A user protection model for the trusted computing environment

Marwan Ibrahim Alshar'e, Rossilawati Sulaiman, Mohd Rosmadi Mukhtar, Abdullah Mohd. Zin

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

Information security presents a huge challenge for both individuals and organizations. The Trusted Computing Group (TCG) has introduced the Trusted Platform Module (TPM) as a solution to end-users to ensure their privacy and confidentiality. TPM has the role of being the root of trust for systems and users by providing protected storage that is accessible only within TPM and thus, protects computers against unwanted access. TPM is designed to prevent software attacks with minimal consideration being given toward physical attacks. Therefore, TPM focus on PIN password identification to control the physical presence of a user. The PIN Password method is not the ideal user verification method. Evil Maid is one of the attacking methods where a piece of code can be loaded and hidden in the boot loader before loading TPM. The code will then collects confidential information at the next boot and store it or send it to attackers via the network. In order to solve this problem, a number of solutions have been proposed. However, most of these solutions does not provide sufficient level of protection to TPM. In this study we introduce the TPM User Authentication Model (TPM-UAM) that could assist in protecting TPM against physical attack and thus increase the security of the computer system. The proposed model has been evaluated through a focus group discussion consisting of a number of experts. The expert panel has confirmed that the proposed model is sufficient to provide expected level of protection to the TPM and to assist in preventing physical attack against TPM.

Original languageEnglish
Pages (from-to)1692-1702
Number of pages11
JournalJournal of Computer Science
Volume10
Issue number10
DOIs
Publication statusPublished - 2014

Fingerprint

Hardware security
Trusted computing
Loaders
Security of data
Authentication
Computer systems

Keywords

  • Authentication
  • Biometrics
  • Privacy
  • Security
  • TPM
  • Virtualization
  • Xen

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Artificial Intelligence

Cite this

A user protection model for the trusted computing environment. / Alshar'e, Marwan Ibrahim; Sulaiman, Rossilawati; Mukhtar, Mohd Rosmadi; Mohd. Zin, Abdullah.

In: Journal of Computer Science, Vol. 10, No. 10, 2014, p. 1692-1702.

Research output: Contribution to journalArticle

Alshar'e, Marwan Ibrahim ; Sulaiman, Rossilawati ; Mukhtar, Mohd Rosmadi ; Mohd. Zin, Abdullah. / A user protection model for the trusted computing environment. In: Journal of Computer Science. 2014 ; Vol. 10, No. 10. pp. 1692-1702.
@article{6e52155bf0494ba9b60689fb4f36c3fb,
title = "A user protection model for the trusted computing environment",
abstract = "Information security presents a huge challenge for both individuals and organizations. The Trusted Computing Group (TCG) has introduced the Trusted Platform Module (TPM) as a solution to end-users to ensure their privacy and confidentiality. TPM has the role of being the root of trust for systems and users by providing protected storage that is accessible only within TPM and thus, protects computers against unwanted access. TPM is designed to prevent software attacks with minimal consideration being given toward physical attacks. Therefore, TPM focus on PIN password identification to control the physical presence of a user. The PIN Password method is not the ideal user verification method. Evil Maid is one of the attacking methods where a piece of code can be loaded and hidden in the boot loader before loading TPM. The code will then collects confidential information at the next boot and store it or send it to attackers via the network. In order to solve this problem, a number of solutions have been proposed. However, most of these solutions does not provide sufficient level of protection to TPM. In this study we introduce the TPM User Authentication Model (TPM-UAM) that could assist in protecting TPM against physical attack and thus increase the security of the computer system. The proposed model has been evaluated through a focus group discussion consisting of a number of experts. The expert panel has confirmed that the proposed model is sufficient to provide expected level of protection to the TPM and to assist in preventing physical attack against TPM.",
keywords = "Authentication, Biometrics, Privacy, Security, TPM, Virtualization, Xen",
author = "Alshar'e, {Marwan Ibrahim} and Rossilawati Sulaiman and Mukhtar, {Mohd Rosmadi} and {Mohd. Zin}, Abdullah",
year = "2014",
doi = "10.3844/jcssp.2014.1692.1702",
language = "English",
volume = "10",
pages = "1692--1702",
journal = "Journal of Computer Science",
issn = "1549-3636",
publisher = "Science Publications",
number = "10",

}

TY - JOUR

T1 - A user protection model for the trusted computing environment

AU - Alshar'e, Marwan Ibrahim

AU - Sulaiman, Rossilawati

AU - Mukhtar, Mohd Rosmadi

AU - Mohd. Zin, Abdullah

PY - 2014

Y1 - 2014

N2 - Information security presents a huge challenge for both individuals and organizations. The Trusted Computing Group (TCG) has introduced the Trusted Platform Module (TPM) as a solution to end-users to ensure their privacy and confidentiality. TPM has the role of being the root of trust for systems and users by providing protected storage that is accessible only within TPM and thus, protects computers against unwanted access. TPM is designed to prevent software attacks with minimal consideration being given toward physical attacks. Therefore, TPM focus on PIN password identification to control the physical presence of a user. The PIN Password method is not the ideal user verification method. Evil Maid is one of the attacking methods where a piece of code can be loaded and hidden in the boot loader before loading TPM. The code will then collects confidential information at the next boot and store it or send it to attackers via the network. In order to solve this problem, a number of solutions have been proposed. However, most of these solutions does not provide sufficient level of protection to TPM. In this study we introduce the TPM User Authentication Model (TPM-UAM) that could assist in protecting TPM against physical attack and thus increase the security of the computer system. The proposed model has been evaluated through a focus group discussion consisting of a number of experts. The expert panel has confirmed that the proposed model is sufficient to provide expected level of protection to the TPM and to assist in preventing physical attack against TPM.

AB - Information security presents a huge challenge for both individuals and organizations. The Trusted Computing Group (TCG) has introduced the Trusted Platform Module (TPM) as a solution to end-users to ensure their privacy and confidentiality. TPM has the role of being the root of trust for systems and users by providing protected storage that is accessible only within TPM and thus, protects computers against unwanted access. TPM is designed to prevent software attacks with minimal consideration being given toward physical attacks. Therefore, TPM focus on PIN password identification to control the physical presence of a user. The PIN Password method is not the ideal user verification method. Evil Maid is one of the attacking methods where a piece of code can be loaded and hidden in the boot loader before loading TPM. The code will then collects confidential information at the next boot and store it or send it to attackers via the network. In order to solve this problem, a number of solutions have been proposed. However, most of these solutions does not provide sufficient level of protection to TPM. In this study we introduce the TPM User Authentication Model (TPM-UAM) that could assist in protecting TPM against physical attack and thus increase the security of the computer system. The proposed model has been evaluated through a focus group discussion consisting of a number of experts. The expert panel has confirmed that the proposed model is sufficient to provide expected level of protection to the TPM and to assist in preventing physical attack against TPM.

KW - Authentication

KW - Biometrics

KW - Privacy

KW - Security

KW - TPM

KW - Virtualization

KW - Xen

UR - http://www.scopus.com/inward/record.url?scp=84900453076&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84900453076&partnerID=8YFLogxK

U2 - 10.3844/jcssp.2014.1692.1702

DO - 10.3844/jcssp.2014.1692.1702

M3 - Article

AN - SCOPUS:84900453076

VL - 10

SP - 1692

EP - 1702

JO - Journal of Computer Science

JF - Journal of Computer Science

SN - 1549-3636

IS - 10

ER -