Protocol for trusted channel based on portable trusted module

Web-based e-commerce applications need a trusted channel, which provides confidential communication, identity authentication and integrity assurance of endpoints, to guarantee the security of electronic transactions. A user-oriented trusted computing system based on Portable Trusted Module (PTM) is presented. Remote attestation is incorporated into Transport Layer Security (TLS) handshake protocol based on PTM so as to establish a trusted channel between two endpoints in network. This protocol can resist masquerading, trusted path and runtime attacks and propagate the trust in the computing system to the end user effectively. The test results of our proof-of-concept prototype show that our protocol for trusted channel is feasible for deployment in e-commerce applications on the Internet.

[1]  Adrian Perrig,et al.  Turtles all the way down: research challenges in user-based attestation , 2007, WRAITS '08.

[2]  Pieter H. Hartel,et al.  Formalizing the safety of Java, the Java virtual machine, and Java card , 2001, CSUR.

[3]  Ronald Perez,et al.  Linking remote attestation to secure tunnel endpoints , 2006, STC '06.

[4]  Peng Hu,et al.  Trusted e-Commerce User Agent Based on USB Key , 2022 .

[5]  Patrick Röder,et al.  A Robust Integrity Reporting Protocol for Remote Attestation , 2006 .

[6]  Michael Baentsch,et al.  The Zurich Trusted Information Channel - An Efficient Defence Against Man-in-the-Middle and Malicious Software Attacks , 2008, TRUST.

[7]  Zhen Han,et al.  A portable TPM based on USB key , 2010, CCS '10.

[8]  Patrick George User Authentication with Smart Cards in Trusted Computing Architecture , 2004, Security and Management.

[9]  Jakob Jonsson,et al.  Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 , 2003, RFC.

[10]  Frederik Armknecht,et al.  An efficient implementation of trusted channels based on openssl , 2008, STC '08.

[11]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[12]  Ahmad-Reza Sadeghi,et al.  Beyond secure channels , 2007, STC '07.

[13]  Stefan Santesson TLS Handshake Message for Supplemental Data , 2006, RFC.

[14]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[15]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[16]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.