Shane Balfe (2009) Secure Payment Architectures and Other Applications of Trusted Computing.
Full text access: Open
This thesis is divided into two distinct parts. The first part of the thesis explores the role Trusted Computing can play in securing Internet-based Card Not Present (CNP) transactions. We highlight how Trusted Platform Module (TPM) enabled Platforms, as are currently available in the marketplace, can be used as adjuncts to CNP enabling protocols, such as SSL and 3-D Secure. As an extension to this, we demonstrate how newer Trusted Computing technologies, such as processor, chipset and operating system extensions, can provide a measured virtualisation layer on top of which emulated EMV (chip and pin) cards can run. The second part of this thesis looks at how Trusted Computing can be used to add security functionality to a number of computing paradigms. Firstly, we examine how Trusted Computing can be used to provide stable pseudonymous identities on top of which reputation systems can be built for Peer-to-Peer systems. Secondly, we examine the role Trusted Computing can play in protecting mobile agent systems. In this regard, we examine how mechanisms for protecting both agent hosts and mobile agents can be achieved by augmenting agent systems with Trusted Computing functionality.
This is a Published version This version's date is: 20/02/2009 This item is peer reviewed
https://repository.royalholloway.ac.uk/items/3876bf49-087d-a5ae-4a8d-c872c814beae/1/
Deposited by () on 24-Jun-2010 in Royal Holloway Research Online.Last modified on 15-Dec-2010
[1] M. Al-Meaither and C. J. Mitchell. Extending EMV to Support MurabahaTransactions. In Proceedings of the 7th Nordic Workshop on Secure IT Systems(NordSec 2003), pages 95{108. Department of Telematics, NTNU, Trondheim,Norway, October 2003.
[2] A. Alsaid and C. J. Mitchell. Preventing Phishing Attacks Using Trusted Com-puting Technology. In Proceedings of the 6th International Network Conference(INC 2006), pages 221{228, July 2006.
[3] T. Alves and D. Felton. TrustZone: Integrated Hardware and Software Se-curity { Enabling Trusted Computing in Embedded Systems. White pa-per, ARM, Available On-line, July 2004. http://www.arm.com/pdfs/TZ_Whitepaper.pdf.
[4] AMD. AMD64 Architecture Programmer's Manual: Volume 2: System Pro-gramming. Technical Report AMD Publication no. 24594 rev. 3.11, AdvancedMicro Devices, May 2006. http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/24593.pdf.
[5] R. Anderson. Cryptography and Competition Policy: Issues with `TrustedComputing'. In L. J. Camp and S. Lewis, editors, Proceedings of the 22ndAnnual Symposium on Principles of Distributed Computing (PODC 2003),pages 3{10. Kluwer Academic Publishers, July 2003.202
[6] R. Anderson. `Trusted Computing' Frequently Asked Questions - Version1.1. Available On-line, August 2003. http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html.
[7] Anti-Phishing Working Group. Phishing Activity Trends Report. Avail-able On-line, April 2007. http://www.antiphishing.org/reports/apwg_report_april_2007.pdf.
[8] APACS. Card Fraud { The Facts 2008. Available On-line, April2007. http://www.apacs.org.uk/resources_publications/documents/FraudtheFacts2008.pdf.
[9] APACS. Card Fraud Losses Continue to Fall. Available On-line, March 2007.http://www.apacs.org.uk/media_centre/press/07_14_03.html.
[10] B. Arbaugh. Improving the TCPA Speci¯cation. IEEE Computer, 35(8):77{79, August 2002.
[11] F. Armknecht, Y. Gasmi, A.-R. Sadeghi, P. Stewin, M. Unger, G. Ramunno,and D. Vernizzi. An E±cient Implementation of Trusted Channels Basedon Openssl. In Proceedings of the 3rd ACM Workshop on Scalable TrustedComputing (STC 2008), pages 41{50. ACM Press, 2008.
[12] Visa International Service Association. 3-D Secure Protocol Speci¯cation:System Overview. Available On-line, April 2007. http://partnernetwork.visa.com/pf/3dsec/main.jsp.
[13] T. Aura. RFC 4346 { Cryptographically Generated Addresses (CGA). Avail-able On-line, March 2005.
[14] B. Balache®, D. Chan, L. Chen, S. Pearson, and G. Proudler. Securing Intelli-gent Adjuncts Using Trusted Computing Platform Technology. In J. Domingo-Ferrer, D. Chan, and A. Watson, editors, Proceedings of the 4th Working Conference on Smart Card Research and Advanced Applications (CARDIS 2001),pages 177{195. Kluwer Academic Publishers, 2001.
[15] S. Balfe and E. Gallery. Mobile Agents and the Deus Ex Machina. In Proceed-ings of the 21st International Conference on Advanced Information Networkingand Applications Workshops (AINA 2007), pages 486{492. IEEE ComputerSociety, May 2007.
[16] S. Balfe, A. D. Lakhani, and K. G. Paterson. Securing Peer-to-Peer Networksusing Trusted Computing. In Mitchell [88], chapter 10, pages 271{298.
[17] S. Balfe, A. D. Lakhani, and K. G. Paterson. Trusted Computing: Providingsecurity for Peer-to-Peer Networks. In G. Caronni, N. Weiler, M. Waldvo-gel, and N. Shahmehri, editors, Proceedings 5th International Conference onPeer-to-Peer Computing (P2P 2005), pages 117{124. IEEE Computer Society,August 2005.
[18] S. Balfe and K. G. Paterson. Augmenting Internet-based Card Not PresentTransactions with Trusted Computing: An Analysis. Technical ReportRHUL-MA-2006-9, Department of Mathematics, Royal Holloway, Univer-sity of London, London, UK, 2006. http://www.rhul.ac.uk/mathematics/techreports.
[19] S. Balfe and K. G. Paterson. Augmenting Internet-based Card Not PresentTransactions with Trusted Computing: An Analysis. Technical ReportRHUL-MA-2006-9-v2, Department of Mathematics, Royal Holloway, Univer-sity of London, London, UK, 2006. http://www.rhul.ac.uk/mathematics/techreports.
[20] S. Balfe and K. G. Paterson. e-EMV: Emulating EMV for Internet Paymentsusing Trusted Computing Technology. Technical Report RHUL-MA-2006-10,Department of Mathematics, Royal Holloway, University of London, London,UK, 2006. http://www.rhul.ac.uk/mathematics/techreports.204
[21] S. Balfe and K. G. Paterson. Augmenting Internet-based Card Not PresentTransactions with Trusted Computing (Extended Abstract). In Proceedingsof the 12th International Conference of Financial Cryptography and Data Se-curity (FC 2008), pages 171{175. Springer, January 2008.
[22] S. Balfe and K. G. Paterson. e-EMV: Emulating EMV for Internet Paymentswith Trusted Computing Technologies. In Proceedings of the 3rd ACM Work-shop on Scalable Trusted Computing (STC 2008). ACM Press, October 2008.
[23] B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, andK. Yang. On the (Im)possibility of Obfuscating Programs. In Proceedings21st Annual International Cryptology Conference (Crypto 2001), pages 1{18,August 2001.
[24] P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauery,I. Pratt, and A. War¯eld. XEN and the Art of Virtualization. In Proceedingsof the 19th ACM Symposium on Operating Systems Principles (SOSP 2003),pages 164{177. ACM Press, October 2003.
[25] E. Bierman and E. Cloete. Classi¯cation of Malicious Host Threats in MobileAgent Computing. In Proceedings of the 2002 Annual Research Conference ofthe South African Institute of Computer Scientists and Information Technol-ogists on Enablement Through Technology (SAICSIT 2002), pages 141{148.South African Institute for Computer Scientists and Information Technolo-gists, September 2002.
[26] N. Borselius. Multi-agent System Security for Mobile Communication ). Tech-nical Report RHUL-MA-2003-5, Department of Mathematics, Royal Holloway,University of London, London, UK, September 2003. http://www.ma.rhul.ac.uk/static/techrep/2003/RHUL-MA-2003-5.pdf.
[27] E. Brickell, J. Camenisch, and L. Chen. Direct Anonymous Attestation. InB. P¯tzmann and P. Liu, editors, Proceedings of the 11th ACM Conference on205Computer and Communications Security (CCS 2004), pages 132{145. ACMPress, October 2004.
[28] J. Camenisch. Direct Anonymous Attestation: Achieving Privacy in Re-mote Authentication. Zurich Information Security Colloquium 2004. IBMZurich Information Security Center. http://www.zisc.ethz.ch/events/infseccolloquium2004.
[29] J. Camenisch and A. Lysyanskaya. A Signature Scheme with E±cient Pro-tocols. In S. Cimato, C. Galdi, and G. Persiano, editors, Proceedings of the3rd International Conference on Security in Communication Networks (SCN2002), volume 2576 of LNCS, pages 268{289. Springer, September 2003.
[30] D. L. Chaum. Untraceable Electronic Mail, Return addresses, and DigitalPseudonyms. Communications of the ACM, 24(2):84{90, 1981.
[31] I. Clarke, O. Sandberg, B. Wiley, and T. W. Hong. Freenet: A DistributedAnonymous Information Storage and Retrieval system. In Proceedings of In-ternational Workshop on Design Issues in Anonymity and Unobservability,volume 2009 of LNCS, pages 46{66. Springer{Verlag, 2001.
[32] S. Crane. Privacy Preserving Trust Agents. Technical Report HPL-2004-197,Hewlett-Packard Laboratories, Bristol, UK, November 2004. http://www.hpl.hp.com/techreports/2004/HPL-2004-197.pdf.
[33] E. Damiani, D. C. di Vimercati, S. Paraboschi, P. Samarati, and F. Violante.A Reputation-based Approach for Choosing Reliable Resources in Peer-to-PeerNetworks. In V. Atluri, editor, Proceedings of the 9th ACM Conferenceon Computer and Communications Security (CCS 2002), pages 207{216. ACMPress, November 2002.
[34] L. D'Anna, B. Matt, A. Reisse, T. Van Vleck, S. Schwab, and P. LeBlanc.Self-Protecting Mobile Agents Obfuscation Report. Technical Report Report20603-015, Network Associates Laboratories, June 2003. http://www.au.af.mil/au/awc/awcgate/darpa/obfreport.pdf.
[35] N. Daswani, H. Garcia-Molina, and B. Yang. Open Problems in Data-SharingPeer-to-Peer Systems. In D. Calvanese, M. Lenzerini, and R. Motwani, editors,Proceedings of 9th International Conference on Database Theory (ICDT 2003),volume 2572 of LNCS, pages 1{15. Springer{Verlag, January 2003.
[36] N. Daswani, P. Golle, S. Marti, H. Garcia-Molina, and D. Boneh. Eval-uating Reputation Systems for Document Authenticity. Technical Report2003-34, Computer Science Department, Stanford University, June 2003.http://dbpubs.stanford.edu:8090/pub/2003-34.
[37] A. Datta, M. Hauswirth, and K. Aberer. Beyond \Web of Trust": EnablingP2P E-Commerce. In R. Grinter, T. Rodden, P. Aoki, E. Cutrell, R. Je®ries,and G. M. Olsen, editors, Proceedings of the 2003 IEEE Conference on Elec-tronic Commerce (CEC 2003), pages 303{312. IEEE Computer Society, June2003.
[38] S. Deering and C. Allen. RFC 2460 { Internet Protocol, Version 6 (IPv6)Speci¯cation. Available On-line, December 1998. http://www.ietf.org/rfc/rfc2460.txt.
[39] A.W. Dent and C.J. Mitchell. User's Guide to Cryptography and Standards.Artech House, Boston, Massachusetts, USA, 2005.
[40] L. Detweiler. The Snakes of Medusa and Cyberspace { Inter-net Identity Subversion. Available On-line, November 1993. http://www.interesting-people.org/archives/interesting-people/199311/msg00054.html.
[41] R. Dhamija, J. D. Tygar, and M. Hearst. Why Phishing Works. In R. Grinter,T. Rodden, P. Aoki, E. Cutrell, R. Je®ries, and G. M. Olsen, editors, Proceedings of the 2006 Conference on Human Factors in Computing Systems (CHI2006), pages 581{590. ACM Press, April 2006.
[42] T. Dierks and C. Allen. RFC 4346 { The TLS Protocol Version 1.1. AvailableOn-line, April 2006. http://www.ietf.org/rfc/rfc4346.txt.
[43] J. R. Douceur. The Sybil Attack. In P. Druschel, M.F. Kaashoek, and A.I.T.Rowstron, editors, Proceedings of the 1st International Workshop on Inter-national Workshop on Peer-to-Peer Systems (IPTPS 2002), volume 2429 ofLNCS, pages 251{256. Springer{Verlag, March 2002.
[44] T. C. Du, E. Y. Li, and E. Wei. Mobile Agents for a Brokering Service in theElectronic Marketplace. Decision Support Systems, 39(3):371{383, 2005.
[45] EMVCo. Book 3 { Application Speci¯cation, 4.0 edition, December 2000.http://www.emvco.com.
[46] EMVCo. Book 1 { Application independent ICC to Terminal Interface require-ments, 4.1 edition, May 2004. http://www.emvco.com.
[47] EMVCo. Book 2 { Security and Key Management, 4.1 edition, May 2004.http://www.emvco.com.
[48] EMVCo. Book 3 { Application Speci¯cation, 4.1 edition, May 2004. http://www.emvco.com.
[49] EMVCo. Book 4 { Cardholder, Attendant, and Acquirer Interface Require-ments, 4.1 edition, June 2004. http://www.emvco.com.
[50] W. M. Farmer, J. D. Guttman, and V. Swarup. Security for Mobile Agents:Authentication and State Appraisal. In Proceedings of the 4th European Sym-posium On Research In Computer Security (ESORICS 1996), pages 118{130.Springer{Verlag, September 1996.
[51] Unlimited Freedom. Interesting Uses of Trusted Computing, Part 2. AvailableOn-line, March 2004. http://invisiblog.com/1c801df4aee49232/#mobile.
[52] Fuzen op. The FU Rootkit. Available On-line. http://www.rootkit.com/.
[53] S. Gajek, A.-R. Sadeghi, C. StÄuble, and M. Winandy. Compartmented Secu-rity for Browsers { Or How to Thwart a Phisher with Trusted Computing. InProceedings of the The 2nd International Conference on Availability, Reliabil-ity and Security (ARES 2007), pages 120{127. IEEE Computer Society, April2007.
[54] E. Gallery and A. Tomlinson. Protection of Downloadable Software on SDRDevices. In Proceedings of the 4th Software De¯ned Radio Forum TechnicalZonference (SDR 2005). Software De¯ned Radio Forum (SDRF), November2005.
[55] E. Gallery and A. Tomlinson. Secure Delivery of Conditional Access Applica-tions to Mobile Receivers. In Mitchell [88], chapter 7, pages 195{238.
[56] T. Gar¯nkel, B. Pfa®, J. Chow, M. Rosenblum, and D. Boneh. Terra: AVirtual Machine-based Platform for Trusted Computing. ACM SIGOPS Op-erating Systems Review, 37(5):193{206, 2003.
[57] T. Gar¯nkel, M. Rosenblum, and D. Boneh. Flexible OS Support and Appli-cations for Trusted Computing. In Proceedings of the 9th USENIX Workshopon Hot Topics on Operating Systems (HotOS-IX), pages 145{150. USENIXAssociation, May 2003.
[58] Y. Gasmi, A.-R. Sadeghi, P. Stewin, M. Unger, and N. Asokan. Beyond SecureChannels. In S. Xu and M. Yung, editors, Proceedings of the 2007 ACMWorkshop on Scalable Trusted Computing (STC 2007), pages 30{40. ACMPress, November 2007.209
[59] L. Gong, G. Ellison, and M. Dageforde. Inside Java 2 Platform Security:Architecture, API Design, and Implementation. Addison-Wesley LongmanPublishing, Inc., 2nd edition, 2003.
[60] D. Grawrock. The Intel Safer Computer Initiative: Building Blocks for TrustedComputing, chapter Protected Input and Output, pages 143{164. Intel Press,2006.
[61] F. Gri®el, M. T. Tu, M. MÄunke, M. Merz, W. Lamersdorf, and M. M. da Silva.Electronic Contract Negotiation as an Application Niche for Mobile Agents.In Proceedings of the 1st International Conference on Enterprise DistributedObject Computing (EDOC 1997), pages 354{367. IEEE Computer Society,October 1997.
[62] D. Gri±n, G. Pavlou, and P. Georgatsos. Providing Customisable NetworkManagement Services Through Mobile Agents. In Proceedings of the 7th In-ternational Conference on Intelligence and Services in Networks (IS&N 2000),pages 209{226. Springer{Verlag, February 2000.
[63] R. Grimes. Authenticode. Available On-line, 2008. http://technet.microsoft.com/en-us/library/cc750035.aspx.
[64] P. Gutman. PKI: It's Not Dead, Just Resting. Computer, 35(8):41{49, 2002.
[65] V. Haldar, D. Chandra, and M. Franz. Semantic Remote Attestation: AVirtual Machine Directed Approach to Trusted Computing. In Proceedings ofthe 3rd Conference on Virtual Machine Research And Technology Symposium(VM 2004). USENIX Association, May 2004.
[66] E. V. Herreweghen and U. Wille. Risks and Potentials of Using EMV for Inter-net Payments. In In Proceedings of the 1st USENIX Workshop on SmartcardTechnology, pages 163{174. USENIX Association, May 1999.
[67] R. Housley, W. Ford, W. Polk, and D. Solo. Internet X.509 Public Key In-frastructure Certi¯cate and CRL Pro¯le. Available On-line, January 1999.
[68] Intel. LaGrande Technology Architectural Overview. Technical Report252491-001, Intel Corporation, September 2003. http://www.intel.com/technology/security/downloads/LT_Arch_Overview.pdf.
[69] International Organisation for Standardization. Information processing sys-tems { Open Systems Interconnection { Basic Reference Model { Part 2: Se-curity Architecture. ISO/ITU, 1989.
[70] ITU-T Recommendation X.509, Information technology | Open Systems In-terconnection | The Directory: Public-key and Attribute Certi¯cate Frame-works. International Organization for Standardisation, Geneva, Switzerland,2000. 4th edition.
[71] S. Iyer, A. Rowstron, and P. Druschel. Squirrel: A Decentralized Peer-to-PeerWeb Cache. In Proceedings of the 21st Annual Symposium on Principles OfDistributed Computing (PODC 2002), pages 213{222. ACM Press, July 2002.
[72] C. Jackson, D. Boneh, and J. Mitchell. Spyware Resistant Web Authentica-tion Using Virtual Machines. http://crypto.stanford.edu/antiphishing/spyblock.pdf.
[73] C. Jackson, D. Boneh, and J. Mitchell. Transaction Generators: Root Kitsfor Web. In Proceedings of 2nd USENIX Workshop on Hot Topics in Security(HotSec 2007), pages 1{4. USENIX Association, August 2007.
[74] W. Jansen and T. Karygiannis. Mobile Agents and Security. NIST SpecialPublication 800-19, National Institute of Standards and Technology (NIST),Computer Security Division, Gaithersburg, MD, USA, 1999. http://src.nist.gov/publications/nistpubs/800-19/sp800-19.pdf.211
[75] R. Jha and S. Iyer. Performance Evaluation of Mobile Agents for E-commerceApplications. In Proceedings of the 8th International Conference on High Per-formance Computing (HiPC 2001), pages 331{340. Springer-Verlag, December2001.
[76] A. JÄosang, R. Ismail, and C. Boyd. A Survey of Trust and Reputation Systemsfor Online Service Provision. Decision Support Systems, 43(2):618{644, 2007.
[77] R. L. Kay. Trusted Computing is Real and its Here. Available On-line, January2007. https://www.trustedcomputinggroup.org/news/Industry_Data/Endpoint_Technologies_Associates_TCG_report_Jan_29_2007.pdf.
[78] V. Khu-Smith and C. J. Mitchell. Using EMV Cards to Protect E-commerceTransactions. In K. Bauknecht A. M. Tjoa and G. Quirchmayr, editors, Pro-ceedings of the 3rd International Conference on E-Commerce and Web Tech-nologies (EC-WEB 2002), volume 2455 of LNCS, pages 388{399. Springer{Verlag, January 2002.
[79] M. Kinateder and S. Pearson. A Privacy-enhanced Peer-to-Peer ReputationSystem. In K. Bauknecht, A.M. Tjoa, and G. Quirchmayr, editors, Proceed-ings of the 4th International Conference on Electronic Commerce and WebTechnologies (EC-Web 2003), volume 2738 of LNCS, pages 206{216. Springer{Verlag, September 2003.
[80] S. T. King, P. M. Chen, Y-M. Wang, C. Verbowski, H. J. Wang, and J. R.Lorch. SubVirt: Implementing Malware with Virtual Machines. In Proceedingsof the 2006 IEEE Symposium on Security and Privacy (S&P 2006), pages 314{327. IEEE Computer Society, May 2006.
[81] J. Kubiatowicz, D. Bindel, Y. Chen, S. Czerwinski, P. Eaton, D. Geels,R. Gummadi, S. Rhea, H. Weatherspoon, W. Weimer, C. Wells, and B. Zhao.OceanStore: An Architecture for Global-Scale Persistent Storage. SIGPLANNotices, 35(11):190{201, November 2000.
[82] S. Marti and H. Garcia-Molina. Identity Crisis: Anonymity vs. Reputation inP2P Systems. In Proceedings of the 3rd International Conference on Peer-to-Peer Computing (P2P 2003), pages 134{141. IEEE Computer Society, Septem-ber 2003.
[83] J. M. McCune, B. Parno, A. Perrig, M. K. Reiter, and A. Seshadri. MinimalTCB Code Execution. In Proceedings of the 2007 IEEE Symposium on Securityand Privacy (S&P 2007), pages 267{272. IEEE Computer Society, May 2007.
[84] J. M. McCune, A. Perrig, and M. K. Reiter. Bump in the Ether: A Frameworkfor Securing Sensitive User Input. In Proceedings of the 2006 USENIX AnnualTechnical Conference (USENIX 2006), pages 185{198. USENIX Assocation,June 2006.
[85] P. Meadowcroft. Combating Card Fraud. Available On-line, January2005. http://www.scmagazine.com/uk/news/article/459478/combating+card+fraud/.
[86] A. Menezes, P. Van Oorschot, and S. Vanstone. Handbook of Applied Cryp-tography, volume 6 of Discrete Mathematics and its Applications. CRC Press,Boca Raton, Florida, USA, 1997.
[87] D. S. Milojicic, V. Kalogeraki, R. Lukose, K. Nagaraja, J. Pruyne, B. Richard,S. Rollins, and Z. Xu. Peer-to-Peer computing. Technical Report HPL-2002-57, Hewlett-Packard Laboratories, March 2002. http://www.hpl.hp.com/techreports/2002/HPL-2002-57.html.
[88] C. J. Mitchell, editor. Trusted Computing. IEE Professional Applications ofComputing Series 6. The Institute of Electrical Engineers (IEE), April 2005.
[89] D. Molnar, R. Dingledine, and M. J. Freedman. Free Haven. In Oram [95],chapter 12.
[90] G. C. Necula. Proof-Carrying Code. In Proceedings of the 24th ACMSIGPLAN-SIGACT Symposium on Principles Of Programming Languages(POPL 1997), pages 106{119. ACM Press, January 1997.
[91] C. Neuman, S. Hartman, and K. Raeburn. RFC 4120 { The Kerberos NetworkAuthentication Service (V5). Available On-line, July 2005. http://tools.ietf.org/html/rfc4120.
[92] NIST. Speci¯cations for the SECURE HASH STANDARD. Technical ReportFederal Information Processing Standards Publication 180-2, The NationalInstitute of Standards and Technology (NIST), August 2002. http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf.
[93] OMA. DRM architecture v2.0. Technical Speci¯cation OMA-DRM-ARCH-V2 0-2004071515-C, The Open Mobile Alliance (OMA), July 2004.
[94] D. O'Mahony, M. Peirce, and H. Tewari. Electronic Payment Systems forE-Commerce. Artech House, 2nd edition, 2001.
[95] A. Oram, editor. Peer-to-Peer: Harnessing the Power of Disruptive Technolo-gies. O'Reilly & Associates, 2001.
[96] J. K. Ousterhout, J. Y. Levy, and B. B. Welch. The Safe-TCL SecurityModel. Technical Report TR-97-60, Sun Microsystems Laboratories, Cali-fornia, US, March 1997. http://research.sun.com/techrep/1997/smli_tr-97-60.pdf.
[97] PCI Security Standards Council. Payment Card Industry Data SecurityStandard { Version 1.1. Available On-line, September 2006. https://www.pcisecuritystandards.org/tech/download_the_pci_dss.htm.
[98] S. Pearson. Trusted Agents that Enhance User Privacy by Self-Pro¯ling. Tech-nical Report HPL-2002-196, Hewlett-Packard Laboratories, Bristol, UK, 15July 2002. http://hpl.hp.co.uk/techreports/2002/HPL-2002-196.pdf.
[99] S. Pearson. Trusted Computing Platforms, the Next Security Solution. Tech-nical Report HPL-2002-221, Hewlett-Packard Laboratories, November 2002.http://www.hpl.hp.com/techreports/2002/HPL-2002-221.pdf.
[100] S. Pearson, editor. Trusted Computing Platforms: TCPA Technology in Con-text. Prentice Hall, 2003.
[101] S. Pearson. How Trusted Computers can Enhance Privacy Preserving MobileApplications. In Proceedings of the 1st International IEEE Workshop on Trust,Security and Privacy for Ubiquitous Computing (WOWMOM 2005), pages609{613. IEEE Computer Society, June 2005.
[102] M. Peinado, Y. Chen, P. England, and J. Manferdelli. NGSCB: A TrustedOpen System. In H. Wang, J. Pieprzyk, and V. Varadharajan, editors, Pro-ceedings of 9th Australasian Conference on Information Security and Privacy,(ACISP 2004), volume 3108 of LNCS, pages 86{97. Springer{Verlag, July2004.
[103] M. Peinado, P. England, and Y. Chen. An Overview of NGSCB. In Mitchell[88], chapter 7, pages 115{141.
[104] B. P¯tzmann, J. Riordan, C. StÄuble, M. Waidner, and A. Weber. ThePERSEUS System Architecture. Technical Report RZ 3335 (#93381), IBMResearch Division, Zurich Laboratory, April 2001.
[105] D. Piper. RFC 2407 { The Internet IP Security Domain of Interpretation forISAKMP. Available On-line, November 1998. http://www.ietf.org/rfc/rfc2407.txt.
[106] G. Price. PKI { An Insider's View (Extended Abstract). Technical ReportRHUL-MA-2005-8, Department of Mathematics, Royal Holloway, Universityof London, London, UK, June 2005. http://www.ma.rhul.ac.uk/static/techrep/2005/RHUL-MA-2005-8.pdf.
[107] A. Pridgen and C. Julien. A Secure Modular Mobile Agent System. In Proceed-ings of the 2006 international workshop on Software Engineering for Large-scale Multi-Agent Systems (SELMAS 2006), pages 67{74. ACM Press, May2006.
[108] G. J. Proudler. Concepts of Trusted Computing. In Mitchell [88], chapter 2,pages 11{27.
[109] D. Qiu and R. Srikant. Modeling and Performance Analysis of BitTorrent-likePeer-to-Peer Networks. In Proceedings of the 2004 conference on Applica-tions, Technologies, Architectures, and Protocols for Computer Communica-tions (SIGCOMM 2004), pages 367{378. ACM Press, August 2004.
[110] C. Radu. Implementing Electronic Card Payment Systems. Artech House,November 2002.
[111] J. Reid, J. M. Gonzalez Nieto, and E. Dawson. Privacy and Trusted Com-puting. In Proceedings of the 14th International Workshop on Database andExpert Systems Applications (DEXA 2003), pages 383{388. IEEE ComputerSociety, September 2003.
[112] M. K. Reiter and A. D. Rubin. Crowds: Anonymity for Web Transactions.ACM Transactions on Information and System Security (TISSEC), 1(1):66{92, 1998.
[113] M. Rennhard and B. Plattner. Practical Anonymity for the Masses with Mix-Networks. In Proceedings of the 12th International Workshop on EnablingTechnologies (WETICE 2003), pages 255{262. IEEE Computer Society, June2003.
[114] P. Resnick, K. Kuwabara, R. Zeckhauser, and E. Friedman. Reputation Sys-tems. In Communications of ACM, volume 43, pages 45{48. ACM Press,December 2000.216
[115] J. Riordan and B. Schneier. Environmental Key Generation Towards CluelessAgents. In G. Vigna, editor, Mobile Agents and Security, volume 1419 ofLNCS, pages 15{24. Springer{Verlag, 1998.
[116] V. Roth. Secure Recording of Itineraries through Co-operating Agents. InProceedings of the 12th European Conference on Object-Oriented Programming(ECOOP 1998), pages 297{298. Springer{Verlag, July 1998.
[117] K. Rothermel and M. Schwehm. Mobile Agents. In A. Kent and J.G. Williams,editors, Encyclopedia for Computer Science and Technology, volume 40, pages155{176. M. Dekker Inc., 1999.
[118] S. Schoen, Electronic Frontier Foundation. Trusted Computing: Promiseand Risk. Available On-line, October 2003. http://www.eff.org/Infrastructure/trusted\_computing/20031001_tc.pdf.
[119] A.-R. Sadeghi, M. Selhorst, C. StÄuble, C. Wachsmann, and M. Winandy. TCGInside?: A Note on TPM Speci¯cation Compliance. In Proceedings of the 1stACM Workshop on Scalable Trusted Computing (STC 2006), pages 47{56.ACM Press, November 2006.
[120] A.-R. Sadeghi and C. StÄuble. Property-based Attestation for Computing Plat-forms: Caring About Properties, Not Mechanisms. In C.F. Hempelmannand V. Raskin, editors, Proceedings of the 2004 Workshop on New SecurityParadigms (NSPW 2004), pages 67{77. ACM Press, 2004.
[121] A.-R. Sadeghi, C. StÄuble, and N. Pohlmann. European Multilateral SecureComputing Base: Open Trusted Computing for You and Me. Available On-line, 2004. http://www.prosec.rub.de/Publications/SaStPo2004Web.pdf.
[122] R. Sandhu and X. Zhang. Peer-to-Peer Access Control Architecture UsingTrusted Computing Technology. In Proceedings of the 10th ACM Symposiumon Access Control Models And Technologies (SACMAT 2005), pages 147{158.ACM Press, June 2005.
[123] L. F. G. Sarmenta, M. van Dijk, C. W. O'Donnell, J. Rhodes, and S. De-vadas. Virtual Monotonic Counters and Count-Limited Objects Using a TPMWithout a Trusted OS. In Proceedings of the 1st ACM Workshop on ScalableTrusted Computing (STC 2006), pages 47{56. ACM Press, November 2006.
[124] S. E. Schechter, R. A. Greenstadt, and M. D. Smith. Trusted Computing,Peer-To-Peer Distribution and the Economics of Pirated Entertainment. InProceedings of 2nd Workshop on Economics and Information Security. May2003.
[125] J. Schiller. RFC 4307 { Cryptographic Algorithms for Use in the InternetKey Exchange Version 2 (IKEv2). Available On-line, December 2005. http://www.rfc-editor.org/rfc/rfc4307.txt.
[126] S. Schoen. Comments on LT Policy on Owner/User Choice and Control 0.8.Available On-line, December 2003. http://www.eff.org/Infrastructure/trusted_computing/eff_comments_lt_policy.pdf.
[127] S. Schoen. Give TCPA an Owner Override. Available On-line, December 2003.http://www.linuxjournal.com/article/7055.
[128] S. Schoen. Comments on TCG Design, Implementation and Us-age Principles 0.95. Available On-line, October 2004. http://www.eff.org/Infrastructure/trusted_computing/20041004\_eff\_comments\_tcg_principles.pdf.
[129] S. Schoen. Compatibility, Competition, and Control in Trusted ComputingEnvironments. Information Security Technical Report, 10(2):105{119, 2005.
[130] U.S. Securities and Exchange Commission. Form 10-K { The TJX Compa-nies, INC. Available On-line, January 2007. http://www.sec.gov/Archives/edgar/data/109198/000095013507001906/b64407tje10vk.htm.
[131] IBM Global Services. IBM Global Business Security Index Report, February2005. http://www-935.ibm.com/services/us/index.wss/offering/bcrs/a1008776.
[132] A. Seshadri, M. Luk, N. Qu, and A. Perrig. SecVisor: A Tiny Hypervisorto Provide Lifetime Kernel Code Integrity for Commodity OSes. In T. Bres-soud and F. Kaashoek, editors, Proceedings of 21st ACM SIGOPS Symposiumon Operating Systems Principles (SOSP 2007), pages 335{350. ACM Press,October 2007.
[133] SETCo. SET Secure Electronic Transaction 1.0 Speci¯cation { The FormalProtocol De¯nition. Available On-line, May 1997. http://www.cl.cam.ac.uk/research/security/resources/SET/.
[134] E. Shi, A. Perrig, and L. V. Doorn. BIND: A Fine-Grained Attestation Servicefor Secure Distributed Systems. In Proceedings of the 2005 IEEE Symposiumon Security and Privacy (S&P 2005), pages 154{168. IEEE Computer Society,May 2005.
[135] A. Spalka, A. B. Cremers, and H. Langweg. Protecting the Creation of DigitalSignatures with Trusted Computing Platform Technology against Attacks byTrojan Horse Programs. In M. Dupuy and P. Paradinas, editors, Proceedingsof the 16th Annual Working Conference on Information Security (IFIP/Sec2001), volume 193 of IFIP Conference Proceedings, pages 403{419. KluwerAcademic Publishers, 11{13 June 2001.
[136] C. Spyrou, G. Samaras, E. Pitoura, and P. Evripidou. Mobile Agents forWireless Computing: The Convergence of Wireless Computational Modelswith Mobile-agent Technologies. Mobile Networks and Applications, 9(5):517{528, October 2004.
[137] R. Stallman. Free Software, Free Society: Selected Essays of Richard M. Stall-man, chapter 17, pages 115{119. GNU Press, 2002.
[138] F. Stumpf, A. Fuchs, S. Katzenbeisser, and C. Eckert. Improving the Scala-bility of Platform Attestation. In Proceedings of the 3rd ACM Workshop onScalable Trusted Computing (STC 2008). ACM Press, October 2008.
[139] F. Stumpf, O. Tafreschi, P. RÄoder, and C. Eckert. A Robust Integrity Report-ing Protocol for Remote Attestation. In Proceedings of the 2nd Workshop onAdvances in Trusted Computing (WATC 2006), November 2006.
[140] Sun Microsystems. The Java Tutorials: Signing and Verifying JAR Files.Available On-line, 2008. http://java.sun.com/docs/books/tutorial/deployment/jar/signindex.html.
[141] Symantec. Infostealer.Bankash.G. Available On-line, Febuary 2006.http://www.symantec.com/security_response/writeup.jsp?docid=2006-010317-5218-99.
[142] Symantec. Symantec Internet Security Threat Report Volume XI. AvailableOn-line, March 2007. http://www.symantec.com/enterprise/theme.jsp?themeid=threatreport.
[143] P. F. Syverson, D. M. Goldschlag, and M. G. Reed. Anonymous Connectionsand Onion Routing. In Proceedings of the 1997 IEEE Symposium on Securityand Privacy (S&P 1997), page 44. IEEE Computer Society, May 1997.
[144] TCG. Interoperability Speci¯cation for Backup and Migration Services. TCGspeci¯cation Version 1.0, The Trusted Computing Group (TCG), May 2005.
[145] TCG. Subject Key Attestation Evidence Extension. TCG speci¯cation version1.0 revision 7, The Trusted Computing Group (TCG), June 2005.
[146] TCG. TCG Generic Server Speci¯cation. TCG speci¯cation Version 1.0, TheTrusted Computing Group (TCG), July 2005.
[147] TCG. TCG Infrastructure Working Group Reference Architecture for Inter-operability (Part I). TCG speci¯cation version 1.0 revision 1, The TrustedComputing Group (TCG), June 2005.
[148] TCG. TCG PC Client Speci¯c Implementation Speci¯cation For conventionalBIOS. TCG speci¯cation Version 1.2 Final, The Trusted Computing Group(TCG), July 2005.
[149] TCG. TCG Software Stack (TSS) Speci¯cation. TCG Speci¯cation Version1.2 Level 1, The Trusted Computing Group (TCG), January 2006.
[150] TCG. TPM Main, Part 2: TPM Data Structures. TCG Speci¯cation Version1.2 Revision 103, The Trusted Computing Group (TCG), July 2006.[151] TCG. TCG Speci¯cation Architecture Overview. TCG speci¯cation Version1.4, The Trusted Computing Group (TCG), August 2007.
[152] TCG. TNC Architecture for Interoperability. TCG Speci¯cation Version 1.2Revision 4, The Trusted Computing Group (TCG), September 2007.
[153] TCG. TPM Main, Part 1: Design Principles. TCG Speci¯cation Version 1.2Revision 103, The Trusted Computing Group (TCG), July 2007.
[154] TCG. TPM Main, Part 3: Commands. TCG Speci¯cation Version 1.2 Revision103, The Trusted Computing Group (TCG), July 2007.
[155] TCG MPWG. TCG Mobile Trusted Module Speci¯cation. TCG Speci¯cationVersion 1.0 Revision 1, The Trusted Computing Group (TCG), September2007.
[156] The Sunday Times. Don't Use Cards At Petrol Stations. Available On-line,Febuary 18 2007. http://business.timesonline.co.uk/.
[157] US Department of Homeland Security, SRI International Identity TheftTechnology Council and the Anti-Phishing Working Group. The Crime-ware Landscape: Malware, Phishing, Identity Theft and Beyond. Avail-able On-line, October 2006. http://www.antiphishing.org/reports/APWG_CrimewareReport.pdf.
[158] G. Vigna. Cryptographic Traces for Mobile Agents. In G. Vigna, editor, MobileAgents and Security, volume 1419 of LNCS, pages 137{153. Springer{Verlag,1998.
[159] Visa. Cardholder Information Security { Program Bulletin 102307 { VisaAnnounces New Payment Application Security Mandates. Available On-line,October 2007. http://usa.visa.com/merchants/risk_management/cisp_payment_applications.html.
[160] Visa. Cardholder Information Security Program { List of Validated Pay-ment Applications. Available On-line, October 2007. http://usa.visa.com/merchants/risk_management/cisp_payment_applications.html.
[161] VMWare. VMWare Server: Free Virtualization for Windows andLinux Servers. Available On-line. http://www.vmware.com/pdf/server_datasheet.pdf.
[162] F. von Lohmann. Meditations on Trusted Computing. Available On-line, 2003. http://www.eff.org/Infrastructure/trusted_computing/20031001_meditations.php.
[163] R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. E±cient Software-based Fault Isolation. In Proceedings of the 14th ACM symposium on Operatingsystems principles (SOSP 1993), pages 203{216, December 1993.
[164] D. S. Wallach. A Survey of Peer-to-Peer Security Issues. In M. Okada, B. C. { Theories and Systems, International Symposium, (ISSS 2002), volume 2609of LNCS, pages 42{57. Springer{Verlag, November 2002.
[165] T. Weigold, T. Kramp, R. Hermann, F. Horing, P. Buhler, and M. Baentsch.The Zurich Trusted Information Channel | An E±cient Defence AgainstMan-in-the-Middle and Malicious Software Attacks. In Proceedings of TRUST2008, volume 4968 of LNCS, pages 75{91. Springer{Verlag, 2008.
[166] U.G. Wilhelm, S. Staamann, and L. Butty. Introducing Trusted Third Partiesto the Mobile Agent Paradigm. In J. Vitek and C. Jensen, editors, SecureInternet Programming: Security Issues for Mobile and Distributed Objects,volume 1603 of LNCS, pages 469{489. Springer{Verlag, 1999.
[167] B. S. Yee. A Sanctuary for Mobile Agents. In J. Vitek and C. D. Jensen, edi-tors, Secure Internet programming: Security Issues for Mobile and DistributedObjects, pages 261{273. Springer{Verlag, 1999.
[168] M. Yung. Trusted Computing Platforms: The Good, the Bad, and the Ugly.In R.N. Wright, editor, Proceedings of the 7th International Conference ofFinancial Cryptography (FC 2003), volume 2742 of LNCS, pages 250{254.Springer{Verlag,Springer, January 2003.
[169] K. Zetter. CardSystems' Data Left Unsecured. Available On-line, July 2005.http://www.wired.com/news/technology/0,1282,67980,00.html.
[170] P. Zimmermann. PGP Source Code and Internals. MIT Press, Cambridge,MA, USA, 1995.