Advertisement

Abstract

Trusted Computing is a security base technology that will perhaps be ubiquitous in a few years in personal computers and mobile devices alike. Despite its neutrality with respect to applications, it has raised some privacy concerns. We show that trusted computing can be applied for service access control in a manner protecting users’ privacy. We construct a ticket system, a concept at the heart of Identity Management, relying solely on the capabilities of the trusted platform module and the Trusted Computing Group’s standards. Two examples show how it can be used for pseudonymous, protected service access.

Keywords

Reputation System Trust Platform Module Digital Right Management Trust Computing Trust Agent 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Massachusetts Institute of Technology: Kerberos: The Network Authentication Protocol, http://web.mit.edu/kerberos
  2. 2.
    Trusted Computing Group: TCG TPM specification version 1.2 revision 94. Technical report, TCG (2006)Google Scholar
  3. 3.
    Trusted Computing Group: TCG Infrastructure Working Group Reference Architecture for Interoperability (Part I) V. 1.0 Rev. 1. TCG (2005)Google Scholar
  4. 4. Trusted Computing Group: TCG Mobile Trusted Module Specification. Specification version 0.9 Revision 1. Technical report, TCG (2006)Google Scholar
  5. 5.
    Chaum, D., van Heyst, E.: Group signatures. In Davies, D., ed.: Advances in Cryptology — EUROCRYPT’ 91. Volume 547 of Lecture Notes in Computer Science, Berlin, Heidelberg, Springer-Verlag (1991) 257–265Google Scholar
  6. 6.
    Kuntze, N., Schmidt, A.U.: Transitive trust in mobile scenarios. In Müller, G., ed.: Proceedings of the International Conference on Emerging Trends in Information and Communication Security (ETRICS 2006). Volume 3995 of Lecture Notes in Computer Science (LNCS), Springer-Verlag (2006) 73–85Google Scholar
  7. 7.
    Kuntze, N., Schmidt, A.U.: Trusted computing in mobile action. In Venter, H.S., Eloff, J.H.P., Labuschagne, L., Rloff, M.M., eds.: Proceedings of the Information Security South Africa (ISSA) Conference (2006)Google Scholar
  8. 8.
    Kuntze, N., Schmidt, A.U.: Employing Trusted Computing for the forward pricing of pseudonyms in reputation systems. Workshop Virtual Goods at the Conference AXMEDIS 2006, Leeds, UK, 13.-15. Dec. 2006Google Scholar
  9. 9.
  10. 10.
    Bakos, Y.: The emerging role of electronic marketplaces on the internet. Commun. ACM 41 (1998) 35–42CrossRefGoogle Scholar
  11. 11.
    Resnick, P., Kuwabara, K., Zeckhauser, R., Friedman, E.: Reputation systems. Communications of the ACM 43 (2000) 45–48CrossRefGoogle Scholar
  12. 12.
    Axelrod, R.: The Evolution of Cooperation. Basic Books, New York (1984)Google Scholar
  13. 13.
    Dellarocas, C: Immunizing online reputation reporting systems against unfair ratings and discriminatory behavior. In: ACM Conference on Electronic Commerce. (2000) 150–157Google Scholar
  14. 14.
    Douceur, J.R.: The sybil attack. In Druschel, P., Kaashoek, F., Rowstron, A., eds.: Peer-to-Peer Systems: First Internationalworkshop, IPTPS 2002 Cambridge, MA, USA, March 7-8, 2002. Volume 2429 of Lecture Notes in Computer Science, Springer-Verlag (2002) 251–260Google Scholar
  15. 15.
    Friedman, E.J., Resnick, P.: The social cost of cheap pseudonyms. Journal of Economics & Management Strategy 10(2001) 173–199CrossRefGoogle Scholar
  16. 16.
    Dellarocas, C: Sanctioning reputation mechanisms in online trading environments with moral hazard. MIT Sloan Working Paper No. 4297-03 (2004)Google Scholar
  17. 17.
    Cheng, A., Friedman, E.: Sybilproof reputation mechanisms. In: P2PECON’ 05: Proceeding of the 2005 ACM SIGCOMM workshop on Economics of peer-to-peer systems, ACM Press (2005) 128–132Google Scholar
  18. 18.
    Buttyan, L., Hubaux, J.P.: Accountable anonymous access to services in mobile communication systems. In: Proceedings of the 18th IEEE Symposium on Reliable Distributed Systems. (1999) 384–389Google Scholar
  19. 19.
    Zieglera, G., Farkas, C, Lõrincz, A.: A framework for anonymous but accountable self-organizing communities. Inform, and Software Technol. bd48 (2006) 726–744CrossRefGoogle Scholar
  20. 20.
    Trusted Computing Group: Mobile Phone Working Group Use Case Scenarios — v 2.7. Technical report, TCG (2005)Google Scholar
  21. 21.
    Open Mobile Alliance: Push architecture, draft version 2.2 — 20 jan 2006. oma-ad-push-v2_2-20060120-d. Technical report, Open Mobile Alliance (2006)Google Scholar

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Nicolai Kuntze
    • 1
  • Andreas U. Schmidt
    • 1
  1. 1.Fraunhofer-Institute for Secure Information Technology SITDarmstadtGermany

Personalised recommendations