Privacy-enhanced, Attack-resilient Access Control in Pervasive Computing Environments with Optional Context Authentication Capability

In pervasive computing environments (PCEs), privacy and security are two important but contradictory objectives. Users enjoy services provided in PCEs only after their privacy issues being sufficiently addressed. That is, users could not be tracked down for wherever they are and whatever they are doing. However, service providers always want to authenticate the users and make sure they are accessing only authorized services in a legitimate way. In PCEs, such user authentication may include context authentication in addition to the entity authentication. In this paper, we propose a novel privacy enhanced anonymous authentication and access control scheme to secure the interactions between mobile users and services in PCEs with optional context authentication capability. The proposed scheme seamlessly integrates two underlying cryptographic primitives, blind signature and hash chain, into a highly flexible and lightweight authentication and key establishment protocol. It provides explicit mutual authentication and allows multiple current sessions between a user and a service, while allowing the user to anonymously interact with the service. The proposed scheme is also designed to be DoS resilient by requiring the user to prove her legitimacy when initializing a service session.

[1]  DongGook Park Cryptographic protocols for third generation mobile communication systems , 2001 .

[2]  Roy H. Campbell,et al.  Cerberus: a context-aware security scheme for smart spaces , 2003, Proceedings of the First IEEE International Conference on Pervasive Computing and Communications, 2003. (PerCom 2003)..

[3]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[4]  James H. Aylor,et al.  Computer for the 21st Century , 1999, Computer.

[5]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[6]  Marco Gruteser,et al.  Enhancing Location Privacy in Wireless LAN Through Disposable Interface Identifiers: A Quantitative Analysis , 2003, WMASH '03.

[7]  Roy H. Campbell,et al.  Towards Security and Privacy for Pervasive Computing , 2002, ISSS.

[8]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[9]  Shouhuai Xu,et al.  k-anonymous secret handshakes with reusable credentials , 2004, CCS '04.

[10]  Michael Kreutzer,et al.  Pervasive Privacy with Identity Management , 2002 .

[11]  Adrian Friday,et al.  Integrating Privacy Enhancing Services in Ubiquitous Computing Environments , 2002 .

[12]  Srinivas Devadas,et al.  Proxy-based security protocols in networked mobile devices , 2002, SAC '02.

[13]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[14]  Roy H. Campbell,et al.  A flexible, privacy-preserving authentication framework for ubiquitous computing environments , 2002, Proceedings 22nd International Conference on Distributed Computing Systems Workshops.

[15]  Paul Müller,et al.  Tackling Security and Privacy Issues in Radio Frequency Identification Devices , 2004, Pervasive.

[16]  Qi He,et al.  The quest for personal control over mobile location privacy , 2004, IEEE Communications Magazine.

[17]  Dirk Westhoff,et al.  Zero Common-Knowledge Authentication for Pervasive Networks , 2003, Selected Areas in Cryptography.

[18]  M. Dennis Mickunas,et al.  Routing through the Mist : Design and Implementation , 2002 .

[19]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[20]  GrunwaldDirk,et al.  Enhancing location privacy in wireless LAN through disposable interface identifiers , 2005 .

[21]  Jin Nakazawa,et al.  LEXP: Preserving User Privacy and Certifying the Location Information , 2003 .

[22]  Robert H. Deng,et al.  A novel privacy preserving authentication and access control scheme for pervasive computing environments , 2006, IEEE Transactions on Vehicular Technology.

[23]  Sadie Creese,et al.  Authentication for Pervasive Computing , 2003, SPC.

[24]  Marc Langheinrich,et al.  A Privacy Awareness System for Ubiquitous Computing Environments , 2002, UbiComp.

[25]  Peter Steenkiste,et al.  Access Control to Information in Pervasive Computing Environments , 2003, HotOS.

[26]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[27]  Amit Sahai,et al.  Pseudonym Systems , 1999, Selected Areas in Cryptography.

[28]  G. Roussos,et al.  MOBILE IDENTITY MANAGEMENT , 2002 .

[29]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[30]  Roy H. Campbell,et al.  Routing through the mist: privacy preserving communication in ubiquitous computing environments , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[31]  A. Hohl,et al.  Anonymity for Users of Ubiquitous Computing , 2001 .