Abstract
The average lifetime of people in advanced countries is significantly increased in the XXI century. The number of old and dependent people is rising due many innovations in health care: new technologies, medicine, and a lot of innovative devices that allow people to monitor their health and consult with a doctor in case of problems. In the last years, a number of information systems have been developed in the health-care area to assist people in living. Modern systems increase their mobility by using personal mobile devices that allows them to interact with the system at any point of time. Smart space is a technology that allows developing such systems. It is an aggregation of devices that can share their resources (information and services) and cooperate with each other. Sharing personal information between different devices requires ensuring privacy support. For these purposes, a dynamic access control support for information that is shared by devices is needed. In particular, a new access control model for accessing resources is needed. The model should describe the current situation via a context. This paper proposes a model of the context-aware access control for smart systems based on smart space technology.
1 Introduction
Recently, a number of research efforts and projects (e.g., References [2, 6, 9, 18–20, 22, 24]; ambient assisted living joint program, http://www.aal-europe.eu/) related to supporting old and dependent people have been carried out. These initiatives are devoted to enhancing the quality of life of older people through the use of information and communication technologies. Applying these technologies for the development of an assisted living information system allows to significantly increase mobility by using personal mobile devices that allows people to interact with the system at any point of time. The main problem that information and communication technologies bring to support systems for old and dependent people is information privacy. In case of interaction of different mobile devices with different services in a complex system dealing with private personal information, it is important to ensure privacy support.
One possible technology for the development of mobile-based multiservice systems is a smart space technology that is an aggregation of devices that can share their resources (information and services) and cooperate with each other. The smart space paradigm concept helps make daily human life easier through the automation of routine actions. It allows multiple devices to provide coordinated support to users based on their preferences and current situation (formalized by the context).
The following smart space features affect privacy: information distribution across space devices, ownership issues in information sharing, computational and information storage capacities being limited by those of space devices and services, user-controlled information sharing, and large amount of applications and services operating in the smart space. The distribution of information in the smart space makes it difficult to provide access to resources using the existing classical access control models, such as discretionary access control, mandatory access control, and role-based access control (RBAC). The limited storage and computational capacities of space devices may be the object of denial-of-service attacks. A large amount of unverified applications may be dangerous because they may include unknown vulnerabilities or backdoors, which may enable access to private information for unauthorized participants.
Every smart space participant is characterized by a context, which describes its activities in the smart space. The context is defined by Dey et al. [8] as any information that can be used to characterize the situation of an entity, where an entity is a person, place, or object that is considered relevant to the interaction between a user and an application, including the user and the applications themselves. For example, the context can include the type of network that is used to access the smart space, date and time of activity, community in which participants belongs to, position of the participant in the company, etc. Considering the above-described features of the smart space, it can be concluded that one of the main information security problems in cooperative operations is support of dynamic access control. In particular, a new access control model based on the cooperative operation participant’s context needs to be developed. It is proposed to use virtualization mechanisms including a virtual private smart space for this purpose. This space is a smart space available only for two participants, used for private information sharing between them. It is named virtual, because it is created and used only for information transfer between two participants. Then, that space is destroyed.
This paper proposes a model of context-aware access control (CAAC) for information shared in a smart space. The model is built based on the combination of the role-based and attribute-based access control (ABAC) models. Roles are assigned dynamically based on the user trust level and help to manage access to the resources. The trust level calculation is based on the participant’s context, which includes attributes identifying the user (user ID and public key), user location, current date, device that requests the information, etc. A special smart space service has been proposed for this model. This service grants access to the resources for the smart space services guided by the access control policies. It should be noted that public information can be published to the smart space and processed by all participants, but the private information is provided only for appropriate participants through the virtual private smart spaces when the corresponding access permissions are granted.
The rest of the paper is organized as follows. Section 2 presents some existing works that introduce access control in semantic Web and smart spaces based on the context of the participant. Section 3 describes the smart space platform features and presents requirements for smart space security. Section 4 introduces the proposed model and general scheme of the CAAC for the smart space based on the Smart-M3 platform. Section 5 describes an example scenario of the presented approach usage in smart space-based assisted living system. The main results are summarized in Section 6.
2 State of the Art
Toninelli et al. [21] propose an adoption of novel access control policy models for secure collaborations in pervasive computing environments. The authors describe issues in pervasive computing addressed to access control. The proposed adoption follows two main design guidelines defined in the paper: context awareness to control resource access on the basis of context visibility and to enable dynamic adaptation of policies depending on context changes, and semantic technologies for context/policy specification to allow high-level description and reasoning about context and policies. The paper also describes the design of a semantic context-aware policy model that adopts ontologies and rules to express context and CAAC policies, and supports policy adaptation with logic programming. The Description logic is used for context/policy specification to enable context/policy classification, comparison, and static conflict detection.
Al-Muhtadi et al. [1] propose a mechanism that integrates context awareness with automated reasoning to perform authentication and access control in space-based computing environments. The authors use this mechanism in the core service of the Gaia project, which provides the infrastructure for constructing smart spaces. Access control is based on the user’s confidence value calculation. This value is calculated by the user’s context (using simple probabilities, Bayesian probability, and fuzzy logic) and associated with different strengths of authentication, which allows different activities in the smart space. Such an approach is rather flexible and suitable for dynamic systems like the smart spaces.
Kuhn et al. [14] propose to integrate two access control models: RBAC and ABAC. Three ways of integration are discussed: (i) with dynamic roles, where user’s roles are set by attributes; (ii) attribute-centric, where roles are just attributes, not a set of permissions; (iii) role-centric, where attributes are added to constrain RBAC. Constraint rules that incorporate attributes can only reduce permissions available to the user, but cannot expand them. The integration of roles and attributes in one model enables to grant access depending on the current situation (context), for example, date and time or location of the user.
Extending this idea, Mohammad et al. [17] propose an ontology-based access control model. Usage of ontologies enables access-level decisions and provides automated search of information related to access control.
Carminati et al. [4, 5] propose an access control system based on semantic Web technologies for social networks. The approach presented in the paper enables granting access based not only on a “friendship” relation with the resource owner but also on the evaluation of the confidence level of the user. The authors propose policies for filtering available resources specified both by the rules and access control policies. With these policies, the person providing the access can control the information provided to the target users.
Semantic Web technologies are also used by He et al. [10]. They propose access control based on the model of the RBAC using some of the ideas of attributive control, namely, extending the RBAC with attributes of identity (certificates X.509, see Cooper et al. [7]; public key; etc.). The authors propose the system architecture that implements the described model and discuss its implementation.
Verma et al. [23] compare RBAC and ABAC models with respect to the semantic Web. The authors describe each model and analyze its strongest and weakest features. One of the advantages of the attribute-based access control model noticed by the authors is the support of context by attributes, which enables considering the current situation for granting access permission.
Kayes et al. [13] introduce a CAAC framework that adopts an ontological approach in modeling dynamic context information and the corresponding CAAC policies. It includes a context model specific to access control, capturing the relevant low-level context information and inferring the high-level implicit context information. Using the context model, the policy model of the framework provides support for specifying and enforcing CAAC policies. The authors have developed a prototype and presented a health-care case study to realize the framework.
The above models (except the one described by He et al. [10]) are aimed at adapting existing access control models to the semantic Web technology specifications. Smart space combines the ideas of distributed computing and semantic Web; thus, its access control model should provide for interoperability, flexibility, and simplicity of the access control rules, decentralization of the resources, and access permission based on the user’s context. Some of the above requirements are met by the model based on the combination of the RBAC and ABAC models, and by the scheme proposed by Al-Muhtadi et al. [1].
3 Smart Space Platform
The presented work is based on the open-source Smart-M3 platform described by Honkola et al. [11], which provides implementation of the smart space methodology. The main difference of this platform compared with other existing solutions described by Liuha et al. [15], Johanson et al. [12], Xie et al. [25], and Martin et al. [16] is that Smart-M3 is an open-source platform; it is accessible for downloading and testing, supported by the development community (the last accessible version has been uploaded on October 10, 2014), and supports modern mobile platforms (Android, Symbian, Harmattan).
This platform was first released at the NoTA conference in October 1, 2009, in San Jose. Smart-M3 is being developed at the ARTEMIS JU program in SOFIA (smart objects for intelligent applications) [15] and in Finnish national DIEM (device interoperability ecosystem) research projects. The Smart-M3 platform was applied in other European projects, for example, eHealth and eMobility.
The key idea of this platform is that the formed smart space is device, domain, and vendor independent. Smart-M3 assumes that devices and software entities can publish their embedded information for other devices and software entities through simple, shared information brokers. Information exchange in the smart space is implemented via HTTP using a uniform resource identifier [3]. Semantic Web technologies have been applied for decentralization purposes. In particular, ontologies are used to provide for semantic interoperability.
The Smart-M3 platform consists of two main parts: information agents and kernel (Figure 1) [11]. The kernel consists of two elements: semantic information broker (SIB) and data storage. Information agents are software entities installed on the mobile devices of the smart space users. These agents interact with SIB through the smart space access protocol (SSAP) [11]. The SIB is the access point for receiving the information to be stored, or for retrieving the stored information. All this information is kept in the data storage as a graph that conforms to the rules of the resource description framework (RDF). In accordance with these rules, all information is described by triples: “subject-predicate-object.” More details about Smart-M3 are described in Honkola et al. [11].
Smart-M3 Reference Model.
Smart spaces extend computing to physical spaces; thus, information and physical security become interdependent. Moreover, the dynamism and interoperability that smart spaces advocate can give additional leverage for cyber-criminals, techno villains, and hackers by increasing opportunities to exploit vulnerabilities in the system without being observed. The following requirements to access control in the smart space have been developed based on security requirements proposed by He et al. [10]:
Access control has to be multilevel, i.e., able to provide different levels of access control depending on predefined policies, current situation in smart space, and available resources.
The access control model has to support an access control policy that is descriptive, well defined, and flexible and easy configurable.
Since a lot of smart space services are placed on mobile devices, private information has to be transferred through the special secure information channel because the smart space available for each participant and information encoding and decoding require a significant amount of mobile device energy resources.
Authentication should not be limited to authenticating human users, but rather it should be able to authenticate mobile devices that enter and leave the smart spaces, as well as applications and mobile code that can run within the smart spaces.
4 Context-Based Access Control Model for Privacy Support
4.1 Security Mechanisms
As it has been noted, the following specific features of the smart space affect information security: distribution across user devices, ownership issues, computational and storage capacities being limited by those of space devices, and user-controlled information sharing. The mechanisms addressing these issues are presented in Table 1.
Security Mechanisms for Smart Space Security.
| Smart Space-Specific Features | Security Mechanisms |
|---|---|
| Distribution across user devices | Share encoded information |
| Ownership issues | Context management |
| Computational and storage capacities being limited by those of space devices and services | Access control and context management |
| User controlled | Context management |
All these mechanisms require introduction of the identification and authentication techniques for the services that request information. The participant is identified by the system when registering in the smart space. At this step, the unique identifier is generated and saved in the access control broker (Figure 2). At the next steps, this identifier is used as a part of the participant’s context to authorize in the smart space. Additionally, the public and private keys are generated [for example, using the RSA (Rivest-Shamir-Adleman) algorithm]. These keys are needed for the participant’s authentication in the smart space and for providing private information through the virtual private smart space.
General Scheme of Context-Based Access to Smart Space Resources.
4.2 Trust Levels
The participant’s context is used to define the trust levels assigned with its role. Role separation allows simplifying policies and makes them human-readable and easy to configure. Each component of the context is associated with the trust level. The level is represented by a number in the range (0, 1) and depends on the context of the current situation. For example, the trust level of “0.7” and “0.9” can be assigned for access from the public network and from the private network, respectively. The logical function, taking into account the trust levels of all appropriate context components, is used to assign a role to the participant. For example, the role “trusted_participant” can be assigned only if the participant is authenticated, its network trust level is in the range (0.8, 1), and the current time trust level is in the range (0.8, 1). According to this, there are three sets of access control policy rules.
TrustValue rules are used to assign the numeric trust value to the context component for participant role determination. The examples of this rule type are the following:
For resource determination, the following TrustValue rules are used:
These values are set by the access control broker and based on the estimations of the access control broker provider’s experts according to the features of the particular smart space service. The access control broker’s rules configuration is available through use of a configuration tool that is placed in the same device with the access control broker. The configuration tool is available only for administrators through the trusted SSH connection.
Assign_role rules are used at the time of logging in or authentication. By default, the participant gets the role of the patient. If he/she follows the doctor (social worker) rules, the role doctor (social worker) is assigned to the participant. The following sets include doctor and social worker rules in the form of logic equations:
Permissions rules contain access control policies that determine whether a participant with a certain role is allowed to access a particular resource type or not:
4.3 Context-Based Access to Smart Space Resources
The general scheme of the request process is presented in Figure 2 and described below.
A participant sends the request to access some private information (in the RDF notation) to the public smart space and subscribes to the corresponding response about access granting:
The smart space service accepts the request and calls the access control broker for access permission.
The access control broker reads the participant’s context and verifies its digital signature using the open key. If the signature is correct, the broker confirms that this user is authenticated and applies the rules from the access control policies to assign the role to the participant. The access permission is granted based on the role of the participant and then is sent to the smart space service that requested it.
If the access to the resource is granted, the smart space service creates a virtual private smart space. The information requested by the participant is transferred to this space. The connection information (space IP, space port, and space name) is encrypted via the open participant’s key and is sent to the public smart space. The private smart space is deleted after the information transfer has been ended.
If the access was denied, the service sends the corresponding notification to the smart space participant.
The participant, who sends the information request, gets the notification via the subscription. If access is granted, the participant decodes the encoded data with its private key and creates a connection to the specified virtual private smart space. When the requested information is transferred, the virtual private smart space is destroyed.
5 Usage Example Scenario
A simple scenario of smart space-based assisted living system is presented in Figure 3. A personal mobile device obtains information from different sensors (e.g., pulse, blood pressure, body temperature, blood sugar level, list of groceries with prices) and shares it into the smart space. The smart space core is placed in the hospital servers. The shared information becomes accessible to all smart space participants. A doctor is interested in a patient organism’s parameters and a list of groceries that are being ordered without prices, while a social worker is interested in the list of groceries that need to be bought for the patient. Their mobile devices subscribe to the needed information and get notifications when the information appears in the smart space. However, the negative issue of this sharing is that all personal information is accessible to all smart space participants.
Usage Example Scenario of Information Exchange without Access Control.
Figure 4 presents the same scenario based on the proposed access control model. The patient’s mobile device shares in smart space only the information that is accessible to the patient. The doctor’s mobile device receives a notification and makes an information query to the patient’s mobile device. The patient’s mobile device creates a virtual private space that is accessible only to the patient and the doctor, and shares information about the patient’s temperature parameters.
Usage Example Scenario of Information Exchange with Access Control.
The context-based access control model has been evaluated by using the following main parameters:
Response time means the total time spent by the system, starting from the moment of sending the smart space participant’s query and ending with answer of the service with obtaining information.
Used RAM indicates the total cost of the memory on one smart space participant’s device and access control broker.
Network load indicates the number of calls to the smart space using SSAP protocol for response time.
Table 2 shows the difference in resource consumption between a scenario without access control (Figure 3) and a scenario with access control (Figure 4). The difference in resource consumption is not high because the encryption as the most difficult operation is used only for information about connection to the virtual private space. The other information is sent only through the virtual private smart space that is available only to two participants. In the case of the classical approach, with encryption of all information, the difference will be higher than in the presented approach due to the costs to the encryption process.
The Main Parameters of the Access Control Module Working.
| Parameter | Value |
|---|---|
| Response time | Increased by 20 ms |
| Used RAM | Patient software additionally needs 1.1.Mb |
| Access control broker – 4.5 Mb | |
| Network load | Four additional queries from the patient software |
| Three queries from the access control broker |
6 Conclusion
This paper proposes a context-based access control model for smart spaces and its application for privacy support in mobile-based assisted living. The Smart-M3 information platform is used as a smart space infrastructure for prototyping of the proposed model. Usually, in smart spaces, information sharing possibility is implemented without any restrictions. However, some information in real applications can be private and should be shared in a secure way. For this purpose, a context-based access control model has been developed. The model proposes a service that makes access permission for the requested information using predefined rules. Implementing access control as a separate service that contains all smart space service permissions makes it easier to configure rules for access control. All rules are in human-readable form and easy to set up in a fairly wide range. The rules are quite strict: non-compliance with at least one of the terms of appointment of the role will result in the assignment of a different role to the participant, more precisely satisfying for smart space participants’ context. Computation resources used by the access control broker are not so high, and it is possible to optimize its usage. Usage of the context makes the model more flexible and appropriate for such systems.
Acknowledgments
The presented results are part of the research carried out within the project funded by grant nos. 13-07-00336, 13-07-12095, 13-07-00271, 14-07-00363, 14-07-00345, 13-01-00286 of the Russian Foundation for Basic Research. This work was partially financially supported by Government of Russian Federation, Grant 074-U01.
Bibliography
[1] J. Al-Muhtadi, A. Ranganathan, R. Campbell and M.D. Mickunas, Cerberus: a context-aware security scheme for smart spaces, in: Pervasive Computing and Communications, (PerCom 2003), Proceedings of the 1st IEEE International Conference, 23–26 March 2003, pp. 489–496.Search in Google Scholar
[2] A. N. Belbachir, M. Litzenberger, S. Schraml, M. Hofstatter, D. Bauer, P. Schon, M. Humenberger, C. Sulzbachner, T. Lunden and M. Merne, CARE: a dynamic stereo vision sensor system for fall detection, in: 2012 IEEE International Symposium on Circuits and Systems (ISCAS), 20–23 May 2012, pp. 731–734.10.1109/ISCAS.2012.6272141Search in Google Scholar
[3] T. Berners-Lee, R. Fielding and L. Masinter, RFC 3986 – Uniform Resource Identifier (URI): Generic Syntax, 2005, http://tools.ietf.org/html/rfc3986, Accessed 15 April, 2014.10.17487/rfc3986Search in Google Scholar
[4] B. Carminati, E. Ferrari, R. Heatherly, M. Kantarcioglu and B. Thuraisingham, A semantic web based framework for social network access control, in: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 177–186, 2009.10.1145/1542207.1542237Search in Google Scholar
[5] B. Carminati, E. Ferrari, R. Heatherly, M. Kantarcioglu and B. Thuraisingham, Semantic Web-based social network access control, Comput. Security30 (2011), 108–115.10.1016/j.cose.2010.08.003Search in Google Scholar
[6] J. L. Carús, S. García, R. García, J. Waterworth and S. Erdt, The ELF@Home project: elderly sELF-care based on sELF-check of health conditions and sELF-fitness at home, Studies Health Technol. Inform.200 (2014), 164–166.Search in Google Scholar
[7] D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley and W. Polk, RFC 5280: Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile, http://tools.ietf.org/html/rfc5280, Accessed 15 April, 2014.Search in Google Scholar
[8] A. K. Dey, D. Salber and G. D. Abowd, A conceptual framework and a toolkit for supporting the rapid prototyping of context-aware applications, Context-Aware Computing, A Special Triple Issue of Human-Computer Interaction, Lawrence-Erlbaum, 2001, http://www.cc.gatech.edu/fce/ctk/pubs/HCIJ16.pdf, Accessed 15 April, 2014.10.1207/S15327051HCI16234_02Search in Google Scholar
[9] C. Granata, P. Bidaud, C. Beck and P. Mayer, Experimental analysis of interactive behaviors for a personal mobile robot, in: Proceedings of the Fifteenth International Conference on Climbing and Walking Robots and the Support Technologies for Mobile Machines, Baltimore, MD, USA, 23–26 July 2012.10.1142/9789814415958_0008Search in Google Scholar
[10] Z. He, L. Wu, H. Li, H. Lai and Z. Hong, Semantics-based access control approach for web service, J. Comput.6 (2011), 1152–1161.10.4304/jcp.6.6.1152-1161Search in Google Scholar
[11] J. Honkola, H. Laine, R. Brown and O. Tyrkko, Smart-M3 information sharing platform, in: Proceedings of IEEE Symposium on Computers and Communications (ISCC’10), IEEE Comp. Soc., June 2010, pp. 1041–1046.10.1109/ISCC.2010.5546642Search in Google Scholar
[12] B. Johanson, A. Fox, P. Hanrahan and T. Winograd, The event heap: an enabling infrastructure for interactive workspaces, in: Proceedings of the Fourth IEEE Workshop on Mobile Computing Systems and Applications, 2001.Search in Google Scholar
[13] A. S. M. Kayes, J. Han and A. Colman, An ontology-based approach to context-aware access control for software services, Web Information Systems Engineering – WISE 2013, Lecture Notes in Computer Science, vol. 8180, pp. 410–420, 2013.Search in Google Scholar
[14] D. R. Kuhn, E. J. Coyne and T. R. Weil, Adding attributes to role-based access control, IEEE Comput.43 (2010), 79–81.10.1109/MC.2010.155Search in Google Scholar
[15] P. Liuha, A. Lappeteläine and J.-P. Soininen, Smart objects for intelligent applications, ARTEMIS Mag.5 (2009), 27–29.Search in Google Scholar
[16] D. Martin, A. Cheyer and D. Moran, The open agent architecture: a framework for building distributed software systems, Appl. Artif. Intell.: An. Int. J.13 (1999), 91–128.10.1080/088395199117504Search in Google Scholar
[17] A. Mohammad, G. Kanaan, T. Khdour and S. Bani-Ahmad, Ontology-based access control model for semantic web service, J. Inform. Comput. Sci.6 (2011), 177–194.Search in Google Scholar
[18] F. Nikayin and M. de Reuver, Governance of smart living service platforms: state-of-the-art and the need for collective action, in: Third International Engineering Systems Symposium CESUN, CESUN 2012, Delft University of Technology, 18–20 June 2012.Search in Google Scholar
[19] J. Rafferty, L. Chen and C. Nugent, Ontological goal modelling for proactive assistive living in smart environments, Ubiquitous Computing and Ambient Intelligence. Context-Awareness and Context-Driven Interaction, Lecture Notes in Computer Science, vol. 8276, pp. 262–269, 2013.Search in Google Scholar
[20] C. Röcker, Smart medical services: a discussion of state-of-the-art approaches, in: Proceedings of the International IEEE Conference on Machine Learning and Computing (ICMLC’11), vol. 1, S. Thatcher, ed., February 26–28, 2011, Singapore, pp. 334–338.Search in Google Scholar
[21] A. Toninelli, R. Montanari, L. Kagal and O. Lassila, A semantic context-aware access control framework for secure collaborations in pervasive computing environments, in: Proceeding ISWC’06 Proceedings of the 5th international Conference on the Semantic Web, Springer-Verlag, Berlin, pp. 473–486, 2006.10.1007/11926078_34Search in Google Scholar
[22] C. Tsiourti, E. Joly, C. Wings, M. Ben Moussa and K. Wac, Virtual assistive companion for older adults: field study and design implications, in: 8th International Conference on Pervasive Computing Technologies for Healthcare (PervasiveHealth), 2014.10.4108/icst.pervasivehealth.2014.254943Search in Google Scholar
[23] S. Verma, M. Singh and S. Kumar, Comparative analysis of role base and attribute base access control model in semantic web, Int. J. Comput. Appl.46 (2012), 1–6.Search in Google Scholar
[24] J. A. Waterworth, S. Ballesteros and C. Peter, User-sensitive home-based systems for successful ageing, Proceedings of HSI 2009 – 2nd International Conference on Human System Interaction, Catania, Italy, May 2009.10.1109/HSI.2009.5091036Search in Google Scholar
[25] W. Xie, Y. Shi, G. Xu and Y. Mao, Smart platform – a software infrastructure for smart space (SISS), in: Proceedings of the Fourth IEEE International Conference on Multimodal Interfaces, pp. 429–434, 2002.Search in Google Scholar
©2015 by De Gruyter
This article is distributed under the terms of the Creative Commons Attribution Non-Commercial License, which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.
