Research On Entity Authentication And Privacy Protection In Pervasive Computing

The openness, cross-domain, mobility, context awareness and limited resource of pervasive computing bring the new security challenges and requirements for securing pervasive computing environment (PCE).The authentication schemes based on static networks or closed system needs the pre-establish trust, so they are not suitable for the dynamical and open characterisitics of PCE. The extension of physical space in pervasive computing brings potential threat on users’ privacy. Authentication and privacy are two important but contradictory objectives. Users want to inactive with the environment and authenticate with other users while preserving sensitive information unexposed. In this paper, we study on entity authentication and privacy protection in views of improving the security, privacy and light-weightness in pervasive computing. The main work and contributions of this dissertation are as follows:As to the anonymous authentication, the intra-domain and inter-domain anonymous authentication and key establishment lightweight protocols are proposed respectively. Biometric encryption technique is used for anonymous authentication in these two protocols, and then AMP+ protocol and signcryption techniques are used to negotiate the session keys for subsequent communication respectively. Biometric encryption can solve the leakage problem of biometric templates, and protect the privacy of biometric features. In order to achieve anonymous communication in the data-link layer, MAC address concealment is adopted. The session key can guarantee.confidentiality, integrity and repudiation of the subsequent messages. The proposed protocol has the advantages in terms of anti-attack, lightweight, high-privacy and low delay.As to the group key management, hierarchical group key management scheme is proposed according to the real topology of PCE. The weight-balanced 2-3 tree is adopted to manage the whole group. Group members act as leaves, and the authentication server of every domain acts as the sub-group leader, and the authentication server of the multicast source acts as the tree root. Instead of using the conventional symmetric and non-symmetric encryption algorithms, the maximum distance separable code technique is employed to distribute the multicast key dynamically, which significantly reduces computation complexity and storage complexity of mobile devices. With regard to the group controller initialization, and one or multiple users’adding and leaving, a series of adjustment rules for the 2-3 trees are developed. At the same time, pseudo-nodes are added to keep the tree balanced in order to reduce the computation and communication complexity during the key updating.As to the location based services, the service quality and the location privacy is a contradiction, because the accurate location information can bring the better service. In order to protect the location privacy, a location privacy protection scheme is proposed based on the spatio-temporal K-anonymity level. A location privacy protection algorithm based on cluster, namely ClusterProtection, is designed. The Trusted Third Party (TTP) uses ClusterProtection algorithm recursively to divide mobile users into cluster structures, and each cluster contains at least K users. The exact location information of a user is fuzzified into a cloaked spatial area. Our algorithm can meet the user’s personalized requirement of K-anonymity and the quality of location service. When the user moves, the cluster structure will be adjusted in time. Theoretical and experimental analysis shows that our algorithm has the advantages of more privacy, higher robustness, and lower complexity, which can balance the service quality and location privacy.