A dynamic trust based context -aware authentication framework with privacy preserving

As ubiquitous technologies ingrain themselves further into our lives, rapid progress has been made in context-aware computing. Context-aware environments are set to become a reality. However, major challenges remain to be addressed including privacy, authentication, access control, and trust. These security challenges have to be non-intrusive, intelligent, and able to adapt to the rapidly changing contexts of users. Context-aware environments are expected to make these challenges more accurate and to consider them in place from the start, so that a mutual trust relationship can be formed between entities. It is therefore, a key challenge in a ubiquitous network society to design an effective privacy preserving authentication and access control framework that adequately meet security requirements posed by the context-aware service paradigm in pervasive computing environment. In this paper, we propose a security framework that integrates context-awareness to perform authentication and access control approach in a very flexible and scalable model that is both context-aware and privacy preserving. Moreover, we show how our framework can be integrated with trust management. In this paper, we focus on introducing an anonymous authentication and access control scheme to secure interactions between users and services in ubiquitous environments. The architecture focuses on the authentication of users who request access to the resources of smart environment system through static devices (i.e. smart card, RFID, etc.), or dynamic devices (i.e. PDA, mobile phones, etc.).

[1]  Mohammad Zulkernine,et al.  A Trust Framework for Pervasive Computing Environments , 2006, IEEE International Conference on Computer Systems and Applications, 2006..

[2]  Gregory D. Abowd,et al.  Towards a Better Understanding of Context and Context-Awareness , 1999, HUC.

[3]  Gregory D. Abowd,et al.  Securing context-aware applications using environment roles , 2001, SACMAT '01.

[4]  David M. Eyers,et al.  Using trust and risk in role-based access control policies , 2004, SACMAT '04.

[5]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[6]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[7]  Wenjing Lou,et al.  Privacy-enhanced, Attack-resilient Access Control in Pervasive Computing Environments with Optional Context Authentication Capability , 2007, Mob. Networks Appl..

[8]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[9]  Morteza Amini,et al.  Trust-Based User-Role Assignment in Role-Based Access Control , 2007, 2007 IEEE/ACS International Conference on Computer Systems and Applications.

[10]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[11]  Benny Pinkas,et al.  Efficient Private Matching and Set Intersection , 2004, EUROCRYPT.

[12]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[13]  Nicholas R. Jennings,et al.  An integrated trust and reputation model for open multi-agent systems , 2006, Autonomous Agents and Multi-Agent Systems.

[14]  Chris J. Mitchell,et al.  Ninja: Non Identity Based, Privacy Preserving Authentication for Ubiquitous Environments , 2007, UbiComp.

[15]  Mohammad Zulkernine,et al.  CAT: a context-aware trust model for open and dynamic systems , 2008, SAC '08.

[16]  Panayiotis Kotzanikolaou,et al.  Preventing impersonation attacks in MANET with multi-factor authentication , 2005, Third International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks (WiOpt'05).

[17]  Donghai Guan,et al.  Finding Reliable Recommendations for Trust Model , 2006, WISE.

[18]  Igor A. Semaev,et al.  Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p , 1998, Math. Comput..

[19]  Ahmed Karmouch,et al.  A framework for context-aware authentication , 2008 .

[20]  Gerhard Frey,et al.  The Tate pairing and the discrete logarithm applied to elliptic curve cryptosystems , 1999, IEEE Trans. Inf. Theory.

[21]  Manoj R. Sastry,et al.  Attribute-Based Authentication Model for Dynamic Mobile Environments , 2006, SPC.

[22]  Robert H. Deng,et al.  A novel privacy preserving authentication and access control scheme for pervasive computing environments , 2006, IEEE Transactions on Vehicular Technology.

[23]  Daqing Zhang,et al.  Combining User Profiles and Situation Contexts for Spontaneous Service Provision in Smart Assistive Environments , 2008, UIC.

[24]  Brian D. Noble,et al.  Protecting applications with transient authentication , 2003, MobiSys '03.

[25]  David Kotz,et al.  Controlling access to pervasive information in the "Solar" system , 2002 .

[26]  Marc Langheinrich,et al.  A Privacy Awareness System for Ubiquitous Computing Environments , 2002, UbiComp.

[27]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[28]  Bachar El-Hassan,et al.  Towards a robust privacy and anonymity preserving architecture for ubiquitous computing , 2008, 2008 Third International Conference on Risks and Security of Internet and Systems.