Taking the Ubiquitous Administrator out of the Trust Chain

摘要: Ubiquitous computing can be thought of as consisting two parts, firstly the devices that a user owns and may or not carry around secondly form “ubiquitous infrastructure”, smart environment. While first part is usually considered to under administration user, second his control. How verify proper environment? One example where bad environment recognized easily by privacy. We examine trust model for using environments hospital scenario show how attestation techniques similar ones used in DRM introduced which force device manufacturers make their secure without relying on manual “hardening” an administrator. Introduction The project EMIKA [MuKrSt+2003] tries enhance patient services making use ubiquitous technology. Among other things, it provides public terminals, patients view personal medical history stored smartcard. Of course, this data very sensitive must protected. To do certain policies have defined enforced. policy setting simple: has displayed correctly; terminal should allow any leak, i.e. trace information removed from after use. these much more complicated, seen are expressible P3P [Ma2002]. level adhered order able system. Similar Beth et al [BeKlBo1994], we define paper expectation attribute system desired, to. For moment assume administrator does act maliciously. As slimmed down version standard desktop workstation system, there same security threats (weak passwords, viruses, buffer overflows, etc). If configures correctly, probability loss confidentiality minimal. Today’s relations necessary described includes actors: manufacturer device, at top chain user. Figure 1 demonstrates relations. A bold arrow B means trusts B. dashed indirect. behave according produce accordingly. select right administer correctly load onto device. also takes basis, even though verifiable. Some relationships indirect, user’s mediated through choose chooses trust. Introducing There potentially many administrators involved seems like unnecessarily high burden all these, addition set reduce number entities in, consumer protection organisation well attestator introduced. trusted attestators trustworthy with regard attestations. doesn’t just evaluated products, he them until certainty they claim. Trust introduction (CPO) reduces amount direct CPO selected who had interest properly verified policies. During interaction confronted only organisation’s name root then chosen appropriate task. relation between no longer necessary, because CPO. In case failure consider notice evidence violated given policy. today’s situation, breach will noticed one few users. mechanism users warned. addition, when comes assigning blame, most likely try blame manufacturer, return accusations. However, attestation, left out chain. possibilities revoke attestations thus warn large once. Conclusions propose introducing privacy preservation. approaches were proposed Korba Kenny [KoKe2002] Mont al. [MoPeBr2003]. underlying been examined yet. many, replaced fewer customer organizations. Their sole task decide different actions. Because (larger) organizations, dire consequences. These push responsibility manufacturers, motivation ensure cannot circumvent This would effect creating incentive zero environments. course open issues, mention few: Technically, still question support patch management attestation. Organizationally, arises deal vast single purpose Socially, prescribed technical solutions. It develop over time. success branding shows possible build brands, hand, significant failed attempts showing building forced [EgMu2001]. controls defines