Creating a secure platform for smart card programmers

Ideally application developers should be able to produce their code without consideration of the Trusted Platform Module (TPM) on which the software may run, and the more systems builders can use standard hardware, the lower the cost will be.

More from Royal Holloway Have a look at the rest of the 2009 theses from MSc graduates of Royal Holloway, University of London (RHUL).

This problem has been tackled by Talha Tariq, a software engineer at Microsoft and a recent graduate from the Masters course in information security at Royal Holloway University of London (RHUL). He outlines a workable solution in an article entitled 'A virtual programmable trusted platform', which we are publishing on SearchSecurity.co.uk (see below for .pdf).

The article is part of our 2009 series featuring the best new MSc theses from graduates of the information security group at RHUL.

It discusses a new architecture for trusted computing in which an existing fixed-function Trusted Platform Module (TPM) is coupled with user application code running on a programmable smart card. Rather than proposing recommendations for hardware changes or building isolated execution environments inside a TPM, the author proposes a platform that provides related, yet different services for secure/trusted execution, and couples this with the TPM.

He argues that implementing such a solution allows application developers to focus exclusively on the functionality and security of their own code, and enables them to execute their applications shielded from both hardware and software attacks.

The article provides broad background on the limitations of existing models, as well as explains how this new approach could exploit the benefits of standard hard to keep down costs. The author also suggests several possible applications where it would be most effective.

Read A virtual programmable trusted platform (.pdf) by Talha Tariq.

SearchSecurity's association with RHUL began last year when we published 12 articles from RHUL's MSc graduates. These were widely appreciated for their new ideas and relevance to security problems. We believe the 2009 series is equally wide-ranging and thought-provoking.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Biometrics, Smart Cards, Tokens Preventing password fatigue with single sign-on (SSO) authentication Gridsure finds global deal for its pattern-based authentication Single sign-on system removes password chaos at East Kent NHS Trust Will physical security integrators work with IT departments? Tokenless two-factor authentication helps council with CoCo compliance Chip and PIN adoption serves lesson for U.S. payment industry Visa probes tokens, encryption for PCI card data protection Strong authentication methods, voice recognition systems make comeback Security on a budget: How to make the most of authentication tools Portable security storage device could replace OTP devices

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Chip and PIN  (SearchSecurityUK.com) NO2ID  (SearchSecurityUK.com) UK Identity Cards Act  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary