We present a technique based on Trusted Computing's remote attestation to enable the user of a public terminal to determine whether its configuration can be considered trustworthy or not. In particular, we show how the user can verify the software status of an untrusted terminal and be securely informed about the outcome of the verification. We present two flavors of this technique. In the first, the user makes use of a personal digital device with limited computing capabilities and a remote trusted server that performs the actual verification. In the second, the personal device is assumed to have enough computing power (as in the case of smart-phones and PDAs) to autonomously perform the verification procedure.
Practical Verification of Untrusted Terminals Using Remote Attestation
DINI, GIANLUCA;
2007-01-01
Abstract
We present a technique based on Trusted Computing's remote attestation to enable the user of a public terminal to determine whether its configuration can be considered trustworthy or not. In particular, we show how the user can verify the software status of an untrusted terminal and be securely informed about the outcome of the verification. We present two flavors of this technique. In the first, the user makes use of a personal digital device with limited computing capabilities and a remote trusted server that performs the actual verification. In the second, the personal device is assumed to have enough computing power (as in the case of smart-phones and PDAs) to autonomously perform the verification procedure.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.