone. Moreover, we evaluate the efficiency of our approach and demonstrate its suitability for mobile devices.

An integrated architecture for trusted computing for java enabled embedded devices

This paper presents a concept for enhancing mobile and embedded devices with trusted computing (TC)technology. It outlines a new architecture focusing on SUNs J2ME platform, including the design for a Mobile Trusted Module (MTM) to be used as a trusted computing base. The proposed architecture combines all software components required for accessing an MTM and shows how TC functionality can be provided for mobile applications. Moreover, different deployment scenarios of the architecture and its components are discussed. In order to prove that an implementation of the concept is feasible, a prototype of the architecture has been developed. For the design of the new architecture, special attention was turned to reusing currently existing technology and hardware rather than designing new hardware. By using already existing components, this paper also gives an answer to the question of how a mobile trusted-computing-enhanced system could be implemented with currently available technology

Secure Boot Revisited

The security of mobile and embedded devices can be significantly improved by using mobile-trusted-modules (MTMs). How these MTMs can be implemented and integrated in mobile devices is subject to current research. A major part of this research addresses different implementation variants of MTMs. MTMs provide many features that enable a platform to provide a trustworthy proof of its current configuration. However, the security of mobile devices does not solely rely on MTMs - it also depends on the boot process. This process forms the foundation for trusted services that are started on the device later. Hence, the TCGs mobile phone working group has published an approach how a secure boot process could be performed. However, their publication does not specify the required steps and components in detail, which allows device manufacturers to implement the process in many different ways - consequently, many different implementations are possible. Furthermore, we propose a software image verification concept for our approach. The concept is based on the reference-integrity-metric (RIM) certificates specified by the TCG and allows an easy verification of the loaded software images as well as easy management of RIM certificates to support the secure boot process. Additionally, we show how it is possible to to use software based MTM, with our approach.

A hijacker's guide to the LPC bus

In this paper, we analyze the communication mechanism of trusted platform modules via the low-pin-count bus. While the trusted platform module is considered to be tamper resistant, the communication channel between this module and the rest of the trusted platform turns out to be comparatively insecure. It has been shown that passive attacks can be mounted on the TPM and its bus communication with fairly inexpensive equipment, however, similar active attacks have not been reported, yet. We tackle this problem and show how the communication on the LPC bus can be actively manipulated with simple and inexpensive equipment. Moreover, we show how our manipulation can be used to circumvent the chain of trust provided by trusted platforms.

A practical approach for establishing trust relationships between remote platforms using trusted computing

Over the past years, many different approaches and concepts in order to increase computer security have been presented. One of the most promising of these concepts is Trusted Computing which offers various services and functionalities like reporting and verifying the integrity and the configuration of a platform (attestation). The idea of reporting a platforms state and configuration to a challenger opens new and innovative ways of establishing trust relationships between entities. However, common applications are not aware of Trusted Computing facilities and are therefore not able to utilise Trusted Computing services at the moment. Hence, this article proposes an architecture that enables arbitrary applications to perform remote platform attestation, allowing them to establish trust based on their current configuration. The architectures components discussed in this article are also essential parts of the OpenTC proof-of-concept prototype. It demonstrates applications and techniques of the Trusted Computing Groups proposed attestation mechanism in the area of personal electronic transactions.

A hijacker's guide to communication interfaces of the trusted platform module

In this paper, we analyze the communication of trusted platform modules and their interface to the hosting platforms. While trusted platform modules are considered to be tamper resistant, the communication channel between these modules and the rest of the trusted platform turns out to be comparatively insecure. It has been shown that passive attacks can be mounted against TPMs and their bus communication with fairly inexpensive equipment, however, similar active attacks have not been reported, yet. We pursue the idea of an active attack and show how the communication protocol of the LPC bus can be actively manipulated with basic and inexpensive equipment. Moreover, we show how our manipulations can be used to circumvent the security mechanisms, e.g. the chain of trust, provided by modern trusted platforms. In addition, we demonstrate how the proposed attack can be extended to manipulate communication buses on embedded systems.

Anonymous client authentication for transport layer security

Nowadays, anonymity and privacy protecting mechanisms are becoming more and more important. The anonymity of platforms and the privacy of users operating in the Internet are major concerns of current research activities. Although different techniques for protecting anonymity exist, standard protocols like Transport Layer Security are still missing adequate support for these technologies. In this paper, we analyze how Trusted Computing technologies and anonymous credential systems can be used in order to allow clients to establish anonymous authentication over secure channels. Furthermore, we analyze how these technologies can be integrated into common security frameworks like the Java Cryptography Architecture. We discuss the performance that can be achieved with this approach and analyse which performance can be expected from currently available Trusted Platform Modules.

Anonymous RFID authentication using trusted computing technologies

Anonymity protecting mechanisms are an important part of any Trusted Computing platform. They provide protection of a platform’s anonymity and, consequently, protection of the privacy of the platform’s owners. As Trusted Computing technologies have been introduced on mobile and embedded systems and more and more mobile devices are equipped with Near Field Communication (NFC) modules, the question arises whether the supported anonymization mechanisms can be used efficiently for anonymous authentication for NFC enabled applications. However, state-of-the-art technologies like the Direct Anonymous Attestation scheme require complex mathematical computations that put high requirements on the processing power of the signer’s device which are typically not available on resource constrained devices like smart-cards. In this paper, we analyze how the Direct Anonymous Attestation protocol can be used for anonymous authentication in NFC scenarios and we propose an approach that allows a practical use of this technology in real-world scenarios.

Anonymous credentials for java enabled platforms: a performance evaluation

Anonymity and privacy protection are very important issues for Trusted Computing enabled platforms. These topics are especially important when two platforms perform a remote attestation as specified by the Trusted Computing Group (TCG). Attestation requires a platform to prove its current platform configuration by cryptographic means. However, using common digital signature schemes requires a complex public key infrastructure and allows the verifier to track and identify the signing platform. In order to address this problem, the TCG has introduced two concepts how the anonymity of Trusted Platform Modules (TPMs), and with it the anonymity of certain platforms, can be protected. The most promising of these two concepts is the Direct Anonymous Attestation (DAA) scheme which eliminates the requirement of a remote authority but includes complex mathematical computations. In this paper, we address the question whether anonymous credential systems like DAA can be efficiently used on Java enabled platforms and resource constrained devices like mobile phones. In order to be able to investigate this situation, we developed a software library that supports the basic DAA processes setup, join, sign and verify for J2SE and J2ME based virtual machines. Although our results show that DAA can efficiently be used on desktop platforms, off-the-shelf mobile phones require some premises in order to use DAA adequately.