1 / 11

Trustworthy and Personalized Computing

Trustworthy and Personalized Computing. Christopher Strasburg Department of Computer Science Iowa State University November 12, 2008. Motivating Problem. People desire increasingly frequent access to personal computing environments

blithe
Download Presentation

Trustworthy and Personalized Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Trustworthy and Personalized Computing Christopher Strasburg Department of Computer Science Iowa State University November 12, 2008

  2. Motivating Problem • People desire increasingly frequent access to personal computing environments • Public kiosks offer a good trade-off between functionality, cost, and availability • Public kiosks are at higher risk than other environments • General public has physical access to systems • People tend to have a low degree of trust in software on public kiosk systems

  3. Related Work -- Portable Computing Environment • Encrypted Virtual Machines (VMs) provide portable, encapsulated computing environments • OS, software, configurations, personal data in one package • Practical distribution of VM images has been explored: • Remote deployment of VM image components (Internet Suspend/Resume) • Loading a VM from a portable device (SolePad) • However, even using encrypted VMs, compromised kiosk software can access data and render the system untrustworthy (BIOS, virtual machine monitor)

  4. Related Work -- Building System Trust • Verify the entire software stack, from BIOS to Applications • Software solutions -- The software itself is an easy target on public kiosk systems • Trusted boot sequences -- Introduces possible serious boot-time delays • Minimize function of system for easier verification • Kiosks as thin clients which perform minimal processing -- Wastes much of the computational power of the system • Limit the information a user submits to the system -- User must ultimately determine sensitivity for each piece of data; difficult to predict data interaction

  5. Method Overview • A multi-stage process using a trusted mobile device to verify the integrity of the system prior to use

  6. Method Details - Identify Workstation • User visually verifies kiosk identity • Mobile device downloads certificate and verifies authenticity  • Mobile device retrieves supported configurations and allows user to select one

  7. Method Details - Verify Software Mobile Device: • Requests database signed by TTP (Trusted Third Party)  • Requests signed (by TPM) quote and re-computes boot sequence to verify that it matches quote • On success, signals user that system is trustworthy System: • Reboots • Loads the DRTM with the hash of the secure boot loader • Generates Encryption Key pair (K, K') • Creates self-signed certificate C containing K. • Measures C into TPM

  8. Method Details - Load Personal Environment Uses key pair (K,K') to download and load user's personal environment / encrypted VM image / information

  9. Method Details -- Data Cleanup Once the user is finished with the system, the system shuts down, removes the VM image, and overwrites the memory containing the cryptographic data

  10. Assumptions and Limitations • Kiosk owner is trusted: • Periodically check for and fix misbehaving Kiosks (ie. to address hardware issues, detect incorrect barcodes) • System only verifies software at boot time.  Post-boot modification is not detected • Mobile device is trustworthy • Requires kiosk owner to participate in system, ie: • Provide database of software • Tag systems with barcodes • Users must wait around 2.5 minutes before system is ready to use

  11. Conclusions • Provides personalized computing environment • Unrestricted access to computing capabilities • Enables users to perform sensitive personalized computing on public hardware with a high degree of confidence Reference S. Garriss, R. Caceres, S. Berger, R. Sailer, L. Doorn, X. Zhang. Trustworthy and Personalized Computing on Public Kiosks. In Proc. MobiSys 2008.

More Related