Trust Ensuring Crisis Management Hardware Module

Mobile agent systems (MAS) suffer from security holes that in a crisisdisaster management system can be fatal. Trusted computing group's TPM chip can be used to solve the problem but only partially. The extreme physical conditions and particularities of the crisis management agent platform do not permit the full exploitation of the TPM's features. To solve this problem the use of a special purpose hardware module, physically connected to a host crisis management device as a local trusted third party, has been proposed. In this paper, we analyze the functionality and structure of such a hardware module, called Autonomous Attestation Token (AAT) and show how a successful attack can be launched on it. To counter this attack, we propose a more sophisticated key release protocol for the communication between the AAT and the host device. This is achieved by securing the communication channel between the two devices. Also, a detailed hardware structure of the AAT is proposed. This hardware structure support the proposed key release protocol. To further analyze this, we identify the basic operations needed by the AAT hardware components and propose a sequence of actions and associated signals that those components need to follow to support those operation.

[1]  Adrian Perrig,et al.  Turtles all the way down: research challenges in user-based attestation , 2007, WRAITS '08.

[2]  Peter Braun,et al.  Mobile Agents: Basic Concepts, Mobility Models, and the Tracy Toolkit , 2004 .

[3]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[4]  Stefan Kraxberger,et al.  An autonomous attestation token to secure mobile agents in disaster response , 2009, Secur. Commun. Networks.

[5]  Xiaoping Wu,et al.  A Trusted Computing Technology Enabled Mobile Agent System , 2008, 2008 International Conference on Computer Science and Software Engineering.

[6]  David M. Chess,et al.  Security Issues in Mobile Code Systems , 1998, Mobile Agents and Security.

[7]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[8]  Levente Buttyán,et al.  On the Problem of Trust in Mobile Agent Systems , 1998, NDSS.

[9]  Xiaoping Wu,et al.  Secure Key Management of Mobile Agent System Using TPM-Based Technology on Trusted Computing Platform , 2008, 2008 International Conference on Computer Science and Software Engineering.

[10]  Hidema Tanaka,et al.  Evaluation of Information Leakage via Electromagnetic Emanation and Effectiveness of Tempest , 2008, IEICE Trans. Inf. Syst..

[11]  Levente Buttyán,et al.  Introducing Trusted Third Parties to the Mobile Agent Paradigm , 2001, Secure Internet Programming.

[12]  Luc Moreau,et al.  Trust Relationships in a Mobile Agent System , 2001, Mobile Agents.