Creating a secure platform for smart card programmers

Royal Holloway authors discuss a new architecture for trusted computing in which an existing fixed-function Trusted Platform Module (TPM) is coupled with user application code running on a programmable smartcard.

Despite the efforts of industry bodies such as the Trusted Computing Group and the hardware manufacturers, many problems still remain in delivering an affordable and secure architecture to support mass-market deployment of tokens and smart cards for such mobile applications as e-cash, SIMs and transportation cards.

Ideally application developers should be able to produce their code without consideration of the Trusted Platform Module (TPM) on which the software may run, and the more systems builders can use standard hardware, the lower the cost will be.

More from Royal Holloway

Have a look at the rest of the 2009 theses from MSc graduates of Royal Holloway, University of London (RHUL).
This problem has been tackled by Talha Tariq, a software engineer at Microsoft and a recent graduate from the Masters course in information security at Royal Holloway University of London (RHUL). He outlines a workable solution in an article entitled 'A virtual programmable trusted platform', which we are publishing on SearchSecurity.co.uk (see below for .pdf).

The article is part of our 2009 series featuring the best new MSc theses from graduates of the information security group at RHUL.

It discusses a new architecture for trusted computing in which an existing fixed-function Trusted Platform Module (TPM) is coupled with user application code running on a programmable smart card. Rather than proposing recommendations for hardware changes or building isolated execution environments inside a TPM, the author proposes a platform that provides related, yet different services for secure/trusted execution, and couples this with the TPM.

He argues that implementing such a solution allows application developers to focus exclusively on the functionality and security of their own code, and enables them to execute their applications shielded from both hardware and software attacks.

The article provides broad background on the limitations of existing models, as well as explains how this new approach could exploit the benefits of standard hard to keep down costs. The author also suggests several possible applications where it would be most effective.

Read A virtual programmable trusted platform (.pdf) by Talha Tariq.

SearchSecurity's association with RHUL began last year when we published 12 articles from RHUL's MSc graduates. These were widely appreciated for their new ideas and relevance to security problems. We believe the 2009 series is equally wide-ranging and thought-provoking.

This was last published in June 2009

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Identity and access management products

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close