The number of wireless clients accessing the Internet will proliferate rapidly in the next few years. This is an important context requiring trust establishment capabilities. In the future, the number of wireless clients accessing the Internet will greatly exceed the number of clients accessing the Internet through networked computers. Wireless devices have limited storage capacity, processing power, and network bandwidth compared to typical desktop computers. An important issue is whether it is practical for wireless clients to efficiently perform all the necessary aspects of a trust negotiation such as the storage of all required credentials, the processing demands that include cryptographic verifications, and the network communications with the other negotiation participant. One potential scalable approach is to offload trust negotiation from the thin client and conduct it out-of-band between the server and an agent managing the client's credentials via a higher-speed network connection. In this research, we explore the trust implications of an architecture for out-of-band trust negotiations.
Surrogate Trust Negotiation
Surrogate trust negotiation brings attribute-based authentication to resource-constrained wireless devices and allows credentials to be stored in a centralized, secure location. For instance, a paramedic at the scene of an accident might discover a patient's cell phone. The phone stores no digital credentials itself, but directs the paramedic's PDA to the patient's Trust Agent, a server which protects sensitive data and negotiates trust on his behalf. After verifying the paramedic's credentials, the agent releases important medical history details to the paramedic.
The patient needs to maintain only one copy of his credentials, stored securely on his Trust Agent. If one of his mobile devices is ever lost or stolen, the Trust Agent can be instructed to reject any future transactions from that device. Through integration with software proxies and agents, simple mobile devices (e.g. cell phones, smart cards, and PDAs) with limited resources can participate in surrogate trust negotiation.