Title :
Towards Secure E-Commerce Based on Virtualization and Attestation Techniques
Author :
Stumpf, Frederic ; Eckert, Claudia ; Balfe, Shane
Author_Institution :
Tech. Univ. Darmstadt, Darmstadt
Abstract :
We present a secure e-commerce architecture that is resistant to client compromise and man-in-the-middle attacks on SSL. To this end, we propose several security protocols that use attestation techniques offered by the Trusted Computing Group (TCG). Using these protocols, we can ensure that the client configuration remains untampered and trusted for the duration of the transaction. In addition, confidential data, such as authentication passwords, are only accessible by the electronic commerce server to which the users intend to transfer their data. Since we employ a trusted third party that is responsible for verifying a client´s platform configuration, our approach does not depend on trusted computing at the server but instead only requires minor modification to server logic.
Keywords :
electronic commerce; security of data; software architecture; Trusted Computing Group; attestation techniques; authentication passwords; client configuration; electronic commerce server; man-in-the-middle attacks; secure e-commerce architecture; security protocols; server logic; virtualization techniques; Access protocols; Application software; Authentication; Availability; Computer architecture; Data security; Electronic commerce; Proposals; Software systems; Web server; Attestation; Secure E-Commerce; Security; Trusted Computing; Virtualization;
Conference_Titel :
Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-0-7695-3102-1
DOI :
10.1109/ARES.2008.147
