Abstract
The Post-PC revolution is bringing information access to a wide range of devices beyond the desktop, such as public kiosks, and mobile devices like cellular telephones, PDAs, and voice based vehicle telematics. However, existing deployed Internet services are geared toward the secure rich interface of private desktop computers. We propose the use of an infrastructure-based secure proxy architecture to bridge the gap between the capabilities of Post-PC devices and the requirements of Internet services. By combining generic content and security transformation functions with service-specific rules, the architecture decouples device capabilities from service requirements and simplifies the addition of new devices and services. Security and protocol specifics are abstracted into reusable components. Additionally, the architecture offers the novel ability to deal with untrusted public Internet access points by providing fine-grain control over the content and functionality exposed to the end device, as well as support for using trusted and untrusted devices in tandem. Adding support for a deployed Internet service requires a few hundred lines of scraping scripts. Similarly, adding support for a new device requires a few hundred lines of stylesheets for the device format. The average latency added by proxy transformations is around three seconds in our unoptimized Java implementation.
Similar content being viewed by others
References
3Com, Web clipping applications tutorials (January 2000) http://www.palm.com/devzone/webclipping
E. Amir, S. McCanne and H. Zhang, An application level video gateway, in: Proceedings of ACM Multimedia 95, San Francisco, CA (1995).
Apache, Apache XML Project (March 2000) http://www.apache.org
Apple, Keychain (January 2000) http://www.apple.com/macos/feature4.htm
D. Balfanz and E. Felten, Hand-held computers can be better smart cards, in: Proceedings of the Eighth USENIX Security Symposium, Berkeley, CA (August 1999).
UC Berkeley, Millennium (2000) http://www.millennium.berkeley.edu/
M. Blaze, J. Feigenbaum, J. Ioannidis and A. Keromytis, The KeyNote trust-management system, Version 2, RFC 2704 (September 1999) http://www.crypto.com/papers/rfc2704.txt
T. Bray, J. Paoli and C. M. Sperberg-McQueen, Extensible Markup Language (XML) 1.0 (2000) http://www.w3.org/TR/REC-xml
Certicom, Elliptic curve cryptography for Palm VII (December 1998) http://www.certicom.com/press/98/dec0298.htm
Cohera, Cohera (2000) http://www.cohera.com
CommerceNet, IdentitySafe (January 2000) http://www.commerce.net/project/hotsheet.html
Compaq, Web user manual (March 2000) http://www.compaq.com/WebL
Security Dynamics, SecurID (January 2000) http://www.rsasecurity.com
Epicentric, Epicentric Portal Server 3.0 Datasheet (2000) http://www.epicentric.com
A. Adler et al., Extensible Stylesheet Language (XSL) (2000) http://www.w3.org/TR/xsl/
A. Fox et al., Adapting to client variability via on-demand dynamic distillation, in: Proceedings of the 7th ACM Inter. Conference on Architectural support for Programming Languages and Operating Systems, Cambridge, MA (October 1996).
A. Fox et al., Scalable network services, in: Proceedings of the 16th ACM Symposium on Operating Systems Principals (SOSP-16), St. Malo, France (October 1997).
L. Cranor et al., Platform for Privacy Preferences (P3P1.0) Specification (2000) http://www.w3.org/TR/P3P
N. Maller et al., A one-time password system (February 1998) http://www.ietf.org/rfc/rfc2289.txt
S. Gribble et al., The MultiSpace: An evolutionary platform for infrastructural services, in: Proceedings of the 1999 USENIX Technical Conference (1999).
S. Gribble et al., Scalable, distributed data structures for internet service construction, in: Proceedings of the Fourth Symposium on Operating Systems Design and Implementation, OSDI (October 2000).
Yahoo Finance, Yahoo Finance investment challenge (2000) http://contest.finance.yahoo.com/t1?u/
A. Fox and S. Gribble, Security on the move: indirect authentication using Kerberos, in: Proceedings of the Second ACM International Conference on Mobile Computing and Networking, Rye, NY (November 1996).
A. Frier, P. Karlton and P. Kocher, The SSL 3.0 Protocol (March 1996) http://www.netscape.com/eng/ssl3/ssl-toc.html
S. Gribble, M Welsh, R. von Behren, E. Brewer, D. Culler, N. Borisov, S. Czerwinski, R. Gummadi, J. Hill, A. Joseph, R.H. Katz, Z.M. Mao, S. Ross and B. Zhao, The Ninja architecture for robust Internet-scale systems and services, IEEE Computer Networks, Special Issue on Pervasive Computing (2000).
S.D. Gribble, A design framework and a scalable storage platform to simplify Internet service construction, PhD thesis, University of California at Berkeley (September 2000).
InfoWorld, Boeing to put Net in the air (April 2000) http://www.infoworld.com/articles/hn/xml/00/04/27/000427enboeing.xml
InfoWorld, E-cars take to the streets; wireless connections link road warriors to the Net (March 2000) http://www.infoworld.com/articles/hn/xml/00/03/13/000313hnauto.xml
M. Langheinrich, A P3P preference exchange language (APPEL) working draft (1998) http://www.w3.org/TR/WD-P3P-preferences
Lucent, Proxymate (January 2000) http://www.proxymate.com/
N. Maller, The S/KEY one-time password system (February 1995) http://www.ietf.org/rfc/rfc1760.txt
Microsoft, Passport (January 2000) http://www.passport.com
Novell, Digitalme (January 2000) http://www.digitalme.com/
Oracle, Oracle Portal-to-Go Any Service to Any Device (October 1999) http://www.oracle.com/mobile/panbwp.pdf
Palm.com, Palm V PDA (1999) http://www.palm.com/products/vseries.html
B. Schneier, Description of a new variable-length key, 64-bit block cipher (Blowfish), in: Fast Software Encryption, Cambridge Security Workshop Proceedings (December 1993).
B. Schneier, Applied Cryptography (Wiley, 1996).
L. Sweeney, Guaranteeing anonymity when sharing medical data, the Datafly system, in: Proceedings of the American Medical Informatics Association Symposium, Washington, DC (August 1998).
WAP, WAP Forum Specifications (January 2000) http://www.wapforum.org/what/technical.htm
M Welsh, S. Gribble, E. Brewer and D. Culler, A design framework for highly concurrent systems, Technical report No. UCB/CSD-00-1108, UC Berkeley CS (May 2000).
G. Wiederhold and M. Bilello, Protecting inappropriate release of data from realistic databases, in: Proceedings of Data and Expert Systems (DEXA) Security Workshop (August 1998).
Yodlee, Yodlee (January 2000) http://www.yodlee.com/
B. Zenel and D. Duchamp, General purpose proxies: solved and unsolved problems, in: Proceedings of the Sixth Workshop on Hot Topics in Operating Systems, Los Alamitos, CA (IEEE Comput. Soc. Press, 1997).
B. Zenel and D. Duchamp, A general purpose proxy filtering mechanism applied to the mobile environment, in: Proceedings of the Third ACM/IEEE Conference on Mobile Computing and Networking, New York, NY (1997).
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Ross, S.J., Hill, J.L., Chen, M.Y. et al. A Composable Framework for Secure Multi-Modal Access to Internet Services from Post-PC Devices. Mobile Networks and Applications 7, 389–406 (2002). https://doi.org/10.1023/A:1016595717639
Issue Date:
DOI: https://doi.org/10.1023/A:1016595717639