[tc-rg] Trusted Computing Use Case Document
David Chadwick
d.w.chadwick at kent.ac.uk
Mon Jun 27 19:28:40 CDT 2005
Wenbo
just how likely are TPMs to break down? Any idea? We are planning to use
one to secure the keys for our secure audit web service. We do plan to
export the private encryption key in PKCS#12 format to be on the safe
side, but if a TPM crashed in the middle of writing an audit file, then
we would not be able to validate that the file was intact on reboot.
regards
David
Wenbo Mao wrote:
> Andrew,
>
> Under the item "securing the issue of credentials," or maybe under
> "helping users to secure their credentials," somewhere in the system
> needs a backup server to work (maybe in a MyProxy position). This is
> necessary in case the user's TPM breaks down. This means that a user
> private key can be exported from a TPM to the backup server when the
> key is generated.
>
> While a user's mission critical data can be recovered by working with
> the backup server, an attested remote execution (eg, for secure
> multi-party computation, SMPC) should use a non-exportable key
> (attestation identity key, AIK), therefore existing a backup server
> can't damage SMPC.
>
> Just my few pence (or US cents in Chicago:-)
> Wenbo
>
> Andrew Martin wrote:
>
>> Dear all,
>>
>> Thinking about the Trusted Computing use case document, I have come up
>> with five headings under which to arrange use cases:
>>
>> * securing the issue of credentials
>> CA ops etc..
>>
>> * helping users to secure their credentials
>> long term
>> short term (proxies etc..)
>>
>> * secure data storage
>> data grid applications??
>>
>> * attested remote execution
>> grid compute jobs/data centre processing
>> public resource distributed computing
>>
>> * infrastructure management
>> distributed firewalls, trusted gateways, etc..
>>
>> Have I missed any big areas? Do these overlap too much?
>>
>> Can you (especially those who promised at the BOF in Seoul!)
>> contribute use cases under these headings (or otherwise)? Please come
>> along on Wednesday and enter the discussion (or send me an email if
>> you can't make it).
>>
>> Best regards
>>
>> Andrew
>>
>
>
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://sec.cs.kent.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the tc-rg
mailing list