Supporting Dynamically Changing Authorizations in Pervasive Communication Systems

In pervasive computing environments, changes in context may trigger changes in an individual's access permissions. We contend that existing access control frameworks do not provide the fine-grained revocation needed to enforce these changing authorizations. In this paper, we present an authorization framework, in the context of the Gaia OS for active spaces, which integrates context with authorization and provides fine-grained control over the enforcement of dynamically changing permissions using cryptographic mechanisms. Our design, implemented in middleware using distributed objects, addresses the limitations of traditional authorization frameworks and the specific access control needs of pervasive computing environments. As part of our proposed framework, we define cryptographic protocols that enforce access to the system's communication channels and provide secure delivery of messages. We also provide a proof of correctness of key agreement and freshness using the standard BAN deduction system.

[1]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[2]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[3]  Chris Wullems,et al.  Towards context-aware security: an authorization architecture for intranet environments , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[4]  Frank Stajano Security in Pervasive Computing , 2003, SPC.

[5]  Adrian Perrig,et al.  Efficient Collaborative Key Management Protocols for Secure Autonomous Group Communication , 1999 .

[6]  Taylor Yu The Kerberos Network Authentication Service (Version 5) , 2007 .

[7]  Joos Vandewalle,et al.  How role based access control is implemented in SESAME , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[8]  Roy H. Campbell,et al.  A Middleware Architecture for Securing Ubiquitous Computing Cyber Infrastructures , 2004, IEEE Distributed Syst. Online.

[9]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[10]  Angelos D. Keromytis,et al.  Key note: Trust management for public-key infrastructures , 1999 .

[11]  Paul Ashley,et al.  Practical Intranet Security: Overview of the State of the Art and Available Technologies , 1999 .

[12]  Sadie Creese,et al.  Authentication for Pervasive Computing , 2003, SPC.

[13]  Judith A. Furlong,et al.  Public Key Infrastructure Study , 1994 .

[14]  Paul Ashley,et al.  Practical Intranet Security , 1999, Springer US.

[15]  Klara Nahrstedt,et al.  A Middleware Infrastructure for Active Spaces , 2002, IEEE Pervasive Comput..

[16]  Klara Nahrstedt,et al.  Gaia: A Middleware Infrastructure to Enable Active Spaces1 , 2002 .

[17]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[18]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[19]  Gene Tsudik,et al.  CLIQUES: a new approach to group key agreement , 1998, Proceedings. 18th International Conference on Distributed Computing Systems (Cat. No.98CB36183).

[20]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[21]  Alan T. Sherman,et al.  Key Establishment in Large Dynamic Groups Using One-Way Function Trees , 2003, IEEE Trans. Software Eng..

[22]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[23]  Roy H. Campbell,et al.  Access control for Active Spaces , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..