| Service discovery is an essential element in pervasive computing environments to minimize administrative overhead. It enables devices and network services to properly discover, configure, and then communicate with each other. Much research on service discovery has been conducted, but most protocols are not designed with security and privacy support. Therefore, services may be discovered and used by anyone and subject to attacks. Directly applying the existing security and privacy solutions, however, may not work simply because the environments change.; This research addressed four areas of secure service discovery design, namely, unfamiliar environments, authentication, personal privacy, and its application for entity authentication in pervasive computing. The research resulted in a comprehensive survey, identification of essential secure and private service discovery issues, and novel design for convenient, secure, and private service discovery.; Our initial design of secure and private service discovery protocols targeted public environments. Proxy-based service discovery models were proposed to facilitate both mobile clients and services for secure and private service access and sharing. Then, we addressed a critical authentication issue in pervasive service discovery: involvement of necessary and proper users and service providers in a discovery session. We proposed a prudent service discovery model for users and service providers to establish mutual trust. The model also automates authentication processes. Therefore, users do not need to memorize the relationship among network services, service providers, and credentials. Next, we identified a difficult privacy challenge and expressed it as a "chicken-and-egg problem": both users and service providers want the other parties to expose sensitive information first. We proposed a progressive and probabilistic approach to protect privacy while achieving security and good usability at the same time. Our progressive exposure approach enables partial exposure. As a result, we provide an additional exposure choice besides the conventional two choices: expose or not expose. Last, we extended and applied prudent and progressive design to entity authentication for pervasive computing environments. A person uses a single device, the Master Key, for entity authentication. The Master Key aggregates one's digital access tokens and automatically discovers and selects proper tokens for authentication.; We built mathematical models, designed algorithms, provided theoretical analysis, and designed security protocols. We implemented protocols and built prototype systems. Security protocols were formally verified and analyzed. Threats and attacks were also analyzed, and counter attack measurements were proposed. In addition, much experimentation was conducted to verify our design, to test hypotheses, and to measure performance. |
