Abstract
In pervasive computing environments, changes in context may trigger changes in an individual’s access permissions. We contend that existing access control frameworks do not provide the fine-grained revocation needed to enforce these changing authorizations. In this paper, we present an authorization framework, in the context of the Gaia OS for active spaces, which integrates context with authorization and provides fine-grained control over the enforcement of dynamically changing permissions using cryptographic mechanisms. Our design, implemented in middleware using distributed objects, addresses the limitations of traditional authorization frameworks and the specific access control needs of pervasive computing environments. As part of our proposed framework, we define cryptographic protocols that enforce access to the system’s communication channels and provide secure delivery of messages. We also provide a proof of correctness of key agreement and freshness using the standard BAN deduction system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Kohl, J., Neuman, B.C.: The Kerberos Network Authentication Service (Version 5). Internet Request for Comments RFC-1510 (1993)
Neuman, B.C., Ts’o, T.: Kerberos: An Authentication Service for Computer Networks. IEEE Communications 32, 33–38 (1994)
Housely, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile. Internet Request for Comments RFC-2459 (1999)
Public key infrastructure study. National Institute of Standards and Technology (1994)
Creese, S., Goldsmith, M., Rosco, B., Zakiuddin, I.: Authentication for pervasive computing. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 116–129. Springer, Heidelberg (2003)
Roman, M., Hess, C.K., Cerqueira, R., Ranganathan, A., Campbell, R.H., Nahrstedt, K.: Gaia: A middleware infrastructure to enable active spaces. IEEE Pervasive Computing, 74–83 (2002)
Ashley, P., Vandenwauver, M.: Practical Intranet Security: Overview of the State of the Art and Available Technologies. Kluwer Academic Publishers, Dordrecht (1999)
Blaze, M., Feigenbaum, J., Keromytis, A.D.: KeyNote: Trust management for public-key infrastructures. In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Security Protocols 1998. LNCS, vol. 1550, pp. 59–63. Springer, Heidelberg (1999)
Rivest, R.L., Lampson, B.: SDSI – A simple distributed security infrastructure. Presented at CRYPTO 1996 Rumpsession (1996)
Pfitzmann, A., Köhntopp, M.: Anonymity, unobservability, and pseudonymity: A proposal for terminology (2000)
Vandenwauver, M., Govaerts, R., Vandewalle, J.: How role based access control is implemented in sesame. In: WETICE, pp. 293–298 (1997)
Hill, R., Al-Muhtadi, J., Campbell, R., Kapadia, A., Naldurg, P., Ranganathan, A.: A middleware architecture for securing ubiquitous computing cyber infrastructures. In: 5th ACM/IFIP/USENIX International Middleware Conference (2004)
Creese, S., Goldsmith, M., Roscoe, B., Zakiuddin, I.: Authentication for pervasive computing. In: Security in Pervasive Computing (2003)
Wullems, C., Looi, M., Clark, A.: Towards context- aware security: An authorization architecture for intranet environments. In: The proceedings of the Second IEEE Conference on Pervasive Computing and Communciations Worshops (2004)
Sampemane, G., Naldurg, P., Campbell, R.H.: Access control for active spaces. In: Annual Computer Security Applications Conference (2002)
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. In: Proceedings of the twelfth ACM symposium on Operating systems principles, pp. 1–13. ACM Press, New York (1989)
McGrew, D.A., Sherman, A.T.: Key establishment in large dynamic groups using one-way function trees. IEEE Transactions on Software Engineering 29, 444–458 (2003)
Mittra, S.: Iolus: A framework for scalable secure multicasting. In: ACM SIGCOMM (1997)
Perrig, A.: Efficient collaborative key management protocols for secure autonomous group communication. In: International Workshop on Cryptographic Techniques and E-Commerce CrypTEC (1999)
Steiner, M., Tsudik, G., Waidner, M.: Cliques: A new approach to group key agreement. In: 18th International Conference on Distributed Computing Systems (ICDCS 1998), pp. 380–387 (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lee, A.J., Boyer, J.P., Drexelius, C., Naldurg, P., Hill, R.L., Campbell, R.H. (2005). Supporting Dynamically Changing Authorizations in Pervasive Communication Systems. In: Hutter, D., Ullmann, M. (eds) Security in Pervasive Computing. SPC 2005. Lecture Notes in Computer Science, vol 3450. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-32004-3_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-32004-3_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25521-5
Online ISBN: 978-3-540-32004-3
eBook Packages: Computer ScienceComputer Science (R0)