Towards Trustworthy Kiosk Computing

We present a system in which a user leverages a personal mobile device to establish trust on a public computing device, or kiosk, prior to revealing personal information to that kiosk. We have designed and implemented a protocol by which the mobile device determines the identity and integrity of the software running on the kiosk. A similar protocol simultaneously allows a kiosk owner to verify that the kiosk is running only approved software. Our system combines a number of emerging security technologies, including the Trusted Platform Module, the Integrity Measurement Architecture, and new support in times86 processors for establishing a dynamic root of trust. In ongoing work, we plan to use virtual machines to support the important case where the user wishes to run personal software on the kiosk. We are also continuing to explore several open issues we have identified surrounding trust in a kiosk scenario.