Tagging the Turtle: Local Attestation for Kiosk Computing

  • Ronald Toegl
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5576)


Public kiosk computers are especially exposed and the software running on them usually cannot be assumed to be unaltered and secure. The Trusted Platform Module (TPM) as a root of trust in an otherwise untrusted computer allows a machine to report the integrity and the configuration of a platform to a remote host on the Internet. A natural usage scenario is to perform such an Attestation prior to handling sensitive or private data on a public terminal.

Two challenges arise. First, the human user needs to reach her trust decision on the basis of the TPM’s cryptographic protocols. She cannot trust the public machine to display authentic results. Second, there is currently no way for the user to establish that the particular machine faced actually contains the TPM that performs the Attestation.

In this paper we demonstrate an Attestation token architecture which is based on a commodity smart phone and more efficient and flexible than previous proposals. Further, we propose to add a low-cost Near Field Communication (NFC) compatible autonomic interface to the TPM, providing a direct channel for proof of the TPM’s identity and local proximity to the Attestation token.


Trusted Computing Kiosk Computing Near Field Communication Attestation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    McCune, J.M., Perrig, A., Seshadri, A., van Doorn, L.: Turtles all the way down: Research challenges in user-based attestation. In: Proceedings of HotSec. USENIX Association (2007)Google Scholar
  2. 2.
    Garriss, S., Cáceres, R., Berger, S., Sailer, R., van Doorn, L., Zhang, X.: Trustworthy and personalized computing on public kiosks. In: MobiSys, pp. 199–210. ACM Press, New York (2008)CrossRefGoogle Scholar
  3. 3.
    Parno, B.: Bootstrapping trust in a ”trusted” platform. In: Proc. of HotSec. USENIX (2008)Google Scholar
  4. 4.
    Pirker, M., Toegl, R., Hein, D., Danner, P.: A PrivacyCA for anonymity and trust. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 101–119. Springer, Heidelberg (2009)Google Scholar
  5. 5.
    Iso/iec 18092:2004 – near field communication – interface and protocol (nfcip-1). International Organization for Standardization (2007)Google Scholar
  6. 6.
    ECMA: ECMA-340: Near Field Communication — Interface and Protocol (NFCIP-1). European Association for Standardizing Information and Communication Systems (2004)Google Scholar
  7. 7.
    ECMA: ECMA-352: Near Field Communication Interface and Protocol-2 (NFCIP-2). European Association for Standardizing Information and Communication Systems (2003)Google Scholar
  8. 8.
    Coker, G., Guttman, J., Loscocco, P., Sheehy, J., Sniffen, B.: Attestation: Evidence and trust. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Trusted Computing Group: TCG TPM specification version 1.2 revision 103 (2007)Google Scholar
  10. 10.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. In: Proc. of Security 2004. USENIX (2004)Google Scholar
  11. 11.
    England, P.: Practical techniques for operating system attestation. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 1–13. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Sadeghi, A.R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: Hempelmann, C., Raskin, V. (eds.) NSPW. ACM Press, New York (2004)Google Scholar
  13. 13.
    Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A.R., Stüble, C.: A protocol for property-based attestation. In: Proccedings of STC. ACM Press, New York (2006)Google Scholar
  14. 14.
    Kühn, U., Selhorst, M., Stüble, C.: Realizing property-based attestation and sealing with commonly available hard- and software. In: Proccedings of STC. ACM Press, New York (2007)Google Scholar
  15. 15.
    Kauer, B.: Oslo: improving the security of trusted computing. In: Proceedings of 16th USENIX Security Symposium, pp. 1–9. USENIX Association (2007)Google Scholar
  16. 16.
    Oprea, A., Balfanz, D., Durfee, G., Smetters, D.K.: Securing a remote terminal application with a mobile trusted device. In: Yew, P.-C., Xue, J. (eds.) ACSAC 2004. LNCS, vol. 3189. Springer, Heidelberg (2004)Google Scholar
  17. 17.
    Sharp, R., Scott, J., Beresford, A.: Secure mobile computing via public terminals (2006)Google Scholar
  18. 18.
    McCune, J., Perrig, A., Reiter, M.: Seeing-is-believing: using camera phones for human-verifiable authentication. In: 2005 IEEE Symposium on Security and Privacy (2005)Google Scholar
  19. 19.
    Cáceres, R., Carter, C., Narayanaswami, C., Raghunath, M.: Reincarnating PCs with portable soulpads. In: Proc. of MobiSys, pp. 65–78. ACM Press, New York (2005)Google Scholar
  20. 20.
    Lindner, F.: Toying with barcodes. In: 24th Chaos Communication Congress (2007)Google Scholar
  21. 21.
    Haselsteiner, E., Breitfuss, K.: Security in near field communication (nfc). In: Workshop on RFID Security (2006)Google Scholar
  22. 22.
    Hancke, G.: A practical relay attack on iso 14443 proximity cards. Technical report, University of Cambridge (2005)Google Scholar
  23. 23.
    Tu, Y.J., Piramuthu, S.: Rfid distance bounding protocols. In: First International EURASIP Workshop on RFID Technology (2007)Google Scholar
  24. 24.
    Reid, J., Nieto, J.M.G., Tang, T., Senadji, B.: Detecting relay attacks with timing-based protocols. In: Proceedings of ASIACCS 2007, Singapore, pp. 204–213. ACM Press, New York (2007)Google Scholar
  25. 25.
    Munilla, J., Peinado, A.: Distance bounding protocols for RFID enhanced by using void-challenges and analysis in noisy channels. In: Wirel. Commmun. Mob. Comput. 2008, vol. 8, pp. 1227–1232. Wiley Interscience, Hoboken (2008)Google Scholar
  26. 26.
    Toegl, R., Leung, A., Hofferek, G., Greimel, K., Phan, R., Bloem, R.: Formal analysis of a TPM-based secrets distribution and storage scheme. In: Proceedings of TrustCom 2008. IEEE Computer Society Press, Los Alamitos (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Ronald Toegl
    • 1
  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyAustria

Personalised recommendations