Towards Trusted Computing for Embedded Devices
Mobile and embedded devices, like cell phones, PDAs or simple network routers, have become powerful little multifunctional machines, providing features previously only available on much more powerful personal computers. This enables the owners to use these devices for more and more purposes. Many of these purposes have high security requirements: electronic banking, stock trading or VPN connections are some examples. In the future, such devices will be part of an internet of things, communicating with things near by, mutually authenticating each other, gaining access and allowing access to status information and controlling these things. TOPAS works on providing the necessary framework for creating trusted or trustworthy personal devices, devices that are as familiar to their users as their mobile phones are and that can be used in security-relevant or sensitive application scenarios. Trusted means that the software that is active on that device is known to be legitimate, unaltered (e.g. free of malware like worms or viruses), and behaves as expected. The major objective of this project is the development of a framework of Mobile Trusted Platforms that can be used on a variety of mobile and embedded systems, cost-effectively providing trusted computing technologies to these platforms, irrespective of the security features of the underlying system.
Ticketing and payment, as well as DRM, are the key applications for the use of trusted computing technology. These three applications alone are very security sensitive as security breaches have immediate monetary effects. Additionally, the stakeholders of these applications are not the handset manufactures but the service providers. This means that they will at some point in time force handset manufactures to add trusted computing technology to their devices.