Improving Trusted Tickets with State-Bound Keys

Jan Nordholz, Ronald Aigner, and Paul England

Abstract

Traditional network authentication systems like Windows’ Active Directory or MIT’s Kerberos only provide for mutual authentication of communicating entities, e.g. a user’s email client interacting with an IMAP server, while the user’s machine is inherently assumed to be trusted. While there have been first attempts to explicitly establish this trust relationship by leveraging the Trusted Platform Module, these provide no means to directly react to potentially relevant changes in the client’s system state. We expand previous designs by binding keys to the current platform state and involving these in the network authentication process, thereby guaranteeing the continued validity of the attestee.

Details

Publication typeInbook
URLhttp://link.springer.com/chapter/10.1007/978-3-642-38908-5_3
Pages37-46
Chapter3
Volume7904 2013
SeriesLecture Notes in Computer Science
PublisherSpringer
> Publications > Improving Trusted Tickets with State-Bound Keys