Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
Improving Trusted Tickets with State-Bound Keys

Jan Nordholz, Ronald Aigner, and Paul England


Traditional network authentication systems like Windows’ Active Directory or MIT’s Kerberos only provide for mutual authentication of communicating entities, e.g. a user’s email client interacting with an IMAP server, while the user’s machine is inherently assumed to be trusted. While there have been first attempts to explicitly establish this trust relationship by leveraging the Trusted Platform Module, these provide no means to directly react to potentially relevant changes in the client’s system state. We expand previous designs by binding keys to the current platform state and involving these in the network authentication process, thereby guaranteeing the continued validity of the attestee.


Publication typeInbook
Volume7904 2013
SeriesLecture Notes in Computer Science
> Publications > Improving Trusted Tickets with State-Bound Keys