A Composable Framework for Secure Multi-Modal Access to Internet Services from Post-PC Devices

The Post-PC revolution is bringing information access to a wide range of devices beyond the desktop, such as public kiosks, and mobile devices like cellular telephones, PDAs, and voice based vehicle telematics. However, existing deployed Internet services are geared toward the secure rich interface of private desktop computers. We propose the use of an infrastructure-based secure proxy architecture to bridge the gap between the capabilities of Post-PC devices and the requirements of Internet services. By combining generic content and security transformation functions with service-specific rules, the architecture decouples device capabilities from service requirements and simplifies the addition of new devices and services. Security and protocol specifics are abstracted into reusable components. Additionally, the architecture offers the novel ability to deal with untrusted public Internet access points by providing fine-grain control over the content and functionality exposed to the end device, as well as support for using trusted and untrusted devices in tandem. Adding support for a deployed Internet service requires a few hundred lines of scraping scripts. Similarly, adding support for a new device requires a few hundred lines of stylesheets for the device format. The average latency added by proxy transformations is around three seconds in our unoptimized Java implementation.

[1]  Steven McCanne,et al.  An application level video gateway , 1995, MULTIMEDIA '95.

[2]  Gio Wiederhold,et al.  Protecting inappropriate release of data from realistic databases , 1998, Proceedings Ninth International Workshop on Database and Expert Systems Applications (Cat. No.98EX130).

[3]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[4]  J. Feigenbaum,et al.  The KeyNote trust management system version2, IETF RFC 2704 , 1999 .

[5]  David E. Culler,et al.  A Design Framework for Highly Concurrent Systems , 2000 .

[6]  C. M. Sperberg-McQueen,et al.  eXtensible Markup Language (XML) 1.0 (Second Edition) , 2000 .

[7]  Bruce Zenel,et al.  General purpose proxies: solved and unsolved problems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[8]  David E. Culler,et al.  Scalable, distributed data structures for internet service construction , 2000, OSDI.

[9]  Eric Brewer,et al.  A design framework and a scalable storage platform to simplify internet service construction , 2000 .

[10]  Ii Extensible Stylesheet Language (xsl) , 2022 .

[11]  Lorrie Faith Cranor,et al.  The platform for privacy preferences , 1999, CACM.

[12]  Armando Fox,et al.  Security on the move: indirect authentication using Kerberos , 1996, MobiCom '96.

[13]  David E. Culler,et al.  The multispace: an evolutionary platform for infrastructural services , 1999 .

[14]  Eric A. Brewer,et al.  Adapting to network and client variability via on-demand dynamic distillation , 1996, ASPLOS VII.

[15]  Craig Metz,et al.  A One-Time Password System , 1996, RFC.

[16]  Ben Y. Zhao,et al.  The Ninja architecture for robust Internet-scale systems and services , 2001, Comput. Networks.

[17]  C. M. Sperberg-McQueen,et al.  Extensible Markup Language (XML) , 1997, World Wide Web J..

[18]  Latanya Sweeney,et al.  Guaranteeing anonymity when sharing medical data, the Datafly System , 1997, AMIA.

[19]  Neil Haller,et al.  The S/KEY One-Time Password System , 1995, RFC.

[20]  Bruce Zenel,et al.  A general purpose proxy filtering mechanism applied to the mobile environment , 1997, MobiCom '97.

[21]  Eric A. Brewer,et al.  Cluster-based scalable network services , 1997, SOSP.

[22]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[23]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[24]  Edward W. Felten,et al.  Hand-Held Computers Can Be Better Smart Cards , 1999, USENIX Security Symposium.