Device-Enabled Authorization in the Grey System

(Extended Abstract)
  • Lujo Bauer
  • Scott Garriss
  • Jonathan M. McCune
  • Michael K. Reiter
  • Jason Rouse
  • Peter Rutenbar
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3650)


We describe the design of Grey, a set of software extensions that convert an off-the-shelf smartphone-class device into a tool by which its owner exercises and delegates her authority to both physical and virtual resources. We focus on the software components and user interfaces of Grey, highlighting the features of each. We also discuss an initial case study for Grey, in which we are equipping over 65 doors on two floors of office space for access control using Grey-enabled devices, for a population of roughly 150 persons. Further details of Grey, and this and other applications, can be found in a companion technical report.


Access Control Security Policy Grey System Virtual Resource Network Address 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M.: On SDSI’s linked local name spaces. J. Computer Security (1998)Google Scholar
  2. 2.
    Abadi, M., Burrows, M., Lampson, B., Plotkin, G.D.: A calculus for access control in distributed systems. ACM Trans. Prog. Lang. and Sys. (September 1993)Google Scholar
  3. 3.
    Appel, A.W., Felten, E.W.: Proof-carrying authentication. In: Proc. 6th ACM Conference on Computer and Communications Security (November 1999)Google Scholar
  4. 4.
    Appel, A.W., Michael, N., Stump, A., Virga, R.: A trustworthy proof checker. J. Automated Reasoning 31(3-4), 231–260 (2003)zbMATHCrossRefGoogle Scholar
  5. 5.
    Balfanz, D., Dean, D., Spreitzer, M.: A security infrastructure for distributed Java applications. In: Proc. 21st IEEE Symposium on Security and Privacy (2002)Google Scholar
  6. 6.
    Bauer, L., Garriss, S., McCune, J.M., Reiter, M.K., Rouse, J., Rutenbar, P.: Device-enabled authorization in the Grey system. Technical Report CMU-CS-05- 111, Computer Science Department, Carnegie Mellon University (February 2005)Google Scholar
  7. 7.
    Bauer, L., Garriss, S., Reiter, M.K.: Distributed proving in access-control systems. In: Proc. 2005 IEEE Symposium on Security and Privacy (May 2005)Google Scholar
  8. 8.
    Bauer, L., Schneider, M.A., Felten, E.W.: A general and flexible access-control system for the Web. In: Proc. 11th USENIX Security Symposium (August 2002)Google Scholar
  9. 9.
    Beaufour, A., Bonnet, P.: Personal servers as digital keys. In: Proc. 2nd IEEE International Conference of Pervasive Computing and Communications (March 2004)Google Scholar
  10. 10.
    Blaze, M., Feigenbaum, J., Strauss, M.: Compliance checking in the Policy- Maker trust-management system. In: Proc. 2nd Financial Crypto Conference (1998)Google Scholar
  11. 11.
    Church, A.: A formulation of the simple theory of types. J. Symbolic Logic (1940)Google Scholar
  12. 12.
    Coquand, T.: An algorithm for testing conversion in type theory. In: Huet, G., Plotkin, G. (eds.) Logical Frameworks, pp. 255–280 (1991)Google Scholar
  13. 13.
    de Ipiña, D.L., Mendonça, P., Hopper, A.: TRIP: a low-cost vision-based location system for ubiquitous computing. Pers. and Ubiq. Comp. 6(3) (2002)Google Scholar
  14. 14.
    Dohrmann, S., Ellison, C.: Public key support for collaborative groups. In: Proc. First Annual PKI Research Workshop (April 2002)Google Scholar
  15. 15.
    Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI certificate theory. RFC 2693 (September 1999)Google Scholar
  16. 16.
    Ellison, C.M., Frantz, B., Lampson, B., Rivest, R.: Simple public key certificate. Internet Engineering Task Force Draft (July 1997)Google Scholar
  17. 17.
    Goldberg, I.: Visual key fingerprint code (1996), Available at
  18. 18.
    Halpern, J.Y., van der Meyden, R.: A logic for SDSI’s linked local name spaces. In: Proc. 12th IEEE Computer Security Foundations Workshop (1999)Google Scholar
  19. 19.
    Harper, R., Honsell, F., Plotkin, G.: A framework for defining logics. J. ACM 40(1), 143–184 (1993)zbMATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: Theory and practice. ACM Trans. Comp. Sys. 10(4), 265–310 (1992)CrossRefGoogle Scholar
  21. 21.
    Levin, R.: PGP snowflake. Personal communication (1996)Google Scholar
  22. 22.
    MacKenzie, P., Reiter, M.K.: Networked cryptographic devices resilient to capture. International Journal of Information Security 2(1), 1–20 (2003)CrossRefGoogle Scholar
  23. 23.
    McCune, J.M., Perrig, A., Reiter, M.K.: Seeing-is-believing: Using camera phones for human-verifiable authentication. In: Proc. 2005 IEEE Symposium on Security and Privacy (May 2005)Google Scholar
  24. 24.
    Perrig, A., Song, D.: Hash visualization: A new technique to improve real-world security. In: Proc. 1999 Intern. Work. Crypto. Techn. and E-Comm. (July 1999)Google Scholar
  25. 25.
    Ramsdell, B.: Secure/multipurpose internet mail extensions (S/MIME) version 3.1: Message specification. RFC 3850 (July 2004)Google Scholar
  26. 26.
    Ravi, N., Stern, P., Desai, N., Iftode, L.: Accessing ubiquitous services using smart phones. In: Proc. 3rd Intern. Conf. Pervasive Comp. and Comm. (2005)Google Scholar
  27. 27.
    Rivest, R.L., Lampson, B.: SDSI—A simple distributed security infrastructure. Presented at CRYPTO 1996 Rumpsession (April 1996)Google Scholar
  28. 28.
    Rohs, M., Gfeller, B.: Using camera-equipped mobile phones for interacting with real-world objects. Advances in Pervasive Computing, pp. 265–271 (April 2004)Google Scholar
  29. 29.
    Scott, D., Sharp, R., Madhavapeddy, A., Upton, E.: Using visual tags to bypass Bluetooth device discovery. Mobile Comp. and Comm. Review 1(2) (January 2005)Google Scholar
  30. 30.
    Slawsby, A., Leibovitch, A.: Worldwide mobile phone 2004–2008 forecast update and 1H04 vendor shares (December 2004),
  31. 31.
    Wobber, E., Abadi, M., Burrows, M., Lampson, B.: Authentication in the Taos operating system. ACM Trans. Comp. Sys. 12(1), 3–32 (1994)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Lujo Bauer
    • 1
  • Scott Garriss
    • 1
  • Jonathan M. McCune
    • 1
  • Michael K. Reiter
    • 1
  • Jason Rouse
    • 1
  • Peter Rutenbar
    • 1
  1. 1.Carnegie Mellon UniversityPittsburghUSA

Personalised recommendations