A security architecture for application session handoff

Ubiquitous computing across a variety of wired and wireless connections still lacks an effective security architecture. In our research work, we address the specific issue of designing and building a security architecture for application session handoff, a functionality which we envision will be a key component enabling ubiquitous computing. Our architecture incorporates a number of proven approaches into the new context of ubiquitous computing. We employ the Bell-LaPadula (1976) and capability models to realise access control and adopt public key infrastructure (PKI)-based approaches to provide efficient and authenticated end-to-end security. To demonstrate the effectiveness of our design, we implemented an application enabled with this security architecture and showed that it incurred low latency.

[1]  David Wetherall,et al.  Towards an active network architecture , 1996, CCRV.

[2]  B. Clifford Neuman,et al.  Kerberos: An Authentication Service for Open Network Systems , 1988, USENIX Winter.

[3]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[4]  Armando Fox,et al.  Making computers disappear: appliance data services , 2001, MobiCom '01.

[5]  Thomas Phan,et al.  A Scalable, Distributed Middleware Service Architecture to Support Mobile Internet Applications , 2003, Wirel. Networks.

[6]  Armando Fox,et al.  Security on the move: indirect authentication using Kerberos , 1996, MobiCom '96.

[7]  Andrew T. Campbell,et al.  The mobiware toolkit: programmable support for adaptive mobile networking , 1998, IEEE Wirel. Commun..

[8]  Jack B. Dennis,et al.  Programming semantics for multiprogrammed computations , 1966, CACM.

[9]  Michael B. Jones,et al.  Mach: a system software kernel , 1989, Digest of Papers. COMPCON Spring 89. Thirty-Fourth IEEE Computer Society International Conference: Intellectual Leverage.

[10]  Bruce Schneier,et al.  Analysis of the SSL 3.0 protocol , 1996 .

[11]  Srinivasan Seshan,et al.  A network architecture for heterogeneous mobile computing , 1998, IEEE Wirel. Commun..

[12]  Dejan S. Milojicic,et al.  Process migration , 1999, ACM Comput. Surv..

[13]  Thomas Phan,et al.  A new TWIST on mobile computing: Two-Way Interactive Session Transfer , 2001, Proceedings. The Second IEEE Workshop on Internet Applications. WIAPP 2001.

[14]  David Wetherall,et al.  Introducing new Internet services: why and how , 1998, IEEE Netw..

[15]  Mahadev Satyanarayanan,et al.  Agile application-aware adaptation for mobility , 1997, SOSP.

[16]  Jack B. Dennis,et al.  Programming semantics for multiprogrammed computations , 1966, CACM.

[17]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[18]  Ravi Sandhu A Lattice Interpretation Of The Chinese Wall Policy , 1992 .

[19]  M. Frans Kaashoek,et al.  Rover: a toolkit for mobile information access , 1995, SOSP.

[20]  Robert S. Fabry,et al.  Capability-based addressing , 1974, CACM.

[21]  Thomas Phan,et al.  Handoff of application sessions across time and space , 2001, ICC 2001. IEEE International Conference on Communications. Conference Record (Cat. No.01CH37240).

[22]  John Ioannidis,et al.  Using the Fluhrer, Mantin, and Shamir Attack to Break WEP , 2002, NDSS.

[23]  Thomas Phan,et al.  A Scalable, Distributed Middleware Service Architecture to Support Mobile Internet Applications , 2001, WMI '01.

[24]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .