Götzfried J, Müller T (2014)
Publication Type: Journal article, Original article
Publication year: 2014
Publisher: ACM
Edited Volumes: Transactions on Information and System Security (TISSEC)
City/Town: New York
Book Volume: 17
Edition: 2
URI: https://www1.cs.fau.de/mark
DOI: 10.1145/2663348
The weakest link in software-based full disk encryption is the authentication procedure. Since the master boot record must be present unencrypted in order to launch the decryption of remaining system parts, it can easily be manipulated and infiltrated by bootkits that perform keystroke logging; consequently, passwordbased authentication schemes become attackable. The current technological response, as enforced by Bit- Locker, verifies the integrity of the boot process by use of the trusted platform module. But, as we show, this countermeasure is insufficient in practice. We present STARK, the first tamperproof authentication scheme that mutually authenticates the computer and the user in order to resist keylogging during boot. To achieve this, STARK implements trust bootstrapping from a secure token to the whole PC. The secure token is an active USB drive that verifies the integrity of the PC and indicates the verification status by an LED to the user. This way, users can ensure the authenticity of the PC before entering their passwords.
APA:
Götzfried, J., & Müller, T. (2014). Mutual Authentication and Trust Bootstrapping towards Secure Disk Encryption. ACM Transactions on Information and System Security, 17. https://dx.doi.org/10.1145/2663348
MLA:
Götzfried, Johannes, and Tilo Müller. "Mutual Authentication and Trust Bootstrapping towards Secure Disk Encryption." ACM Transactions on Information and System Security 17 (2014).
BibTeX: Download