User Authentication and Device Attestation in Urban Environments Using TPM
Abstract
The growing need for digital security has driven the adoption of advanced authentication and device attestation mechanisms. This work proposes and implements an authentication system that utilizes the Trusted Platform Module (TPM) to ensure the binding between a user and a specific device, enhancing the security of the login process without compromising usability. The server verifies the authenticity of the information, ensuring that authentication occurs only on previously authorized devices, which are protected against unauthorized modifications. The conducted tests evaluated different scenarios, such as credential errors, unexpected changes in the Platform Configuration Registers (PCRs), and authentication attempts on unauthorized devices, demonstrating the effectiveness of the approach in protecting against attacks and unauthorized access.
Keywords:
Authentication, Attestation, TPM, Digital security, Urban devices, Remote work, Device integrity, Cryptographic keys, PCRs, Usability
References
Angafor, G. N., Yevseyeva, I., and Maglaras, L. (2024). Securing the remote office: reducing cyber risks to remote working through regular security awareness education campaigns. International Journal of Information Security, 23(3):1679–1693.
Ferreira, M. C., Ribeiro, S. E., Nobre, F. V., Linhares, M. L., Araújo, T. P., and Gomes, R. L. (2024). Mitigating measurement failures in throughput performance forecasting. In 2024 20th International Conference on Network and Service Management (CNSM). IFIP.
Fiolhais, L. and Sousa, L. (2023). Qr tpm in programmable low-power devices.
Gomes, R., Junior, W., Cerqueira, E., and Abelem, A. (2010). A qoe fuzzy routing protocol for wireless mesh networks. In Zeadally, S., Cerqueira, E., Curado, M., and Leszczuk, M., editors, Future Multimedia Networking, pages 1–12, Berlin, Heidelberg. Springer Berlin Heidelberg.
Pinheiro, B., Nascimento, V., Gomes, R., Cerqueira, E., and Abelem, A. (2011). A multimedia-based fuzzy queue-aware routing approach for wireless mesh networks. In 2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN), pages 1–7.
Portela, A., Linhares, M. M., Nobre, F. V. J., Menezes, R., Mesquita, M., and Gomes, R. L. (2024a). The role of tcp congestion control in the throughput forecasting. In Proceedings of the 13th Latin-American Symposium on Dependable and Secure Computing, LADC ’24, page 196–199, New York, NY, USA. Association for Computing Machinery.
Portela, A. L., Menezes, R. A., Costa, W. L., Silveira, M. M., Bittecnourt, L. F., and Gomes, R. L. (2023). Detection of iot devices and network anomalies based on anonymized network traffic. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–6.
Portela, A. L. C., Ribeiro, S. E. S. B., Menezes, R. A., de Araujo, T., and Gomes, R. L. (2024b). T-for: An adaptable forecasting model for throughput performance. IEEE Transactions on Network and Service Management, pages 1–1.
Ramsdell, B. (2010). RFC 5753: Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS). Request for Comments 5753.
Rekha, K. S., Sivagami, V., Usharani, R., Amutha, T., and Pushparani, S. (2024). Implementing multi-factor authentication in cloud services for enhanced security. In 2024 International Conference on Recent Advances in Science and Engineering Technology (ICRASET), pages 1–5. IEEE.
Silva, M., Ribeiro, S., Carvalho, V., Cardoso, F., and Gomes, R. L. (2023). Scalable detection of sql injection in cyber physical systems. In Proceedings of the 12th Latin-American Symposium on Dependable and Secure Computing, LADC ’23, page 220–225, New York, NY, USA. Association for Computing Machinery.
Silveira, M. M., Portela, A. L., Menezes, R. A., Souza, M. S., Silva, D. S., Mesquita, M. C., and Gomes, R. L. (2023). Data protection based on searchable encryption and anonymization techniques. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–5.
Souza, M. S., Ribeiro, S. E. S. B., Lima, V. C., Cardoso, F. J., and Gomes, R. L. (2024). Combining regular expressions and machine learning for sql injection detection in urban computing. Journal of Internet Services and Applications, 15(1):103–111.
Trusted Computing Group (2019a). Tcg trusted attestation protocol (tap) information model. Technical report, Trusted Computing Group.
Trusted Computing Group (2019b). Tpm 2.0 library specification, part 1: Architecture, revision 1.59. Technical report, Trusted Computing Group.
Trusted Computing Group (2021). Tpm 2.0 keys for device identity and attestation, version 1.12. Technical report, Trusted Computing Group.
Trusted Computing Group (2024). Tcg ek credential profile for tpm family 2.0; level 0, version 2.6. Technical report, Trusted Computing Group.
Wang, X., Yan, Z., Zhang, R., and Zhang, P. (2021). Attacks and defenses in user authentication systems: A survey. Journal of Network and Computer Applications, 188:103080.
Xavier, H. B., de Barros Sampaio, S. C., Falcão Sobral, M. F., and Cormican, K. (2024). From the table to the sofa: The remote work revolution in a context of crises and its consequences on work attitudes and behaviors. Education and Information Technologies, pages 1–40.
Ferreira, M. C., Ribeiro, S. E., Nobre, F. V., Linhares, M. L., Araújo, T. P., and Gomes, R. L. (2024). Mitigating measurement failures in throughput performance forecasting. In 2024 20th International Conference on Network and Service Management (CNSM). IFIP.
Fiolhais, L. and Sousa, L. (2023). Qr tpm in programmable low-power devices.
Gomes, R., Junior, W., Cerqueira, E., and Abelem, A. (2010). A qoe fuzzy routing protocol for wireless mesh networks. In Zeadally, S., Cerqueira, E., Curado, M., and Leszczuk, M., editors, Future Multimedia Networking, pages 1–12, Berlin, Heidelberg. Springer Berlin Heidelberg.
Pinheiro, B., Nascimento, V., Gomes, R., Cerqueira, E., and Abelem, A. (2011). A multimedia-based fuzzy queue-aware routing approach for wireless mesh networks. In 2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN), pages 1–7.
Portela, A., Linhares, M. M., Nobre, F. V. J., Menezes, R., Mesquita, M., and Gomes, R. L. (2024a). The role of tcp congestion control in the throughput forecasting. In Proceedings of the 13th Latin-American Symposium on Dependable and Secure Computing, LADC ’24, page 196–199, New York, NY, USA. Association for Computing Machinery.
Portela, A. L., Menezes, R. A., Costa, W. L., Silveira, M. M., Bittecnourt, L. F., and Gomes, R. L. (2023). Detection of iot devices and network anomalies based on anonymized network traffic. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–6.
Portela, A. L. C., Ribeiro, S. E. S. B., Menezes, R. A., de Araujo, T., and Gomes, R. L. (2024b). T-for: An adaptable forecasting model for throughput performance. IEEE Transactions on Network and Service Management, pages 1–1.
Ramsdell, B. (2010). RFC 5753: Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS). Request for Comments 5753.
Rekha, K. S., Sivagami, V., Usharani, R., Amutha, T., and Pushparani, S. (2024). Implementing multi-factor authentication in cloud services for enhanced security. In 2024 International Conference on Recent Advances in Science and Engineering Technology (ICRASET), pages 1–5. IEEE.
Silva, M., Ribeiro, S., Carvalho, V., Cardoso, F., and Gomes, R. L. (2023). Scalable detection of sql injection in cyber physical systems. In Proceedings of the 12th Latin-American Symposium on Dependable and Secure Computing, LADC ’23, page 220–225, New York, NY, USA. Association for Computing Machinery.
Silveira, M. M., Portela, A. L., Menezes, R. A., Souza, M. S., Silva, D. S., Mesquita, M. C., and Gomes, R. L. (2023). Data protection based on searchable encryption and anonymization techniques. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–5.
Souza, M. S., Ribeiro, S. E. S. B., Lima, V. C., Cardoso, F. J., and Gomes, R. L. (2024). Combining regular expressions and machine learning for sql injection detection in urban computing. Journal of Internet Services and Applications, 15(1):103–111.
Trusted Computing Group (2019a). Tcg trusted attestation protocol (tap) information model. Technical report, Trusted Computing Group.
Trusted Computing Group (2019b). Tpm 2.0 library specification, part 1: Architecture, revision 1.59. Technical report, Trusted Computing Group.
Trusted Computing Group (2021). Tpm 2.0 keys for device identity and attestation, version 1.12. Technical report, Trusted Computing Group.
Trusted Computing Group (2024). Tcg ek credential profile for tpm family 2.0; level 0, version 2.6. Technical report, Trusted Computing Group.
Wang, X., Yan, Z., Zhang, R., and Zhang, P. (2021). Attacks and defenses in user authentication systems: A survey. Journal of Network and Computer Applications, 188:103080.
Xavier, H. B., de Barros Sampaio, S. C., Falcão Sobral, M. F., and Cormican, K. (2024). From the table to the sofa: The remote work revolution in a context of crises and its consequences on work attitudes and behaviors. Education and Information Technologies, pages 1–40.
Published
2025-05-19
How to Cite
MONTEIRO, Gustavo V.; ARAÚJO, Ramon S.; RODRIGUES, Lyedson S.; MENEZES, Rafael A.; MAIA, Paulo H.; GOMES, Rafael L..
User Authentication and Device Attestation in Urban Environments Using TPM. In: URBAN COMPUTING WORKSHOP (COURB), 9. , 2025, Natal/RN.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 209-222.
ISSN 2595-2706.
DOI: https://doi.org/10.5753/courb.2025.9502.
