A private, secure, and user-centric information exposure model for service discovery protocols

Service Discovery as an essential element in pervasive computing environments is widely accepted. Much research on service discovery has been conducted, but privacy and security have been ignored and may be sacrificed. While it is essential that legitimate users should be able to discover services, it is also necessary that services be hidden from illegitimate users. Since service information, service provider's information, service requests, user presence information, and user's identities may be sensitive, we may want to keep them private during service discovery processes. There appears to be no existing service discovery protocols that solve these problems. We present a user-centric model, called Prudent Exposure, which exposes minimal information privately and securely. Users and service owners exchange code words in an efficient and scalable form to establish mutual trust. Based on the trust, secure service discovery sessions are set up. The model is further improved to counter attacks. We analyze the mathematical properties of our model, formally verify our security protocol, and measure the performance of our prototype system.

[1]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[2]  Charles E. Perkins,et al.  Service Location Protocol , 1997, RFC.

[3]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[4]  Li Fan,et al.  Summary cache: a scalable wide-area web cache sharing protocol , 2000, TNET.

[5]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[6]  Frank Stajano,et al.  The Resurrecting Duckling: security issues for ubiquitous computing , 2002, S&P 2002.

[7]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[8]  Lionel M. Ni,et al.  Service discovery in pervasive computing environments , 2005, IEEE Pervasive Computing.

[9]  Lionel M. Ni,et al.  Splendor: A secure, private, and location-aware service discovery protocol supporting mobile services , 2003, Proceedings of the First IEEE International Conference on Pervasive Computing and Communications, 2003. (PerCom 2003)..

[10]  S. Ungar,et al.  Home network security , 2002, Proceedings 2002 IEEE 4th International Workshop on Networked Appliances (Cat. No.02EX525).

[11]  Michael Nidd,et al.  Service discovery in DEAPspace , 2001, IEEE Wirel. Commun..

[12]  Frank Stajano,et al.  The Resurrecting Duckling - What Next? , 2000, Security Protocols Workshop.

[13]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[14]  Hari Balakrishnan,et al.  The design and implementation of an intentional naming system , 1999, SOSP.

[15]  Pekka Nikander,et al.  Decentralized Jini Security , 2001, NDSS.

[16]  Charles E. Perkins,et al.  Service Location Protocol, Version 2 , 1999, RFC.

[17]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[18]  Ben Y. Zhao,et al.  An architecture for a secure service discovery service , 1999, MobiCom.

[19]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[20]  David R. Karger,et al.  INS/Twine: A Scalable Peer-to-Peer Architecture for Intentional Resource Discovery , 2002, Pervasive.

[21]  Roy Want,et al.  The Personal Server: Changing the Way We Think about Ubiquitous Computing , 2002, UbiComp.