Abstract
Modern communication and computing devices have the potential to increase the efficiency of disaster response. Mobile agents are a decentralized and flexible technology to leverage this potential. While mobile agent platforms suffer from a greater variety of security risks than the classic client-server approach, Trusted Computing is capable of alleviating these problems. Unfortunately, Remote Attestation, a core concept of Trusted Computing, requires a powerful networked entity to perform trust decisions. The existence and availability of such a service in a disaster response scenario cannot be relied upon.
In this paper we introduce the Autonomous Attestation Token (AAT), a hardware token for mobile computing devices that is capable of guaranteeing the trusted state of a limited set of devices without relying on a networked service. We propose a Local Attestation protocol with user interaction that in conjunction with the AAT allows to prevent unauthorized access to an emergency mobile agent platform.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Scerri, P., Pynadath, D., Johnson, L., Rosenbloom, P., Si, M., Schurr, N., Tambe, M.: A prototype infrastructure for distributed robot-agent-person teams. In: AAMAS 2003: Proceedings of the second international joint conference on Autonomous agents and multiagent systems, pp. 433–440. ACM, New York (2003)
Schurr, N., Marecki, J., Tambe, M.: The future of disaster response: Humans working with multiagent teams using DEFACTO. In: AAAI Spring Symposium on AI Technologies for Homeland Security (2005)
Rothermel, K., Schwehm, M.: Mobile agents. In: Proceedings of the 1st International Workshop, pp. 155–176. Springer, Heidelberg (1997)
Jansen, W., Karygiannis, T.: NIST special publication 800-19 - mobile agent security (2000)
Necula, G.C., Lee, P.: Untrusted agents using proof-carrying code. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 61–91. Springer, Heidelberg (1998)
Balfe, S., Gallery, E.: Mobile agents and the deus ex machina. In: 21st International Conference Advanced Information Networking and Applications Workshops (AINAW 2007), May 2007, vol. 2, pp. 486–492 (2007)
Trusted Computing Group: TCG TPM specification version 1.2 revision 103 (2007), https://www.trustedcomputinggroup.org/specs/TPM/
Trusted Computing Group: TCG mobile trusted module specification version 1.0 revision 6 (June 2008), https://www.trustedcomputinggroup.org/specs/mobilephone/
Coker, G., Guttman, J.D., Loscocco, P., Sheehy, J., Sniffen, B.T.: Attestation: Evidence and trust. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 1–18. Springer, Heidelberg (2008)
Pirker, M., Toegl, R., Hein, D., Danner, P.: A PrivacyCA for anonymity and trust. In: TRUST 2009. LNCS, vol. 5471. Springer, Heidelberg (2009)
Pham, V.A., Karmouch, A.: Mobile software agents: an overview. IEEE Communications Magazine 36(7), 26–37 (1998)
Parno, B.: Bootstrapping trust in a “trusted” platform. In: HOTSEC 2008: Proceedings of the 3rd conference on Hot topics in security, Berkeley, CA, USA, USENIX Association, pp. 1–6 (2008)
McCune, J.M., Perrig, A., Seshadri, A., van Doorn, L.: Turtles all the way down: Research challenges in user-based attestation. In: Proceedings of the Workshop on Hot Topics in Security (HotSec) (August 2007)
Farmer, W., Guttman, J., Swarup, V.: Security for mobile agents: Issues and requirements. In: National Information Systems Security Conference, NISSC 1996 (1996)
Anderson, R., Bond, M., Clulow, J., Skorobogatov, S.: Cryptographic processors-a survey. Proceedings of the IEEE 94(2), 357–369 (2006)
Wilhelm, U., Staamann, S., Buttyan, L.: Introducing trusted third parties to the mobile agent paradigm. In: Vitek, J., Jensen, C. (eds.) Secure Internet Programming. LNCS, vol. 1603, pp. 471–491. Springer, Heidelberg (1999)
Wu, X., Shen, Z., Zhang, H.: The mobile agent security enhanced by trusted computing technology. In: International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM 2006), September 2006, pp. 1–4 (2006)
Pridgen, A., Julien, C.: SMASH: Modular security for mobile agents. In: Choren, R., Garcia, A., Giese, H., Leung, H.-f., Lucena, C., Romanovsky, A. (eds.) SELMAS. LNCS, vol. 4408, pp. 99–116. Springer, Heidelberg (2007)
Dietrich, K., Winter, J.: Secure boot revisited. In: TrustCom 2008 Proceedings, in ICYCS Proceedings, pp. 2360–2365 (2008)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (2001)
Stumpf, F., Tafreschi, O., Röder, P., Eckert, C.: A robust integrity reporting protocol for remote attestation. In: Proceedings of the Second Workshop on Advances in Trusted Computing, WATC 2006 (Fall 2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Hein, D.M., Toegl, R. (2009). An Autonomous Attestation Token to Secure Mobile Agents in Disaster Response. In: Schmidt, A.U., Lian, S. (eds) Security and Privacy in Mobile Information and Communication Systems. MobiSec 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 17. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04434-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-04434-2_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04433-5
Online ISBN: 978-3-642-04434-2
eBook Packages: Computer ScienceComputer Science (R0)