Trust, security and privacy for pervasive applications

2005

Abstract: Traditionally, stand-alone computers and small networks rely on user authentication and access control to provide security. These physical methods use system-based controls to verify the identity of a person or process, explicitly enabling or restricting the ability to use, change, or view a computer resource.

Pervasive networks foresee communicating computing devices embedded throughout our environment. This will cause huge increases in the complexity of network infrastructures and the information available over them. The challenge of managing information services so that humans can access what they desire, while retaining the security of the services will be difficult. It is not clear that current security paradigms will map readily into such future environments. This paper outlines the authors' current position regarding the technical challenges which will need to be understood in order to make secure pervasive computing a reality.

2006 International Conference on Parallel Processing Workshops (ICPPW'06), 2006

Trust, the fundamental basis of 'cooperation' -one of the most important characteristics for the performance of pervasive ad hoc network--is under serious threat with the emergence of counterfeiting and malicious activity. Several constraints exist in the pervasive computing environment such as a device's memory, battery power and computational capability. This results is a high degree of dependence on other devices within the network to provide services. Along with this is the lack of a secure communication medium which invites both active and passive eavesdroppers. In order to restrict the participation of malicious devices, we propose a trust model which is actually a modified form of the well known LPN (Learning Parity with Noise) based Hopper -Blum [1, 2] protocol. Our new refined model has been named as m-LPN (Modified Learning Parity with Noise) which is presented in this paper along with an illustrative example.

2001

Abstract Traditionally, stand-alone computers and small networks rely on user authentication and access control to provide security. These physical methods use system-based controls to verify the identity of a person or process, explicitly enabling or restricting the ability to use, change, or view a computer resource.

Spc, 2005

In this paper, we propose an architecture that enables service providers to give personalised service to users, while minimising the risks to the users' privacy. We describe how security concerns have been at the foundation of the design of two critical parts of such systems: a mechanism that supports users in defining authenticated personas that can be pseudonymous; and mechanisms for users to share such personas with service providers. A trustbased approach is used to make decisions about accepting personas. We illustrate the issues and approach with an extended scenario that is used to illustrate the design of the architecture and the detailed processes in managing authenticated personas.

2003

The issue we have focused on in the broad area of security for Pervasive Computing is maintaining trust in an interactive environment. Our solution is based on the premise that computers and implicit interaction mechanisms must function in accordance with the explicit parameters of physical human-human interaction. Otherwise, this results in imbalances between the physical and virtual worlds, which leads to "windows of vulnerability". Our solution presented requires an infrastructure of pervasive and context sensing technology, to provide entity mapping, policy and trust management services. We also investigate generating cryptographic keys using the context available The underlying technology is based on the Smart-Its context sensing, computation and communications platform.

We present a scheme for highlighting the trust issues of merit within pervasive computing, based on an analysis of scenarios from the healthcare domain. The first scenario helps us define an analysis grid, where the human and technical aspects of trust are considered. The analysis is applied to a second scenario to examine its suitability. We then discuss the various categories of the analysis grid in the light of this examination and of the literature on the subject of trust. We believe that this approach could form the basis of a generalised trust analysis framework to support the design, procurement and use of pervasive computing.

2002

Pervasive computing environments with their interconnected devices and services promise seamless integration of digital infrastructure into our everyday lives. While the focus of current research is on how to connect new devices and build useful applications to improve functionality, the security and privacy issues in such environments have not been explored in any depth. While traditional distributed computing research attempts to abstract away physical location of users and resources, pervasive computing applications often exploit physical location and other context information about users and resources to enhance the user experience. The need to share resources and collaborate introduces new types of interaction among users as well as between the virtual and physical worlds. In this context, it becomes difficult to separate physical security from digital security. Existing policies and mechanisms may not provide adequate guarantees to deal with new exposures and vulnerabilities introduced by the pervasive computing paradigm. In this paper we explore the challenges for building security and privacy into pervasive computing environments, describe our prototype implementation that addresses some of these issues, and propose some directions for future work.

Wireless Personal Communications, 2014

The advances in wireless communication technologies and mobile devices have provided cost-effective platforms and environments for people to have better and ubiquitous interpersonal communications. The trust, security and privacy issues in such an environment have drawn significant attention recently from both academia and industry. The accepted papers in this special issue are devoted to the most recent developments and research addressing related theoretical and practical aspects on trust, security and privacy for wireless and mobile networks, and the contents are built on analytical modelling, experimental and simulation studies. The contributions of these papers are outlined below. People-centric sensing (PCS) is an emerging and promising paradigm of sensor networks, but faces severe security problems due to the strong connectivity and homogeneous applications. Lu et al. propose a novel behavioural signature generation system, called SimBehavior, to generate lightweight behavioural signature for malware detection in PCS. Unlike malware detection using behaviour graph which is NP-Complete, the proposed SimBehavior is efficient and suitable for malware detection in PCS. The experimental results show that SimBehavior can extract behavioural signatures effectively which can be used to detect new malware samples in PCS efficiently. Security and privacy protection have been the primary concerns in pushing towards the success of wireless mesh networks. In order to defend against the internal attacks and to achieve better security and privacy protection, Lin et al. propose a role based privacy-aware secure routing protocol (RPASRP), combining a new dynamic reputation mechanism with the role based multi-level security technology and a hierarchical key management protocol. Simulation results show that the proposed RPASRP implements the security and privacy

2006 International Symposium on High Capacity Optical Networks and Enabling Technologies, 2006

The propagation of ubiquitous computing is bringing in an environment, where multitudes of diverse entities interact with each other. It is widely acknowledged that traditional security measures do not scale well in environments which are epitomized by unforeseen circumstances, unexpected interactions, and unknown entities. We propose the trust based security architecture based on the human notion of trust as a mechanism to secure computing in ubiquitous environments.