Towards Secure E-Commerce Based on Virtualization and Attestation Techniques
We present a secure e-commerce architecture that is resistant to client compromise and man-in-the-middle attacks on SSL. To this end, we propose several security protocols that use attestation techniques offered by the Trusted Computing Group (TCG). Using these protocols, we can ensure that the client configuration remains untampered and trusted for the duration of the transaction. In addition, confidential data, such as authentication passwords, are only accessible by the electronic commerce server to which the users intend to transfer their data. Since we employ a trusted third party that is responsible for verifying a client's platform configuration, our approach does not depend on trusted computing at the server but instead only requires minor modification to server logic.
Towards Secure E-Commerce Based on Virtualization and Attestation Techniques
Proceedings of the Third International Conference on Availability, Reliability and Security (ARES 2008)
| Authors: | Frederic Stumpf, Claudia Eckert, and Shane Balfe |
| Year/month: | 2008/ |
| Booktitle: | Proceedings of the Third International Conference on Availability, Reliability and Security (ARES 2008) |
| Address: | Barcelona, Spain |
| Fulltext: |
Abstract |
|
| We present a secure e-commerce architecture that is resistant to client compromise and man-in-the-middle attacks on SSL. To this end, we propose several security protocols that use attestation techniques offered by the Trusted Computing Group (TCG). Using these protocols, we can ensure that the client configuration remains untampered and trusted for the duration of the transaction. In addition, confidential data, such as authentication passwords, are only accessible by the electronic commerce server to which the users intend to transfer their data. Since we employ a trusted third party that is responsible for verifying a client's platform configuration, our approach does not depend on trusted computing at the server but instead only requires minor modification to server logic. | |
Bibtex:
@inproceedings {author = { Frederic Stumpf and Claudia Eckert and Shane Balfe},
title = { Towards Secure E-Commerce Based on Virtualization and Attestation Techniques },
year = { 2008 },
booktitle = { Proceedings of the Third International Conference on Availability, Reliability and Security (ARES 2008) },
address = { Barcelona, Spain },
}