Abstract
Authentication is traditionally required to be strong enough to distinguish legitimate entities from unauthorised entities, and always involves some form of proof of identity, directly or indirectly. Conventional storable or delegable authentication scenarios in the pervasive computing environment are often frustrated by the qualitative changes of pervasive computing when humans are admitted into the loop. In this paper, we present an alternative approach based upon involving human self-determination in security protocols. This targets the authentication problem in pervasive computing, particularly when communication occurs in mobile ad-hoc fashion. We propose the argument of “thinkable” authentication, which involves using two-level protocols with the consideration of minimising trustworthiness in both human and computer device domains, but without unnecessary entity identity authentication. Thus, self-determining knowledge of the human interactions in pervasive computing can be exploited in order to make improvements on current security mechanisms.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, R.: Why Cryptosystems Fail. Communications of the ACM 37(11), 32–40 (1994)
Arkko, J., Nikander, P.: Weak authentication: How to authenticate unknown principals without trusted parties. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2002. LNCS, vol. 2845, pp. 5–19. Springer, Heidelberg (2004)
Asokan, N., Ginzboorg, P.: Key Agreement in Ad-hoc Networks. Computer Communication Review 23, 1627–1637 (2000)
Balfanz, D., Smetters, D., Stewart, P., Wong, H.: Talking to Strangers: Authentication in ad-hoc Wireless Networks. In: Symposium on Nework and Distributed Systems Security (NDSS 2002) (February 2002)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management. In: Proc. IEEE Conference on Security and Privacy, Oakland, CA, pp. 164–173 (May 1996)
Burrows, M., Abadi, M., Needham, R.: A Logic of Authentication. ACM Transactions on Computer Systems 8(1), 18–36 (1990)
Christianson, B., Harbison, W.S.: Why Isn’t Trust Transitive? In: Lomas, M. (ed.) Security Protocols 1996. LNCS, vol. 1189, pp. 171–176. Springer, Heidelberg (1997)
Christianson, B., Malcolm, J.A.: Binding Bit Patterns to Real World Entities. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 105–113. Springer, Heidelberg (1998)
Christianson, B.: Secure sessions from weak secrets. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2003. LNCS, vol. 3364, pp. 206–212. Springer, Heidelberg (2005)
Creese, S., Goldsmith, M., Roscoe, B., Zakiuddin, I.: The Attacker in Ubiquitous Computing Environments: Formalising the Threat Model. In: Proc. of the 1st International Workshop on Formal Aspects in Security and Trust, pp. 83–97 (2003)
Creese, S., Goldsmith, M., Roscoe, B., Zakiuddin, I.: Authentication for pervasive computing. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 116–129. Springer, Heidelberg (2004)
Ellison, C.M., Frantz, B., Lampson, B., Rivest, R., Thomas, B.M., Ylonen, T.: SPKI Certificate Theory. Internet rfc 2693 (October 1999)
Gehrmann, C., Mitchell, C.J., Nyberg, K.: Manual Authentication for Wireless Devices. Cryptobytes 7(1), 29–37 (2004)
Gong, L.: Cryptographic Protocols for Distributed Systems. Ph.D thesis, University of Cambridge (1990)
Hutter, D., Stephan, W., Ullmann, M.: Security and privacy in pervasive computing state of the art and future directions. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 285–289. Springer, Heidelberg (2004)
Karger, P.A.: Improving Security and Performance for Capability Systems. Ph.D thesis, University of Cambridge (1988)
Langheinrich, M.: When Trust Does Not Compute – The Role of Trust in Ubiquitous computing. In: Workshop on Privacy at Ubicomp 2003 (October 2003)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Florida (1997)
Miller, S.P., Neuman, B.C., Schiller, J.I., Saltzer, J.H.: Kerberos Authentication and Authorisation System. Project Athena Technical Plan, section e.2.1, M.I.T. (October 1988)
Mitchell, C.J., Pagliusi, P.S.: Is entity authentication necessary? In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2002. LNCS, vol. 2845, pp. 20–33. Springer, Heidelberg (2004)
Mullender, S.J.: Principles of Distributed Operating System Design. Ph.D thesis, Vrije Universiteit te Amsterdam (1985)
Needham, R.M., Schroeder, M.D.: Using Encryption for Authentication in Large Networks of Computers. Communications of the ACM 21(12), 993–999 (1978)
Roe, M.: Cryptography and Evidence. Ph.D thesis, University of Cambridge (1997)
Seigneur, J.-M., Farrell, S., Jensen, C.D., Gray, E., Chen, Y.: End-to-end trust starts with recognition. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 130–142. Springer, Heidelberg (2004)
Stajano, F.: Security for whom? In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 16–27. Springer, Heidelberg (2003)
Stajano, F., Anderson, R.: The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks. In: Christianson, B., Crispo, B., Roe, M. (eds.) Proceedings of the 7th International Workshop Security Protocols. LNCS, vol. 1296, pp. 172–194 (1999)
Stajano, F., Anderson, R.: The Resurrecting Duckling: security issues for ubiquitous computing. IEEE Computer 35(4) (April 2002)
Turing, A.M.: Computing Machinery and Intelligence. MIND 49, 433–460 (1950)
von Ahn, L., Blum, M., Hopper, N.J., Langford, J.: CAPTCHA: Using Hard AI Problems for Security. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 294–311. Springer, Heidelberg (2003)
von Ahn, L., Blum, M., Langford, J.: Telling Humans and Computers Apart Automatically. Communications of the ACM 47(2), 56–60 (2004)
Weiser, M.: The Computer for the Twenty-First Century. Scientific American 265(3), 94–104 (1991)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Li, J., Christianson, B., Loomes, M. (2006). “Fair” Authentication in Pervasive Computing. In: Burmester, M., Yasinsac, A. (eds) Secure Mobile Ad-hoc Networks and Sensors. MADNES 2005. Lecture Notes in Computer Science, vol 4074. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11801412_13
Download citation
DOI: https://doi.org/10.1007/11801412_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36646-1
Online ISBN: 978-3-540-37863-1
eBook Packages: Computer ScienceComputer Science (R0)