[tc-rg] Trusted Computing Use Case Document

David Chadwick d.w.chadwick at kent.ac.uk
Mon Jun 27 19:28:40 CDT 2005 

Wenbo

just how likely are TPMs to break down? Any idea? We are planning to use 
one to secure the keys for our secure audit web service. We do plan to 
export the private encryption key in PKCS#12 format to be on the safe 
side, but if a TPM crashed in the middle of writing an audit file, then 
we would not be able to validate that the file was intact on reboot.

regards

David


Wenbo Mao wrote:
> Andrew,
> 
> Under the item "securing the issue of credentials," or maybe under 
> "helping users to secure their credentials," somewhere in the system 
> needs a backup server  to work (maybe in a MyProxy position). This is 
> necessary in case the user's TPM breaks down. This means that a user 
> private key can be exported from a TPM  to the backup server when the 
> key is generated.
> 
> While a user's mission critical data can be recovered by working with 
> the backup server, an attested remote execution (eg, for secure 
> multi-party computation, SMPC) should use a non-exportable key 
> (attestation identity key, AIK), therefore existing a backup server 
> can't damage SMPC.
> 
> Just my few pence (or US cents in Chicago:-)
> Wenbo
> 
> Andrew Martin wrote:
> 
>> Dear all,
>>
>> Thinking about the Trusted Computing use case document, I have come up
>> with five headings under which to arrange use cases:
>>
>> * securing the issue of credentials
>>    CA ops etc..
>>
>> * helping users to secure their credentials
>>    long term
>>    short term (proxies etc..)
>>
>> * secure data storage
>>    data grid applications??
>>
>> * attested remote execution
>>    grid compute jobs/data centre processing
>>    public resource distributed computing
>>
>> * infrastructure management
>>    distributed firewalls, trusted gateways, etc..
>>
>> Have I missed any big areas?  Do these overlap too much?
>>
>> Can you (especially those who promised at the BOF in Seoul!) 
>> contribute use cases under these headings (or otherwise)?  Please come 
>> along on Wednesday and enter the discussion (or send me an email if 
>> you can't make it).
>>
>> Best regards
>>
>> Andrew
>>
> 
> 

-- 

*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://sec.cs.kent.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************

More information about the tc-rg mailing list