Proxy-based security protocols in networked mobile devices

We describe a resource discovery and communication system designed for security and privacy. All objects in the system, e.g., appliances, wearable gadgets, software agents, and users have associated trusted software proxies that either run on the appliance hardware or on a trusted computer. We describe how security and privacy are enforced using two separate protocols: a protocol for secure device-to-proxy communication, and a protocol for secure proxy-to-proxy communication. Using two separate protocols allows us to run a computationally-inexpensive protocol on impoverished devices, and a sophisticated protocol for resource authentication and communication on more powerful devices.We detail the device-to-proxy protocol for lightweight wireless devices and the proxy-to-proxy protocol which is based on SPKI/SDSI (Simple Public Key Infrastructure / Simple Distributed Security Infrastructure). A prototype system has been constructed, which allows for secure, yet efficient, access to networked, mobile devices. We present a quantitative evaluation of this system using various metrics.

[1]  Ronald L. Rivest,et al.  Certificate Chain Discovery in SPKI/SDSI , 2002, J. Comput. Secur..

[2]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[3]  Ben Y. Zhao,et al.  An architecture for a secure service discovery service , 1999, MobiCom.

[4]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[5]  Ronald L. Rivest,et al.  The RC5 Encryption Algorithm , 1994, FSE.

[6]  Jerry Avorn Technology , 1929, Nature.

[7]  Jerome H. Saltzer,et al.  End-to-end arguments in system design , 1984, TOCS.

[8]  Eric Rescorla,et al.  SSL and TLS: Designing and Building Secure Systems , 2000 .

[9]  Frank Stajano,et al.  The Resurrecting Duckling - What Next? , 2000, Security Protocols Workshop.

[10]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[11]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[12]  Nissanka Bodhi Priyantha Providing precise indoor location information to mobile devices , 2001 .

[13]  Pekka Nikander,et al.  Decentralized Jini Security , 2001, NDSS.

[14]  James Beck,et al.  Challenges: an application model for pervasive computing , 2000, MobiCom '00.

[15]  Andrew J. Maywah,et al.  An implementation of a secure web client using SPKI/SDSI certificates , 2000 .

[16]  Hari Balakrishnan,et al.  The design and implementation of an intentional naming system , 1999, SOSP.

[17]  Hari Balakrishnan,et al.  6th ACM/IEEE International Conference on on Mobile Computing and Networking (ACM MOBICOM ’00) The Cricket Location-Support System , 2022 .

[18]  Todd Jason Mills An architecture and implementation of secure device communication in oxygen , 2001 .

[19]  H. R. J. Grosch,et al.  The Future of Computing , 1958 .

[20]  Butler W. Lampson,et al.  Simple Public Key Certificate , 1998 .

[21]  Dwaine E. Clarke,et al.  SPKI/SDSI HTTP Server / Certificate Chain Discovery in SPKI/SDSI , 2001 .