Conventional entity authentication is not enough to build a secure pervasive computing environment. Being sure that you are talking to the expected entity does not guarantee it is going to do what you expect him to do, and only that. This paper introduces a concept of "trustworthy authentication" in pervasive computing which is defined as entity authentication accompanied by an assurance of trustworthy behaviour of the authenticated entity. It discusses how to provide trustworthy authentication in pervasive computing using the example of a roaming customer wishing to print his email on a public printer. A two-level hierarchical trustworthy authentication scheme is proposed where local and higher-level authorization servers issue trustworthiness certificates after receiving trustworthiness records from the printer, signed by its users. The proposed scheme may be generalized for trustworthy authentication of security devices such as firewalls.
[1]
Diana K. Smetters,et al.
Talking to Strangers: Authentication in Ad-Hoc Wireless Networks
,
2002,
NDSS.
[2]
Sadie Creese,et al.
Authentication for Pervasive Computing
,
2003,
SPC.
[3]
Frank Stajano,et al.
The Resurrecting Duckling - What Next?
,
2000,
Security Protocols Workshop.
[4]
Frank Stajano,et al.
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks
,
1999,
Security Protocols Workshop.
[5]
B. Christianson,et al.
Uncorrelatable Electronic Transactions using Ring Signatures
,
2003
.