An autonomous attestation token to secure mobile agents in disaster response

In disaster response where security is critical, the combination of mobile software agents and ad hoc overlay networks has the potential to boost connectivity and efficiency. We introduce the Autonomous Attestation Token, a new hardware device to establish trust in the software integrity of mobile agent platforms. Our approach increases the security and availability without sacrificing flexibility, by eliminating the need for trusted third parties of previous schemes.

Modern communication and computing devices have the potential to increase the efficiency of disaster response. Mobile agents and ad hoc networks are decentralized and flexible technologies to leverage this potential. While both ad hoc networks and mobile agent platforms suffer from a greater variety of security risks than the classic client-server approach, Trusted Computing is capable of alleviating these problems. Unfortunately, Remote Attestation, a core concept of Trusted Computing, requires a powerful networked entity to perform trust decisions. The existence and availability of such a service in a disaster response scenario cannot be relied upon. In this paper we introduce the autonomous attestation token (AAT), a hardware token for mobile computing devices that is capable of guaranteeing the trusted state of a limited set of devices without relying on a networked service. We propose a Local Attestation protocol with user interaction that in conjunction with the AAT prevents unauthorized access to an emergency mobile agent platform. In addition, we sketch a possible solution which integrates trusted computing to leverage ad hoc networks and peer-to-peer systems to provide a robust communication platform. This helps ensuring the security of the next generation of disaster response tools. Copyright © 2010 John Wiley & Sons, Ltd.