Initializing trust in smart devices via presence attestation

Many personal computing and more specialized (e.g., high-end IoT) devices are now equipped with sophisticated processors that only a few years ago were present only on high-end desktops and servers. Such processors often include an important hardware security component in the form of a DRTM (Dynamic...

Full description

Saved in:
Bibliographic Details
Main Authors: DING, Xuhua, TSUDIK, Gene
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2018
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/4091
https://ink.library.smu.edu.sg/context/sis_research/article/5094/viewcontent/1_s20_S0140366418304882_main.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-5094
record_format dspace
spelling sg-smu-ink.sis_research-50942019-05-31T08:21:45Z Initializing trust in smart devices via presence attestation DING, Xuhua TSUDIK, Gene Many personal computing and more specialized (e.g., high-end IoT) devices are now equipped with sophisticated processors that only a few years ago were present only on high-end desktops and servers. Such processors often include an important hardware security component in the form of a DRTM (Dynamic Root of Trust for Measurement) which initiates trust and resists software (and even some physical) attacks. However, despite substantial prior research on trust establishment with secure hardware, DRTM security was always considered without any involvement of the human user, who represents a vital missing link. This prompts an important challenge: how can a user (owner) determine whether a genuine DRTM is currently active on his or her device? We believe that, in order to address this challenge, a new security service – called “Presence Attestation” (PA) – is needed. While PA, by itself, has only ephemeral value, it can be used to set up a long-term secure channel between the device's DRTM and another device with the user's trust. In this paper, we outline the notion of PA, which is based on mandatory (though, ideally minimal) user participation, overview recent results, and discuss directions for future research. 2018-10-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4091 info:doi/10.1016/j.comcom.2018.07.004 https://ink.library.smu.edu.sg/context/sis_research/article/5094/viewcontent/1_s20_S0140366418304882_main.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Information Security
spellingShingle Information Security
DING, Xuhua
TSUDIK, Gene
Initializing trust in smart devices via presence attestation
description Many personal computing and more specialized (e.g., high-end IoT) devices are now equipped with sophisticated processors that only a few years ago were present only on high-end desktops and servers. Such processors often include an important hardware security component in the form of a DRTM (Dynamic Root of Trust for Measurement) which initiates trust and resists software (and even some physical) attacks. However, despite substantial prior research on trust establishment with secure hardware, DRTM security was always considered without any involvement of the human user, who represents a vital missing link. This prompts an important challenge: how can a user (owner) determine whether a genuine DRTM is currently active on his or her device? We believe that, in order to address this challenge, a new security service – called “Presence Attestation” (PA) – is needed. While PA, by itself, has only ephemeral value, it can be used to set up a long-term secure channel between the device's DRTM and another device with the user's trust. In this paper, we outline the notion of PA, which is based on mandatory (though, ideally minimal) user participation, overview recent results, and discuss directions for future research.
format text
author DING, Xuhua
TSUDIK, Gene
author_facet DING, Xuhua
TSUDIK, Gene
author_sort DING, Xuhua
title Initializing trust in smart devices via presence attestation
title_short Initializing trust in smart devices via presence attestation
title_full Initializing trust in smart devices via presence attestation
title_fullStr Initializing trust in smart devices via presence attestation
title_full_unstemmed Initializing trust in smart devices via presence attestation
title_sort initializing trust in smart devices via presence attestation
publisher Institutional Knowledge at Singapore Management University
publishDate 2018
url https://ink.library.smu.edu.sg/sis_research/4091
https://ink.library.smu.edu.sg/context/sis_research/article/5094/viewcontent/1_s20_S0140366418304882_main.pdf
_version_ 1770574305226129408