Advertisement

Context Adapted Certificate Using Morph Template Signature for Pervasive Environments

  • Rachid Saadi
  • Jean Marc Pierson
  • Lionel Brunie
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4836)

Abstract

In distributed systems, especially in pervasive and ubiquitous environments, mobile users gather certificates providing them rights to access unknown and trusted environments. Such a certificate embeds increasing number of information that leads the certificate provider to adapt existing standards to its requirements. In this paper, we propose a new model of certification called X316 to set up an XML certificates with a contextual morph capability. This morph characteristic enables each certificate owner to disclose and to blind some sensitive certificate parts according to surrounding context. The usability of the X316 is illustrated with the ”Chameleon” architecture offering users such a possible access if they appear with trusted certificates. These certificates may be gathered during their roaming in the pervasive environment, and they offer direct or transitive access to foreign sites, based on trust relationships.

Keywords

Access Control Policy Dynamic Part Mapping Policy Signature Algorithm Trust Degree 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Shankar, N., Arbaugh, W.: On Trust for Ubiquitous Computing. In: Workshop on Security in Ubiquitous Computing (September 2004)Google Scholar
  2. 2.
    Zimmermann, P.R.: The Official PGP User’s Guide. MIT Press, Cambridge, MA (1995)Google Scholar
  3. 3.
    ITU-T Simple public key infrastructure (SPKI) charter, http://www.ietf.org/html.charters/OLD/spki-charter.html
  4. 4.
    Seitz, L., Pierson, J.M., Brunie, L.: Semantic Access Control for Medical Applications in Grid Environments. In: A International Conference on Parallel and Distributed Computing, pp. 374–383 (August 2003)Google Scholar
  5. 5.
    ITU-T Rec. X.509, ISO/IEC 9594-8 The Directory: Authentication Framework (2000)Google Scholar
  6. 6.
    Thompson, M.R., Essiari, A., Mudumbai, S.: Certificate-based authorization policy in a PKI environment. ACM Trans. Inf. Syst. Secur. 6(4), 566–588 (2003)CrossRefGoogle Scholar
  7. 7.
    ITU-T Rec. X.680, ISO/IEC 8824-1:2002 (2002), http://asn1.elibel.tm.fr/en/standards/index.htm
  8. 8.
    Micali, S., Rivest, L.R.: Transitive Signature Schemes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 236–243. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Johnson, R., Molnar, D., Song, D., Wagner, D.: Homomorphic signature schemes. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 244–262. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Brands, S.: A technical Overview of Digital Credentials. Research Report (February 2002)Google Scholar
  11. 11.
    Chadwick, D., Otenko, A.: The PERMIS X.509 Role Based Privilege Management Infrastructure. In: Proceedings of the 7th ACM Symposium on Access Control Models and Technologies, pp. 135–140. ACM Press, New York (2002)CrossRefGoogle Scholar
  12. 12.
    Lorch, M., Adams, D., Kafura, D., et al.: The PRIMA System for Privilege Management, Authorization and Enforcement. In: Proceedings of the 4th International Workshop on Grid Computing (November 2003)Google Scholar
  13. 13.
    Bartel, M., Boyer, J., Fox, B., LaMacchia, B., Simon, E.: XML-encryption syntax and processing. In: W3C Recommendation (February 2002), http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
  14. 14.
    Saadi, R., Pierson, J.M., Brunie, L.: (Dis)trust Certification Model for Large Access in Pervasive Environment. JPCC International Journal of Pervasive Computing and Communications 1(4), 289–299 (2005)CrossRefGoogle Scholar
  15. 15.
    XCBF 1.1, OASIS Standard, (approved August 2003), http://www.oasis-open.org/committees/xcbf/
  16. 16.
    Zhao, M., Smith, S.W., Nicol, D.M.: Aggregated path authentication for efficient BGP security. In: CCS 2005. Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 128–138 (November 2005)Google Scholar
  17. 17.
    Orri, X., Mas, J.M.: SPKI-XML Certificate Structure Internet-Draft, Octalis SA (November 2001), http://www.ietf.org/internetdrafts/draft-orri-spki-xml-cert-struc-00.txt
  18. 18.
    Challenge-response authentication From Wikipedia, the free encyclopedia, http://en.wikipedia.org/wiki/Challenge-response_authentication
  19. 19.
    Steinfeld, R., Bull, L., Zheng, Y.: Content Extraction Signatures. In: Proceedings of 4th International Conference of Information Security and Cryptology, pp. 285–2004 (December 2001)Google Scholar
  20. 20.
    Bull, L., Stanski, P., Squire, D.M.: Content extraction signatures using XML digital signatures and custom transforms on-demand. In: Proceedings of the 12th international Conference on World Wide Web, pp. 170–177 (May 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Rachid Saadi
    • 1
  • Jean Marc Pierson
    • 2
  • Lionel Brunie
    • 1
  1. 1.LIRIS lab, INSA de LyonFrance
  2. 2.IRIT lab, University Paul Sabatier ToulouseFrance

Personalised recommendations