"Fair" Authentication in Pervasive Computing

Authentication is traditionally required to be strong enough to distinguish legitimate entities from unauthorised entities, and always involves some form of proof of identity, directly or indirectly. Conventional storable or delegable authentication scenarios in the pervasive computing environment are often frustrated by the qualitative changes of pervasive computing when humans are admitted into the loop. In this paper, we present an alternative approach based upon involving human self-determination in security protocols. This targets the authentication problem in pervasive computing, particularly when communication occurs in mobile ad-hoc fashion. We propose the argument of “thinkable” authentication, which involves using two-level protocols with the consideration of minimising trustworthiness in both human and computer device domains, but without unnecessary entity identity authentication. Thus, self-determining knowledge of the human interactions in pervasive computing can be exploited in order to make improvements on current security mechanisms.

[1]  Yong Chen,et al.  End-to-End Trust Starts with Recognition , 2003, SPC.

[2]  A. M. Turing,et al.  Computing Machinery and Intelligence , 1950, The Philosophy of Artificial Intelligence.

[3]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[4]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[5]  Pekka Nikander,et al.  Weak Authentication: How to Authenticate Unknown Principals without Trusted Parties , 2002, Security Protocols Workshop.

[6]  Akinori Yonezawa,et al.  Software Security — Theories and Systems , 2003, Lecture Notes in Computer Science.

[7]  Dieter Hutter,et al.  Security and Privacy in Pervasive Computing State of the Art and Future Directions , 2003, SPC.

[8]  M. Weiser The Computer for the Twenty-First Century , 1991 .

[9]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[10]  Frank Stajano,et al.  Security for Whom?: The Shifting Security Assumptions of Pervasive Computing , 2002, ISSS.

[11]  A. M. Turing,et al.  Computing Machinery and Intelligence , 1950, The Philosophy of Artificial Intelligence.

[12]  John Langford,et al.  Telling humans and computers apart automatically , 2004, CACM.

[13]  Sadie Creese,et al.  The attacker in ubiquitous computing environments: formalising the threat model , 2003 .

[14]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[15]  Chris J. Mitchell,et al.  Is Entity Authentication Necessary? , 2002, Security Protocols Workshop.

[16]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[17]  Sadie Creese,et al.  Authentication for Pervasive Computing , 2003, SPC.

[18]  Paul A. Karger,et al.  Improving security and performance for capability systems , 1988 .

[19]  Mark Weiser The computer for the 21st century , 1991 .

[20]  Frank Stajano Security in Pervasive Computing , 2003, SPC.

[21]  Bruce Christianson,et al.  Binding Bit Patterns to Real World Entities , 1997, Security Protocols Workshop.

[22]  Diana K. Smetters,et al.  Talking to Strangers: Authentication in Ad-Hoc Wireless Networks , 2002, NDSS.

[23]  Ross J. Anderson Why cryptosystems fail , 1994, CACM.

[24]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[25]  Frank Stajano,et al.  The Resurrecting Duckling: security issues for ubiquitous computing , 2002, S&P 2002.

[26]  Bruce Christianson,et al.  Secure Sessions from Weak Secrets , 2003, Security Protocols Workshop.

[27]  Sape Jurriën Mullender Principles of Distributed Operating System Design , 1985 .

[28]  Jerome H. Saltzer,et al.  Section E.2.1 Kerberos Authentication and Authorization System , 1988 .

[29]  N. Asokan,et al.  Key agreement in ad hoc networks , 2000, Comput. Commun..

[30]  Bruce Christianson,et al.  Why Isn't Trust Transitive? , 1996, Security Protocols Workshop.

[31]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .