Towards a Localisation of Trust Framework for Pervasive Environments
Pervasive computing envisions an environment in which we are surrounded by many embedded computer devices. The existence of those networked devices provides us with a mobile, spontaneous and dynamic way to access various resources provided by different (security policy) domains. In recent years, we have witnessed the evolutionary development of numerous multiple domain applications. One of the richest examples is pervasive environments. Typi- cally, the conventional approach to secure access over multiple domains is to implement a unique trusted infrastructure, extending local identity or capa- bility based security systems and combining them with cross-domain authen- tication mechanisms. However, this does not adequately meet the security requirements of communicating with unknown players in pervasive environ- ments. Moreover, it is infeasible to define a global trust infrastructure and a set of assumptions that every player will trust in the multiple domain context. A powerful design technique to address those new security challenges posed by pervasive environments is to understand them from a domain perspective. This thesis presents Localisation of Trust (LoT), an architectural frame- work designed to address the security need of how to talk to correct strangers in pervasive environments. Based on the localising trust security principle, LoT provides a generic platform for building access control over multiple do- mains from two ends: authentication and authorisation. Firstly, LoT proposes a two-channel authentication protocol to replace traditional (strong) identity- based authentication protocols by exploring desirable contextual information for different pervasive applications. Then, delegation and localised authenti- cation are deployed to achieve authorisation in pervasive environments. The heart of this different semantic is to let the right domain get involved with its local players’ interactions by helping them to convert a “token” to a usable 2 access capability, whilst keeping revocation in mind. This is done by introduc- ing a domain-oriented Encryption-Based Access Control method, using ideas borrowed for Identity-based Encryption. The second part of this thesis describes several specific mechanisms and protocols including a Dual Capabilities Model to achieve the required anti- properties for LoT. Although novel, they are intended primarily as an existence proof rather than being claimed to be ideal. Depending upon the precise application and context, other mechanisms may be better. Most importantly, the architecture-focused LoT provides such a flexibility by introducing multiple domains as a primary concern but leaving untouched the security protocols underlying each single domain and system implementation. Finally, a single domain scenario, guest access, is examined with the light of LoT. The purpose of doing so is to enhance the understanding of domain and other concepts described in LoT and demonstrate the effectiveness and efficiency of LoT for the scenarios chosen.