A recent trend in low end client devices such as PDAs and cell phones is the emergence of networking applications to leverage the considerable content of the Internet. The most suitable middleware and infrastructure required to enable such applications requires the use of a non-transparent proxy. We discuss the security exposures resulting from such application scenarios and detail a security architecture based on our practical experiences with building middleware for such applications. The most glaring problem with the use of a non-transparent proxy is that the end-to-end trust model between the client and server is broken. We propose a novel solution where the server can delegate its trust to an agent in a secure coprocessor located in the infrastructure, thus re-establishing the trust model between the client and the server.
By: Suresh Chari, Matthias Kaiserswerth, Josyula R. Rao
Published in: RC21592 in 1999
This Research Report is not available electronically. Please request a copy from the contact listed below. IBM employees should contact ITIRC for a copy.
Questions about this service can be mailed to reports@us.ibm.com .