A Policy-based Authorization Scheme for Resource Sharing in Pervasive Environments
Ubiquitous environments require special properties that traditional computing does not support. The high diversity of mobile devices and the marked rise in ubiquitous resources have originated a great variety of challenges such as a proper resource management which plays a fundamental role in pervasive computing, where adaptation and dynamic re-configuration of resources take place. In previous works [MoGi08], [MoOG10] we have presented CARM (Composable-Adaptive Resource Management), a new adaptive resource management approach that supports adaptation for the required resources. CARM constitutes a component-based model to abstract system’s ubiquitous resources in a transparent and uniform way to the applications. Due to its network heterogeneity and the dynamic population of nomadic users, important security challenges arise; therefore, in this article we address CARM’s primary security concerns towards the development of a “Security module” capable of certifying the eligibility of devices to join a personal network without compromising privacy. Our approach is analyzed in terms of Authentication and Authorization, essentially consisting of an authorization scheme using Attribute Certificates (ACs) and supported by control policies that define all authorization decisions needed among unknown devices. This paper mainly describes ongoing work towards a proof-of-concept implementation in the given scenarios; initially considering two CARM enabled mobile-phones with Bluetooth connectivity and enforcing security without altering the bandwidth efficiency.
KeywordsMalicious Node Security Module Attribute Certificate Pervasive Environment Authorization Decision
Unable to display preview. Download preview PDF.
- Morales, R., Otero, B. and Gil, M., Mobile Resource Management for a Better User Experience: An Audio Case Study, 4th Symposium of Ubiquitous Computing and Ambient Intelligence (UCAmI), 2010.Google Scholar
- Roy, W., Trevor, P., Sud, S., Rosario, B., et al. Dynamic Composable Computing, Proceedings of the 9th workshop on Mobile computing systems and applications. Napa Valley, California, ACM, 2008.Google Scholar
- Xiang, S. and R. Umakishore, MobiGo: A Middleware for Seamless Mobility, Proceedings of the 13th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, IEEE Computer Society, 2007.Google Scholar
- Claycomb, W. and Shin, D. 2007. Towards secure resource sharing for impromptu collaboration in pervasive computing. In Proceedings of the 2007 ACM Symposium on Applied Computing (Seoul, Korea, March 11 - 15, 2007). SAC ’07. ACM, New York, NY, 940–946. DOI=http://doi.acm.org/10.1145/1244002.1244208Google Scholar
- OASIS. eXtensible Access Control Markup Language (XACML) Version 2.0, 2005. OASIS Committee Specification: Tim Moses (editor).Google Scholar
- S. Farrell. An Internet Attribute Certificate Profile for Authorization. Network Working Group, Request for Comments: 3281, April 2002. RFC-3281. Online. Network Working Group. Available http://tools.ietf.org/html/rfc3281-section-4.1
- P. Yee. Attribute Certificate Request Message Format. PKIX Working Group, Internet Draft, March 2002. Online. Available http://tools.ietf.org/html/draft-ietf-pkix-acrmf-01
- C. Francis Raytheon and D. Pinkas Bull. Attribute Certificate (AC) Policies Extension. Network Working Group, Request for Comments: 4476, May 2006, RFC-4476. Online. Network Working Group. Available http://www.faqs.org/rfcs/rfc4476.html
- Patroklos G. Argyroudis and D. O’Mahony. ÆTHER: an Authorization Management Architecture for Ubiquitous Computing. In Proceedings of 1st European PKI Workshop: Research and Applications (EuroPKI04), 246–259, Springer-Verlag 2004.Google Scholar
- W. Zhou and C. Meinel Implement role based access control with attribute certificates. In Proceedings of the 6th International Conference on Advanced Communication Technology - Volume 1, 536–541, Feb. 2004.Google Scholar
- U.M. Mbanaso, G.S. Cooper, D.W. Chadwick and S. Proctor Privacy Preserving Trust Authorization Framework Using XACML. In Proceedings of the International Symposium on on World of Wireless, Mobile and Multimedia Networks. 673–678, 2006.Google Scholar