Towards Secure E-Commerce Based on Virtualization and Attestation Techniques

Author

Stumpf, Frederic ; Eckert, Claudia ; Balfe, Shane

Author_Institution

Tech. Univ. Darmstadt, Darmstadt

fYear

2008

Firstpage

376

Lastpage

382

Abstract

We present a secure e-commerce architecture that is resistant to client compromise and man-in-the-middle attacks on SSL. To this end, we propose several security protocols that use attestation techniques offered by the Trusted Computing Group (TCG). Using these protocols, we can ensure that the client configuration remains untampered and trusted for the duration of the transaction. In addition, confidential data, such as authentication passwords, are only accessible by the electronic commerce server to which the users intend to transfer their data. Since we employ a trusted third party that is responsible for verifying a client´s platform configuration, our approach does not depend on trusted computing at the server but instead only requires minor modification to server logic.

Keywords

electronic commerce; security of data; software architecture; Trusted Computing Group; attestation techniques; authentication passwords; client configuration; electronic commerce server; man-in-the-middle attacks; secure e-commerce architecture; security protocols; server logic; virtualization techniques; Access protocols; Application software; Authentication; Availability; Computer architecture; Data security; Electronic commerce; Proposals; Software systems; Web server; Attestation; Secure E-Commerce; Security; Trusted Computing; Virtualization;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security, 2008. ARES 08. Third International Conference on

Conference_Location

Barcelona

Print_ISBN

978-0-7695-3102-1

Type

conf

DOI

10.1109/ARES.2008.147

Filename

4529360