Abstract
Most of today’s authentication schemes involve verifying the identity of a principal in some way. This process is commonly known as entity authentication. In emerging ubiquitous computing paradigms which are highly dynamic and mobile in nature, entity authentication may not be sufficient or even appropriate, especially if a principal’s privacy is to be protected. In order to preserve privacy, other attributes (e.g. location or trustworthiness) of the principal may need to be authenticated to a verifier. In this paper we propose Ninja: a non-identity-based authentication scheme for a mobile ubiquitous environment, in which the trustworthiness of a user’s device is authenticated anonymously to a remote Service Provider (verifier), during the service discovery process. We show how this can be achieved using Trusted Computing functionality.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chakraborty, D., Joshi, A., Yesha, Y., Finin, T.: Toward distributed service discovery in pervasive computing environments. IEEE Transactions on Mobile Computing 5(2), 97–112 (2006)
Friday, A., Davies, N., Wallbank, N., Catterall, E., Pink, S.: Supporting service discovery, querying and interaction in ubiquitous computing environments. Wireless Networks 10(6), 631–641 (2004)
Zhu, F., Mutka, M., Li, L.: Service discovery in pervasive computing environements. IEEE Pervasive Computing 4(4), 81–90 (2005)
Zhu, F., Mutka, M., Ni, L.: A private, secure and user-centric information exposure model for service discovery protocols. IEEE Transactions on Mobile Computing 5(4), 418–429 (2006)
Zhu, F., Zhu, W., Mutka, M.W., Ni, L.: Expose or not? A progressive exposure approach for service discovery in pervasive computing environments. In: 3rd IEEE Conf. on Pervasive Computing & Communications, pp. 225–234. IEEE Computer Society Press, Los Alamitos (2005)
Gollmann, D.: What do we mean by entity authentication? In: IEEE Symposium on Security and Privacy, pp. 46–54. IEEE Computer Society Press, Los Alamitos (1996)
Creese, S., Goldsmith, M., Roscoe, B., Zakiuddin, I.: Authentication for pervasive computing. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 116–129. Springer, Heidelberg (2004)
Bao, F., Deng, R.H.: Privacy protection for transactions of digital goods. In: Qing, S., Okamoto, T., Zhou, J. (eds.) ICICS 2001. LNCS, vol. 2229, pp. 202–213. Springer, Heidelberg (2001)
Berendt, B., Günther, O., Spiekermann, S.: Privacy in e-commerce: Stated preferences vs. actual behavior. Communications of the ACM 48(4), 101–106 (2005)
Campbell, R., Al-Muhtadi, J., Naldurg, P., Sampemane, G., Mickunas, M.D.: Towards security and privacy for pervasive computing. In: Int’l Symposium on Software Security, pp. 1–15 (2002)
Wu, M., Friday, A.: Integrating privacy enhancing services in ubiquitous computing environments. In: Borriello, G., Holmquist, L.E. (eds.) UbiComp 2002. LNCS, vol. 2498, p. 71. Springer, Heidelberg (2002)
Balacheff, B., Chen, L., Pearson, S., Plaquin, D., Proudler, G.: Trusted Computing Platforms: TCPA Technology in Context. In: PH PTR, Upper Saddle River, NJ (2003)
Mitchell, C.J. (ed.): Trusted Computing. IEE Press, London (2005)
Trusted Computing Group (TCG): TCG Specification Architecture Overview. Version 1.2, The Trusted Computing Group, Portland, Oregon, USA (2004)
National Institute of Standards and Technology (NIST): Secure Hash Standard. Federal information processing standards publication (FIPS), pp. 180–182 (2002)
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: 11th ACM Conf. on Computer & Communications Security, pp. 132–145. ACM Press, New York (2004)
Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)
Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. Journal of the ACM 38(3), 690–728 (1991)
Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM Journal on Computing 18(1), 186–208 (1989)
Trusted Computing Group (TCG): TPM v1.2 Specification Changes. A summary of changes, Trusted Computing Group, Portland, Oregon, USA (2003)
Rudolph, C.: Covert identity information in direct anonymous attestation (DAA). In: 22nd IFIP Int’l. Information Security Conf (SEC 2007) (2007)
Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure. RFC 3280, The Internet Engineering Task Force (IETF) (2002)
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)
Sun Microsystems: Jini Architecture Specification. Version 1.2, Sun Microsystems, Palo Alto, CA, USA (2001), http://www.sun.com/software/jini/specs/
Universal Plug and Play (UPnP) Forum: UPnP Device Architecture. version 1.0 (2003), http://www.upnp.org/
Guttman, E., Perkins, C., Veizades, J., Day, M.: Service Location Protocol, Version 2., RFC 2608, The Internet Engineering Task Force (IETF) (1999)
Nidd, M.: Service discovery in DEAPspace. IEEE Personal Communications 8(4), 39–45 (2001)
Salutation Consortium: Salutation Architecture Specification (1999), http://www.salutation.org/
Zhu, F., Mutka, M., Ni, L.: Prudent Exposure: A private and user-centric service discovery protocol. In: 2nd IEEE Conf. on Pervasive Computing & Communications, pp. 329–328. IEEE Computer Society Press, Los Alamitos (2004)
Abadi, M., Fournet, C.: Private authentication. Theoretical Computer Science 322(3), 427–476 (2004)
Ren, K., Luo, W., Kim, K., Deng, R.: A novel privacy preserving authentication and access control scheme for pervasive computing environments. IEEE Transactions on Vehicular Technology 55(4), 1373–1384 (2006)
Teranishi, I., Furukawa, J., Sako, K.: k-times anonymous authentication. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 308–322. Springer, Heidelberg (2004)
Chowdhury, P.D., Christianson, B., Malcolm, J.: Anonymous authentication. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols. LNCS, vol. 3957, pp. 299–305. Springer, Heidelberg (2006)
Trusted Computing Platform Alliance (TCPA): TCPA Main Specification. Version 1.1b, Trusted Computing Group, Portland, Oregon, USA (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Leung, A., Mitchell, C.J. (2007). Ninja: Non Identity Based, Privacy Preserving Authentication for Ubiquitous Environments. In: Krumm, J., Abowd, G.D., Seneviratne, A., Strang, T. (eds) UbiComp 2007: Ubiquitous Computing. UbiComp 2007. Lecture Notes in Computer Science, vol 4717. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74853-3_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-74853-3_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74852-6
Online ISBN: 978-3-540-74853-3
eBook Packages: Computer ScienceComputer Science (R0)