10 research outputs found
Tree-formed Verification Data for Trusted Platforms
The establishment of trust relationships to a computing platform relies on
validation processes. Validation allows an external entity to build trust in
the expected behaviour of the platform based on provided evidence of the
platform's configuration. In a process like remote attestation, the 'trusted'
platform submits verification data created during a start up process. These
data consist of hardware-protected values of platform configuration registers,
containing nested measurement values, e.g., hash values, of loaded or started
components. Commonly, the register values are created in linear order by a
hardware-secured operation. Fine-grained diagnosis of components, based on the
linear order of verification data and associated measurement logs, is not
optimal. We propose a method to use tree-formed verification data to validate a
platform. Component measurement values represent leaves, and protected
registers represent roots of a hash tree. We describe the basic mechanism of
validating a platform using tree-formed measurement logs and root registers and
show an logarithmic speed-up for the search of faults. Secure creation of a
tree is possible using a limited number of hardware-protected registers and a
single protected operation. In this way, the security of tree-formed
verification data is maintained.Comment: 15 pages, 11 figures, v3: Reference added, v4: Revised, accepted for
publication in Computers and Securit
A Survey on M2M Service Networks
The number of industrial applications relying on the Machine to Machine (M2M) services exposed from physical world has been increasing in recent years. Such M2M services enable communication of devices with the core processes of companies. However, there is a big challenge related to complexity and to application-specific M2M systems called “vertical silos”. This paper focuses on reviewing the technologies of M2M service networks and discussing approaches from the perspectives of M2M information and services, M2M communication and M2M security. Finally, a discussion on technologies and approaches potentially enabling future autonomic M2M service networks are provided. According to our conclusions, it is seen that clear definition of the architectural principles is needed to solve the “vertical silo” problem and then, proceeding towards enabling autonomic capabilities for solving complexity problem appears feasible. Several areas of future research have been identified, e.g., autonomic information based services, optimization of communications with limited capability devices, real-time messaging, creation of trust and end to end security, adaptability, reliability, performance, interoperability, and maintenance