Your search keyword '"Trusted service manager"' showing total 235 results

1. A Trust Rating Model Using Fuzzy Logic in Cloud

Author

Vasani, Vidhika, Chudasama, Vipul, Kacprzyk, Janusz, Series Editor, Bhattacharyya, Siddhartha, editor, Hassanien, Aboul Ella, editor, Gupta, Deepak, editor, Khanna, Ashish, editor, and Pan, Indrajit, editor

Published

2019

2. Conclusions

Author

Noor, Talal H., Sheng, Quan Z., Bouguettaya, Athman, Noor, Talal H., Sheng, Quan Z., and Bouguettaya, Athman

Published

2014

3. Scalable Availability Model

Author

Noor, Talal H., Sheng, Quan Z., Bouguettaya, Athman, Noor, Talal H., Sheng, Quan Z., and Bouguettaya, Athman

Published

2014

4. Service Trust Management for E-Government Applications

Author

Nepal, Surya, Sherchan, Wanita, Bouguettaya, Athman, Bouguettaya, Athman, editor, Sheng, Quan Z., editor, and Daniel, Florian, editor

Published

2014

5. PSAP: Pseudonym-Based Secure Authentication Protocol for NFC Applications

Author

Peilin Hong, Jie Xu, Kaiping Xue, and Qingyou Yang

Subjects

Trusted service manager, Authentication, business.industry, Computer science, 020206 networking & telecommunications, Public key infrastructure, 02 engineering and technology, Mutual authentication, Communications security, Computer security, computer.software_genre, Public-key cryptography, 0202 electrical engineering, electronic engineering, information engineering, Media Technology, 020201 artificial intelligence & image processing, Session (computer science), Electrical and Electronic Engineering, business, computer, AKA

Abstract

Nowadays, near field communication (NFC) has been widely used in electronic payment, ticketing, and many other areas. NFC security standard requires the use of public key infrastructure (PKI) to implement mutual authentication and session keys negotiation in order to ensure communication security. In traditional PKI-based schemes, every user uses a fixed public/private key pair to implement authentication and key agreement. An attacker can create a profile based on user’s public key to track and compromise the user’s privacy. Recently, He et al. and Odelu et al. successively proposed pseudonym-based authentication key and agreement protocols for NFC after Eun et al. ’s protocol (2013), which is first claimed to provide conditional privacy for NFC. They respectively claimed that their scheme can satisfy the security requirements. In this paper, first, we prove that their protocols still have security flaws, including the confusion of the user’s identity and the random identity. Then, we propose a pseudonym-based secure authentication protocol (PSAP) for NFC applications, which is effective in lifetime and includes time synchronization-based method and nonce-based method. In our scheme, trusted service manager issues pseudonyms but does not need to maintain verification tables and it could reveal the user’s identity of internal attackers. Furthermore, security and performance analysis proves that PSAP can provide traceability and more secure features with a little more cost.

Published

2018

6. A Role-Based Service Level NFC Ecosystem Model.

Author

OK, Kerem, Coskun, Vedat, Ozdenizci, Busra, and Aydin, Mehmet

Subjects

NEAR field communication, RADIO frequency identification systems, WIRELESS communications, MOBILE app development, MOBILE communication systems

Abstract

Near Field Communication (NFC) is a short range wireless communication technology allowing to communicate mobile devices within close proximity. It provides opportunity for service providers to offer various value added services to customers. NFC technology allows the usage of wide range of applications and eliminates the obligation to carry additional components other than the mobile device such as credit or payment cards, tickets, identification cards or keys. Despite its technological advantages over alternative ones, the NFC business ecosystems and services are yet to take off. The problems mainly arise with the business issues triggered by different and mostly conflicting needs of many actors in the ecosystem and several additional technical issues. In this study, by adopting a role-based service ecosystem modeling, we propose an NFC ecosystem model which perfectly specifies the roles in the ecosystem, and defines set of activities for each role, and communication structure. We analyzed NFC ecosystem in three phases as pre-installation, installation, and service usage. We have defined the activities and communication structure in the first two phases, and finally investigated the service usage phase in three different operating modes of NFC. After giving the details of the proposed ecosystem model, two use cases are given to validate the developed ecosystem model. We complete our study by discussing the requirement satisfaction. [ABSTRACT FROM AUTHOR]

Published

2013

7. Survey on key technology development and application in trusted computing

Author

Bo Zhao, Liqiang Zhang, Juan Wang, Yuan Shi, Huanguo Zhang, Guojun Peng, Fajiang Yu, and Fei Yan

Subjects

Trusted service manager, Computer Networks and Communications, Computer science, business.industry, 05 social sciences, 020207 software engineering, Cloud computing, 02 engineering and technology, Trusted Computing, 050905 science studies, Trusted Network Connect, Computer security, computer.software_genre, 0202 electrical engineering, electronic engineering, information engineering, Direct Anonymous Attestation, Key (cryptography), Trusted Platform Module, 0509 other social sciences, Electrical and Electronic Engineering, business, computer, Hengzhi chip

Abstract

Trusted computing, which can effectively increase the credibility of information system, has made great achievements and is in continuous development. For country who is going to strengthen network construction like China, it is an important fundamental supporting technology worth researching. China is in the international forefront in the field of trusted computing. This paper gives comprehensive introductions to the new development and application of key technologies in trusted computing, such as various trusted platform modules (TPM, TCM, TPCM), TCG Software Stack (TSS), trusted cloud server and Trusted Execution Environment (TEE). We illustrate the progressing and application extension of these technologies and also point out some key problems worth studying in the future.

Published

2016

8. An Unlinkable Anonymous Payment Scheme based on near field communication

Author

Jia-Ning Luo, Szu-Yin Huang, and Ming Hour Yang

Subjects

Trusted service manager, General Computer Science, Computer science, business.industry, media_common.quotation_subject, Data_MISCELLANEOUS, Mobile commerce, 020206 networking & telecommunications, 02 engineering and technology, Payment, Computer security, computer.software_genre, Near field communication, Credit card, Control and Systems Engineering, 0202 electrical engineering, electronic engineering, information engineering, Mobile payment, ComputingMilieux_COMPUTERSANDSOCIETY, 020201 artificial intelligence & image processing, Electrical and Electronic Engineering, business, computer, Mobile device, media_common, Anonymity

Abstract

Display Omitted We propose an anonymous mobile payment protocol to protect users' privacy.Using anonymizing schemes to improve anonymity and unlinkability in a mobile transaction.Users can use mobile phones with NFC to perform commercial transactions. A number of mobile payment studies have been proposed in recently years. Most of the schemes are largely focused on transaction security, not on users' privacy. In this paper, we propose an Unlinkable Anonymous Payment Scheme to provide a secure and anonymous mobile commerce environment. In the proposed protocol, a user applies an anonymous virtual credit card from a trusted service manager. The sensitive information of the applied credit card is stored in the secure elements of user's mobile device. Our proposed protocol ensures various imperative security properties such as anonymity, unlinkability, and non-repudiation etc.

Published

2016

9. Untraceable and Anonymous Mobile Payment Scheme Based on Near Field Communication

Author

Raylin Tso

Subjects

Physics and Astronomy (miscellaneous), Computer science, General Mathematics, NFC, 02 engineering and technology, security, Computer security, computer.software_genre, Encryption, mobile payment, Public-key cryptography, 0202 electrical engineering, electronic engineering, information engineering, Computer Science (miscellaneous), Mobile payment, Trusted service manager, Password, Authentication, anonymity, business.industry, lcsh:Mathematics, 020206 networking & telecommunications, lcsh:QA1-939, Chemistry (miscellaneous), EMV-compatible, 020201 artificial intelligence & image processing, business, Database transaction, computer, Anonymity

Abstract

With the developments of mobile communications, M-commerce has become increasingly popular in recent years. However, most M-commerce schemes ignore user anonymity during online transactions. As a result, user transactions may easily be traced by shops, banks or by Internet Service Providers (ISPs). To deal with this problem, we introduce a new anonymous mobile payment scheme in this paper. Our new scheme has the following features: (1) Password-based authentication: authentication of users is done by low-entropy password, (2) Convenience: the new scheme is designed based on near field communication (NFC)-enabled devices and is compatible with EuroPay, MasterCard and Visa (EMV-compatible), (3) Efficiency: users do not need to have their own public/private key pairs and confidentiality is achieved via symmetric-key cryptography, (4) Anonymity: users use virtual accounts in the online shopping processes, thereby preventing attackers from obtaining user information even if the transaction is eavesdropped, (5) Untraceablity: no one (even the bank, Trusted Service Manager (TSM), or the shop) can trace a transaction and link the real identity with the buyer of a transaction, (6) Confidentiality and authenticity: all the transaction is either encrypted or signed by the sender so our new scheme can provide confidentiality and authenticity. We also present the performance and the security comparison of our scheme with other schemes. The results show that our scheme is applicable and has the most remarkable features among the existing schemes.

Published

2018

10. A Trust Rating Model Using Fuzzy Logic in Cloud

Author

Vidhika Vasani and Vipul Chudasama

Subjects

Trusted service manager, business.industry, Computer science, End user, Data_MISCELLANEOUS, Cloud computing, Cloud service provider, Cloud user, business, Computer security, computer.software_genre, Fuzzy logic, computer

Abstract

Cloud computing provides services from the available pool of resources. Even with the available condition, cloud computing can reach the peak of success amongst cloud user. The issue they face is the barrier of trust between the end users for using the given services. Conventional security and protection controls keeps on being executed on cloud; however, because of its liquid and dynamic nature, a testable trust estimate of the cloud is required. This research paper exhibits an analysis of the present trust administration strategies for cloud operations. In this research paper, we proposed a model for trust administration using Fuzzy Logic, which can be beneficial for cloud service providers to select trusted datacenter for consumers.

Published

2018

11. Trusted mobile computing: An overview of existing solutions

Author

Mohamed Amine Bouazzouni, Emmanuel Conchon, Fabrice Peyrard, Réseaux, Mobiles, Embarqués, Sans fil, Satellites (IRIT-RMESS), Institut de recherche en informatique de Toulouse (IRIT), Université Toulouse 1 Capitole (UT1), Université Fédérale Toulouse Midi-Pyrénées-Université Fédérale Toulouse Midi-Pyrénées-Université Toulouse - Jean Jaurès (UT2J)-Université Toulouse III - Paul Sabatier (UT3), Université Fédérale Toulouse Midi-Pyrénées-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique (Toulouse) (Toulouse INP), Université Fédérale Toulouse Midi-Pyrénées-Université Toulouse 1 Capitole (UT1), Université Fédérale Toulouse Midi-Pyrénées, XLIM (XLIM), Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS), Université Toulouse - Jean Jaurès (UT2J), Université Toulouse 1 Capitole (UT1)-Université Toulouse - Jean Jaurès (UT2J)-Université Toulouse III - Paul Sabatier (UT3), Université Fédérale Toulouse Midi-Pyrénées-Université Fédérale Toulouse Midi-Pyrénées-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique (Toulouse) (Toulouse INP), Université Fédérale Toulouse Midi-Pyrénées-Université Toulouse 1 Capitole (UT1)-Université Toulouse - Jean Jaurès (UT2J)-Université Toulouse III - Paul Sabatier (UT3), Mathématiques & Sécurité de l'information (XLIM-MATHIS), Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS)-Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS), Centre National de la Recherche Scientifique - CNRS (FRANCE), Institut National Polytechnique de Toulouse - INPT (FRANCE), Université de Limoges - UNILIM (FRANCE), Université Toulouse III - Paul Sabatier - UT3 (FRANCE), Université Toulouse - Jean Jaurès - UT2J (FRANCE), Université Toulouse 1 Capitole - UT1 (FRANCE), Université de Poitiers (FRANCE), and Institut National Polytechnique de Toulouse - Toulouse INP (FRANCE)

Subjects

[INFO.INFO-AR]Computer Science [cs]/Hardware Architecture [cs.AR], Computer Networks and Communications, Computer science, Overview, Système d'exploitation, Mobile computing, Réseaux et télécommunications, 02 engineering and technology, User Centric Model, computer.software_genre, Encryption, Computer security, law.invention, Secure cryptoprocessor, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], Architectures Matérielles, law, Virtualization, 0202 electrical engineering, electronic engineering, information engineering, Direct Anonymous Attestation, Secure Element (SE), Trusted service manager, Trusted Execution Environment (TEE), business.industry, Mobile Trusted Computing, 020206 networking & telecommunications, Trusted Computing, Trusted Network Connect, Systèmes embarqués, Hardware and Architecture, Security, 020201 artificial intelligence & image processing, Trusted client, [INFO.INFO-ES]Computer Science [cs]/Embedded Systems, Trusted Platform Module, Trusted Platform Module (TPM), [INFO.INFO-OS]Computer Science [cs]/Operating Systems [cs.OS], business, computer, Software, Hengzhi chip

Abstract

International audience; Nowadays, smartphones are able to process large amounts of data enabling the use of applications for personal or professional use. In these contexts, the smartphone needs to process, store and transfer sensitive data in a secure way. Encryption is a commonly used solution to enforce security but the encryption keys it relies on have also to be securely processed and stored. Several research works have investigated these issues and different solutions have been proposed. They can be classified into two main categories: hardware-based solutions (Secure Elements, Trusted Platform Module and Trusted Execution Environments) and software-based solutions (Virtualization Environments). This paper overviews/surveys these two categories highlighting their pros and cons. Examples of trusted computing applications are then provided for each category. Finally, a discussion is provided about trends and perspectives for trusted mobile computing.

Published

2018

12. Secure and Trusted Open CPS Platforms

Author

George Kornaros, Christian Prehofer, Oliver Horst, Alvise Rigo, Nora Koch, Marcello Coppola, and Ernest Wozniak

Subjects

Trusted service manager, Computer science, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Direct Anonymous Attestation, 020206 networking & telecommunications, 02 engineering and technology, Trusted Platform Module, Trusted Network Connect, Computer security, computer.software_genre, computer

Abstract

Cyber-physical systems (CPS) are devices with sensors and actuators which link the physical with the virtual world. There is a strong trend towards open systems, which can be extended during operation by instantly adding functionalities on demand. We discuss this trend in the context of automotive, medical and industrial automation systems. The goal of this chapter is to elaborate the research challenges of ensuring security in these new platforms for such open systems. A main problem is that such CPS apps shall be able to access and modify safety critical device internals. Cyber-physical attacks can affect the integrity, availability and confidentiality in CPS. Examples range from deception based attacks such as false-data-injection, sensor and actuator attacks, replay attacks, and also denial-of-service attacks. Hence, new methods are required to develop an end-to-end solution for development and deployment of trusted apps. This chapter presents the architecture approach and its key components, and methods for open CPS apps, including tool chain and development support.

Published

2018

13. A Development of Trusted Mobile Smart Message Wallet Service Broker (TmSMWSB) Architecture

Author

Kyu Beum Lee and Jong Ok Lee

Subjects

Trusted service manager, Pharming, Computer science, business.industry, Internet privacy, Computer security, computer.software_genre, Phishing, Information and Communications Technology, Broker Pattern, Mobile payment, Message broker, business, computer, Information exchange

Abstract

The rapid advances made in the information and communication technologies have kindled and fueled a fast-paced and widespread shift of information exchange and communication channels between businesses and customers from conventional post and telephone services to mobile-based online services and smartphones. Along with the growing number of smartphone users, an increasing number of people fall victim to new types of financial crimes committed with fraudulent electronic means, such as smishing, pharming, phishing, app/web forgery and fraud, pretending to be a corporate. In this paper, we propose a reliable broker service process providing a communication channel between companies and customers based on the Mobile Wallet (app) on smartphones. The salient features of its process design and implementation are prescreening out fraudulent information and providing customers Smart Wallet-based safe information and services.

Published

2015

14. A novel consumer-centric card management architecture and potential security issues

Author

Konstantinos Markantonakis, Raja Naeem Akram, Damien Sauveron, Smart card Centre [Egham], Royal Holloway [University of London] (RHUL), DMI (XLIM-DMI), XLIM (XLIM), and Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS)-Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Information Systems and Management, Computer science, smart card, 02 engineering and technology, Computer security, computer.software_genre, Theoretical Computer Science, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Artificial Intelligence, MULTOS, 0202 electrical engineering, electronic engineering, information engineering, Multos, Contactless smart card, Card management architecture, User centric smart cards, Trusted service manager, OpenPGP card, business.industry, GlobalPlatform, 020207 software engineering, BasicCard, Smart card application protocol data unit, Computer Science Applications, Java Card, Control and Systems Engineering, 020201 artificial intelligence & image processing, Open Smart Card Development Platform, Smart card, business, computer, Software

Abstract

International audience; Multi-application smart card technology has gained momentum due to the Near Field Communication (NFC) and smart phone revolution. Enabling multiple applications from different application providers on a single smart card is not a new concept. Multi-application smart cards have been around since the late 1990s; however, uptake was severely limited. NFC has recently reinvigorated the multi-application initiative and this time around a number of innovative deployment models are proposed. Such models include Trusted Service Manager (TSM), User Centric Smart Card Ownership Model (UCOM) and GlobalPlatform Consumer-Centric Model (GP-CCM). In this paper, we discuss two of the most widely accepted and deployed smart card management architectures in the smart card industry: GlobalPlatform and Multos. We explain how these architectures do not fully comply with the UCOM and GP-CCM. We then describe our novel flexible consumer-centric card management architecture designed specifically for the UCOM and GP-CCM frameworks, along with ways of integrating the TSM model into the proposed card management architecture. Finally, we discuss four new security issues inherent to any architecture in this context along with the countermeasures for our proposed architecture.

Published

2015

15. Collective action for mobile payment platforms: A case study on collaboration issues between banks and telecom operators

Author

Mark de Reuver, Edgar Verschuur, Fatemeh Nikayin, Harry Bouwman, and Narciso Cerpa

Subjects

Marketing, Trusted service manager, Mass market, Computer Networks and Communications, Corporate governance, Collective action, Authentication (law), Computer Science Applications, Competition (economics), Management of Technology and Innovation, Openness to experience, Mobile payment, Economics, Industrial organization

Abstract

Graphical abstractDisplay Omitted Mobile payment requires collective action between banks and telecom operators.A case study on cooperation between all major Dutch banks and operators is analyzed.Differing strategic objectives between banks and operators hinder collective action.Lack of leadership, authority and commitment hindered collective action.Realizing joint m-payment platforms for banks and operators is highly challenging. Mobile payment has long been discussed but has still not reached mass market in Western societies. Banks and telecom operators often struggle to develop platforms for authorization and authentication of mobile payment services. This paper analyses an in-depth case on collaboration between three major Dutch banks and three Dutch telecom operators who jointly developed a trusted service manager for mobile payment. Collective action theory and platform theory is combined to study the issues of collaboration and competition between banks and operators. We find that differing strategic objectives and interests, conflicts, lack of dependencies and governance issues led to dissolution of the mobile payment platform. These problems partly result from platform characteristics of openness to third parties, governance of relations with third parties and platform competition.

Published

2015

16. DroidPosture: A trusted posture assessment service for mobile devices

Author

Seif Haridi, Sileshi Demesie Yalew, Miguel Correia, and Gerald Q. Maguire Jr.

Subjects

Trusted service manager, 021110 strategic, defence & security studies, Software_OPERATINGSYSTEMS, Computer science, business.industry, 0211 other engineering and technologies, Rootkit, 020206 networking & telecommunications, 02 engineering and technology, computer.software_genre, Computer security, ARM architecture, Software, 0202 electrical engineering, electronic engineering, information engineering, Malware, Android (operating system), business, computer, Mobile device, Hacker

Abstract

Mobile devices such as smartphones are becoming the majority among computing devices. Currently, millions of persons use such devices to store and process personal data. Unfortunately, smartphones running Android are increasingly being targeted by hackers and infected with malware. Anti-malware software is being used to address this situation, but it may be subverted by the same malware it aims to detect. We present DroidPosture, a posture assessment service for Android devices. This service aims to securely evaluate the level of trust we can have on a device (assess its posture) even if the mobile OS is compromised. For that to be possible, DroidPosture is protected using TrustZone, a security extension for ARM processors. DroidPosture is configurable with a set of application and kernel analysis mechanisms that enable detecting malicious applications and rootkits. We implemented a DroidPosture prototype using a hardware board with an ARM processor with TrustZone, and evaluated its performance and security.

Published

2017

17. Establishing Mutually Trusted Channels for Remote Sensing Devices with Trusted Execution Environments

Author

Raja Naeem Akram, Carlton Shepherd, and Konstantinos Markantonakis

Subjects

Trusted service manager, Computer science, Interoperability, 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, Trusted Computing, Computer security, computer.software_genre, Trusted Network Connect, 0202 electrical engineering, electronic engineering, information engineering, Direct Anonymous Attestation, Trusted Platform Module, Resilience (network), computer, Protocol (object-oriented programming)

Abstract

Remote and largely unattended sensing devices are being deployed rapidly in sensitive environments, such as healthcare, in the home, and on corporate premises. A major challenge, however, is trusting data from such devices to inform critical decision-making using standardised trust mechanisms. Previous attempts have focused heavily on Trusted Platform Modules (TPMs) as a root of trust, but these forgo desirable features of recent developments, namely Trusted Execution Environments (TEEs), such as Intel SGX and the GlobalPlatform TEE. In this paper, we contrast the application of TEEs in trusted sensing devices with TPMs, and raise the challenge of secure TEE-to-TEE communication between remote devices with mutual trust assurances. To this end, we present a novel secure and trusted channel protocol that performs mutual remote attestation in a single run for small-scale devices with TEEs. This is evaluated on two ARM development boards hosting GlobalPlatform-compliant TEEs, yielding approximately four-times overhead versus untrusted world TLS and SSH. Our work provides strong resilience to integrity and confidentiality attacks from untrusted world adversaries, facilitates TEE interoperability, and is subjected to mechanical formal analysis using Scyther.

Published

2017

18. Secure Tera-Scale Data Crunching With A Small Tcb

Author

Bruno Vavala, Nuno Neves, and Peter Steenkiste

Subjects

Trusted service manager, Computer science, Data_MISCELLANEOUS, 020206 networking & telecommunications, Hypervisor, 02 engineering and technology, Trusted Computing, computer.software_genre, Trusted Network Connect, Computer security, Trusted computing base, 020204 information systems, Virtual memory, 0202 electrical engineering, electronic engineering, information engineering, Operating system, Direct Anonymous Attestation, Trusted Platform Module, computer

Abstract

Outsourcing services to third-party providers comes with a high security cost—to fully trust the providers. Using trusted hardware can help, but current trusted execution environments do not adequately support services that process very large scale datasets. We present LASTGT, a system that bridges this gap by supporting the execution of self-contained services over a large state, with a small and generic trusted computing base (TCB). LASTGT uses widely deployed trusted hardware to guarantee integrity and verifiability of the execution on a remote platform, and it securely supplies data to the service through simple techniques based on virtual memory. As a result, LASTGT is general and applicable to many scenarios such as computational genomics and databases, as we show in our experimental evaluation based on an implementation of LASTGT on a secure hypervisor. We also describe a possible implementation on Intel SGX.

Published

2017

19. Design of a Secure Location Based Service for Mobile Cloud Applications

Author

Navjeet Kumar and K. Meenakshi Sundaram

Subjects

Trusted service manager, Geotagging, Upload, business.industry, Computer science, Cloud base, Location-based service, Mobile search, Cloud computing, Android (operating system), business, Computer network

Abstract

The impact of Location Based Services (LBS) in the mobile cloud paradigm has been huge. The location based services provide a great backbone to mobile cloud and ease the whole process of communication at a global level. Any location based cloud service is used in order to enhance the user’s accessibility and make the service more user-friendly. Using a cloud base location system can improve the quality of the data storage. The objective is creating a location based mobile cloud application in android platform. This application will be able to geo-tag captured images and upload them onto a cloud. The images that are uploaded in the cloud will be sorted according to their locality. The images in the cloud which are in public mode will be visible to a user when he is in the same locality of the picture’s geo tag.

Published

2017

20. Service Mining for Trusted Service Composition in Cross-Cloud Environment

Author

Jinjun Chen, Chunhua Hu, Taotao Wu, and Wanchun Dou

Subjects

Trusted service manager, Service (business), 020203 distributed computing, Engineering, Operations Research, Computer Networks and Communications, business.industry, Quality of service, Service level requirement, Cloud computing, 02 engineering and technology, Mobile QoS, Computer Science Applications, Control and Systems Engineering, 020204 information systems, Service catalog, 0202 electrical engineering, electronic engineering, information engineering, Data as a service, Electrical and Electronic Engineering, business, Information Systems, Computer network

Abstract

© 2007-2012 IEEE. Nowadays, with the cloud's charismatic storage and computation power, more and more traditional services (social networking service, location-based services, etc.) are being migrated onto cloud platforms. These cloud services on different cloud platforms could be employed to form cross-cloud mobile applications of mobile cyber-physical systems (CPS). However, a cloud service may have various versions of quality of service (QoS) information revealed in different mobile CPS applications, which is often advertised as the elastic computation power. This characteristic makes it costly and time consuming to mine qualified ones from massive candidate cloud services for developing a mobile CPS application, as a service composition solution may have various evaluated values initiated by the various QoS properties. In view of this challenge, a cloud service selection method, named CSSM, is proposed in this paper. It takes the utility value as the evaluation index and aims at finding optimal or near-optimal trusted service composition solutions from a set of cloud services on users' demands. Technically, the user preference on each QoS metric is formalized as the preference interval for enhancing the fitness of a service composition solution. Furthermore, an extended top-k iteration composition process is performed among cloud services to get an optimal or near-optimal trusted service composition solution. Both theoretical analysis and experimental evaluation are conducted to guarantee the feasibility and efficiency of the CSSM.

Published

2017

21. Implementation of a secure USIM COS architecture for mobile payment applications

Author

Juan Wu, Donglai Xu, and Juan Xiao

Subjects

Trusted service manager, Authentication, 010504 meteorology & atmospheric sciences, business.industry, Computer science, Security domain, Certification, 010502 geochemistry & geophysics, computer.software_genre, 01 natural sciences, Identifier, Mobile payment, Operating system, business, Protocol (object-oriented programming), computer, Secure channel, 0105 earth and related environmental sciences, Computer network

Abstract

In this paper, a secure architecture for mobile payment applications is designed, which combines public service platform, Trusted Service Manager(TSM) and Security Element Financial Certification Security Domain(SE FCSD). The architecture interconnects various platforms, authenticates the identity of transaction parties and detects the legality of applications. In the architecture, a more reliable secure channel protocol SCP10 is used to secure the confidentiality and integrity of data. Using NFC Universal Subscriber Identifier Module Card (NFC USIM card) as the hardware platform, a security element supporting the architecture is implemented, and also a USIM Chip Operating System (USIM COS) supporting both financial certification security domain and SCP10 protocol is designed. In order to improve the efficiency of identity authentication of USIM card, a compact digital certification is adopted to improve verification speed and save storage space. The experiment results and security tests show that the USIM COS has advantages of security and reliability , and it has commercial value and has achieved effective mobile payments.

Published

2017

22. Enhancing Trusted Cloud Computing Platform for Infrastructure as aService

Author

H. Kim

Subjects

lcsh:Computer engineering. Computer hardware, General Computer Science, Computer science, Pooling, Data security, Cloud computing, lcsh:TK7885-7895, 02 engineering and technology, Computer security, computer.software_genre, communication system security, Utility computing, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, data security, Trusted service manager, platform virtualization, business.industry, 020206 networking & telecommunications, Trusted Network Connect, Elasticity (cloud computing), Converged infrastructure, authentication, cryptographic protocols, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, computer, lcsh:TK1-9971

Abstract

The characteristics of cloud computing including on-demand self-service, resource pooling, and rapid elasticity have made it grow in popularity. However, security concerns still obstruct widespread adoption of cloud computing in the industry. Especially, security risks related to virtual machine make cloud users worry about exposure of their private data in IaaS environment. In this paper, we propose an enhanced trusted cloud computing platform to provide confidentiality and integrity of the user's data and computation. The presented platform provides secure and efficient virtual machine management protocols not only to protect against eavesdropping and tampering during transfer but also to guarantee the virtual machine is hosted only on the trusted cloud nodes against inside attackers. The protocols utilize both symmetric key operations and public key operations together with efficient node authentication model, hence both the computational cost for cryptographic operations and the communication steps are significantly reduced. As a result, the simulation shows the performance of the proposed platform is approximately doubled compared to the previous platforms. The proposed platform eliminates cloud users' worry above by providing confidentiality and integrity of their private data with better performance, and thus it contributes to wider industry adoption of cloud computing.

Published

2017

23. Succeeding with contactless service innovations - strategic recommendations based on a comparative analysis of mobile business ecosystems in Norway

Author

Joachim Kähler, Arne Munch-Ellingsen, Sigmund Akselsen, Erlend Glück Evensen, Hanne Kristine Hallingby, and Per Jonny Nesse

Subjects

Trusted service manager, Service (business), Short Message Service, business.industry, media_common.quotation_subject, Strategy and Management, Mobile business development, Payment, Management of Technology and Innovation, Mobile payment, Marketing, Business and International Management, Telecommunications, business, Mobile network operator, Mobile service, media_common

Abstract

Contactless communication technology in mobile phones (e.g., near field communication) has a potential to simplify our everyday life by enabling services like mobile payment, ticketing and information sharing services. The recommendations in this paper are based on a comparative case study of previous mobile service ecosystems used in Norway. The findings of this study add insights into key success factors for the mobile network operator during the different business ecosystem evolutionary stages. The recommendations include the fact that mobile network operators can succeed in kick-starting contactless mobile payment services by taking a role as a trusted service manager, focusing on establishing the ecosystem and contactless payment service together with partners in the bank sector. Furthermore, in an expansion phase the mobile network operator must open up for collaboration and connect with a portfolio of aggregators, merchants and third party niche players offering secure and high quality services and applications. © 2017. This is the authors' accepted and refereed manuscript to the article. The final authenticated version is available online at: http://www.inderscience.com/storage/f511612417398210.pdf

Published

2017

24. Trusted Integrated Circuits: The Problem and Challenges

Author

Yici Cai, Yongqiang Lv, Gang Qu, and Qiang Zhou

Subjects

Trusted service manager, Hardware security module, Authentication, Computer science, business.industry, Enterprise information security architecture, Computer security, computer.software_genre, Computer Science Applications, Theoretical Computer Science, Computational Theory and Mathematics, Trusted computing base, Hardware and Architecture, Hardware Trojan, Software security assurance, Direct Anonymous Attestation, Trusted Platform Module, business, computer, Software, Hengzhi chip, Computer network

Abstract

Hardware security has become more and more important in current information security architecture. Recently collected reports have shown that there may have been considerable hardware attacks prepared for possible military usage from all over the world. Due to the intrinsic difference from software security, hardware security has some special features and challenges. In order to guarantee hardware security, academia has proposed the concept of trusted integrated circuits, which aims at a secure circulation of IC design, manufacture and chip using. This paper reviews the main problems of trusted integrated circuits, and concludes four key domains of the trusted IC, namely the trusted IC design, trusted manufacture, trusted IP protection, and trusted chip authentication. The main challenges in those domains are also analyzed based on the current known techniques. Finally, the main limitations of the current techniques and possible future trends are discussed.

Published

2014

25. Mobile Trusted Computing

Author

Jan-Erik Ekberg, Carlos V. Rozas, Kari Kostiainen, Steffen Schulz, Christian Wachsmann, Nadarajah Asokan, Ahmad-Reza Sadeghi, and Anand Rajan

Subjects

Trusted service manager, Computer science, Mobile computing, 020206 networking & telecommunications, 02 engineering and technology, Trusted Computing, Computer security, computer.software_genre, Trusted Network Connect, law.invention, law, 0202 electrical engineering, electronic engineering, information engineering, Direct Anonymous Attestation, 020201 artificial intelligence & image processing, Trusted client, Trusted Platform Module, Electrical and Electronic Engineering, computer, Hengzhi chip

Abstract

Trusted computing technologies for mobile devices have been researched, developed, and deployed over the past decade. Although their use has been limited so far, ongoing standardization may change this by opening up these technologies for easy access by developers and users. In this survey, we describe the current state of trusted computing solutions for mobile devices from research, standardization, and deployment perspectives.

Published

2014

26. The Untapped Potential of Trusted Execution Environments on Mobile Devices

Author

Jan-Erik Ekberg, Kari Kostiainen, and Nadarajah Asokan

Subjects

Trusted service manager, Computer Networks and Communications, Computer science, business.industry, Mobile computing, Usability, Mobile Web, Cryptography, Trusted Network Connect, Computer security, computer.software_genre, Mobile station, Mobile search, Mobile technology, Electrical and Electronic Engineering, business, Law, computer, Mobile device

Abstract

Hardware-based trusted execution environments (TEEs) have been available in mobile devices for more than a decade, but their use has been limited. The On-board Credential system safely opens up TEEs so application developers can use their functionality to improve security and usability.

Published

2014

27. Label's Verification Technology of Gateway Based on Trusted Label

Author

Yu Wang and Yu Duan

Subjects

Trusted service manager, Engineering, business.industry, Data_MISCELLANEOUS, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, General Engineering, Gateway (computer program), Computer security, computer.software_genre, Trusted Network Connect, law.invention, law, Direct Anonymous Attestation, The Internet, Trusted client, Trusted Platform Module, business, computer, Hengzhi chip, Computer network

Abstract

Trusted Network is a new research direction of the Internet. On the basis of trusted LAN, this study puts forward a trusted label of the trusted terminal, which can solve the DDOS attack efficiently and control the abnormal flow easily in the trusted LAN. In addition, it proposes the label’s verification technology, so as to ensure the execution efficiency of some real-time business in the gateway. Above all, the trusted label and the verification technology make the LAN more controllable and safer.

Published

2014

28. Study on Quality of Service Based on Trusted Computing

Author

Dan Ning Li, Xin Qiang Ma, You Yuan Liu, and Yi Huang

Subjects

Trusted service manager, Process management, Computer science, business.industry, Business process, Service design, Quality of service, Service level objective, Services computing, Access control, General Medicine, Mobile QoS, Trusted Computing, Information security, Service provider, Computer security, computer.software_genre, law.invention, Utility computing, law, Information system, Trusted client, Web service, business, computer

Abstract

Trusted computing is a hot topic of information security technology research nowadays. It was developed based on computing and Information Systems. At the same time, business processes for e-commerce and Web service applications, suppliers and customers define a binding agreement or contract between the two parties, specifying quality of service (QoS) items such as products or services to be delivered, deadlines, quality of products, and cost of services. The management of QoS metrics directly impacts the success of organizations participating in e-commerce. In this paper, we discuss the present situation about QoS in the environment of trusted computing. It describes the factors related to each attribute, as well as possible tradeoffs and existing efforts to achieve that quality. The paper also discusses key issues in services level agreements that are used to contract the level of services quality between service providers and users.

Published

2014

29. A trusted measurement scheme suitable for the clients in the trusted network

Author

Bei Gong, Changxiang Shen, Xiaolie Ye, and Jianbiao Zhang

Subjects

Trusted service manager, Computer Networks and Communications, business.industry, Network security, Computer science, Access control, Trusted Computing, Computer security, computer.software_genre, Trusted Network Connect, Direct Anonymous Attestation, Trusted Platform Module, Electrical and Electronic Engineering, Trusted timestamping, business, computer, Computer network

Abstract

The trusted network connection is a hot spot in trusted computing field and the trust measurement and access control technology are used to deal with network security threats in trusted network. But the trusted network connection lacks fine-grained states and real-time measurement support for the client and the authentication mechanism is difficult to apply in the trusted network connection, it is easy to cause the loss of identity privacy. In order to solve the above-described problems, this paper presents a trust measurement scheme suitable for clients in the trusted network, the scheme integrates the following attributes such as authentication mechanism, state measurement, and real-time state measurement and so on, and based on the authentication mechanism and the initial state measurement, the scheme uses the real-time state measurement as the core method to complete the trust measurement for the client. This scheme presented in this paper supports both static and dynamic measurements. Overall, the characteristics of this scheme such as fine granularity, dynamic, real-time state measurement make it possible to make more fine-grained security policy and therefore it overcomes inadequacies existing in the current trusted network connection.

Published

2014

30. Study on the Trusted Operating Technology for Mobile E-Commerce System Secure

Author

Hong Feng Xu and Gui Xian Zhou

Subjects

Trusted service manager, Engineering, business.industry, Mobile Web, General Medicine, E-commerce, computer.software_genre, Trusted Network Connect, Computer security, Direct Anonymous Attestation, Web application, Web service, Chinese wall, business, computer

Abstract

Mobile e-commerce systems are the big trend of international economy and social development now days, and also the key process of industry upgrade, industrialization and modernization in our country. Mobile e-commerce systems are considered as the backbone of the manufacturing industry in China, Vulnerabilities in web applications continue to be the most frequently discovered security problem. This article illustrates a trusted operating systems how to provide a flexible solution to the problem of application for e-commerce. With the help of Chinese Wall, web services are becoming popular in Web applications. In the end, we present strategies for e-commerce application: trusted e-commerce module.

Published

2014

31. Secure solution of trusted Internet of things base on TCM

Author

Qiu-xin Wu and Han Li

Subjects

Trusted service manager, Computer Networks and Communications, business.industry, Computer science, Cryptography, Trusted Computing, Computer security model, Trusted Network Connect, Computer security, computer.software_genre, Secure cryptoprocessor, Signal Processing, Direct Anonymous Attestation, Trusted Platform Module, business, computer, Information Systems, Computer network

Abstract

This paper firstly analyzes the background of the Internet of things (IoT) and describes the trusted computing technologies concept about trusted cryptography modules (TCM), then describes its basic hierarchy and gives a basic security model based on a simple IoT system. And based on this security model, a secure solution of trusted IoT has been built by using the TCM-based technology, and it covers secure boot, secure storage, platform metrics and trusted reports, key functions, and then gives the protocol design with these functions. After analysis results, the solution can provide safeguard of security and trustworthy for their development and application.

Published

2013

32. Protocol for trusted channel based on portable trusted module

Author

Li Meihong, Zhang Dawei, Jiang Yichen, Du Ye, and Han Zhen

Subjects

Trusted service manager, Computer Networks and Communications, business.industry, Computer science, Data_MISCELLANEOUS, Trusted Computing, Trusted Network Connect, law.invention, Trusted path, law, Direct Anonymous Attestation, Trusted client, Trusted Platform Module, Electrical and Electronic Engineering, Trusted timestamping, business, Computer network

Abstract

Web-based e-commerce applications need a trusted channel, which provides confidential communication, identity authentication and integrity assurance of endpoints, to guarantee the security of electronic transactions. A user-oriented trusted computing system based on Portable Trusted Module (PTM) is presented. Remote attestation is incorporated into Transport Layer Security (TLS) handshake protocol based on PTM so as to establish a trusted channel between two endpoints in network. This protocol can resist masquerading, trusted path and runtime attacks and propagate the trust in the computing system to the end user effectively. The test results of our proof-of-concept prototype show that our protocol for trusted channel is feasible for deployment in e-commerce applications on the Internet.

Published

2013

33. Study on the Design of Trusted Secure Cloud System Structure

Author

Xue Li Wang

Subjects

Trusted service manager, Structure (mathematical logic), Cloud computing security, Computer science, Cloud systems, Data_MISCELLANEOUS, Real-time computing, Frame (networking), General Medicine, Trusted Computing, Trusted Network Connect, Computer security, computer.software_genre, Direct Anonymous Attestation, computer

Abstract

The ordinary cloud system is confronted with various threats in trust and security perspective, which have influenced the extensive use of cloud system. Aiming at the defects in the trusted secure design of the ordinary cloud system frame, a trusted secure cloud system has been designed.

Published

2013

34. Ensuring a Secure Supply Chain For Trusted Systems and Networks

Author

Paul Popick

Subjects

Trusted service manager, Computer science, Supply chain, Trusted Network Connect, Computer security, computer.software_genre, computer

Published

2013

35. Web Service System Structure based on Trusted Computing Platform

Author

Feng Xu and Hongxu Ma

Subjects

Trusted service manager, Computer science, Trusted Computing, computer.software_genre, Computer security, Trusted Network Connect, Theoretical Computer Science, law.invention, Computational Theory and Mathematics, Trusted computing base, Artificial Intelligence, law, Direct Anonymous Attestation, Trusted client, Trusted Platform Module, Web service, computer, Software

Abstract

By introducing trusted computing techniques into web service security mechanisms, a web service security framework based on trusted computing platform is proposed. It changes the original passive defense mechanism into active one. Combining the integrity of terminal platform and the trustiness of platform's identity, the measuring mechanism can effectively resist the security threats from “malicious terminal” and “risky terminal”. “Trusted Connection Layer” in the framework bridges upper web application and the user. Trusted web access is achieved by adding Access Requester (AR) and Trusted Service Decision Point (TSDP) into the system.

Published

2013

36. Study on Trusted Access Model Based on User Behavior

Author

Xu Chunxiang, Yan Lili, Chang Yan, and Zhang Shi-Bin

Subjects

Trusted service manager, General Computer Science, business.industry, Computer science, Internet privacy, Computer security, computer.software_genre, Trusted Network Connect, law.invention, law, Direct Anonymous Attestation, Trusted client, business, computer

Published

2013

37. ◾ Cloud Security Access Control: Distributed Access Control

Author

Daniel S. Soper

Subjects

Trusted service manager, Negotiation, Cloud computing security, Computer science, media_common.quotation_subject, Direct Anonymous Attestation, Trusted Platform Module, Trusted Network Connect, Computer security, computer.software_genre, computer, media_common

Published

2016

38. Secure and Trusted Execution: Past, Present, and Future - A Critical Review in the Context of the Internet of Things and Cyber-Physical Systems

Author

Ghada Arfaoui, Carlton Shepherd, Iakovos Gurulian, Konstantinos Markantonakis, Emmanuel Conchon, Robert P. Lee, Raja Naeem Akram, Damien Sauveron, Mathématiques & Sécurité de l'information (XLIM-MATHIS), XLIM (XLIM), and Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS)-Université de Limoges (UNILIM)-Centre National de la Recherche Scientifique (CNRS)

Subjects

Trusted service manager, Emulation, Computer science, Cyber-physical system, 020206 networking & telecommunications, Context (language use), 02 engineering and technology, Trusted Computing, Virtualization, computer.software_genre, Computer security, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], [INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI], 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Trusted Platform Module, Java Card, computer, ComputingMilieux_MISCELLANEOUS

Abstract

Notions like security, trust, and privacy are crucial in the digital environment and in the future, with the advent of technologies like the Internet of Things (IoT) and Cyber-Physical Systems (CPS), their importance is only going to increase. Trust has different definitions, some situations rely on real-world relationships between entities while others depend on robust technologies to gain trust after deployment. In this paper we focus on these robust technologies, their evolution in past decades and their scope in the near future. The evolution of robust trust technologies has involved diverse approaches, as a consequence trust is defined, understood and ascertained differently across heterogeneous domains and technologies. In this paper we look at digital trust technologies from the point of view of security and examine how they are making secure computing an attainable reality. The paper also revisits and analyses the Trusted Platform Module (TPM), Secure Elements (SE), Hypervisors and Virtualisation, Intel TXT, Trusted Execution Environments (TEE) like GlobalPlatform TEE, Intel SGX, along with Host Card Emulation, and Encrypted Execution Environment (E3). In our analysis we focus on these technologies and their application to the emerging domains of the IoT and CPS.

Published

2016

39. Secure Identification of Actively Executed Code on a Generic Trusted Component

Author

Nuno Neves, Bruno Vavala, and Peter Steenkiste

Subjects

Trusted service manager, Source code, business.industry, Computer science, media_common.quotation_subject, 020206 networking & telecommunications, 020207 software engineering, Code Access Security, 02 engineering and technology, Trusted Computing, Trusted Network Connect, computer.software_genre, law.invention, Trusted computing base, law, 0202 electrical engineering, electronic engineering, information engineering, Direct Anonymous Attestation, Operating system, Trusted client, business, computer, Computer network, media_common

Abstract

Code identity is a fundamental concept for authenticated operations in Trusted Computing. In today's approach, the overhead of assigning an identity to a protected service increases linearly with the service code size. In addition, service code size continues to grow to accommodate richer services. This trend negatively impacts either the security or the efficiency of current protocols for trusted executions. We present an execution protocol that breaks the dependency between the code size of the service and the identification overhead, without affecting security, and that works on different trusted components. This is achieved by computing an identity for each of the code modules that are actually executed, and then building a robust chain of trust that links them together for efficient verification. We implemented and applied our protocol to a widely-deployed database engine, improving query-processing time up to 2× compared to the monolithic execution of the engine.

Published

2016

40. IoTEE-An integrated framework for rapid trusted IOT application development

Author

Yadav Anil, Nitin Rakesh, Sujata Pandey, and Rajat Kumar Singh

Subjects

Trusted service manager, Authentication, business.industry, Computer science, Data_MISCELLANEOUS, 05 social sciences, 02 engineering and technology, Encryption, Trusted Network Connect, Secure communication, Server, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, Direct Anonymous Attestation, 050211 marketing, 020201 artificial intelligence & image processing, Trusted Platform Module, business, Computer network

Abstract

In this paper, needs of trusted IOT application are identified and a methodology is proposed to create a framework "IoTEE" for rapid prototyping of secure, trusted and commercial IOT applications in absence of hardware. This has been done by analysis of requirements of a sample trusted IOT application heartbeat sensor (hbs), classification of bhs services and their decomposition into trusted and non-trusted components. Furthermore, the methodology includes algorithm design for services like registration, authentication, authorization and secure communication in the proposed framework. Detailed operation sequence of the algorithms is also depicted to understand the overall switching scenario between trusted and non-trusted components of application. Finally, a dynamic deployment structure is created to enable and disable the trusted components in the framework.

Published

2016

41. Using Trusted Platform Module (TPM) to Secure Business

Author

Halabi Hasbullah and Irshad Ahmed Sumra

Subjects

Trusted service manager, Secure cryptoprocessor, Direct Anonymous Attestation, Trusted Platform Module, Business, Computer security, computer.software_genre, Intelligent transportation system its, computer, Hengzhi chip

Published

2016

42. Research and Design of Trusted Computing Platform

Author

Qi-jie Tang, Xiao-gang He, Mao-lin Deng, Yun-ting Zhou, Yu-hai Chong, and Feng-zhu Ji

Subjects

Trusted service manager, Engineering, Process (engineering), business.industry, Data_MISCELLANEOUS, Trusted Computing, Trusted Network Connect, Computer security, computer.software_genre, law.invention, law, Direct Anonymous Attestation, Trusted client, Trusted Platform Module, business, computer, Hengzhi chip

Abstract

With the development of trusted computing, trusted computing model and trusted computing platforms are constantly changing, and becoming more and more perfect. In terms of the hardware platform, the trusted computing technology has been gradually matured. Many companies and businesses solve security problems by using trusted technologies. Trusted computing technology focuses on such as hardware, operating system and other aspects, wishing to build a complete, credible and reliable trusted platform. In this paper, the structure of the trusted platform has been described. Focus on Protected Capabilities, Integrity Measurement and Attestation which are the representative characteristics, some analysis and researches have been proposed. And analyze the main parts and priorities of the designing process of trusted platforms.

Published

2016

43. Secure Application Execution in Mobile Devices

Author

Mehari G. Msgna, Houda Ferradi, Konstantinos Markantonakis, and Raja Naeem Akram

Subjects

010302 applied physics, Trusted service manager, Computer science, 02 engineering and technology, Enterprise information security architecture, Trusted Network Connect, Computer security, computer.software_genre, 01 natural sciences, 020202 computer hardware & architecture, Secure cryptoprocessor, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, Direct Anonymous Attestation, Trusted Platform Module, Android (operating system), Mobile device, computer

Abstract

Smart phones have rapidly become hand-held mobile devices capable of sustaining multiple applications. Some of these applications allow access to services including healthcare, financial, online social networks and are becoming common in the smart phone environment. From a security and privacy point of view, this seismic shift is creating new challenges, as the smart phone environment is becoming a suitable platform for security- and privacy-sensitive applications. The need for a strong security architecture for this environment is becoming paramount, especially from the point of view of Secure Application Execution SAE. In this chapter, we explore SAE for applications on smart phone platforms, to ensure application execution is as expected by the application provider. Most of the proposed SAE proposals are based on having a secure and trusted embedded chip on the smart phone. Examples include the GlobalPlatform Trusted Execution Environment, M-Shield and Mobile Trusted Module. These additional hardware components, referred to as secure and trusted devices, provide a secure environment in which the applications can execute security-critical code and/or store data. These secure and trusted devices can become the target of malicious entities; therefore, they require a strong framework that will validate and guarantee the secure application execution. This chapter discusses how we can provide an assurance that applications executing on such devices are secure by validating the secure and trusted hardware.

Published

2016

44. An Application-Oriented Efficient Encapsulation System for Trusted Software Development

Author

Jing Zhan, Chunzi Chen, Mo Li, Jun Hu, and Zheng Tao

Subjects

Trusted service manager, Computer science, business.industry, Data_MISCELLANEOUS, Software development, Trusted Computing, Trusted Network Connect, law.invention, law, Embedded system, Direct Anonymous Attestation, Trusted client, Trusted Platform Module, business, Hengzhi chip

Abstract

Trusted computing provides an efficient and practical way out for system security problems based on a trusted hardware, namely the root of trust, e.g., Trusted Platform Module TPM, Trusted Cryptographic Module TCM, Trusted Platform Control Module TPCM, so on and so forth. However, current applications calling for trusted functions have to use either the user-space trusted interfaces e.g., Trusted Software Stack TSS API or to implement customized APIs on top of the trusted hardware driver; both of them are well known of steep learning curve, which indicates error prone and low-efficient development and complex maintenance for the application of trusted software. This paper presents a new trusted encapsulation architecture and the proof-of-concept system with the aim to mitigate the gap between the current obscure trusted APIs and the actual trusted applications for trusted software development. Our system can provide high-level and much simplified trusted transaction interfaces for user applications, which can rapidly reduce the development and maintenance work for the developers and users without too much performance costs. We also present a secure remote login use-case using mainly the binding and unbinding trusted functions of our trusted encapsulation architecture.

Published

2016

45. seTPM: Towards Flexible Trusted Computing on Mobile Devices Based on GlobalPlatform Secure Elements

Author

Sergej Proskurin, Georg Sigl, and Michael Weiβ

Subjects

Trusted service manager, business.industry, Computer science, Trusted Computing, Cryptographic protocol, computer.software_genre, Embedded system, Operating system, Trusted Platform Module, Android (operating system), Java Card, business, Mobile device, computer, Hengzhi chip

Abstract

Insufficiently protected mobile devices present a ubiquitous threat. Due to severe hardware constraints, such as limited printed circuit board area, hardware-based security as proposed by the Trusted Computing Group is usually not part of mobile devices, yet. We present the design and implementation of seTPM, a secure element based TPM, utilizing Java Card technology. seTPM establishes trust in mobile devices by enabling Trusted Computing based integrity measurement services, such as IMA for Linux. Our prototype emulates TPM functionality on a GlobalPlatform secure element, which allows seamless integration into the Trusted Software Stack of Linux-based mobile operating systems like Android. With our work, we provide a solution to run Trusted Computing based security protocols while supplying a similar security level as provided by hardware TPM chips. In addition, due to the flexible design of the seTPM, we further increase the security level as we are able to selectively replace the outdated SHA-1 hash algorithm of TPM 1.2 specification by the present Keccak algorithm. Further, our architecture comprises hybrid support for the TPM 1.2 and TPM 2.0 specifications to simplify the transition towards the TPM 2.0 standard.

Published

2016

46. Research on Trusted Bootstrap Based on the Universal Smart Card

Author

Lin Yan and Jianbiao Zhang

Subjects

Trusted service manager, Computer science, Data_MISCELLANEOUS, Trusted Computing, Computer security, computer.software_genre, Trusted Network Connect, law.invention, law, Operating system, Direct Anonymous Attestation, Trusted client, Trusted Platform Module, Trusted timestamping, computer, Hengzhi chip

Abstract

The trusted boot is a hot spot in trusted computing field. User's identity authentication and trusted measurement are used to deal with security threats. But it is difficult to implement the general trusted boot based on hardware, which can be bypassed easily by software. In order to solve the above problem, a scheme of trusted boot is presented based on the universal smart card. It does not change the hardware and the firmware of the smart card and the terminal device. The core method combines user's identity authentication with trusted measurement. It binds user's identity, smart card and terminal device to ensure the trusted boot of terminal device. The trusted computing mechanism can be extended from power on to the application layer. Ultimately, experiments prove the security of boot and simplification of the implementation.

Published

2016

47. A Trusted Mobile Interaction in Ubiquitous Networks

Author

Zhang Hong, Zhan Guosheng, Li Qianmu, Hou Jun, and Qi Yong

Subjects

Trusted service manager, General Computer Science, Computer science, business.industry, Mobile computing, Ubiquitous network, business, Mobile interaction, Computer network

Published

2012

48. The Implementation of Trusted Computing Based Network Trusted Management Information System

Author

Hui Hong Lu

Subjects

Trusted service manager, business.industry, Computer science, General Engineering, Trusted Computing, Trusted Network Connect, Computer security, computer.software_genre, law.invention, Management information systems, Network management, Trusted computing base, law, Direct Anonymous Attestation, Information system, Trusted client, Trusted Platform Module, business, computer

Abstract

In this paper, the application of Trusted Computing Platform is discussed. It is pointed out that the purpose of network management information system by trusted Computing platform is to set up a trusted network system. Based on the analysis of the environment of the trusted network information management system, we employ a trusted computing model in the information system of graduate student at our university. The implementation of network trusted management information system indicates that this method will improve the security of information system.

Published

2012

49. A Layered Trusted Computing Platform Module with Unified Deployment on Server

Author

Cai Dong Gu, Jing Bo Yang, Yu Jiang, and Ping Ping Shen

Subjects

Trusted service manager, Computer science, business.industry, General Engineering, Local area network, Trusted Computing, Trusted Network Connect, law.invention, law, Embedded system, Direct Anonymous Attestation, Trusted client, Trusted Platform Module, business, Hengzhi chip

Abstract

This paper discusses the trusted computing model which is based on existing computer network. The present trusted computing platform has to make big changes on personal pc hardware system in order to realize the trusted computing platform module on pc mainboard or hardware. To solve this, here presents a layered trusted computing platform module, which replaces the original trusted computing platform module with implemented modules on server. The prototype model ensures the trust measurement being implemented on any logical layers of the trusted platform with making a complete trust chain from the beginning of the boot stage of the client operating system. By creating a trusted computer platform with all the computers in the system, real trustworthiness in the entire local area network can be realized.

Published

2012

50. Trusted Dynamic Self-confidence Migration of Cloud Service

Author

Changxiang Shen, Yu Guo, and Jiqiang Liu

Subjects

Trusted service manager, Self-confidence, General Computer Science, Computer science, business.industry, media_common.quotation_subject, Cloud computing, business, Computer security, computer.software_genre, computer, media_common

Published

2012