Towards Trustworthy Kiosk Computing

The authors present a system in which a user leverages a personal mobile device to establish trust on a public computing device, or kiosk, prior to revealing personal information to that kiosk. They have designed and implemented a protocol by which the mobile device determines the identity and integrity of the software running on the kiosk. A similar protocol simultaneously allows a kiosk owner to verify that the kiosk is running only approved software. Their system combines a number of emerging security technologies, including the trusted platform module, the integrity measurement architecture, and new support in x86 processors for establishing a dynamic root of trust.