| Pervasive computing is the integration of cyberspace and physical space. In this incorporated space, users can obtain digital services non-intrusively anytime and anywhere. However, the ubiquitous and mobile environment introduces a new security challenge. Because of the unpredictability of the cooperated principals, it is unsuitable to use traditional security mechanisms suited for static network or closed systems to solve problems occur in pervasive computing environment. In addition, the incorporated space makes it more difficult to protect users'privacy. In pervasive computing environment, in order to provide users services implicitly and spontaneously, system must obtain context information through ubiquitous devices embedded in the surrounding. On the other hand, if the security of the computer system could not be ensured, users'privacy would be exposed entirely to intruders. Therefore, security is the biggest challenge the pervasive computing will meet.There exist four key security problems that are barriers to pervasive computing. These are: trust model, authentication, access control and privacy.For establishing trust model of pervasive computing, there exist two challenging problems: one is how to express the dynamic characteristic of trust. Another is how to establish initial trust. A dynamic trust model is proposed to address these two problems. Trust in this model includes basic trust and dynamic trust. The formation of basic trust is based on resource-constrained trust negotiation or the past interaction result, while dynamic trust depends on context information. This model also discusses the questions such as how to form trust, what trust parameters are, and how to evaluate these parameters, how to calculate combination trust level, how to denote trust, how to compare two trust values and how to renovate trust level.Adequate trust level between two stranger users must be met to accomplish a transaction. Resource-constrained trust negotiation (RCTN) to establish initial trust relationship between strangers is presented, in which credential is exchanged only once, and then two parties exchange secret key iteratively. In resource-constrained trust negotiation, one-way hash function is used to verify the attributes in credential. Sensitive attributes are protected by symmetric secret key, and they are disclosed in the control of each party. RCTN can avoid the heavy computational demands arise from the public key cryptography operations which the need of traditional trust negotiation to exchange to exchange and verify credentials, check policy compliance time after time. And RCTN needs less memory space to save credentials than those of traditional trust negotiation. RCTN can also prevent the vulnerability of man-in-the-middle attacks which the traditional trust negotiation has.For the authentication in pervasive computing, the most key problem is to establish trust relationship. The authentication between principals in pervasive computing can be achieved by integrating dynamic trust model and traditional authentication key exchange protocols.For access control in pervasive computing, the dynamic authorization is a challenging problem. Trust based access control model in thesis which extends the role based access control model by using dynamic trust model can address this problem. User-role assignment depends on the basic trust, and the activation of role and permission is based on dynamic trust. The users'permission to access resources is changeful along with dynamic trust.The most challenging problem in pervasive computing is how to protect user's privacy. A theory analysis model for user privacy protection is addressed. This model is a tool to evaluate and analyze privacy protection mechanisms, as well as help in constructing new ones. Also, a secure privacy-protecting protocol for pervasive computing is presented, which not only allows the service providers to authenticate users but provides users'privacy protection, replay attack protection and malice collusion prevention among devices.
|
PDF Full Text Request