dc.description.abstract | Pervasive computing envisions an environment in which we are surrounded by
many embedded computer devices. The existence of those networked devices
provides us with a mobile, spontaneous and dynamic way to access various
resources provided by different (security policy) domains. In recent years, we
have witnessed the evolutionary development of numerous multiple domain
applications. One of the richest examples is pervasive environments. Typi-
cally, the conventional approach to secure access over multiple domains is to
implement a unique trusted infrastructure, extending local identity or capa-
bility based security systems and combining them with cross-domain authen-
tication mechanisms. However, this does not adequately meet the security
requirements of communicating with unknown players in pervasive environ-
ments. Moreover, it is infeasible to define a global trust infrastructure and a
set of assumptions that every player will trust in the multiple domain context.
A powerful design technique to address those new security challenges posed
by pervasive environments is to understand them from a domain perspective.
This thesis presents Localisation of Trust (LoT), an architectural frame-
work designed to address the security need of how to talk to correct strangers
in pervasive environments. Based on the localising trust security principle,
LoT provides a generic platform for building access control over multiple do-
mains from two ends: authentication and authorisation. Firstly, LoT proposes
a two-channel authentication protocol to replace traditional (strong) identity-
based authentication protocols by exploring desirable contextual information
for different pervasive applications. Then, delegation and localised authenti-
cation are deployed to achieve authorisation in pervasive environments. The
heart of this different semantic is to let the right domain get involved with its
local players’ interactions by helping them to convert a “token” to a usable
2
access capability, whilst keeping revocation in mind. This is done by introduc-
ing a domain-oriented Encryption-Based Access Control method, using ideas
borrowed for Identity-based Encryption.
The second part of this thesis describes several specific mechanisms and
protocols including a Dual Capabilities Model to achieve the required anti-
properties for LoT. Although novel, they are intended primarily as an existence
proof rather than being claimed to be ideal. Depending upon the precise
application and context, other mechanisms may be better. Most importantly,
the architecture-focused LoT provides such a flexibility by introducing multiple
domains as a primary concern but leaving untouched the security protocols
underlying each single domain and system implementation. Finally, a single
domain scenario, guest access, is examined with the light of LoT. The purpose
of doing so is to enhance the understanding of domain and other concepts
described in LoT and demonstrate the effectiveness and efficiency of LoT for
the scenarios chosen. | en |