Protecting the Creation of Digital Signatures with Trusted Computing Platform Technology Against Attacks by Trojan Horse Programs

Abstract

Digital signatures are a key technology for many Internet-based commercial and administrative applications and, therefore, an increasingly popular target of attacks. Due to their strong cryptographic properties an attacker is more likely to subvert them with malicious software, ie Trojan horse programs. We show that by fusing two techniques, our WORM-supported reliable input method and the Intelligent Adjunct model of the Trusted Computing Platform Alliance, we can achieve a high degree of protection from Trojan horse programs during the process of creating digital signatures. Existing software products immediately benefit from our results. Moreover, we examine three ways of storing and executing the signing software with respect to its susceptibility to Trojan horse programs and identify the most suitable combination. © 2002 Kluwer Academic / Plenum Publishers, New York.