“Fair” Authentication in Pervasive Computing

  • Jun Li
  • Bruce Christianson
  • Martin Loomes
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4074)

Abstract

Authentication is traditionally required to be strong enough to distinguish legitimate entities from unauthorised entities, and always involves some form of proof of identity, directly or indirectly. Conventional storable or delegable authentication scenarios in the pervasive computing environment are often frustrated by the qualitative changes of pervasive computing when humans are admitted into the loop. In this paper, we present an alternative approach based upon involving human self-determination in security protocols. This targets the authentication problem in pervasive computing, particularly when communication occurs in mobile ad-hoc fashion. We propose the argument of “thinkable” authentication, which involves using two-level protocols with the consideration of minimising trustworthiness in both human and computer device domains, but without unnecessary entity identity authentication. Thus, self-determining knowledge of the human interactions in pervasive computing can be exploited in order to make improvements on current security mechanisms.

Keywords

Authentication Pervasive Computing Mobile ad-hoc Networks Trust Human self-determination 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Anderson, R.: Why Cryptosystems Fail. Communications of the ACM 37(11), 32–40 (1994)CrossRefGoogle Scholar
  2. 2.
    Arkko, J., Nikander, P.: Weak authentication: How to authenticate unknown principals without trusted parties. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2002. LNCS, vol. 2845, pp. 5–19. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Asokan, N., Ginzboorg, P.: Key Agreement in Ad-hoc Networks. Computer Communication Review 23, 1627–1637 (2000)CrossRefGoogle Scholar
  4. 4.
    Balfanz, D., Smetters, D., Stewart, P., Wong, H.: Talking to Strangers: Authentication in ad-hoc Wireless Networks. In: Symposium on Nework and Distributed Systems Security (NDSS 2002) (February 2002)Google Scholar
  5. 5.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proc. IEEE Conference on Security and Privacy, Oakland, CA, pp. 164–173 (May 1996)Google Scholar
  6. 6.
    Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. ACM Transactions on Computer Systems 8(1), 18–36 (1990)CrossRefGoogle Scholar
  7. 7.
    Christianson, B., Harbison, W.S.: Why Isn’t Trust Transitive? In: Lomas, M. (ed.) Security Protocols 1996. LNCS, vol. 1189, pp. 171–176. Springer, Heidelberg (1997)Google Scholar
  8. 8.
    Christianson, B., Malcolm, J.A.: Binding Bit Patterns to Real World Entities. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 105–113. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  9. 9.
    Christianson, B.: Secure sessions from weak secrets. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2003. LNCS, vol. 3364, pp. 206–212. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Creese, S., Goldsmith, M., Roscoe, B., Zakiuddin, I.: The Attacker in Ubiquitous Computing Environments: Formalising the Threat Model. In: Proc. of the 1st International Workshop on Formal Aspects in Security and Trust, pp. 83–97 (2003)Google Scholar
  11. 11.
    Creese, S., Goldsmith, M., Roscoe, B., Zakiuddin, I.: Authentication for pervasive computing. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 116–129. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Ellison, C.M., Frantz, B., Lampson, B., Rivest, R., Thomas, B.M., Ylonen, T.: SPKI Certificate Theory. Internet rfc 2693 (October 1999)Google Scholar
  13. 13.
    Gehrmann, C., Mitchell, C.J., Nyberg, K.: Manual Authentication for Wireless Devices. Cryptobytes 7(1), 29–37 (2004)Google Scholar
  14. 14.
    Gong, L.: Cryptographic Protocols for Distributed Systems. Ph.D thesis, University of Cambridge (1990)Google Scholar
  15. 15.
    Hutter, D., Stephan, W., Ullmann, M.: Security and privacy in pervasive computing state of the art and future directions. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 285–289. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Karger, P.A.: Improving Security and Performance for Capability Systems. Ph.D thesis, University of Cambridge (1988)Google Scholar
  17. 17.
    Langheinrich, M.: When Trust Does Not Compute – The Role of Trust in Ubiquitous computing. In: Workshop on Privacy at Ubicomp 2003 (October 2003)Google Scholar
  18. 18.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Florida (1997)MATHGoogle Scholar
  19. 19.
    Miller, S.P., Neuman, B.C., Schiller, J.I., Saltzer, J.H.: Kerberos Authentication and Authorisation System. Project Athena Technical Plan, section e.2.1, M.I.T. (October 1988)Google Scholar
  20. 20.
    Mitchell, C.J., Pagliusi, P.S.: Is entity authentication necessary? In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2002. LNCS, vol. 2845, pp. 20–33. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  21. 21.
    Mullender, S.J.: Principles of Distributed Operating System Design. Ph.D thesis, Vrije Universiteit te Amsterdam (1985)Google Scholar
  22. 22.
    Needham, R.M., Schroeder, M.D.: Using Encryption for Authentication in Large Networks of Computers. Communications of the ACM 21(12), 993–999 (1978)MATHCrossRefGoogle Scholar
  23. 23.
    Roe, M.: Cryptography and Evidence. Ph.D thesis, University of Cambridge (1997)Google Scholar
  24. 24.
    Seigneur, J.-M., Farrell, S., Jensen, C.D., Gray, E., Chen, Y.: End-to-end trust starts with recognition. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 130–142. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  25. 25.
    Stajano, F.: Security for whom? In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 16–27. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  26. 26.
    Stajano, F., Anderson, R.: The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks. In: Christianson, B., Crispo, B., Roe, M. (eds.) Proceedings of the 7th International Workshop Security Protocols. LNCS, vol. 1296, pp. 172–194 (1999)Google Scholar
  27. 27.
    Stajano, F., Anderson, R.: The Resurrecting Duckling: security issues for ubiquitous computing. IEEE Computer 35(4) (April 2002)Google Scholar
  28. 28.
    Turing, A.M.: Computing Machinery and Intelligence. MIND 49, 433–460 (1950)CrossRefMathSciNetGoogle Scholar
  29. 29.
    von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using Hard AI Problems for Security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  30. 30.
    von Ahn, L., Blum, M., Langford, J.: Telling Humans and Computers Apart Automatically. Communications of the ACM 47(2), 56–60 (2004)CrossRefGoogle Scholar
  31. 31.
    Weiser, M.: The Computer for the Twenty-First Century. Scientific American 265(3), 94–104 (1991)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jun Li
    • 1
  • Bruce Christianson
    • 1
  • Martin Loomes
    • 2
  1. 1.School of Computer ScienceUniversity of HertfordshireHatfield, HertsUnited Kingdom
  2. 2.School of Computing ScienceMiddlesex UniversityThe Burroughs, LondonUnited Kingdom

Personalised recommendations