AutonomicTrustManagementforaPervasiveSystemZheng Yan 1 Autonomic Trust Management for a Pervasive System Zheng Yan Nokia Research Center, Helsinki, Finland Secrypt’08, July 27, 2008, Porto, Portugal
AutonomicTrustManagementforaPervasiveSystemZheng Yan 2 Outline Introduction and motivation Related work Fundamental technologies Solution: autonomic trust management An example application Further discussion Conclusions and future work
AutonomicTrustManagementforaPervasiveSystemZheng Yan 3 Introduction & motivation Pervasive systems Allow seamless interactions among various portable and networked processing devices, distributed at all scales throughout everyday routine life Decentralized, distributed, open, dynamic Communications depend on trust among devices: classical, centralized security- managing mechanisms unusable Trust becomes a crucial issue to ensure effective collaborations among various devices for expected services A holistic notion of trust Include several properties, such as security, availability and reliability, depending on the requirements of a trustor. The assessment of a trustor on how well the observed behavior that can be measured through a number of quality attributes of a trustee meets the trustor’s own standards for an intended purpose
AutonomicTrustManagementforaPervasiveSystemZheng Yan 4 Related work Xu, Xin, and Lu (2007): a hybrid model encompassing a trust model, a security model and a risk model for pervasive computing Shand, Dimmock, and Bacon (2004): a trust and risk framework to facilitate secure collaboration Claycomb and Shin (2006): a visual framework for securing impromptu collaboration Yin, Ray, and Ray (2006): a trust model for pervasive computing applications and strategies for establishing trust between entities to support dynamic of trust Spanoudakis (2007): a platform for dynamic trust assessment of software services Wolfe, Ahamed, and Zulkernine (2006): trust management based on a scheme for categorizing devices, calculating trust, and facilitating trust-related communications Remarks Mainly on establishing distinct trust models based on different theories or methods in terms of various scenes and motivations. Apply trust, reputation and/or risk analysis mechanism based on fuzzy logic, probabilistic theory, cloud theory, traditional authentication and cryptography methods and so on to manage trust Did not support autonomic control of trust for the fulfillment of an intended service. Influence the effectiveness of trust management since trust is both subjective and dynamic.
AutonomicTrustManagementforaPervasiveSystemZheng Yan 5 Main idea of our paper An autonomic trust management solution for the pervasive system Based on a trusted computing platform Support autonomic trust control on the trustee device based on the trustor device’s specification An adaptive trust control model. Assume several trust control modes, each of which contains a number of control mechanisms or operations Ensure a suitable set of control modes are applied A Fuzzy Cognitive Map to model the factors related to trust for control mode prediction and selection Use runtime trust assessment result as a feedback to autonomously adapt weights in the adaptive trust control model in order to find a suitable set of control modes in a specific pervasive computing context.
AutonomicTrustManagementforaPervasiveSystemZheng Yan 6 Fundamental technologies (1): a mechanism to sustain trust Trust form Trustor A trusts trustee B for purpose P under condition C based on root trust R Root trust (RT) module Hardware-based security module Register, protect and manage the conditions for trust sustaining and self- regulating Monitor any computing platform’s change including any alteration or operation on hardware, software and their configurations. Check changes and restrict them based on the trust conditions, as well as notifying the trustor accordingly. Approaches to notify changes active method and passive method
AutonomicTrustManagementforaPervasiveSystemZheng Yan 7 A mechanism to sustain trust: protocol Root trust challenge and attestation to ensure the trustor’s basic trust dependence at the trustee in steps 1-2; Trust establishment by specifying the trust conditions and registering them at the trustee’s RT module for trust sustaining in steps 3-6; Sustaining the trust relationship through the monitor and control by the RT module in steps 7-8; Re-challenge the trust relationship if necessary when any changes against trust conditions are reported.
AutonomicTrustManagementforaPervasiveSystemZheng Yan 8 Fundamental technologies (2): an adaptive trust control model Considering the trustworthiness is influenced by a number of quality attributes. These quality attributes are ensured or controlled through a number of control modes. A control mode contains a number of control mechanism or operations. A weight is used to indicate the importance rate of the quality attribute An influence factor of control mode is set based on impact of the control mode to the quality attributes We also apply a selection factor of control mode to indicate which control mode is actually applied in the system
AutonomicTrustManagementforaPervasiveSystemZheng Yan 9 Autonomic trust management: a system definition User Pervasive system Pervasive computing devices Trusted computing platform Root Trust module Autonomic trust management framework (ATMF) Operating System (OS) A performance observer Services
AutonomicTrustManagementforaPervasiveSystemZheng Yan 10 Autonomic Trust Management Framework (ATMF) Responsibility: Manage the trustworthiness of a trustee service Configure its trust properties Switch on/off the trust control mechanisms, i.e. selecting a suitable set of control modes Secure storages Experience base Policy base Mechanism base ATMF secure access to the RT module Extract the policies into the policy base for trust assessment if necessary An evaluation, decision and selection engine (EDS engine) Trust assessment Make trust decision Select suitable trust control modes
AutonomicTrustManagementforaPervasiveSystemZheng Yan 11 Autonomic trust management procedure Remote service collaboration check Yes, trust sustaining mechanism Embed device trust conditions (including trust policies) into RT Extract trust policies, save into policy base Trustworthiness and trust control mode prediction, selection Monitor performance and behavior Adjust trust control model
AutonomicTrustManagementforaPervasiveSystemZheng Yan 12 Algorithms Trust assessment Trust value generator: Weighted summation: Control mode prediction and selection Anticipate the performance or feasibility of all possibly applied trust control modes. Select a set of suitable trust control modes based on the control mode prediction results. Adaptive Trust Control Model Adjustment Adjust the influence factors of the trust control model in order to make it reflect the real system situation or context
AutonomicTrustManagementforaPervasiveSystemZheng Yan 13 Trust Control Mode Prediction and Selection The control modes are predicted through evaluating all possible modes and their compositions based on the adaptive trust control model The prediction algorithm, while, do The control modes are selected based on the control mode prediction results The selection algorithm Calculate selection threshold ; - Compare and of to, set selection factor if ; set if ; - For, calculate the distance of and to as ; For, calculate the distance of and to as only when and ; -If, select the best winner with the biggest ; else, select the best loser with the smallest.
AutonomicTrustManagementforaPervasiveSystemZheng Yan 14 Adaptive Trust Control Model Adjustment Subjective & dynamic support Context-aware trust model adjustment The influencing factors of each control mode should be context-aware. The trust control model should be dynamically maintained and optimized in order to reflect the real system situation. Observation based trust assessment plays as the feedback for adaptive model adjustment. Two schemes Equal adjustment scheme: each control mode has the same impact on the deviation between and Unequal adjustment scheme: the control mode with the biggest absolute influencing factor always impacts more on the deviation between and The equal adjustment scheme While, do a) If, for,, if ; Else, for,, if b) Run the control mode prediction function The unequal adjustment scheme While, do a) If, for,, if ; Else,, if b) Run the control mode prediction function
AutonomicTrustManagementforaPervasiveSystemZheng Yan 15 An application example: mobile healthcare System devices A potable mobile device a health sensor: monitor a user’s health status; a healthcare client service: provide multiple ways to transfer health data to other devices and receive health guidelines. A healthcare centre A healthcare consultant service: provide health guidelines to the user according to the health data reported, inform a hospital service at a hospital server if necessary. A hospital server A hospital service Trust requirements Each device and service’s trustworthiness Trustworthy cooperation of all related devices and services Satisfy trust requirements with each other and its user’s Examples Confidentiality: the healthcare client service provides a secure network connection and communication; Availability: respond to the request from the health sensor within expected time; Reliability: perform reliably without any break in case of an urgent health information transmission. Example application scenario: the user’s health is monitored by the mobile device which reports his/her health data to the healthcare centre in a secure and efficient way. In this case, the hospital service should be informed since the user’s health needs to be treated by the hospital immediately. Meanwhile, the consultant service also provides essential health guidelines to the user.
AutonomicTrustManagementforaPervasiveSystemZheng Yan 16 Autonomic trust management for a healthcare application
AutonomicTrustManagementforaPervasiveSystemZheng Yan 17 Discussion Two-level autonomic trust management Autonomic trust management among different system devices (hard trust solution) Apply the mechanism to sustain trust, embed trust policies for remote trusted service collaboration Autonomic trust management on pervasive services for their trustworthy collaboration (soft trust solution) Both levels of autonomic trust management can cooperate to ensure the trustworthiness of the entire pervasive system. Standardized devices (supported by TCG compatible devices) Implementation of the RT module and Autonomic Trust Management Framework Designed and implemented inside a secure main chip in the mobile computing platform The RT module functionalities and the ATMF functionalities can be implemented by a number of protected applications. Small applications dedicated to performing security critical operations inside a secure environment. Strict size limitations and resemble function libraries. Access any resource in the secure environment. Communicate with normal applications in order to offer security services. New protected applications can be added to the system at any time, Signature based protection. Onboard Credential based implementation for the secure register of the RT module, the policy base, the execution base and the mechanism base A flexible and light secure storage mechanism supported by the trusted computing platform
AutonomicTrustManagementforaPervasiveSystemZheng Yan 18 Conclusions and future work Presented our arguments for autonomic trust management in the pervasive system. Proposed an autonomic trust management solution based on the trust sustaining mechanism and the adaptive trust control model. Main contribution: Support two levels of autonomic trust management: between devices as well as between services offered by the devices. Effectively avoid or reduce risk by stopping or restricting any potential risky activities based on the trustor’s specification Demonstrated the effectiveness of our solution by applying it into an example pervasive system Discussed the advantages of and implementation strategies for the solution. Future work: study the performance through a prototype implementation on the basis of a mobile trusted computing platform
AutonomicTrustManagementforaPervasiveSystemZheng Yan 19 Thank You! Questions and Comments!