D.4 AlterEgo as Trustworthy Mass Device
- Dr. Jörg Daubert -
Smartphones have become a common device for handling our personal data as well as for interacting with services and devices—mobile devices are becoming our digital counterpart. Rather than protecting our privacy, today’s mobile devices on the contrary share and distribute personal data. More worrying, our options to assess the trustworthiness of these devices are slim to non-existing. Finally, today’s mobile devices lack the possibility to prove our trustworthiness to others, and, in return, allow us to quantify the trust in services, OSNs, and devices. The goal of D.4 is to evolve day’s mobile devices into a true digital counterpart—an AlterEgo. Users should be able to assess the trustworthiness of their digital counterparts and to control their personal data. Further, users, services, OSNs, and devices to quantify the trust in each other. Ultimately, AlterEgo should be capable of acting autonomously on the user’s behalf. To achieve this goal, D.4 follows a layered approach: (0) tamper resistant, open, and federated hardware, (1) socio-technically based middleware, (2) extension protocols for system evolution, (3) trust assessment platform, and (4) mechanisms to protect privacy and assess trust. The layers 1–3 constitute the core of the D.4 research. Layer 0, although not in the focus of D.4, provides the basis for the middleware of layer 1. Rather than assuming one device, e.g., a smartphone, layer 0 considers federated hardware, for instance, an ensemble of wearables that together constitute the AlterEgo. Next to federation, layer 0 also leverages and joins hardware security functionalities, such as Trusted Platform Modules (TPMs), TrustZones, eIDs, and SIM/smart cards, to serve as a tamper resistant trust anchor and for safekeeping personal data. The middleware layer 1 abstracts from potentially federated hardware and provides common functionality concerning trust assessment and privacy protection to the higher layers, and thus, ultimately to the user and apps. In order for AlterEgo to be trustworthy, i.e., trusted by the user, and accepted by all stakeholders, the middleware is conceptualized on a socio-technical basis. That means, hard- and software is specified within a multi-stakeholder process to ensure that the expectations of all stakeholders are reflected and that the specification of AlterEgo is communicated in an understandable form to them. Layer 2 provides the future proofing for AlterEgo. The extension protocols for system evolution address the challenge of today’s monolithic and bundled app/systems updates. These updates treat bug fix, resource updates, new functionality, and changes in the behavior the same. AlterEgo ’s extension protocols aim to be transparent/trustworthy and quantifiable in the sense of trust. Furthermore, the extension protocols must cover the evolution of the hardware as well. The challenges to be addressed range from the removal and addition of hardware to new hardware capabilities and the hardware transfer of secrets/credentials. The layer 3 leverages the tamper resistant hardware from layer 0 as well as the middleware from layer 1 to support the user in assessing trust: (a) of other users, services, and sensors and (b) prove the own trustworthiness to other users. Layer 4, also not in the focus of D.4, links D.4 to the other research areas of the RTG 2050.