06-06-2010, 02:00 PM
[attachment=3693]
DISTRIBUTED MULTI LEVEL SECURITY TOKEN BASED
AUTHENTICATION FOR UBIQUITOUS OBJECTS DMSA
Presented By:
A.R.Yardi 1
U.P.Kulkarni 2
J.V.Vadavi 3
Thyagaraju.G.S 4
S.M.Joshi 5
Principal, CSE Dept, Walchand CET, Sangli, India,
Faculty, CSE Dept, SDM CET, Dharwad, India
Faculty, CSE Dept, SDM CET, Dharwad, India
Faculty, CSE Dept, SDM CET, Dharwad, India
Faculty, CSE Dept, SDM CET, Dharwad, India
ABSTRACT
Ubiquitous computing technology provides an
environment where users expect to access resources and
services anytime and anywhere. The serious security risks
and problems arise because resources can now be
accessed by almost anyone with a mobile device in such
an open model. This paper explores security in ubiquitous
computing with focus on authentication. We propose a
new model, which uses distributed hierarchical tree based
approach for authenticating ubiquitous objects. We
overcome the problems associated with having
centralized source of information by dividing the
information among Certifying Agents (CA), which are
arranged in the form of a tree. Each Certifying Agent
maintains information about the local objects and its
immediate descendant certifying Agents. Certifying
Agents communicate to each other for authenticating the
ubicomp objects. The central idea of this solution is to
efficiently spread the important information over several,
separate Certifying Agents, which are distributed and
hence highly available.
Keywords: Ubiquitous, Certifying Agents, Security
Tokens, Pervasive Computing
1. INTRODUCTION
A ubiquitous computing is a new computing paradigm,
which integrates computation into our lifestyle and to
extend our reach into a global network of computing,
freeing us from desk-bound application interaction. With
the ability to take corporate and personal processes and
data with us, no matter our destination, opportunities
abound for improving and enhancing our personal and
professional Life. Mainframe Computing, was dominating
during 1940s to the early 1980s. In the early eighties the
Personal computing evolved and allowed the symbiosis
between a single person and a computer. Subsequently
Internet computing was introduced with the invention of
the World Wide Web in the early nineties. Today we have
reached a stage where every object communicates to each
other resulting in to the imaginary world called Pervasive
computing thus making this a compelling vision for the
future that is moving closer to realization at an
accelerating pace. The combination of global wireless and
wired connectivity along with mobile technologies has
made the vision of ubiquitous computing much more
realistic and feasible. Ubicomp [5] is an intelligent
computing, integrated into everyday objects that, it
becomes invisible to users. In this world, toys play
together, pets converse with their owners, vehicle talk to
road signs, refrigerators know when items inside expire.
The inherent freedom of ubiquitous system introduces
challenges for security and trust management [1].
Arguably, trust management is the most critical security
issue in ubicomp objects. If ubicomp objects do not have
any prior knowledge of each other, the trust establishment
becomes complicated. In these kinds of situations the
Ubicomp objects themselves should be responsible for
their own security. But achieving this is impossible
without depending on the third party for authentication.
We propose a model for security management with focus
on authentication in ubicomp objects that is based on
distributed hierarchy of authority to authenticate any
objects with multi level security tokens to identify the
levels of security required for authentication.
1.1. Security in Ubicomp
Classical security models rely extensively on perimeter
defenses and stable trust relationships. Thus the use of
firewalls to enforce perimeter security based on a tightly
defined network boundary. Also, users of a system are
assumed to be pre-registered and thus authentication and
access control are centered on user identities. In other
words, in centralized systems [18], authentication is
completed via a login and password and transmitted
through terminals directly connected to a host, and from
which the access rights and authorization are based only
on the userâ„¢s connection from the terminal and not on the
validity or verification of the individual. In a pervasive
environment, the above assumptions simply do not hold.
Pervasive computing extends traditional computing
boundaries. Also, trust relationships are dynamic as the
user community may be anonymous and constantly
changing, making pre-registration unworkable, and user
identity may not be known, available or relevant [19].
The various security problems [16] that are barriers to
moves from the lab to the real world.
The security issues for Ubiquitous objects can be
considered with respect to the following four criteria:
Confidentiality is the guarantee that information is shared
only between a user and the entities the user is willing to
communicate the information to. Authenticity is the
assurance that the Ubiquitous object in a ubiquitous
connection has the claimed identity and has subscribed to
the ubiquitous service. Integrity means the correctness of
stored and communicated personal (and annotation) data,
in the sense that only the corresponding person (the author
or a responsible moderator) can alter them. Availability
means that the ubiquitous service is accessible and usable
for subscribed persons using appropriate mobile devices
1.2. Authentication in ubiquitous computing
An authentication process establishes the identity of some
entity under scrutiny. For example, a traveler
authenticates them-self to a border guard by presenting a
passport. Possession of the passport and resemblance to
the attached photograph is deemed sufficient proof that
the traveler is the identified person. The act of validating
the passport (by checking a database of known passport
serial numbers) and assessing the resemblance of the
traveler is a form of authentication. Successful
mainstream
pervasive
computing
are:
device
authentication does not imply that the authenticated entity
authentications, privacy, trust management, device
assurance, resource, and availability. The trust, security,
and privacy issues inherent in pervasive computing
environments present unique challenges that require a
fundamental re -examination of how to build large-scale,
trustworthy, distributed systems. Ubiquitous systems need
to be secure. The heart of Ubiquitous computing vision
lies in an inherent contradiction [3]. On the one hand, a
computing environment must be highly knowledgeable
about a user, to conform to his/her needs and desires
without explicit interactions, almost reading the userâ„¢s
mind. On the other hand a system that is truly ubiquitous
will encompass numerous users, physical regions, and
service providers. At such large scale, perfect trust among
all parties is an un-attainable and is ideal. Trust
boundaries thus represent seams of discontinuity in the
fabric of pervasive computing. Building secure systems is
a challenge for the number of reasons.
While establishing a trust 3], users must be confident of
their computing environments, trust worthiness. The
infrastructure must be confident of a userâ„¢s identity and
authorization level before responding to the requests. This
will become a key requirement as pervasive computing
is given access. An authorization process uses
authentication, possibly with other information, to make
decisions about whom to give access. For example, not all
authenticated visitors will be permitted to enter any where
in the defense building i.e we need to establish some
mechanism on, who can do what? and what not? , though
they are authenticated visitors. For this reason we have
introduced the concept of multi level security token
concept. Each ubicomp object is issued token at particular
level, depending on associated risk involved, by the third
part certifying agents. When such object A, negotiate with
other object B , it is up to the object B, to decide whether
to permit A for whatever it is requesting or not
?,depending on the security toke level of the object A and
vice versa.. Existing security infrastructures [1] deal with
authentication and access control. These mechanisms are
inadequate for the increased flexibility required by
distributed networks. We suggest enhancing security by
the addition of trust, which is similar to the way security
is handled in human societies. A person is trusted if
someone we trust, says that the person can be trusted. In
terms of distributed computing, a user is allowed to access
a service or information, if the user has the access right to
do so, or if the user has been delegated the ability by a
trusted authority. Trust management can be viewed as
developing of security policies, the assignment of
credentials to entities, checking if the credentials fulfill
the policy and the delegation of trust to third parties.
2. MOTIVATIONS AND RELATED WORK
The five hard trust-related problems in a pervasive
computing environment [16] are:
1. Who am I talking to?
2. Will my privacy be safeguarded?
3. Can I trust the device I am communicating?
4. Does the system provide the resource?
5. Will the pervasive services be reliably available?
At the present time, pervasive computing researchers are
investigating specific security issues in the context of
narrowly defined point problems [16]. The main future
challenge of pervasive computing consists in offering
access anywhere and anytime with any devices. However,
before it becomes a reality, the problems of access control
and authentication have to be solved, among others.
Existing solutions are inadequate without adaptation to
this specific environment. Reijo Savola et al [1] , proposes
an approach for authentication using self-signed
certificates. This approach resembles the ideally used
PGP approach [2]. Here the node creates and signs a
public key certificate using corresponding secrete key.
The self-signed certificate is not proof of identity. But the
proof that the node posses public secrete key pair. As with
PGP the certificate gradually becomes proof of identity,
when other nodes have signed it. The self signed
certificate approach suits the situations in which the same
node form network regularly. Here the first contact is
insecure. But in the subsequent contacts, the nodes have
sufficient information about each other, and hence the
communication is secured.
Among the promising approaches, the trust paradigm
seems to be more flexible than others. The APC (Access
Pass Certificate) proposed [10] has model to enable
authorized user to roam and to access trusted hosts
without being known locally. Each user can have an APC
certificate from two kinds of hosts: the main host (where
the user is member) and the trusted host (that trust the
user). Using these certificates, the user extends
progressively his access scope. Moreover, this model
implements a decentralized mapping policy, where
correspondence between the userâ„¢s home profile and its
rights on the trusted hosts is determined as needed. The
main disadvantage of this model is the difficulty while
managing relationship among organizations (hosts) and
applying the mapping policy. In fact, an organization,
having a trust relationship with other organizations, must
validate and value relations manually and is not
acceptable in case of true pervasive system. Security in
Ubiquitous computing environment such as Pervasive or
Ad-hoc, security models based on trust, (PGP Pretty good
Privacy) [12], X509[11], [13], [14] and [15], are
implemented .Almost all these models use the delegation
concept to extend the access scope. They can use a
certification [13], [14], or agents [15], which enable any,
authorized entity the right to delegate an access to certain
resources. The delegation mechanism is considered to be
efficient, but not quite sufficient to perform a broad
access, because the userâ„¢s scope is restricted only to
environments where he could be locally known.
Consequently, he can have an access if there is at least
one entity that trusts him. In a pervasive computing
environment, users have many devices that are used to
initiate or answer remote service requests, such as
obtaining real-time stock quotes, handling corporate
email, or accepting telephone calls. We envision that in
the future, many applications will be distributed, running
across many of a userâ„¢s specialized pervasive devices
rather than on a single system. In this case, a user needs
the ability to log into the personal pervasive domain,
which spans each of the pervasive devices representing
this user. In addition, the pervasive devices belonging to
the userâ„¢s pervasive domain must be able to represent this
user to external services. The paper [17] solve the
problem of managing the authorization for pervasive
devices belonging to a userâ„¢s personal pervasive domain
by introducing a central personal authorization gateway
that accompanies the user and allows pervasive devices in
the userâ„¢s pervasive domain to be automatically
configured and authorized. The Pervasive Authentication
Domain proposed [17] consists of a Personal
Authentication Gateway (PAG) and a collection of
pervasive devices. The Personal Authentication Gateway
is transparent to external parties and constitutes the
security hub for the domain. A pervasive device can
request its security configuration at boot-time from the
gateway or the pervasive devices can refresh their security
configuration on demand. The architecture of the Personal
Authentication Gateway and pervasive devices that
implement the Pervasive Authentication Domain is
illustrated in Figure 1. As PAD model works on central
repository like model, it may have poor performance
when huge number of pervasive objects are involved and
hence is not scalable. So we are proposing Distributed
Multi level Security token-based Authentication for
ubiquitous objects (DMSA).
3. PROPOSED MODEL
The Distributed Multi level Security token-based
Authentication (DMSA) protocol for ubiquitous object
operates in distributed, multi-level security environment,
which is modeled as forest of hosts operating as
Certifying Agents (CA). Certifying Agents authenticate
the Ubiquitous Objects (O) for communication. CAs is
arranged in the form of a tree, root being the single point
authority, yet the whole structure is geographically
distributed. Each CA maintains information about its
immediate descendants, which can be CAs or ubiquitous
objects, registered with it, as shown in the figure-2.
To illustrate the working of the proposed model, consider
the Certifying Agents in the hierarchy as shown in the
following figure -2. The authentication process is carried
out through the following phases.
3.1. Registration Phase
3.1.1 Registering Certifying Agent
All the Certifying Agents who are responsible for
registering Objects need to register themselves with
another Certifying Agent (Parent).
3.1.2 Registering Objects
The Ubiquitous objects which want to communicate with
other objects need to register them by providing Object ID
to any CA and get appropriate Security Token, depending
on the level at which CA believe that object.
3.2. Authentication Phase
The communication between two Ubicomp objects
commences with one object sending the service request
message to the other. This initiates the authentication
phase.
For illustration consider two Ubicomp Objects - mobile
handset and a laptop. In the registration phase, the Mobile
is registered with the Certifying Agent CA1.1.1.0 and the
Laptop is registered with the Certifying Agent CA1.3.2.0.
Assume that in some context, at some different place,
mobile (initiator) wish to access the service available at
Laptop (Listener) and hence sends a request message to
Laptop. Laptop forwards the message to its Certifying
Agent CA1.3.2.0. The authentication process that is
followed is as described below.
Scenario 1
Here each Certifying Agent stores the information about
all other Certifying Agents of the distributed tree.
The Mobile, registered at Certifying Agent CA1.1.1.0
sends service request to the Laptop. The Laptop
authenticates Mobile by sending message to its certifying
Agent CA1.3.2.0. Since each Certifying Agent has the
details about all other Certifying Agents, the Certifying
Agent CA1.3.2.0. Forwards the Authentication message
to Certifying Agent CA1.1.1.0 directly without going
through up or down the tree. The reply from the
Certifying Agent CA1.1.1.0 will be forwarded to Laptop
by Certifying Agent CA1.3.2.0. Depending upon the
reply, the Laptop can provide access to Mobile. This
scenario is illustrated in figure3.
The problem with this scenario is, regularly advertising
the status of CA, addition/deletion of CAs at any place to
all the CAs of the entire tree. One such problem is
highlighted in figure-3.1, where CA1.1.1.0 is blocked by
its parent CA1.1.0. By the timeËœtâ„¢, this information
spreads to all CAs in tree, may be some CA say 1.3.2.0
may send message to blocked CA1.1.1.0 for
authentication of some objects. This happens because the
information of blocking CA 1.1.1.0 is not reached CA
1.3.2.0. Now CA 1.1.1.0 may respond and hence violate
the whole objectives defined.
Scenario 2
In this scenario each Certifying Agent stores the
information about its children certifying Agents and about
its parent certifying Agent only. Every Certifying Agent is
assigned a unique hierarchical address (referred her as
Ubiquitous Address similar to Internet Protocol address)
by its parent Certifying Agent. The Mobile, registered at
Certifying Agent CA1.1.1.0, sends service request to the
Laptop. The Laptop authenticates Mobile by sending the
message to its CA i.e CA1.3.2.0. Now CA1.3.2.0 searches
CA1.1.1.0 in its table. Since Certifying Agent CA1.1.1.0,
is not registered under CA1.3.2.0, it forwards the message
to its parent certifying Agent or to its descendent
Certifying Agents, by resolving the hierarchical address.
Upon receiving the message from CA1.3.2.0, the
certifying agent CA1.3.0 also follows the same procedure
and the message will be forwarded finally to CA1.1.1.0.
The CA1.1.1.0 authenticates the Mobile and the reply will
be sent to Certifying Agent - CA1.3.2.0. Now CA1.3.2.0
forwards this reply to Laptop. The scenario-2 is
represented in figure-4. The drawback of this scenario is
the time Ëœt1â„¢ required to forward the authentication
message through the up and down the hierarchy. However
fro m the observation it is clear that, this time Ëœt1â„¢ is more
acceptable than the time Ëœtâ„¢ mentioned in scenario 1.
4. DATA STRUCTURES USED
Every CA maintains the records in the form of tables.
Each CA has two tables, one for the information about its
descendent CA and the other for the information about the
registered ubiquitous objects in that region. It also has
static information about the parent CA. The structure of
the table to maintain the descendent CAâ„¢s information is
as shown in figure-5 and for registered objects is as shown
in figure-6
Object ID :
UA Address :
The object and is different
From Object ID.
Retention Period :
for which the entry
will be maintained by
the CA
Security Token (ST):
Unique Object ID.
Ubiquitous Address for
Maximum duration
Value in this field
Identifies the access
Right for the object.
Every Object should register with the local CA by
specifying its ID and other details required so that CA
can believe it. Based on all this information security
token will be assigned to that object for some duration.
More freedom implies less retention period and vice
versa. When the object wants to communicate with
other objects it has to send a request message as shown
in figure-7, to the object with which it wants to
communicate.
Figure-7: Request format.
: The address of the CA with which the
object is registered.
ST
: The values can be
0 - No access (default)
1 - Read Only.
2 - Read and Write.
These values are used for illustration
purpose only.
: Object ID with whom my -object wish to
Negotiate.
The receiving object forwards this message to the local,
Itâ„¢s CA. If the sending object has registered with the local
CA then ST will be verified locally else the CA Will
query its parent CA by s ending the message as Shown in
figure-8.
Figure-8: Message format for query between CAs
Finally the message will be forwarded to the proper CA,
in which the object whose authentication details are
registered. After verifying, this CA will respond back to
the requesting CA. The local CA then sends reply to the
object, which can then provide service depending on reply
received.
The proposed model was implemented using Aglet- an
Agent platform developed by IBM. The empirical results
show that the performance is acceptable though it
involves exchange of huge message, which is essential;
otherwise it is practically impossible to authenticate
5. CONCLUSION
We believe that the trends in pervasive computing are
increasing the diversity and heterogeneity of Networked
Objects and their constituent devices. Developing security
protocols that can handle diverse and mobile, devices,
networked in various ways represents a major challenge.
In this paper, we have taken a first step towards meeting
one of such challenge i.e. authentication of ubiquitous
objects. Empirical results have shown that the
performance of the proposed DMSA model is acceptable
in reality of pervasive world. It is also clear that perfect
trust among all parties in pervasive world is an un-
attainable ideal without compromising the true autonomy
i.e. we need to depend on the trusted third party for
whatever the algorithm used for authentication.
REFERENCES
[1] Reijo Savola,Ilkka Uusitalo, Towards Node-Level security
management in self organizing Mobile Ad hoc Networks,
devices in pervasive world. The GUI of the
Advanced International
on Telecommunication and
implementation is shown in figure-9.
[2] Zimmermann P., PGP Userâ„¢s Guide, MIT October 1994.
[3] M.Satyannarayanan Privacy: The Achilles Heel of
Pervasive Computing? Editor in Chief IEEE Pervasive
Computing Jan-March 2003.
[5] George Roussos, Theano Moussouri Consumer
perceptions of privacy, security and trust in ubiquitous
commerce Springer-Verlag London Limited 2004
ersUbiquit Comput (2004) 8: 416-429
[6] Mark Weiser, Rich Gold, John Seely Brown, The origins
of ubiquitous computing research at PARC in the ate
1980s,IBM Systems Journal; 1999; 38, 4;Wilson Applied
Science & Technology pg. 693
[7] Mark S. Ackerman Privacy in pervasive environments:
next generation labeling protocols Pers Ubiquit Comput
(2004) 8: 430-439
[8] Weiser, Mark Some computer science issues in ubiquitous
computing, Association for Computing Machinery.
Communications of the ACM; Jul 1993; 36, 7; Wilson
Applied Science & Technology Abstracts pg. 74
[9] Kay Römer, Thomas Schoch and Friedemann Mattern
Smart Identification Frameworks for Ubiquitous
Computing Applications, Wireless Networks 10, 689-700,
2004 Kluwer Academic Publishers. Manufactured in The
Netherlands.
[10] Rachd Saadi, et al, APC: Access Pass Certificate Distrust
Certification Model for Large Access in Pervasive
Environment 0-7803-9032-61051 $20.00 02005 IEEE,
pp361-370.
[11] ITU-T Rec. X.509 (2000). ISOAEC 9594-8, The
Directory: Authentication Framework.[12] P. R.
Zimmermann. The Official PGP User's Guide. IT Press,
Cambridge, MA, USA, 95.
[12] Lalana Kagal, Tim Finin, and Anupam Joshi, Trust-
based security in pervasive computing environments.
IEEE Computer, pages 154.157. DEC 01.
[13] Laurent Bussard, Yves Roudier, Roger Kilian Kehr,
Stefan0 Crosta. Trust and Authorization in Pervasive B2E
Scenarios. In Proceedings o f 6th Information Security
Conference (ISC'03) OCT 03.
[14] Lalana Kagal, Tim Finin and Yun Peng, A Delegation
Based Model for Distributed Trust, Proceedings of the
IJCAI-01 Workshop on Autonomy, Delegation, and
Control: Interacting with Autonomous Agents, pp 73-80.
AWG 01.
[15] Kumar Rang Nathan, Trustworthy Pervasive Computing:
The Hard Security Problems, Proceedings of the Second
IEEE Annual Conference on Pervasive Computing and
Communications Workshops (PERCOMWâ„¢04)
[16] Reiner Sailer, James R. Giles, Pervasive Authentication
Domains for Automatic pervasive Device Authorization,
Proceedings of the Second IEEE Annual Conference on
Pervasive Computing and Communications Workshops
(PERCOMWâ„¢04)
[17] T. Ray Campbell, Self-Authorization: A Methodology for
Secured Network Access in a Distributed Paradigm, 0
7803-8865-8/05/ ©2005 IEEE.
[18] Roshan K. Thomas Ravi Sandhu, Models, Protocols,
and Architectures for Secure Pervasive Computing:
Challenges and Research Directions, Proceedings
of the Second IEEE Annual Conference on Pervasive
Computing and Communications Workshops
