Making use of hardware security mechanisms in webinos is something we have been interested in from the very start of the project. Indeed, we had high hopes to use the Trusted Platform Module (TPM) to enable some applications to attest their integrity to third parties, to limit the impact of malware and rootkits. We also wanted to make use of secure key storage to protect the webinos PKI infrastructure from credential theft.
Unfortunately, we quickly came to the conclusion that the application of hardware security to web applications is a research problem, and a little way off practical implementation. There are several challenges in making productive use of hardware mechanisms – processor security extensions, secure elements, TPMs and so on – which need more thought from the industry as a whole.
I’m therefore very pleased to announce that The Workshop on Web Applications and Secure Hardware (WASH’13) will be happening this Thursday (20th June) at Imperial College London, in conjunction with the TRUST 2013 conference. We have an exciting programme, featuring talks from The University of Oxford, TU Graz, Gemalto, Inventive Designers, Royal Holloway, the FIDO Alliance and Ericsson. For more information see the online pre-proceedings. If you would like to attend (there’s no registration fee) there are a few spaces available.
We hope that the result of this event will be some practical ideas for applications of security hardware to enhance the security and privacy of users of web applications, in terms of authentication, malware protection and phishing.
This event is sponsored by Gemalto. All papers presented at the workshop will be made available online, for free.