Security Issues In Pervasive Computing

The combination of mobile and pervasive computing is emerging as a promising newparadigm. Through the use of mobile devices and devices embedded in the surroundingphysical environments, users can be provided transparent computing and communicationservices at all times and in all places. The security of pervasive computing is a criticallyimportant area for commerce, the public sector, academia and the individual citizen. Thesecurity threats exploit the weakness of networks, protocols as well as cryptographic algo-rithms. To achieve a secured pervasive computing environment, confidentiality, integrity andavailability should be fully attained. As the key technology and theory basis of informa-tion security, cryptology provides confidentiality, integrity and other security services. It isnecessary to develop secure and reliable protocols and platforms via cryptology.The aim of this thesis is to study properties of pervasive computing, the security re-quirements of pervasive computing and to design a series of cryptographic primitives andsecurity protocols. Our main achievements are as follows:1. An efficient cryptographic algorithm is proposed and implemented in the pervasivecomputing environment. The proposed batch decryption algorithm can be integratedit into the SSL/TLS handshake protocol. The SSL/TLS handshake protocol is the defacto standard for web security to provide authentication, integrity and confidential-ity. It uses public key cryptographic algorithms such as RSA for key establishment.Typically, public key cryptographic algorithm is computational intensive due to themodular multiplications. Moreover, implementations of RSA algorithm in SSL/TLSprotocol also incur the computationally imbalance between the client and the server.Therefore, SSL/TLS servers would become swamped to perform public key decryp-tions when the simultaneous requests increase quickly. Aim at this, we propose a batchdecryption algorithm based on the property of homomorphic cryptographic algorithms.Experiments show that the novel algorithm provides the reasonable response time andoptimizes server performance significantly.2. Suitable cryptographic primitives and security protocols are devised to improve theavailability of pervasive computing devices. we design a lightweight CBC-X mode Encryption/Decryption algorithm that completes encryption/decryption and authenti-cation at the same time to minimize computation and communication overhead. Be-cause sensors and sensor networks are widely used in pervasive computing environ-ment, we explore the security issues of wireless sensor networks and propose an ef-ficient link layer security scheme. The scheme provides transparent security servicessuch as encryption/decryption and authentication at the link layer of the network proto-col stack. The one-pass operation mode cryptographic algorithm uses approximatelyhalf of the energy in computing them separately otherwise. We also devise a novelpadding technique, enabling the scheme to achieve zero-redundancy on sending en-crypted/authenticated packets. Compared to TinySec, our scheme saves 50% energyconsumption for cryptographic operations and up to 58% communication overhead.3. Proper cryptographic systems and authentication protocols are studied and proposedfor pervasive computing environment. We propose an authentication protocol to solvean open problem in pervasive computing. That is secure use of public informationutilities without accessing a trusted third party (TTP). Authentication protocols areessential for security in pervasive computing systems. However, they are error-proneand difficult to design. In pervasive computing, the inherent characteristics such asmobility and restricted resources make it even harder to design suitable authentica-tion protocols. Our solution not only provides authentication, but also establishes asecure communication channel between the user and the service provider without theparticipation of TTP. The authentication protocol can be built with any secure sym-metric and asymmetric cryptographic algorithm.We also discuss how the protocol canbe extended to an applicable scheme with payment support.4. Trust management mechanisms are proposed to satisfy trust requirements in perva-sive computing environment. The devices in a pervasive environment would estab-lish dynamic ad-hoc networks to provide ubiquitous services. The open and dynamiccharacteristics of pervasive environments necessitate the requirement for some formof trust assumptions to be made. Trust in this context not only includes authentica-tion, confidentiality and privacy but also includes the belief that the devices and smartenvironment behave as expected. We propose a trust enforced pervasive computing environment by using the primitives provided by the Trusted Platform Module. Theapplication scenario shows how critical information infrastructure such as services anddata can be protected. In this smart environment, a person carrying a device authenti-cates to the environment in order to utilize its services. In this context the device andthe smart environment can also test and check each other's behaviors to better performtrust negotiation.