A reputation-based trust model for peer-to-peer ecommerce communities [Extended Abstract]
Proceedings of the 4th ACM conference on Electronic commerce
Reasoning about Trust and Insurance in a Public Key Infrastructure
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
BIND: A Fine-Grained Attestation Service for Secure Distributed Systems
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Symmetric behavior-based trust: a new paradigm for internet computing
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
WS-Attestation: Efficient and Fine-Grained Remote Attestation on Web Services
ICWS '05 Proceedings of the IEEE International Conference on Web Services
Establishing the genuinity of remote computer systems
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
A tag-based data model for privacy-preserving medical applications
EDBT'06 Proceedings of the 2006 international conference on Current Trends in Database Technology
OTM'07 Proceedings of the 2007 OTM Confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part I
| Hi-index | 0.00 |
One method for establishing a trust relationship between two servers in a co-operative information system is to use a mutual attestation protocol based on hardware that implements the Trusted Computing Group's TPM specification It has been our experience in developing an eHealth demonstration system that the efficiency of such a protocol was relatively low This inefficiency was a result of the high number of TPM function calls in response to the large number of protocol messages that must be sent by the end server systems to establish mutual trust between them prior to sending each application message (in our case, a medical record) In order to address this inefficiency, we developed a session-based mutual attestation protocol, where multiple application messages are sent over an interval of time where an established trust relationship holds Moreover, the protocol partially addresses the security flaw due to the time interval between the time-of-attestation and time-of-use This paper presents this new protocol, once again utilizing TPM microcontroller hardware, and compares its performance with that of our previous (per record) mutual attestation protocol.