Peter Lipp

Trusted Computing - Challenges and Applications

This book constitutes the thoroughly refereed post-conference proceedings of the First International Conference on Trusted Computing and Trust in Information Technologies, TRUST 2008, held in Villach, Austria, in March 2008. The 13 revised full papers presented together with 1 invited lecture were carefully reviewed and selected from 43 submissions. The papers cover the core issues of trust in IT systems and present recent leading edge developments in the field of trusted infrastructure and computing to foster the international knowledge exchange necessary to catch up with the latest trends in science and technology developments.

A practical approach for establishing trust relationships between remote platforms using trusted computing

Over the past years, many different approaches and concepts in order to increase computer security have been presented. One of the most promising of these concepts is Trusted Computing which offers various services and functionalities like reporting and verifying the integrity and the configuration of a platform (attestation). The idea of reporting a platforms state and configuration to a challenger opens new and innovative ways of establishing trust relationships between entities. However, common applications are not aware of Trusted Computing facilities and are therefore not able to utilise Trusted Computing services at the moment. Hence, this article proposes an architecture that enables arbitrary applications to perform remote platform attestation, allowing them to establish trust based on their current configuration. The architectures components discussed in this article are also essential parts of the OpenTC proof-of-concept prototype. It demonstrates applications and techniques of the Trusted Computing Groups proposed attestation mechanism in the area of personal electronic transactions.

Security concepts for the WWW

This paper gives an overview of the existing World Wide Web security concepts. For each proposal we give a short description of the most important properties and discuss them briefly. The concepts are divided into three groups according to their relative position to the HTTP layer. A comparison of some of the properties of various concepts is given as well.

Independent Policy Oriented Layering of Security Services

Implementing a security policy has to cope with the diversity of communication requirements and applications. We present a policy oriented approach from the observation of common problems and characteristics given in networked applications. The solution reduces the trust required into the security system to a single entity. This is done in an application independent manner by fooling the applications and feigning a conventional, insecure networking environment that is further transformed to a secure communication infrastructure.

An inter-bridge-security protocol

Abstract Local area networks offer a wide range of possibilities to intruders, especially if connected by a backbone network. By adding intelligence and encryption to the connecting points, bridges, a control of access to the local subnet and a possibility to secure communication by encrypting at network-speed is provided.

Signature Validation – a Dark Art?

ETSI Standard EN 319 102-1 (Procedures for Creation and Validation of AdES Digital Signatures; Part 1: Creation and Validation [2]) is a new standard developed by ETSI during the implementation of Mandate M460 and is currently undergoing the EN approval procedure. The standard covers, as the title suggests, the creation and validation of digital signatures. Some experts, who so far were convinced they understood what needs to be done when validating a signature, are confused. To them the standard is either wrong, not understandable or worst case both. This article tries to shed a light into the approach taken but also discusses why signature validation sometimes gets complex, maybe more complex than necessary, and considers whether this complexity can be avoided.

GASC: ein Graphik- und Software Kommunikationssystem

Lokale Btx- und Btx-ahnliche Systeme haben erst durch den Einsatz von intelligenten Endgeraten die Chance, erfolgreich zu sein. Die am Markt erhaltlichen Systeme nutzen aber zur Zeit die Intelligenz der Endgerate nicht voll aus. In dieser Arbeit stellen wir ein System vor, bei dem die Ausnutzung der Intelligenz der Endgerate von Anfang an im Mittelpunkt der Uberlegungen stand. Dadurch kann ein besonders gutes Preis/Leistungsverhaltnis erzielt werden.