论文信息 - Protecting the Creation of Digital Signatures with Trusted Computing Platform Technology Against Attacks by Trojan Horse Programs

Protecting the Creation of Digital Signatures with Trusted Computing Platform Technology Against Attacks by Trojan Horse Programs

Digital signatures are a key technology for many Internet-based commercial and administrative applications and, therefore, and increasingly popular target of attacks. Due to their strong cryptographic properties an attacker is more likely to subvert them with malicious software, ie Trojan horse programs. We show that by fusing two techniques, our WORM-supported reliable input method and the Intelligent Adjunct model of the Trusted Computing Platform Alliance, we can achieve a high degree of protection from Trojan horse programs during the process of creating digital signatures. Existing software products immediately benefit form our results. Moreover, we examine three ways of storing and executing the signing software the respect to its susceptibility to Trojan horse programs and identify the most suitable combination.

Armin B. Cremers | Adrian Spalka | Hanno Langweg

[1] Linda Pesante,et al. CERT® Coordination Center , 2002 .

[2] Paul Docherty,et al. Macro attacks: What next after Melissa? , 1999, Comput. Secur..

[3] Karl Scheibelhofer. What You See Is What You Sign , 2001 .

[4] Vesselin Bontchev. Possible macro virus attacks and how to prevent them , 1996, Comput. Secur..

[5] Ulrich Pordesch. Der fehlende Nachweis der Präsentation signierter Daten , 2000, Datenschutz und Datensicherheit.

[6] Niv Ahituv,et al. Approaches to handling "Trojan Horse" threats , 1986, Comput. Secur..

[7] Richard J. Lipton,et al. Foundations of Secure Computation , 1978 .

[8] Birgit Pfitzmann,et al. SEMPER - Secure Electronic Marketplace for Europe , 2000, Lecture Notes in Computer Science.

[9] Barbara Gengler. Reports: Trusted Computing Platform Alliance , 2001 .

[10] Andreas U. Schmidt. Signiertes XML und das Präsentationsproblem , 2000, Datenschutz und Datensicherheit.

[11] Boris Balacheff,et al. Securing Intelligent Adjuncts Using Trusted Computing Platform Technology , 2000, CARDIS.

[12] Tage Stabell-Kulø. Smartcards: Hot to Put them to Use in a User-Centric System , 2000, HUC.

[13] Richard Ford. Malware: Troy revisited , 1999, Comput. Secur..

[14] Armin B. Cremers,et al. The fairy tale of''what you see is what you sign , 2001 .