Trusted Channels with Password-Based Authentication and TPM-Based Attestation

Abstract

Trusted channels establish trust of endpoint by linking endpoint configuration information to secure channels. Many trusted channels for client-server applications are established based on Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols. Two existing solutions for building trusted channels are shown to be vulnerable to collusion attacks in this paper. Then we propose a protocol to establish trusted channels using password-based authenticated key exchange and TPM-based attestation. Our protocol uses an efficient but different binding approach to resist the proposed collusion attack. Furthermore, we propose an extended protocol to achieve enhanced privacy for clients.