Trust establishment in mobile distributed computing platforms
Lead Research Organisation:
Royal Holloway University of London
Department Name: Mathematics
Abstract
The aim of the proposed research is to provide mechanims that can be used to establish trust in mobile distributed computing platforms. The initial task will be to allow mobile terminals to authenticate themselves to the existing fixed network of distributed computers. However, while authentication may establish the identity of an any two connected parties, this is not enough to establish trust that each computer in the network will behave as expected. Mechanisms have been proposed to establish trust based on an entitiy's reputation. This reputation, however, should be bound to a specific identity that cannot be easilly changed, otherwise an entity that had gained a poor reputation could change its identity and esablish a good reputation. There are other problem that may arise too, if stable identities are not established.The trusted computing group is a major research consortium who are developing standards that allow identity to be bound to specific computing platforms. Moreover, trusted computing technology allows the platform to attest to its state. In other words, the stable id can be used to sign a message stating what operating system the platform is running and what other software applications are running at any moment in time. This attestation can be verified by a challenger. Another security mechanism provided by trusted computing technology is the idea of 'sealing' data. Data may be sealed, or encrypted in such a way that it can only be accessed when the trusted platform is in a particular state. This mechanism can therefore be used to make sure data is released only when known trusted applications are running on the trusted platform.The research proposed will investigate how the mechanisms of trusted computing may be applied to the e-Science network to support reputation based trust mechanisms by providing stable platform identities. Furthermore, once the stable identity and reputation of a platform has been established, this research will investigate how techniques like sealing and attestation may be used to provide a challenger with a degree of confidence that a the platform is running software that can be trusted to maintain data security.In conjunction with this, the proposed research will investigate how the techniques of digital rights management (DRM) may be used to protect data in the e-Science grid. DRM is currently used to protect multimedia content by scrambling the content so that it can only be accessed by authorized viewers. The access requirements associated with the content are broadcast with the content itself. The authorization rights that allow the content to be viewed, however, are bound to each receiver. Only if the rights match the access requirements will the content be descrambled.If platform in the e-Science grid can support the trusted computing mechanisms then it may be used with DRM techniques to control access to sensitive data. The proposed research will investigate how the sealing and attestation mechanisms of trusted computing may be used to define the authorization rights required by DRM. In this way sensitive data may be securely released to the grid, and given to any platform, with confidence that it will only be accessed by those platforms that can be trusted to protect the data.The consequence of this proposed research is that the e-Science grid will be able to provide greater assurance that it can be trusted to protect sensitive data. Thus allowing wider access to its resources. The obvious beneficiary of this will be the health care community. The e-Healthcare initiative is a major European project to provide an electronic infrastructure for health care. The trust mechanisms to be investigated by the proposed research could form the basis of providing security for the exchange and processing of sensitive patient records and diagnostic data.