Sciweavers

IEEEARES
2008
IEEE

Towards Secure E-Commerce Based on Virtualization and Attestation Techniques

14 years 7 months ago
Towards Secure E-Commerce Based on Virtualization and Attestation Techniques
We present a secure e-commerce architecture that is resistant to client compromise and man-in-the-middle attacks on SSL. To this end, we propose several security protocols that use attestation techniques offered by the Trusted Computing Group (TCG). Using these protocols, we can ensure that the client configuration remains untampered and trusted for the duration of the transaction. In addition, confidential data, such as authentication passwords, are only accessible by the electronic commerce server to which the users intend to transfer their data. Since we employ a trusted third party that is responsible for verifying a client’s platform configuration, our approach does not depend on trusted computing at the server but instead only requires minor modification to server logic.
Frederic Stumpf, Claudia Eckert, Shane Balfe
Added 31 May 2010
Updated 31 May 2010
Type Conference
Year 2008
Where IEEEARES
Authors Frederic Stumpf, Claudia Eckert, Shane Balfe
Comments (0)