Yu Zheng, Jingchun Xia, and Dake He
Mobile equipment (ME) playing an important role of bridge between wireless network and mobile user has been facing more and more security threats. Trusted mobile platform (TMP) was proposed by TCG (Trusted Computing Group) as a new mechanism to enhance the security of the resource-constrained ME. In this paper, we embark a new study on constructing a TMP according to ME’s feature, and per-forming mutual authentication in mobile user domain. A smart-phone’s processor is used as an example to demonstrate the constructing of TMP, along with which three methods for adding trusted platform module (TPM) in ME are presented respectively. In the framework of TMP, we also propose a user authentication scheme combining password and fingerprint with the USIM (Universal Subscriber Identity Module). The proposed scheme is validated through a performance analysis and experimental test. The validation result shows that our approach offers better efficiency and advanced security over the authentication scheme presented in TMP’s draft standard. It also outperforms TCG’s user authorization scheme by providing improved security, flexibility and universality.
|Published in||International Symposium on Biometrics and Security Technologies, 2008. ISBAST 2008.|