Abstract
The ubiquitous computing paradigm suggests that we are going to be surrounded by countless wireless devices capable of providing services transparently. By definition, the nature of ubiquitous computing environments is open and extremely dynamic, making difficult the establishment of predefined security relationships between all of the participating entities. Authentication mechanisms can be employed to establish the identity of a pervasive computing entity but they suffer from scalability problems and have limited value in defining authorization decisions among strangers. In this paper we propose ÆTHER, an authorization management architecture designed specifically to address trust establishment and access control in ubiquitous computing environments. Owners define attribute authority sets and access control policy entries that are embedded into their devices. Members of the attribute authority sets are trusted to issue credentials for the corresponding attributes that can then be used in order to gain access to protected resources. Our architecture supports dynamic membership in these sets facilitating distributed administration, which is required in the context of the volatile nature of ubiquitous security relationships, and attribute mapping to allow roaming among authority domains. Moreover, we present the foundation of a logic model for our proposed architecture that is used to prove access control decisions.
This work is sponsored by the Irish Research Council for Science, Engineering and Technology (IRCSET), under contract number RS/2002/599-2.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Abadi, M., Burrows, M., Lampson, B., Plotkin, G.D.: A calculus for access control in distributed systems. ACM Trans. Programming Languages and Systems 15(4), 706–734 (1993)
Argyroudis, P.G., Verma, R., Tewari, H.: O.Mahony, D.: Performance analysis of cryptographic protocols on handheld devices. Technical report TCD-CS-2003-46, University of Dublin, Trinity College (2003)
Balfanz, D., Dean, D., Spreitzer, M.: A security infrastructure for distributed java applica-tions. In: Proc. 2000 IEEE Symposium on Security and Privacy, pp. 15–26 (2000)
Balfanz, D., Smetters, D.K., Stewart, P., Wong, H.C.: Talking to strangers: authentication in ad hoc wireless networks. In: Proc. 9th Network and Distributed System Security Symposium (2002)
Blaze, M., Feigenbaum, J., Keromytis, A.D.: The KeyNote trust management system version 2. Internet Engineering Task Force RFC 2704 (1999)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proc. 1996 IEEE Symposium on Security and Privacy, pp. 164–173 (1996)
Brumitt, B., Meyers, B., Krumm, J., Kern, A., Shafer, S.: EasyLiving: technologies for intelligent environments. In: Thomas, P., Gellersen, H.-W. (eds.) HUC 2000. LNCS, vol. 1927, pp. 12–29. Springer, Heidelberg (2000)
Ellison, C., Frantz, B., Lampson, B., Rivest, R.L., Thomas, B., Ylonen, T.: SPKI certificate theory. Internet Engineering Task Force RFC 2693 (1999)
Herzberg, A., Mass, Y., Mihaeli, J., Naor, D., Ravid, Y.: Access control meets public key infrastructure, or: assigning roles to strangers. In: Proc. 2000 IEEE Symposium on Security and Privacy, pp. 2–14 (2000)
Linn, J., Nystrom, M.: Attribute certification: an enabling technology for delegation and role-based controls in distributed environments. In: Proc. 4th ACM Workshop on Role-Based Access Control, pp. 121–130 (1999)
Stajano, F.: The resurrecting duckling – what next? In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 204–214. Springer, Heidelberg (2001)
Stajano, F., Anderson, R.: The resurrecting duckling: security issues in ad hoc wireless networks. In: Malcolm, J.A., Christianson, B., Crispo, B., Roe, M. (eds.) Security Protocols 1999. LNCS, vol. 1796, pp. 172–182. Springer, Heidelberg (2000)
Want, R., Schilit, B.N., Adams, N.I., Gold, R., Petersen, K., Ellis, J.R., Goldberg, D., Weiser, M.: An overview of the PARCTAB ubiquitous computing experiment. IEEE Personal Communications 2(6), 28–33 (1995)
Weiser, M.: The computer for the twenty-first century. Scientific American 265(3), 94–104 (1991)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Argyroudis, P.G., O’Mahony, D. (2004). ÆTHER: an Authorization Management Architecture for Ubiquitous Computing. In: Katsikas, S.K., Gritzalis, S., López, J. (eds) Public Key Infrastructure. EuroPKI 2004. Lecture Notes in Computer Science, vol 3093. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25980-0_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-25980-0_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22216-3
Online ISBN: 978-3-540-25980-0
eBook Packages: Springer Book Archive