Mutual Authentication and Trust Bootstrapping towards Secure Disk Encryption-Reference-Cited by-同舟云学术

Mutual Authentication and Trust Bootstrapping towards Secure Disk Encryption

Published:2014-11-17 Issue:2 Volume:17 Page:1-23
ISSN:1094-9224
Container-title:ACM Transactions on Information and System Security
language:en
Short-container-title:ACM Trans. Inf. Syst. Secur.

Author:

Götzfried Johannes¹,Müller Tilo¹

Affiliation:

1. Friedrich-Alexander-Universität Erlangen-Nürnberg

Abstract

The weakest link in software-based full disk encryption is the authentication procedure. Since the master boot record must be present unencrypted in order to launch the decryption of remaining system parts, it can easily be manipulated and infiltrated by bootkits that perform keystroke logging; consequently, password-based authentication schemes become attackable. The current technological response, as enforced by BitLocker, verifies the integrity of the boot process by use of the trusted platform module. But, as we show, this countermeasure is insufficient in practice. We present STARK, the first tamperproof authentication scheme that mutually authenticates the computer and the user in order to resist keylogging during boot. To achieve this, STARK implements trust bootstrapping from a secure token to the whole PC. The secure token is an active USB drive that verifies the integrity of the PC and indicates the verification status by an LED to the user. This way, users can ensure the authenticity of the PC before entering their passwords.

Funder

Deutsche Forschungsgemeinschaft

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,General Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/2663348

Reference38 articles.

1. Benjamin Böck. 2009. Firewire-Based Physical Security Attacks on Windows 7 EFS and BitLocker. Secure Business Austria Research Lab. Benjamin Böck. 2009. Firewire-Based Physical Security Attacks on Windows 7 EFS and BitLocker . Secure Business Austria Research Lab.

2. Break & Enter. 2012. Adventures with Daisy in Thunderbolt-DMA-Land: Hacking Macs through the Thunderbolt interface. http://www.breaknenter.org. Break & Enter. 2012. Adventures with Daisy in Thunderbolt-DMA-Land: Hacking Macs through the Thunderbolt interface. http://www.breaknenter.org.

3. Getting physical with the digital investigation process;Carrier Brian D.;Int. J. Digital Evid.,2003

4. R. Carbone C. Bean and M. Salois. 2011. An in-depth analysis of the cold boot attack. Technical Report. DRDC Valcartier Defence Research and Development Canada. R. Carbone C. Bean and M. Salois. 2011. An in-depth analysis of the cold boot attack. Technical Report. DRDC Valcartier Defence Research and Development Canada.

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Atlas: Application Confidentiality in Compromised Embedded Systems;IEEE Transactions on Dependable and Secure Computing;2019-05-01

2. Deceptive Deletion Triggers Under Coercion;IEEE Transactions on Information Forensics and Security;2016-12

3. Hypnoguard;Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security;2016-10-24

4. RamCrypt;Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security;2016-05-30