Publication Type

Journal Article

Version

publishedVersion

Publication Date

10-2018

Abstract

Many personal computing and more specialized (e.g., high-end IoT) devices are now equipped with sophisticated processors that only a few years ago were present only on high-end desktops and servers. Such processors often include an important hardware security component in the form of a DRTM (Dynamic Root of Trust for Measurement) which initiates trust and resists software (and even some physical) attacks. However, despite substantial prior research on trust establishment with secure hardware, DRTM security was always considered without any involvement of the human user, who represents a vital missing link. This prompts an important challenge: how can a user (owner) determine whether a genuine DRTM is currently active on his or her device? We believe that, in order to address this challenge, a new security service – called “Presence Attestation” (PA) – is needed. While PA, by itself, has only ephemeral value, it can be used to set up a long-term secure channel between the device's DRTM and another device with the user's trust. In this paper, we outline the notion of PA, which is based on mandatory (though, ideally minimal) user participation, overview recent results, and discuss directions for future research.

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Computer Communications

Volume

131

First Page

35

Last Page

38

ISSN

0140-3664

Identifier

10.1016/j.comcom.2018.07.004

Publisher

Elsevier

Copyright Owner and License

Authors

Additional URL

https://doi.org/10.1016/j.comcom.2018.07.004

Download

Share

COinS