A composable framework for secure multi-modal access to Internet services from post-PC devices

The post-PC revolution is bringing information access to a wide-range of devices beyond the desktop, such as public kiosks, and mobile devices like cellular telephones, PDAs, and voice based vehicle telematics. However existing deployed Internet services are geared toward the secure rich interface of private desktop computers. We propose the use of an infrastructure-based secure proxy architecture to bridge the gap between the capabilities of post-PC devices and the requirements of Internet services. By combining generic content and security transformation functions with service-specific rules, the architecture decouples device capabilities from service requirements and simplifies the addition of new devices and services. Security and protocol specifics are abstracted into reusable components. Additionally, the architecture offers the novel ability to deal with untrusted public Internet access points by providing fine-grain control over the content and functionality exposed to the end device, as well as support for using trusted and untrusted devices in tandem. Adding support for a deployed Internet service requires a few hundred lines of scraping scripts. Similarly, adding support for a new device requires a few hundred lines of stylesheets for the device format. The average latency added by proxy transformations is around three seconds in our unoptimized Java implementation.

[1]  Steven McCanne,et al.  An application level video gateway , 1995, MULTIMEDIA '95.

[2]  C. M. Sperberg-McQueen,et al.  Extensible markup language , 1997 .

[3]  Gio Wiederhold,et al.  Protecting inappropriate release of data from realistic databases , 1998, Proceedings Ninth International Workshop on Database and Expert Systems Applications (Cat. No.98EX130).

[4]  David E. Culler,et al.  Scalable, distributed data structures for internet service construction , 2000, OSDI.

[5]  Eric Brewer,et al.  A design framework and a scalable storage platform to simplify internet service construction , 2000 .

[6]  Bruce Zenel,et al.  A general purpose proxy filtering mechanism applied to the mobile environment , 1997, MobiCom '97.

[7]  Lorrie Faith Cranor,et al.  The platform for privacy preferences , 1999, CACM.

[8]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[9]  Armando Fox,et al.  Security on the move: indirect authentication using Kerberos , 1996, MobiCom '96.

[10]  Eric A. Brewer,et al.  Cluster-based scalable network services , 1997, SOSP.

[11]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System , 1998 .

[12]  Craig Metz,et al.  A One-Time Password System , 1996, RFC.

[13]  Ben Y. Zhao,et al.  The Ninja architecture for robust Internet-scale systems and services , 2001, Comput. Networks.

[14]  Latanya Sweeney,et al.  Guaranteeing anonymity when sharing medical data, the Datafly System , 1997, AMIA.

[15]  Edward W. Felten,et al.  Hand-Held Computers Can Be Better Smart Cards , 1999, USENIX Security Symposium.

[16]  David E. Culler,et al.  A Design Framework for Highly Concurrent Systems , 2000 .

[17]  Bruce Zenel,et al.  General purpose proxies: solved and unsolved problems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[18]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[19]  David E. Culler,et al.  The multispace: an evolutionary platform for infrastructural services , 1999 .

[20]  Eric A. Brewer,et al.  Adapting to network and client variability via on-demand dynamic distillation , 1996, ASPLOS VII.