Trusted Platform Validation and Management

1. Introduction

This paper continues a trail of ideas (Schmidt, Leicher, & Cha, 2010) on trusted technical systems, emphasising the aspect of communicating trustworthiness between systems. A critical review of traditional notions of trust led us to a synthetic definition of trust in technical systems, which can be effective in applications. We call this the operational interpretation of trust to the relations and interactions between technical systems and between technical systems and human beings:

This is essentially also a synthesis of the meanings that for instance the standardisation organisations Trusted Computing Group (TCG) and the International Standardisation Organisation (ISO) attribute to trust, cf., Pearson (2002b). The operational interpretation, which is actually rooted in physicists’ prevalent understanding of quantum systems (Haag, 1992; Lamb, 1969, 2001), has three salient features:

• Predictability designates a priori knowledge about a system that can be used to a) assess the risk incurred in interacting with that system, and b) allow obtaining knowledge about the system during the interaction by reasoning on observations.

• Observability specifies the means by, and extent to which knowledge about a system can be gained in interactions. It is closely linked to predictability, in that observations, together with predictions, yield further knowledge on a system’s state, properties, and, by that, its future behaviour.

• Contextuality designates information delineating the scope of interactions with the system in which predictions hold and observations can be made.

The three properties allow, at least in principle, a mapping between the socio-economic concept of trust and technical concepts. Taken together, they allow an assessment of the trustworthiness of an entity, or reciprocally, the risk it poses to a trustier. The operational understanding of trust is contrasted with traditional notions of enforcement, which strives to reduce risks by behavioural control, rather than a priori assessment of a trusted system(see Schmidt, Leicher, & Cha, 2010 for a discussion of nomenclature). While our mentioned paper explores the conceptual foundations of trusted systems, we now continue and extend those concepts to explore the operational cycle of remotely validated and managed Trusted System (TS) more deeply. We envisage one major, application domain for the concepts presented here: Machine-to-Machine (M2M) Communication – situations in which machines and networks interconnect in a largely autonomous fashion. M2M provides a paradigm for the security threats encountered in future communication networks (Cha, Shah, Schmidt, Leicher, & Meyerstein, 2009).

The core concept we provide in this paper is that of combined platform validation and management (PVM) of a TS by a network. Section 2 introduces the necessary terminology and background from (Schmidt, Leicher, & Cha, 2010). The third, main section details the network architecture of PVM in a generic way. The context is set by a TS accessing a mobile (next generation) communication network. Section 3 also shows the main process flows of PVM between the entities and sketches the preferred ways to solve technical problems such as synchronisation and how to fulfil essential security requirements. The fourth section highlights a central performance question for PVM: How to cater in a scalable way for myriads of smart, connected devices. We explore how this issue could potentially be resolved by a hierarchical organisation of PVM processes, involving gateways to unburden the core network (CN). Section 5 concludes the paper.