Delivering mobile services to mobile users in open networks: Quality of service, authentication and trust-based access control

This thesis describes scenarios in which a mobile user needs various services, such as Internet telephony, secure printing and online data services in a number of places. From these scenarios we summarize the requirements for quality of service control, service discovery, user authentication and authorization, service access control, and user privacy. In order to implement a prototype to support service discovery, we studied different technologies including Bluetooth, Jini, and Web Services. SDPtool from BlueZ was chosen to limit the search range within the user's local area while using minimal power consumption. Also included in the implementation, the Session Initiation Protocol is used to initiate the session and exchange messages while Java Media Framework is used to capture and deliver multimedia data. In the process of adapting Dupre's authentication protocol for user authentication, we found that it is possible for a third party to intercept the messages exchanged between a user and a Foreign Agent, which may lead to denial of service attack and weakens the strength of the user's password. The protocol is then improved by introducing additional message segments and altering the way to verify the server's response. The thesis also deals with trust relationships, which are needed as a basis for communication between the two parties. Shi's probability distribution model is introduced to integrate recommendations from different domains so that a service provider could make better decisions whether a given user should be assigned certain access rights. In the other hand, a user also depends on a trust relationship to make sure that his or her sensitive data will be handled properly. Finally, based on all of the above, a trust-based access control framework for mobile users and services is proposed and choices of implementation are briefly discussed.