Nicolai Kuntze

On the Deployment of Mobile Trusted Modules

In its recently published TCG mobile reference architecture, the TCG Mobile Phone Work Group specifies a new concept to enable trust into future mobile devices. For this purpose, the TCG devises a trusted mobile platform as a set of trusted engines on behalf of different stakeholders supported by a physical trust-anchor. In this paper, we present our perception on this emerging specification. We propose an approach for the practical design and implementation of this concept and how to deploy it to a trustworthy operating platform. In particular we propose a method for the take-ownership of a device by the user and the migration (i.e., portability) of user credentials between devices.

Subscriber Authentication in Cellular Networks with Trusted Virtual SIMs

The primary goal of this paper is to design a software replacement for a Subscriber Identity Module (SIM) based on the TCG MPWG Reference Architecture in order to access a mobile cellular network and its offered services. Therefor, we introduce a virtual software SIM (vSIM) with comparable usage and security characteristics like the traditional smartcard-based solution. Additionally, running a virtual SIM as a trusted and protected software on a mobile device allow significant expansion of services by introducing new usage scenarios and business models, cost reduction and more flexibility. Our approach demonstrates the substitutability of a SIM card with an adequate trusted software module supported and protected by a trustworthy operating system. In particular we propose several methods for authentication and enrollment of a subscriber.

Trusted Ticket Systems and Applications

Trusted Computing is a security base technology that will perhaps be ubiquitous in a few years in personal computers and mobile devices alike. Despite its neutrality with respect to applications, it has raised some privacy concerns. We show that trusted computing can be applied for service access control in a manner protecting users’ privacy. We construct a ticket system, a concept at the heart of Identity Management, relying solely on the capabilities of the trusted platform module and the Trusted Computing Group’s standards. Two examples show how it can be used for pseudonymous, protected service access.

Security Digital Evidence

Non-repudiation of digital evidence is required by various use cases in today’s business cases for example in the area of medical products but also in public use cases like congestion charges. These use cases have in common that at a certain time an evidence record is generated to attest for the occurrence of a certain event. To allow for non-repudiation of such an evidence record it is required to provide evidence on the used device itself, its configuration, and the software running at the time of the event. Digital signatures as used today provide authenticity and integrity of the evidence record. However the signature gives no information about the state of the Measurement Instrument at the time of operation. The attestation of the correct operation of the evidence collector is discussed in this paper and an implemented solution is presented.

Implementation of a Trusted Ticket System

Trusted Computing is a security technology which enables the establishment of trust between multiple parties. Previous work showed that Trusted Computing technology can be used to build tickets, a core concept of Identity Management Systems. Relying solely on the Trusted Platform Module we will demonstrate how this technology can be used in the context of Kerberos for an implementation variant of Identity Management.

Secure Web Service Workflow Execution

In this paper we identify specific security requirements for distributed workflows and provide a decentralized workflow execution mechanism that ensures their satisfaction. With our composition concept we ensure that each web service can access only the information which is needed for the correct execution of the invoked operations and we provide an execution proof of the fulfilled assignments. Our approach relies on a data structure, called process slip, which is passed among the web services participating in the composition.

Trust infrastructures for future energy networks

Efficient use and distribution in future energy infrastructures largely depend on distributed control, metering and accounting functionalities. In such a Smart Grid essential components are distributed over the complete infrastructure, in particular parts of the infrastructure will be placed under possibly hostile end-users control. Thus, the dependability of the Smart Grid depends on the security of every component deployed. Considering the large variety of known attacks on IT infrastructures proper protection mechanisms need to be considered already in the early design of Smart Grid architecture and their components. The notion of Trusted Computing established in the PC area can also be used in Smart Grids to establish trust among all involved stakeholders and to ensure the proper functioning of devices. This paper discusses relevant security requirements and introduces a vision of a security infrastructure for energy networks built on hardware trust anchors.

Trust for Location-Based Authorisation

We propose a concept for authorisation using the location of a mobile device and the enforcement of location- based policies. Mobile devices enhanced by trusted computing capabilities operate an autonomous and secure location trigger and policy enforcement entity. Location determination is two-tiered, integrating cell-based triggering at handover with precision location measurement by the device.

Transitive trust in mobile scenarios

Horizontal integration of access technologies to networks and services should be accompanied by some kind of convergence of authentication technologies. The missing link for the federation of user identities across the technological boundaries separating authentication methods can be provided by trusted computing platforms. The concept of establishing transitive trust by trusted computing enables the desired cross-domain authentication functionality. The focus of target application scenarios lies in the realm of mobile networks and devices.

Secure Digital Chains of Evidence

Computers, mobile phones, embedded devices and other components of IT systems can often be easily manipulated. Therefore, in forensic use of digital evidence it is necessary to carefully check that the probative force of the evidence is sufficient. For applications where critical processes can lead to disputes and resolving disputed relies on digital evidence one open question is how to build the system in a way that secure digital evidence is available. This paper introduces the notion of secure digital chains of evidence and proposes a high-level architecture for systems that can provide such chains of evidence. Finally, possible building blocks are explored for the realisation of a distributed and heterogeneous system with support for secure digital chains of evidence.