Abstract
One method for establishing a trust relationship between two servers in a co-operative information system is to use a mutual attestation protocol based on hardware that implements the Trusted Computing Group’s TPM specification. It has been our experience in developing an eHealth demonstration system that the efficiency of such a protocol was relatively low. This inefficiency was a result of the high number of TPM function calls in response to the large number of protocol messages that must be sent by the end server systems to establish mutual trust between them prior to sending each application message (in our case, a medical record). In order to address this inefficiency, we developed a session-based mutual attestation protocol, where multiple application messages are sent over an interval of time where an established trust relationship holds. Moreover, the protocol partially addresses the security flaw due to the time interval between the time-of-attestation and time-of-use. This paper presents this new protocol, once again utilizing TPM microcontroller hardware, and compares its performance with that of our previous (per record) mutual attestation protocol.
An erratum to this chapter can be found at http://dx.doi.org/10.1007/11914853_71.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
TCG specification v1.1, https://www.trustedcomputinggroup.org/specs/TPM/
WS-BusinessActivity, ftp://www6.software.ibm.com/software/developer/library/WS-BusinessActivity.pdf
Shi, E., Perrig, A., Van, D.L.: BIND: a fine-grained attestation service for secure distributed systems. In: IEEE Symposium on Security and Privacy, pp. 154–168 (2005)
Nepal, S., Zic, J., Jaccard, F., Krachenbuehl, G.: A Tag-based Data model for privacy-preserving medical applications. In: Proceedings of EDBT IIHA Workshop, Munich, Germany, pp. 77–88 (2006)
Nepal, S., Zic, J., Krachenbuehl, G., Jaccard, F.: Secure Sharing of Electronic Patient Records. In: 1st European Conference on eHealth, Fribourg, Switzerland, October 12-13 (2006) (to appear)
Australian Government Department of Health and Aging Project. Consumer consent in electronic health data exchange – e-consent
O’Keefe, C.M., Greenfield, P., Goodchild, A.: A Decentralised Approach to Electronic Consent and Health Information Access Control. Journal of Research and Practice in Information Technology 37(2), 161–178 (2005)
Kennell, R., Jamieson, L.H.: Establishing the genuinity of remote computer systems. In: Proceedings of the 11th USENIX Security Symposium, USENIX (August 2003)
Seshadri, A., Perrig, A., van Doorn, L., Khosla, P.: SWAtt: SoftWare-based Attestation for embedded devices. In: Proceedings of IEEE Symposium on Security and Privacy (May 2004)
Monrose, F., Wyckoff, P., Rubin, A.D.: Distributed execution with remote audit. In: ISOC Network and Distributed System Security Symposium, pp. 103–113 (1999)
Haldar, V., Franz, M.: Symmetric Behavior-Based Trust: A New Paradigm for Internet Computing. In: New Security Paradigms Workshop (September 2004)
Reid, J., Juan, M., Nieto, G., Dawson, E., Okamoto, E.: Privacy and Trusted Computing. In: Mařík, V., Štěpánková, O., Retschitzegger, W. (eds.) DEXA 2003. LNCS, vol. 2736, p. 383. Springer, Heidelberg (2003)
AMD platform for trustworthy computing. WinHEC 2003 (September 2003), http://www.microsoft.com/whdc/winhec/papers03.mspx
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Terra, D.B.: A virtual machine-based platform for trusted computing. In: Proceedings of Symposium on Operating System Principles (SOSP) (October 2003)
Yoshihama, S., Ebringer, T., Nakamura, M., Munetoh, S.: WS-Attestation: Efficient and Fine-Grained Remote Attestation on Web Services. In: International Conference on Web Services, July 2005, pp. 743–750 (2005)
Web Services Trust Language (WS-Trust), http://specs.xmlsoap.org/ws/2005/02/trust/WS-Trust.pdf
Xiong, L., Liu, L.: A reputation-based trust model for peer-to-peer ecommerce communities. In: Proceedings of 4th ACM Conference on Electronic Commerce, pp. 228–229 (2003)
Millen, J.K., Wright, R.N.: Reasoning about Trust and Insurance in a Public Key Infrastructure. In: 13th IEEE Computer Security Foundations Workshop (CSFW), pp. 16–22 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jang, J., Nepal, S., Zic, J. (2006). Establishing a Trust Relationship in Cooperative Information Systems. In: Meersman, R., Tari, Z. (eds) On the Move to Meaningful Internet Systems 2006: CoopIS, DOA, GADA, and ODBASE. OTM 2006. Lecture Notes in Computer Science, vol 4275. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11914853_26
Download citation
DOI: https://doi.org/10.1007/11914853_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-48287-1
Online ISBN: 978-3-540-48289-5
eBook Packages: Computer ScienceComputer Science (R0)