[LHS13] A Cloud based Dual-Root Trust Model for Secure Mobile Online TransactionsConférence Internationale avec comité de lecture : IEEE WCNC (Wireless Communications and Networking Conference), April 2013, pp.4404-4409, Shangai,
Mots clés: Mobile Cloud computing, trust root, security, mobile transactions.
Résumé: With rapid growth of mobile devices and the emergency of mobile cloud services, it is a trend to use mobile devices for mobile-centric applications, and expand the mobile capabilities and provide needed security by mobile cloud services. However, due to the mobility of the device and the semi-trust of the mobile cloud, how to build trust in the mobile applications is a big concern. In this paper, we propose a dual-root trust online transaction model that provides a dual-root trust model including both the user’s mobile device and a delegation mobile cloud. We design a dual-root trust protocol by leveraging a modified CP-ABE cryptography and the trust execution environment embedded in a mobile device to provide device-specific transaction confirmations for online transactions initiated by the mobile user. The performance evaluation of the protocol demonstrates that it is a lightweight scheme for mobile devices since most cryptographic functions are delegated from users to the mobile cloud. We also provided security assessments to prove that the proposed DRT protocol is resilient to impersonation attacks by considering each participant may run Dual-Root Trust (DRT) protocols on behalf of others.