• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.9
• /
• pp.2405-2423
• /
• 2012

In a traditional Single Sign-On (SSO) scheme, the user and the Service Providers (SPs) have given their trust to the Identity Provider (IdP) or Authentication Service Provider (ASP) for the authentication and correct assertion. However, we still need a better solution for the local/native true SSO to gain user confidence, whereby the trusted entity must play the role of the ASP between distinct SPs. This technical gap has been filled by Trusted Computing (TC), where the remote attestation approach introduced by the Trusted Computing Group (TCG) is to attest whether the remote platform integrity is indeed trusted or not. In this paper, we demonstrate a Trustworthy Mutual Attestation (TMutualA) protocol as a proof of concept implementation for a local true SSO using the Integrity Measurement Architecture (IMA) with the Trusted Platform Module (TPM). In our proposed protocol, firstly, the user and SP platform integrity are checked (i.e., hardware and software integrity state verification) before allowing access to a protected resource sited at the SP and releasing a user authentication token to the SP. We evaluated the performance of the proposed TMutualA protocol, in particular, the client and server attestation time and the round trip of the mutual attestation time.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.267-269
• /
• 2021

Trusted Execution Environment(TEE) is an execution environment provided by CPU hardware to gain guarantee that the execution context is as expected by the execution requester. Remote attestation of the execution context naturally arises from the concept of TEEs. Many implementations of TEEs use cryptographic remote attestation methods. Though the implementation of attestation may be simple, the implementation of verification may be very complex and heavy. By using a server delegating the verification process of attestation information, one may produce lightweight binaries that may verify peers and establish a secure channel with verified peers.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.7
• /
• pp.1569-1584
• /
• 2013

Ubiquitous interaction in a pervasive environment is the main attribute of smart spaces. Pervasive systems are weaving themselves in our daily life, making it possible to collect user information invisibly, in an unobtrusive manner by known and even unknown parties. Huge number of interactions between users and pervasive devices necessitate a comprehensive trust model which unifies different trust factors like context, recommendation, and history to calculate the trust level of each party precisely. Trusted computing enables effective solutions to verify the trustworthiness of computing platforms. In this paper, we elaborate Unified Trust Model (UTM) which calculates entity's trustworthiness based on history, recommendation, context and platform integrity measurement, and formally use these factors in trustworthiness calculation. We evaluate UTM behaviour by simulating in different scenario experiments using a Trust and Reputation Models Simulator for Wireless Sensor Networks. We show that UTM offers responsive behaviour and can be used effectively in the low interaction environments.