2 research outputs found
A proof-of-proximity framework for device pairing in ubiquitous computing environments
Ad hoc interactions between devices over wireless networks in ubiquitous
computing environments present a security problem: the generation of shared secrets
to initialize secure communication over a medium that is inherently vulnerable to
various attacks. However, these ad hoc scenarios also offer the potential for physical
security of spaces and the use of protocols in which users must visibly demonstrate
their presence and/or involvement to generate an association. As a consequence,
recently secure device pairing has had significant attention from a wide community of
academic as well as industrial researchers and a plethora of schemes and protocols
have been proposed, which use various forms of out-of-band exchange to form an
association between two unassociated devices. These protocols and schemes have
different strengths and weaknesses – often in hardware requirements, strength against
various attacks or usability in particular scenarios. From ordinary user‟s point of
view, the problem then becomes which to choose or which is the best possible scheme
in a particular scenario.
We advocate that in a world of modern heterogeneous devices and
requirements, there is a need for mechanisms that allow automated selection of the
best protocols without requiring the user to have an in-depth knowledge of the
minutiae of the underlying technologies. Towards this, the main argument forming the
basis of this dissertation is that the integration of a discovery mechanism and several
pairing schemes into a single system is more efficient from a usability point of view
as well as security point of view in terms of dynamic choice of pairing schemes. In
pursuit of this, we have proposed a generic system for secure device pairing by
demonstration of physical proximity. Our main contribution is the design and
prototype implementation of Proof-of-Proximity framework along with a novel Co-
Location protocol. Other contributions include a detailed analysis of existing device
pairing schemes, a simple device discovery mechanism, a protocol selection
mechanism that is used to find out the best possible scheme to demonstrate the
physical proximity of the devices according to the scenario, and a usability study of
eight pairing schemes and the proposed system
An Authorization and Access Control Scheme for Pervasive Computing
The existence of a central security authority is too restrictive for pervasive computing environments. Existing distributed security schemes fail in a pervasive computing environment with limited terminals. Better fitted are schemes, that do not rely on the presence of a central security authority, yet allows for the application of a common security policy. This paper presents such a distributed security scheme, where pieces of information of the same sensitivity are grouped together and protected by a pair of private encryption/decryption keys. Users gain access to certain information by obtaining the key pair of the corresponding group. Depending on the security policy applied in a given environment, the keys can be obtained either directly by the security authority which issues the keys or by another user that possesses them. Similarly, depending on the applied security policies, the access to information may require the user to authenticate himself. In the scheme we present, the authentication is based on certificates that users may obtain from the security authority at an unsuspected time prior to the information access