Shane Balfe

Trusted computing: providing security for peer-to-peer networks

In this paper, we demonstrate the application of trusted computing to securing peer-to-peer (P2P) networks. We identify a central challenge in providing many of the security services within these networks, namely the absence of stable verifiable peer identities. We employ the functionalities provided by trusted computing technology to establish a pseudonymous authentication scheme for peers and extend this scheme to build secure channels between peers for future communications. In support of our work, we illustrate how commands from the trusted computing group (TCG) specifications can be used to implement our approach in P2P networks.

e-EMV: emulating EMV for internet payments with trusted computing technologies

This paper shows how the functionality associated with EMV-compliant payment cards can be securely emulated in software on platforms supporting Trusted Computing technology. We describe a detailed system architecture encompassing user enrolment, card deployment (in the form of software), card activation, and subsequent transaction processing. Our proposal is compatible with the existing EMV transaction processing architecture, and thus integrates fully and naturally with already deployed EMV infrastructure. We show that our proposal, which effectively makes available the full security of PoS transactions for Internet-based CNP transactions, has the potential to significantly reduce the opportunity for fraudulent CNP transactions.

Trust management for secure information flows

In both the commercial and defence sectors a compelling need is emerging for the rapid, yet secure, dissemination of information across traditional organisational boundaries. In this paper we present a novel trust management paradigm for securing pan-organisational information flows that aims to address the threat of information leakage. Our trust management system is built around an economic model and a trust-based encryption primitive wherein: (i) entities purchase a key from a Trust Authority (TA) which is bound to a voluntarily reported trust score r, (ii) information flows are encrypted such that a flow tagged with a recipient trust score R can be decrypted by the recipient only if it possesses the key corresponding to a voluntarily reported score r < = R, (iii) the economic model (the price of keys) is set such that a dishonest entity wishing to maximise information leakage is incentivised to report an honest trust score r to the TA. This paper makes two important contributions. First, we quantify fundamental tradeoffs on information flow rate, information leakage rate and error in estimating recipient trust score R. Second, we present a suite of encryption schemes that realise our trust-based encryption primitive and identify computation and communication tradeoffs between them.

Challenges for Trusted Computing

Trusted computing is proving to be one of the most controversial technologies in recent years. Rather than become embroiled in the debate over possible (mis)appropriations of its technologies, the authors highlight some of the technical obstacles that might hinder trusted computings widespread adoption.

Key Refreshing in Identity-Based Cryptography and its Applications in MANETs

This paper introduces a lightweight and secure framework enabling the refreshing of private keys in identity-based public key infrastructures. The framework is applied to enable secure inter-operation between entities with different trusted authorities in dynamic coalition environments. The approach is particularly well-suited to coalition forming in computation and bandwidth-limited MANETs.

The fable of the bees: incentivizing robust revocation decision making in ad hoc networks

In this paper we present a new key-revocation scheme for ad hoc network environments with the following characteristics: Distributed: Our scheme does not require a permanently available central authority. Active: Our scheme incentivizes rational (selfish but honest) nodes to revoke malicious nodes. Robust: Our scheme is resilient against large numbers of colluding malicious nodes (30% of the network for a detection error rate of 15%). Detection error tolerant: Revocation decisions fundamentally rely on intrusion detection systems (IDS). Our scheme is active for any meaningful IDS (IDS error rate 0.5) and robust for an IDS error rate of up to 29%. Several schemes in the literature have two of the above four characteristics (characteristic four is typically not explored). This work is the first to possess all four, making our revocation scheme well-suited for environments such as ad hoc networks, which are very dynamic, have significant bandwidth-constraints, and where many nodes must operate under the continual threat of compromise.

Mobile Agents and the Deus Ex Machina

This paper aims to examine the benefits the introduction of trusted computing can bring to the mobile agent paradigm, with a specific emphasis on mobile agent security.

Final fantasy: securing on-line gaming with trusted computing

On-line gaming has seen something of a popular explosion in recent years, and is rapidly becoming the predominant focus of many gaming platforms. Unfortunately, honesty is not a virtue favoured by all players in these networks. This paper proposes a Trusted Computing based security framework for gaming consoles that will be resilient to platform modification based cheating mechanisms. In addition to this, we propose a Trusted Computing based auction mechanism that can be used for auctioning in-game items.

Securing information flows: A metadata framework

Recently, risk-based information trading has emerged as a new paradigm for securely sharing information across traditional organizational boundaries. In this paradigm, the risk of sharing information between organizations is characterized using expected losses (due, for example, to (un)intended information disclosure) and billed to a recipient. However, within risk-based information trading systems, quantifying the risks associated with sharing information is a non-trivial task, particularly when risk calculations depend on a number of factors. In this paper we introduce a data-centric metadata framework that extends risk-based information trading approaches by allowing one or more domains to exchange sensitive information based on metadata evaluated against internal risk assessments of the domains. We present a use case of our metadata framework using a coalition military scenario, wherein information flows can be controlled and regulated by our framework whilst allowing sufficiently high-quality tactical information to be disseminated.

Securing Grid Workflows with Trusted Computing

We propose a novel scheme that uses Trusted Computing technology to secure Grid workflows. This scheme allows the selection of trustworthy resource providers based on their platform states. The integrity and confidentiality of workflow jobs are provided using cryptographic keys that can only be accessed when resource provider platforms are in trustworthy states. In addition, platform attestation is used to detect potential workflow execution problems, and the information collected can be used for process provenance.