Lead Institution: Dartmouth
Project Leader: David Kotz
The Plug-n-Trust (PnT) project focused on providing support for trustworthy computing on smartphones – which are both pervasive and increasingly vulnerable to software-based attacks.
Focus of the research/Market need for this project
Currently, no commercial system exists that can ensure that mHealth data remains confidential and that data was processed correctly on a compromised smartphone. This project has addressed that shortcoming in the market.
To provide trustworthy mHealth sensing and data processing on untrusted smartphones, without requiring hardware modifications.
Key Conclusions/Significant Findings/Milestones reached/Deliverables
Specifically, our efforts have resulted in a prototype system that uses a plug-in smart card as a trusted computing base to enable confidential and verifiable computation on untrusted smart phones. This prototype implementation is described in a paper, published at the International Conference on Mobile Systems, Applications, and Services (MobiSys) in June 2012.
Our results show that the goals of confidentiality and tamper-resistance on untrusted phones are attainable using existing smart-phone technology. This project also identified some key shortcomings in microSD smart cards that are currently available for use with phones (slow communication speeds, lack of hardware support for key cryptographic primitives, like HMAC). None of these limitations are fundamental to the design of Plug-n-Trust, and future improvements and extensions to this work will follow as new hardware becomes available that addresses these concerns.
The challenges and ideas explored in the Plug-n-Trust project resulted in the creation of a new project, Amulet, that focused on enabling a trustworthy computing environment for healthcare-focused body-area networks. This project is described in another section of this report; last fall, the National Science Foundation (NSF) provided additional funding to further the development of the Amulet concept.
Materials Available for Other Investigators/interested parties
A description of the design and implementation of Plug-n-Trust is described in a published paper, presented at the International Conference on Mobile Systems, Applications, and Services (MobiSys) in June 2012.
Market entry strategies
Our prototype system is designed specifically to leverage existing technologies, to facilitate adoption by the market. However, wide-spread adoption of Plug-n-Trust will likely require performance improvements by smart-card manufacturers and adoption by mobile operating systems like iOS and Android.
Plug-n-Trust: Practical Trusted Sensing for mHealth
Jacob Sorber, Minho Shin, Ron Peterson, and David Kotz
Proceedings of the International Conference on Mobile Systems, Applications, and Services (MobiSys), Low Wood Bay, UK, June 2012