A Certification Service for Future Home Networks based on Trusted Computing Technology

Security in today’s home networks is neglected, WIFI security is the most prominent example. The security of the mechanism that controls access to a wlan is mainly dependent on the choice of the used shared key. The shared key itself causes limitations in usability, e.g. in the case of revoking wlan access for a single user. In the authone project a flexible and innovative authentication technique based on X.509 certificates, issued by a home certification service (HCS), has been developed. Such certificates, used for authentication, can facilitate not only the control of wlan access, but also the control of access to services hosted in future home networks.

This bachelor’s thesis addresses the security of the HCS. The first contribution - a security evaluation of the existing approach - revealed a weakness that can lead to severe problems. The security of the hcs’s respectively the device’s private key is endangered. malware, that infiltrates the system, can steal the private key easily. An attacker is able to impersonate a device or a whole home network. The possession of the stolen key, enables the attacker to access services in the home network and maybe even in other home networks. This work focuses on the development of a concept to protect the private keys from software based attacks using trusted computing technology, namely the trusted platform module. The tpm is used as a root of trust and as a hardware safeguard that provides a secure environment for key usage. Keys of hcs’ or devices secured by a tpm can give birth to a variety of new use cases that require more reliability and trustworthiness. This leads to the possibility of creating more security sensitive services, as sharing sensitive data or services over the internet between friendly home networks.

download thesis | download presentation

Comments