Anubis: An Attestation Protocol for Distributed Context-Aware Applications

Sharing sensitive context information among multiple distributed components in mobile environments introduces major security concerns. The distributed sensing, processing and actuating components of these applications can be compromised and modified or impersonated to extract private and confidential information or to inject false information. In this paper we present the Anubis protocol for remote code attestation and access control of distributed components using remote execution of trusted code. Our Anubis protocol leverages previous work in the fields of wireless sensor networks and secure web browsing. Anubis allows new components to be introduced to the environment without updating existing components. Our implementation of Anubis in Android G1 based applications shows that the protocol introduces manageable overhead (less than 600 ms latency and 35 kB packet overhead) which does not significantly impact the user experience.