Abstract
Providing a trustworthy mobile computing platform is crucial for mobile communications, services and applications. This chapter studies methodologies and mechanisms of providing a trustworthy computing platform for mobile devices. In addition, we seek solutions to support trusted communications and collaboration among those platforms in a distributed and dynamic system. The first part of this chapter gives a brief overview of literature background. It includes detailed state-of-the-art in conceptualizing trust, trust modeling, trust evaluation and trust management and identifies emerging trends in this area. The second part of this chapter specifies a mechanism for trust sustainability among the platforms based on a trusted computing technology. It plays as the first level of autonomic trust management in our solution. The third part describes an adaptive trust control model. The trust management mechanism based on this model plays as the second level of our autonomic trust management solution. We demonstrate how the above two mechanisms can cooperate together to provide a comprehensive solution in the forth part. The fifth part further discusses other related issues, such as standardization and implementation strategies. Finally, conclusions and future work are presented in the last part.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
T. Grandison, M. Sloman: A survey of trust in internet applications, IEEE Commun. Surv. 3(4), 2–16 (2000)
A. Avizienis, J.-C. Laprie, B. Randell, C. Landwehr: Basic concepts and taxonomy of dependable and secure computing, IEEE Trans. Dependable Secure Comput. 1(1), 11–33 (2004)
S. Boon, J. Holmes: The dynamics of interpersonal trust: resolving uncertainty in the face of risk. In: Cooperation and Prosocial Behaviour, ed. by R. Hinde, J. Groebel (Cambridge University Press, Cambridge, UK 1991) pp. 190–211
C.L. Corritore, B. Kracher, S. Wiedenbeck: On-line trust: concepts, evolving themes, a model, Int. J. Human-Comput. Stud. Trust Technol. 58(6), 737–758 (2003)
D.E. Denning: A new paradigm for trusted systems, Proc. IEEE New Paradigms Workshop (1993)
R. Falcone, C. Castelfranchi: Socio-cognitive model of trust. In: Encyclopedia of Information Science and Technology, ed. by M. Khosrow-Pour (Idea Group Reference, Hershey, PA 2005) pp. 2534–2538
D. Gambetta: Can we trust trust?. In: Trust: Making and Breaking Cooperative Relations, by D. Gambetta (WileyBlackwell, Oxford 1990)
Z. Liu, A.W. Joy, R.A. Thompson: A dynamic trust model for mobile ad hoc networks, Proc. 10th IEEE Int. Workshop on Future Trends of Distributed Computing Systems (FTDCS 2004) (2004) pp. 80–85
D.H. McKnight, N.L. Chervany: What is trust? A conceptual analysis and an interdisciplinary model, Proc. 2000 Americas Conference on Information Systems (2000)
D.H. McKnight, N.L. Chervany: The meanings of trust, UMN University Report, available at http://www.misrc.umn.edu/wpaper/wp96-04.htm (2003)
R.C. Mayer, J.H. Davis, F.D. Schoorman: An integrative model of organizational trust, Acad. Manag. Rev. 20(3), 709–734 (1995)
L. Mui: Computational models of trust and reputation: agents, evolutionary games, and social networks, Ph.D. Thesis (Massachusetts Institute of Technology, 2003)
D.E. Denning: A new paradigm for trusted systems, Proc. 1992–1993 Workshop on New Security Paradigms (1993) pp. 36–41
TCG TPM Specification v1.2, available at https://www.trustedcomputinggroup.org/specs/TPM/ (2003)
Z. Yan, S. Holtmanns: Trustmodeling and management: from social trust to digital trust. In: Computer Security, Privacy and Politics: Current Issues, Challenges and Solutions, ed. by R. Subramanian (IGI Global, Hershey, PA, USA 2008) pp. 209–323
A.K. Dey: Understanding and using context, Pers. Ubiquitous Comput. J. 5, 4–7 (2001)
M. Blaze, J. Feigenbaum, J. Lacy: Decentralized trust management, Proc. IEEE Symposium on Security and Privacy (1996) pp. 164–173
Y. Tan, W. Thoen: Toward a generic model of trust for electronic commerce, Int. J. Electron. Commer. 5(2), 61–74 (1998)
M.K. Reiter, S.G. Stubblebine: Resilient authentication using path independence, IEEE Trans. Comput. 47(12), 1351–1362 (1998)
L. Xiong, L. Liu: PeerTrust: supporting reputation-based trust for peer-to-peer electronic communities, IEEE Trans. Knowl. Data Eng. 16(7), 843–857 (2004)
Y. Sun, W. Yu, Z. Han, K.J.R. Liu: Information theoretic framework of trust modeling and evaluation for ad hoc networks, IEEE J. Selected Areas Commun. 24(2), 305–317 (2006)
M. Zhou, H. Mei, L. Zhang: A multi-property trust model for reconfiguring component software, 5th Int. Conference on Quality Software QAIC2005 (2005) pp. 142–149
Y. Wang, V. Varadharajan: Trust2: developing trust in peer-to-peer environments, IEEE Int. Conference on Services Computing, 1 (2005) 24–31
Z. Yan, R. MacLaverty: Autonomic trust management in a component based software system. In: Proceedings of the 3rd International Conference on Autonomic and Trusted Computing, Lecture Notes in Computer Science, Vol. 4158, ed. by L.T. Yang, H. Jin, J. Ma, T. Ungerer (Springer, Berlin Heidelberg 2006) pp. 279–292
U. Maurer: Modeling a public-key infrastructure. In: Proceedings of European Symposium on Research in Computer Security, Lecture Notes in Computer Science, Vol. 1146, ed. by H. Bertino, H. Kurth, G. Martella, E. Montolivo (Springer, Berlin Heidelberg 1996) pp. 325–350
Z. Liu, A.W. Joy, R.A. Thompson: A dynamic trust model for mobile ad hoc networks, Proc. 10th IEEE Int. Workshop on Future Trends of Distributed Computing Systems (2004) pp. 80–85
G. Theodorakopoulos, J.S. Baras: On trust models and trust evaluation metrics for ad hoc networks, IEEE J. Sel. Areas Commun. 24(2), 318–328 (2006)
A. Jøsang: An algebra for assessing trust in certification chains. In: Proceedings of the Network and Distributed Systems Security Symposium, ed. by J. Kochmar (The Internet Society, Reston, VA 1999)
Z. Yan: Trust Management for Mobile Computing Platforms. Ph.D. Thesis (Dept. of Electrical and Communication Eng., Helsinki University of Technology 2007)
K. Aberer, Z. Despotovic: Managing trust in a peer-to-peer information system, Proc. ACM Conf. Information and Knowledge Management (2001)
S. Song, K. Hwang, R. Zhou, Y.-K. Kwok: Trusted P2P transactions with fuzzy reputation aggregation, IEEE Internet Comput. 9(6), 24–34 (2005)
P. Resnick, R. Zeckhauser: Trust among strangers in internet transactions: empirical analysis of eBay’s reputation system. In: The Economics of the Internet and E-Commerce, Advances in Applied Microeconomics, Vol. 11, ed. by M.R. Baye (Elsevier, MO, USA 2002) pp. 127–157
A. Singh, L. Liu: TrustMe: anonymous management of trust relationships in decentralized P2P systems, IEEE Int. Conference on Peer-to-Peer Computing (2003) pp. 142–149
R. Guha, R. Kumar: Propagation of trust and distrust, Proc. 13th International Conference on World Wide Web (ACM Press, 2004) pp. 403–412
S. Kamvar, M. Scholsser, H. Garcia-Molina: The EigenTrust algorithm for reputation management in P2P networks, Proc. 12th Int. Conference of World Wide Web (2003)
Z. Liang, W. Shi: PET: A PErsonalized Trust model with reputation and risk evaluation for P2P resource sharing, Proc. 38th Annual Hawaii Int. Conference on System Sciences (2005) pp. 201.2 (refer to http://portal.acm.org/citation.cfm?id=1043109, the page is indicated like that)
S. Lee, R. Sherwood, B. Bhattacharjee: Cooperative peer groups in NICE, Proc. IEEE Conference on Computer Communications (INFOCOM 03) (IEEE CS Press, 2003) pp. 1272–1282
P. Herrmann: Trust-based procurement support for software components, Proc. 4th Int. Conference of Electronic Commerce Research (ICECR04) (2001) pp. 505–514
K. Walsh, E.G. Sirer: Fighting peer-to-peer SPAM and decoys with object reputation, Proc. 3rd Workshop on the Economics of Peer-to-Peer Systems (P2PECON) (2005) 138–143
Z. Zhang, X. Wang, Y. Wang: A P2P global trust model based on recommendation, Proc. 2005 Int. Conference on Machine Learning and Cybernetics, 7 (2005) pp. 3975–3980
C. Lin, V. Varadharajan, Y. Wang, V. Pruthi: Enhancing grid security with trust management, Proc. IEEE Int. Conference on Services Computing (2004) pp. 303–310
Z. Yan, P. Cofta: A mechanism for trust sustainability among trusted computing platforms. In: Proc. 1st International Conference on Trust and Privacy in Digital Business, Lecture Notes in Computer Science, Vol. 3184, ed. by S.K. Katsikas, J. Lopez, G. Pernul (Springer, Berlin Heidelberg 2004) pp. 11–19
S. Banerjee, C.A. Mattmann, N. Medvidovic, L. Golubchik: Leveraging architectural models to inject trust into software systems, ACM SIGSOFT Softw. Eng. Notes 30(4), 1–7 (2005)
Z. Yan, C. Prehofer: An adaptive trust control model for a trustworthy software component platform. In: Proceedings of the 4th International Conference on Autonomic and Trusted Computing, Lecture Notes in Computer Science, Vol. 4610, ed. by B. Xiao, L.T. Yang, J. Ma, C. Müller-Schloer, Y. Hua (Springer, Berlin Heidelberg 2007) pp. 226–238
W. Xu, Y. Xin, G. Lu: A trust framework for pervasive computing environments, Int. Conference on Wireless Communications, Networking and Mobile Computing (2007) pp. 2222–2225
Z. Yan: Autonomic trust management for a pervasive system, Secypt’08 (2008) pp. 491–500
A. Jøsang: A logic for uncertain probabilities, Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 9(3), 279–311 (2001)
B. Kosko: Fuzzy cognitive maps, Int. J. Man-Mach. Stud. 24, 65–75 (1986)
C. Castelfranchi, R. Falcone, G. Pezzulo: Integrating trustfulness and decision using fuzzy cognitive maps. In: Proceedings of the First International Conference of Trust Management, Lecture Notes in Computer Science, Vol. 2692, ed. by P. Nixon, S. Terzis (Springer, Berlin Heidelberg 2003) pp. 195–210
C.D. Stylios, V.C. Georgopoulos, P.P. Groumpos: The use of fuzzy cognitive maps in modeling systems, available at http://med.ee.nd.edu/MED5/PAPERS/067/067.PDF
S. Song, K. Hwang, R. Zhou, Y.-K. Kwok: Trusted P2P transactions with fuzzy reputation aggregation, IEEE Internet Comput. 9(6), 24–34 (2005)
Z. Yan: A conceptual architecture of a trusted mobile environment, Proc. IEEE 2nd Int. Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU06) (2006) pp. 75–81
S.J. Vaughan-Nichols: How trustworthy is trusted computing?, IEEE Computer 36(3), 18–20 (2003)
P. England, B. Lampson, J. Manferdelli, M. Peinado, B. Willman: A trusted open platform, IEEE Computer 36(7), 55–62 (2003)
Z. Yan, P. Zhang, T. Virtanen: Trust evaluation based security solution in ad hoc networks, Proc. 7th Nordic Workshop on Secure IT Systems (NordSec03) (2003)
Z. Yan, P. Zhang: Trust collaboration in P2P systems based on trusted computing platforms, WSEAS Trans. Inf. Sci. Appl. 2(3), 275–282 (2006)
P. Fenkam, S. Dustdar, E. Kirda, G. Reif, H. Gall: Towards an access control system for mobile peer-to-peer collaborative environments, Proc. 11th IEEE Int. Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (2002) 95–100
G. Kortuem, J. Schneider, D. Preuitt, T.G.C. Thompson, S. Fickas, Z. Segall: When peer-to-peer comes face-to-face: collaborative peer-to-peer computing in mobile ad hoc networks, Proc. of the 1st Int. Conference on Peer-to-Peer Computing (2001)
A. Jøsang, R. Ismail, C. Boyd: A survey of trust and reputation systems for online service provision, Decis. Support Syst. 43(2), 618–644 (2007)
C. Lin, V. Varadharajan, Y. Wang, V. Pruthi: Enhancing grid security with trust management, Proc. IEEE Int. Conference on Services Computing (2004) pp. 303–310
E. Herscovitz: Secure virtual private networks: the future of data communications, Int. J. Netw. Manag. 9(4), 213–220 (1999)
D. Wood, V. Stoss, L. Chan-Lizardo, G.S. Papacostas, M.E. Stinson: Virtual private networks, Int. Conference on Private Switching Systems and Networks (1988) pp. 132–136
K. Regan: Secure VPN design considerations, Netw. Secur. 2003, 5–10 (2003)
K.H. Cheung, J. Misic: On virtual private network security design issues, Comput. Netw. 38(2), 165–179 (2002)
M. Blaze, J. Ioannidis, A.D. Keromytis: Trust management for IPSec, ACM Trans. Inf. Syst. Secur. 5(2), 95–118 (2002)
R. Shan, S. Li, M. Wang, J. Li: Network security policy for large-scale VPN, Proc. Int. Conference on Communication Technology, 1 (2003) pp. 217–220
H. Hamed, E. Al-Shaer, W. Marrero: Modeling and verification of IPSec and VPN security policies, 13th IEEE Int. Conference on Network Protocols (2005) pp. 259–278
Z. Yan, P. Zhang: A trust management system in mobile enterprise networking, WSEAS Trans. Commun. 5(5), 854–861 (2006)
Z. Yan: A comprehensive trust model for component software, SecPerU’08 (2008) pp. 1–6
A.B. Huang: The trusted OC: skin-deep security, IEEE Computer 35(10), 103–105 (2002)
N. Asokan, J. Ekberg: A platform for OnBoard credentials, Proc. Financial Cryptography and Data Security (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Yan, Z. (2010). Security via Trusted Communications. In: Stavroulakis, P., Stamp, M. (eds) Handbook of Information and Communication Security. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04117-4_33
Download citation
DOI: https://doi.org/10.1007/978-3-642-04117-4_33
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04116-7
Online ISBN: 978-3-642-04117-4
eBook Packages: EngineeringEngineering (R0)