Skip to main content
SpringerLink
Log in

Trusted Mobile Platforms

  • Conference paper
Foundations of Security Analysis and Design IV (FOSAD 2007, FOSAD 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4677))

Abstract

This article addresses two main topics. Firstly, we review the operation of trusted computing technology, which now appears likely to be implemented in future mobile devices (including mobile phones, PDAs, etc.). Secondly, we consider the possible applications of this technology in mobile devices, and how these applications can be supported using trusted computing technology. We focus in particular on three mobile applications, namely OMA DRM, SIMLock, and software download.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. TCG: TCG Specification Architecture Overview. TCG Specification Version 1.2, The Trusted Computing Group (TCG), Portland, Oregon, USA (April 2003)

    Google Scholar 

  2. Grawrock, D.: The Intel Safer Computing Initiative. Intel Press, Oregon (2006)

    Google Scholar 

  3. Proudler, G.: Concepts of trusted computing. In: Mitchell, C.J. (ed.) Trusted Computing. IEE Professional Applications of Computing Series 6. The Institute of Electrical Engineers (IEE), London, UK, pp. 11–27 (April 2005)

    Google Scholar 

  4. Pearson, S. (ed.): Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall, Upper Saddle River, New Jersey (2003)

    Google Scholar 

  5. Gollmann, D.: Computer Security, 2nd edn. John Wiley and Sons Ltd., Chichester (2005)

    Google Scholar 

  6. Pfleeger, C.P.: Security in Computing, 2nd edn. Prentice Hall PTR, Upper Saddle River, NJ (1997)

    Google Scholar 

  7. Department of Defense: DoD 5200.28-STD: Department of Defense Trusted Computer System Evaluation Criteria (1985)

    Google Scholar 

  8. IBM: PCI Cryptographic Processor: CCA Basic Services Reference and Guide, Release 2.41 (September 2003)

    Google Scholar 

  9. Dent, A.W., Mitchell, C.J.: User’s Guide to Cryptography and Standards. Artech House, Boston, MA (2005)

    MATH  Google Scholar 

  10. Pearson, S.: Trusted computing platforms, the next security solution. Technical Report HPL-2002-221, Hewlett-Packard Laboratories (November 2002), Available at http://www.hpl.hp.com/techreports/

  11. Varadharajan, V.: Trustworthy computing. In: Zhou, X., Su, S., Papazoglou, M.M.P., Orlowska, M.E., Jeffery, K.G. (eds.) WISE 2004. LNCS, vol. 3306, pp. 13–16. Springer, Heidelberg (2004)

    Google Scholar 

  12. Felten, E.W.: Understanding trusted computing: Will its benefits outweigh its drawbacks? IEEE Security & Privacy 1(3), 60–62 (2003)

    Article  Google Scholar 

  13. Balacheff, B., Chen, L., Pearson, S., Proudler, G., Chan, D.: Computing platform security in cyberspace. Information Security Technical Report 5(1), 54–63 (2000)

    Article  Google Scholar 

  14. Chen, L., Pearson, S., Proudler, G., Chan, D., Balacheff, B.: How can you trust a computing platform? In: Proceedings of Information Security Solutions Europe (ISSE 2000) (2000)

    Google Scholar 

  15. TCG: TPM Main, Part 1: Design Principles. TCG Specification Version 1.2 Revision 94, The Trusted Computing Group (TCG), Portland, Oregon, USA (March 2006)

    Google Scholar 

  16. TCG: TPM Main, Part 2: TPM Data Structures. TCG Specification Version 1.2 Revision 94, The Trusted Computing Group (TCG), Portland, Oregon, USA (March 2006)

    Google Scholar 

  17. TCG: TPM Main, Part 3: Commands. TCG Specification Version 1.2 Revision 94, The Trusted Computing Group (TCG), Portland, Oregon, USA (March 2006)

    Google Scholar 

  18. TCG: TCG Software Stack (TSS) Specification. TCG Specification Version 1.2 Level 1, The Trusted Computing Group (TCG), Portland, Oregon, USA (January 2006)

    Google Scholar 

  19. Chen, Y., England, P., Peinado, M., Willman, B.: High assurance computing on open hardware architectures. Microsoft Technical Report MSRTR–2003–20, Microsoft Corporation (March 2003)

    Google Scholar 

  20. England, P., Lampson, B., Manferdelli, J., Peinado, M., Willman, B.: A trusted open platform. IEEE Computer 36(7), 55–62 (2003)

    Google Scholar 

  21. Peinado, M., Chen, Y., England, P., Manferdelli, J.: NGSCB: A trusted open system. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 86–97. Springer, Heidelberg (2004)

    Google Scholar 

  22. Peinado, M., England, P., Chen, Y.: An overview of NGSCB. In: Mitchell, C.J. (ed.) Trusted Computing. IEE Professional Applications of Computing Series 6. The Institute of Electrical Engineers (IEE), London, UK, pp. 115–141 (April 2005)

    Google Scholar 

  23. Garfinkel, T., Rosenblum, M., Boneh, D.: Flexible OS support and applications for trusted computing. In: Proceedings of the 9th USENIX Workshop on Hot Topics on Operating Systems (HotOS-IX), Kauai, Hawaii, USA, USENIX, The Advanced Computing Systems Association, pp. 145–150 (May 18-21, 2003)

    Google Scholar 

  24. Pfitzmann, B., Riordan, J., Stuble, C., Waidner, M., Weber, A.: The PERSEUS system architecture. Technical Report RZ 3335 (#93381), IBM Research Division, Zurich Laboratory (April 2001)

    Google Scholar 

  25. Sadeghi, A., Stuble, C.: Taming Trusted Platforms by operating system design. In: Chae, K., Yung, M. (eds.) Information Security Applications. LNCS, vol. 2908, Springer, Heidelberg (2004)

    Google Scholar 

  26. Kuhlmann, D., Landfermann, R., Ramasamy, H., Schunter, M., Ramunno, G., Vernizzi, D.: An open trusted computing architecture — secure virtual machines enabling user-defined policy enforcement (June 2006), www.opentc.net

  27. Sadeghi, A.R., Stueble, C., Pohlmann, N.: European multilateral secure computing base — open trusted computing for you and me. White paper (2004)

    Google Scholar 

  28. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauery, R., Pratt, I., Warfield, A.: XEN and the art of virtualization. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP 2003), Bolton Landing, New York, USA, October 19-22, 2003, pp. 164–177. ACM Press, New York (2003)

    Chapter  Google Scholar 

  29. Intel: LaGrande technology architectural overview. Technical Report 252491-001, Intel Corporation (September 2003)

    Google Scholar 

  30. Balacheff, B., Chen, L., Plaquin, D., Proudler, G.: A trusted process to digitally sign a document. In: Raskin, V., Hempelmann, C.F. (eds.) Proceedings of the 2001 New Security Paradigms Workshop, pp. 79–86. ACM Press, New York (2001)

    Chapter  Google Scholar 

  31. Spalka, A., Cremers, A.B., Langweg, H.: Protecting the creation of digital signatures with trusted computing platform technology against attacks by Trojan Horse programs. In: Dupuy, M., Paradinas, P. (eds.) Trusted Information: The New Decade Challenge, IFIP TC11 Sixteenth Annual Working Conference on Information Security (IFIP/Sec 2001). IFIP Conference Proceedings, Paris, France, June 11-13, 2001, vol. 193, pp. 403–419. Kluwer Academic Publishers, Boston (2001)

    Google Scholar 

  32. Schechter, S.E., Greenstadt, R.A., Smith, M.D.: Trusted computing, peer-to-peer distribution, and the economics of pirated entertainment. In: Proceedings of The Second Annual Workshop on Economics and Information Security (2003) College Park, Maryland (May 29-30, 2003)

    Google Scholar 

  33. Kinateder, M., Pearson, S.: A privacy-enhanced peer-to-peer reputation system. In: Bauknecht, K., Min Tjoa, A., Quirchmayr, G. (eds.) E-Commerce and Web Technologies. LNCS, vol. 2738, pp. 206–216. Springer, Heidelberg (2003)

    Google Scholar 

  34. Balfe, S., Lakhani, A.D., Paterson, K.G.: Securing peer-to-peer networks using trusted computing. In: Mitchell, C.J. (ed.) Trusted Computing. The Institute of Electrical Engineers (IEE), London, UK, pp. 271–298 (2005)

    Google Scholar 

  35. Gallery, E., Tomlinson, A.: Secure delivery of conditional access applications to mobile receivers. In: Mitchell, C.J. (ed.) Trusted Computing. IEE Professional Applications of Computing Series 6. The Institute of Electrical Engineers (IEE), London, UK, pp. 195–238 (2005)

    Google Scholar 

  36. Pashalidis, A., Mitchell, C.J.: Single sign-on using trusted platforms. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 54–68. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  37. Chen, L., Pearson, S., Vamvakas, A.: On enhancing biometric authentication with data protection. In: Howlett, R.J., Jain, L.C. (eds.) Proceedings of the Fourth International Conference on Knowledge-Based Intelligent Engineering Systems and Allied Technologies, vol. 1, pp. 249–252. IEEE, Los Alamitos (2000)

    Google Scholar 

  38. Mont, M.C., Pearson, S., Bramhall, P.: Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. In: DEXA 2003, pp. 377–382. IEEE Computer Society, Los Alamitos (2003)

    Chapter  Google Scholar 

  39. Mont, M.C., Pearson, S., Bramhall, P.: Towards accountable management of privacy and identity information. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 146–161. Springer, Heidelberg (2003)

    Google Scholar 

  40. Pridgen, A., Julien, C.: A secure modular mobile agent system. In: Proceedings of the 2006 international workshop on Software engineering for large-scale multi-agent systems (SELMAS 2006), Shanghai, China, pp. 67–74. ACM Press, New York (2006)

    Chapter  Google Scholar 

  41. Pearson, S.: How trusted computers can enhance for privacy preserving mobile applications. In: Proceedings of the 1st International IEEE WoWMoM Workshop on Trust, Security and Privacy for Ubiquitous Computing (WOWMOM 2005), Taormina, Sicily, Italy, pp. 609–613. IEEE Computer Society, Washington, DC (2005)

    Google Scholar 

  42. Pearson, S.: Trusted agents that enhance user privacy by self-profiling. Technical Report HPL-2002-196, HP Labs, Bristol, UK (July 15, 2002)

    Google Scholar 

  43. Crane, S.: Privacy preserving trust agents. Technical Report HPL-2004-197, HP Labs, Bristol, UK (November 11, 2004)

    Google Scholar 

  44. Balfe, S., Mohammed, A.: Final fantasy — securing on-line gaming with trusted computing. In: Proceedings of the 4th International Conference on Autonomic and Trusted Computing (ATC 2007), Hong Kong (July 2007)

    Google Scholar 

  45. Yan, Z., Cofta, Z.: A method for trust sustainability among trusted computing platforms. In: Katsikas, S.K., Lopez, J., Pernul, G. (eds.) TrustBus 2004. LNCS, vol. 3184, pp. 11–19. Springer, Heidelberg (2004)

    Google Scholar 

  46. Anderson, R.: Cryptography and competition policy — Issues with trusted computing. In: Proceedings of PODC 2003, Boston, Massachsetts, USA, July 13-16, 2003, pp. 3–10. ACM, New York (2003)

    Chapter  Google Scholar 

  47. Schoen, S.: Trusted computing: Promise and risk. Electronic Frontier Foundation Article (October 2003)

    Google Scholar 

  48. von Lohmann, F.: Meditations on trusted computing. Electronic Frontier Foundation Article (2003)

    Google Scholar 

  49. Reid, J., Gonzalez Nieto, J.M., Dawson, E.: Privacy and trusted computing. In: DEXA 2003, pp. 383–388. IEEE Computer Society, Los Alamitos (2003)

    Chapter  Google Scholar 

  50. Arbaugh, B.: Improving the TCPA specification. IEEE Computer 35(8), 77–79 (2002)

    Google Scholar 

  51. Tygar, J., Yee, B.: Dyad: A system for using physically secure coprocessors. Technical Report CMU-CS-91-140R, Carnigie Mellon University, Pittsburgh, Pennsylvania, USA (May 1991)

    Google Scholar 

  52. Clark, P., Hoffman, L.: BITS: a smartcard protected operating system. Communications of the ACM 37, 66–94 (1994)

    Article  Google Scholar 

  53. Arbaugh, W., Farber, D., Smith, J.: A secure and reliable bootstrap architecture. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy (S&P 1997), Oakland, California, USA, pp. 65–71. IEEE Computer Society Press, Los Alamitos, California (1997)

    Chapter  Google Scholar 

  54. Itoi, N., Arbaugh, W., Pollack, S., Reeves, D.: Personal secure booting. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 130–141. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  55. Lie, D.: Architectural Support for Copy and Tamper Resistant Software. PhD thesis, Department of Electrical Engineering, Stanford University, Stanford, California, USA (December 2003)

    Google Scholar 

  56. Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., Horowitz, M.: Architectural support for copy and tamper resistant software. In: Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-IX), Cambridge, Massachusetts, USA, pp. 169–177. ACM Press, New York (2000)

    Google Scholar 

  57. Suh, E., Clarke, D., Gassend, B., van Dyke, M., Devadas, S.: The AEGIS processor architecture for tamper–evident and tamper-resistant processing. In: 17th Annual ACM International Conference on Supercomputing (ICS 2003), San Francisco, California, USA, pp. 160–171. ACM Press, New York (2003)

    Chapter  Google Scholar 

  58. Barrett, M.F.: Towards an open trusted computing framework. Masters thesis, Department of Computer Science, The University of Auckland, New Zealand (February 2005)

    Google Scholar 

  59. TCG: TCG PC client specific implementation specification for conventional BIOS. TCG specification Version 1.2 Final, The Trusted Computing Group (TCG), Portland, Oregon, USA (July 2005)

    Google Scholar 

  60. Abraham, D., Jackson, J., Muthrasanallur, S., Neiger, G., Regnier, G., Sankaran, R., Schionas, I., Uhlig, R., Vembu, B., Wiegert, J.: Intel virtualization technology for directed i/o. Intel Technology Journal 10(3), 179–192 (2006)

    Google Scholar 

  61. TCG: TCG EFI platform — for TPM family 1.1 or 1.2. TCG specification Version 1.2 Final, The Trusted Computing Group (TCG), Portland, Oregon, USA (June 2006)

    Google Scholar 

  62. TCG: TCG Credential Profiles. TCG Specification Version 1.1 Revision 1.014 For TPM Family 1,2; Level 2, The Trusted Computing Group (TCG), Portland, Oregon, USA (May 2007)

    Google Scholar 

  63. Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. Technical Report HPL-2004-93, Hewlett-Packard Laboratories (June 2004), Available at http://www.hpl.hp.com/techreports/

  64. Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Pfitzmann, B., Liu, P. (eds.) Proceedings of CCS 2004, pp. 132–145. ACM Press, New York (2004)

    Chapter  Google Scholar 

  65. Brickell, E., Camenisch, J., Chen, L.: The DAA scheme in context. In: Mitchell, C.J. (ed.) Trusted Computing. IEE Professional Applications of Computing Series 6. The Institute of Electrical Engineers (IEE), London, UK, pp. 143–174 (2005)

    Google Scholar 

  66. TCG MPWG: Use Case Scenarios. TCG Specification Version 2.7, The Trusted Computing Group, Mobile Phone Working Group, Portland, Oregon, USA (September 2005)

    Google Scholar 

  67. TCG MPWG: The TCG mobile trusted module specification. TCG specification version 0.9 revision 1, The Trusted Computing Group (TCG), Portland, Oregon, USA (September 2006)

    Google Scholar 

  68. TCG MPWG: Mobile trusted module specification overview document. Mobile trusted module specification support documents, The Trusted Computing Group (TCG), Beaverton, Oregon, USA (2006)

    Google Scholar 

  69. Gallery, E.: Authorisation issues for mobile code in mobile systems. Technical Report RHUL-MA-2007-3, Department of Mathematics, Royal Holloway, University of London (2007)

    Google Scholar 

  70. OMA: DRM architecture v2.0. Technical Specification OMA-DRM-ARCH-V2_0-2004071515-C, The Open Mobile Alliance (OMA) (July 2004)

    Google Scholar 

  71. Irwin, J., Wright, T.: Digital rights management. Vodafone internal newsletter, Vodafone, Newbury, England, UK (August 2004)

    Google Scholar 

  72. OMA: OMA DRM V1.0 approved enabler specification. Technical Specification OMA-DRM-V1_0-20040625-A, The Open Mobile Alliance (OMA) (June 2004)

    Google Scholar 

  73. OMA: OMA DRM V2.0 approved enabler specification. Technical Specification OMA-ERP-DRM-V2_0-20060303-A, The Open Mobile Alliance (OMA) (July 2004)

    Google Scholar 

  74. OMA: Digital Rights Management v1.0. Technical Specification OMA-Download-DRM-V1_0-20040615-A, The Open Mobile Alliance (OMA) (June 2004)

    Google Scholar 

  75. OMA: DRM architecture specification v1.0. Technical Specification OMA-Download-ARCH-V1_0-20040625-A, The Open Mobile Alliance (OMA) (June 2004)

    Google Scholar 

  76. OMA: DRM specification v2.0. Technical Specification OMA-DRM-DRM-V2_0-20040716-C, The Open Mobile Alliance (OMA) (July 2004)

    Google Scholar 

  77. CMLA: Client adopter agreement. Technical Report Revision 1.00-050708, The Content Management License Administrator Limited Liability Company (CMLA, LLC) (August 2005)

    Google Scholar 

  78. Myers, M., Ankney, R., Malpani, A., Galperin, S., Adams, C.: X.509 internet public key infrastructure: Online certificate status protocol — OCSP. RFC 2560, Internet Engineering Task Force (IETF) (June 1999)

    Google Scholar 

  79. Mouley, M., Pautet, M.: The GSM System for Mobile Communications. Cell & Sys. Correspondence, Palaiseau, France (1992)

    Google Scholar 

  80. 3GPP GSM TSGS: Personalisation of mobile equipment (ME), Mobile functionality specification (release 5). Technical specification TS 22.022 v5.0.0, 3rd Generation Partnership Project (3GPP), Global System for Mobile Communications (GSM) — Technical Specification Group Services and System Aspects, Sophia Antipolis, France (2002)

    Google Scholar 

  81. NTT DoCoMo, IBM, Intel Corporation: Trusted Mobile Platform (May 2004)

    Google Scholar 

  82. OMA: Device management requirements candidate version 1.2. Technical Specification OMA-RD-DM-V1_2-20060424-C, The Open Mobile Alliance (OMA) (April 2006)

    Google Scholar 

  83. SDRF: Overview and definition of software download for rf reconfiguration. SDRF Archived Approved Document DL-DFN Document SDRF-02-A-0002-V.0.0, The Software Defined Radio Forum (SDRF) (August 2002)

    Google Scholar 

  84. Tuttlebee, W., Babb, D., Irvine, J., Martinez, G., Worrall, K.: Broadcasting and Mobile Telecommunications: Interworking — Not Convergence. EBU Technical Review 293, 1–11 (2003)

    Google Scholar 

  85. European Committee for Electrotechnical Standardization (CENELEC) Brussels, Belgium: Common Interface Specification for Conditional Access and other Digital Video Broadcasting Decoder Applications (February 1997)

    Google Scholar 

  86. European Telecommunications Standards Institute (ETSI) Sophia-Antipolis, France: Digital Video Broadcasting (DVB): Head-End Implementation of DVB Simulcrypt (January 2003)

    Google Scholar 

  87. European Telecommunications Standards Institute (ETSI) Sophia-Antipolis, France: Digital Video Broadcasting (DVB); Support for use of Scrambling and Conditional Access (CA) within Digital Broadcasting Systems (October 1996)

    Google Scholar 

  88. WAPF: Wireless transport layer security version 06. Technical Specification WAP-2610WTLS-20010406-a, The Wireless Application Protocol Forum (WAPF) (April 2001)

    Google Scholar 

  89. Stallings, W.: Cryptography and Network Security, Principles and Practices, 2nd edn. Prentice Hall, Upper Saddle River, New Jersey (1999)

    Google Scholar 

  90. Hill, R., Myagmar, S., Campbell, R.: Threat analysis of GNU software radio. In: Proceedings of the World Wireless Congress (WWC 2005), Palo Alto, California, USA (May 24-27, 2005)

    Google Scholar 

  91. SDRF: Security considerations for operational software defined radio devices in a commercial wireless domain. SDRF working document, The Software Defined Radio Forum (SDRF) (October 2004)

    Google Scholar 

  92. Gallery, E., Tomlinson, A.: Protection of downloadable software on SDR devices. In: Proceedings of the 4th Software Defined Radio Forum Technical Conference (SDR 2005), Orange County, California, USA, Software Defined Radio Forum (SDRF) (November 14-18, 2005)

    Google Scholar 

  93. TCG: Subject key attestation evidence extension. TCG specification version 1.0 revision 7, The Trusted Computing Group (TCG), Portland, Oregon, USA (June 2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Royal Holloway, University of London, Egham, Surrey, TW20 0EX, United Kingdom

    Eimear Gallery & Chris J. Mitchell

Authors
  1. Chris J. Mitchell
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Alessandro Aldini Roberto Gorrieri

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gallery, E., Mitchell, C.J. (2007). Trusted Mobile Platforms. In: Aldini, A., Gorrieri, R. (eds) Foundations of Security Analysis and Design IV. FOSAD FOSAD 2007 2006. Lecture Notes in Computer Science, vol 4677. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74810-6_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74810-6_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74809-0

  • Online ISBN: 978-3-540-74810-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation