A mobile and portable trusted computing platform
- PDF / 477,006 Bytes
- 19 Pages / 595.28 x 793.7 pts Page_size
- 41 Downloads / 192 Views
RESEARCH
Open Access
A mobile and portable trusted computing platform Surya Nepal*, John Zic, Dongxi Liu and Julian Jang
Abstract The mechanism of establishing trust in a computing platform is tightly coupled with the characteristics of a specific machine. This limits the portability and mobility of trust as demanded by many emerging applications that go beyond the organizational boundaries. In order to address this problem, we propose a mobile and portable trusted computing platform in a form of a USB device. First, we describe the design and implementation of the hardware and software architectures of the device. We then demonstrate the capabilities of the proposed device by developing a trusted application. Keywords: trusted computing, trust, trusted computing platform, trusted platform module, trusted personal device
1. Introduction The idea of developing and deploying applications that go beyond a single enterprise’s administrative domain has gained popularity in recent times. This has been enabled by recent developments and wide-spread adoption of new approaches to software engineering (Web Services and Service Oriented Architecture) [1], the ubiquity of Internet-based networking and the rapid growth and proliferation of a large variety of mobile computing devices (e.g. laptops, PDAs). As a result, we have seen a growing number of enterprise applications developed to run in heterogeneous, open and potentially hostile environments by accessing enterprise resources remotely [2,3]. Though these applications provide greater flexibility, they present new challenges on establishing a trust between a remote client computer and enterprise application server, more specifically bootstrapping trust in a hostile environment [4]. Problem statement
An agent, working for a company, is issued a digital certificate (embedded in software or hardware) against which the agent is authenticated. The certificate is used to establish a level of trust between the agent and a company resource (e.g. a server). When the client-server link has been authenticated, customized applications * Correspondence: [email protected] CSIRO ICT Centre, Information Engineering Laboratory, P.O. Box 76, Epping, NSW 1710, Australia
and confidential client data are available for use by the agent. There are two possible scenarios. The first scenario involves the agent using the machine with a preset configuration within the company’s managed network. A digital certificate [5,6], bound to a specific machine along with an attestation mechanism [7] can be used to establish trust in a controlled environment such as this. The second scenario involves the agent working at the customer’s managed network and uses the Internet to establish the trusted transactions with the company’s server. The digital certificate, bound to a specific machine, can be used to establish the trust provided the company presets the machine with the desired configurations. That is, the agent’s own machine needs to be used. However, a number of issues on mobility and portability
Data Loading...
