access control in ubiquitous environments-a literature search
TRANSCRIPT
-
8/14/2019 Access Control in Ubiquitous Environments-A Literature Search
1/4
Access Control in Ubiquitous Environments:A Literature Search
Roushdat ElaheebocusSchool of Electronics and Computer ScienceUniversity of Southampton
Abstract
Significant research work is being carried out in
the area of access control in ubiquitous computing. In
this literature search we provide an overview and
reading materials in 1. Ubiquitous computing and
access control, 2. challenges involved, 3. main
approaches proposed by researchers and finally a listof references and bibliographies on the subject has
been included at the end.
1. Introduction
The terms Ubiquitous Computing, commonly
referred to as Pervasive Computing [1] are used to
describe the practice of incorporating computing
capabilities into our everyday life's environment to
such an extent that users interact with these 'intelligent'
entities without consciously being aware of the
computing powers behind and therefore focus on the'what' rather than the 'how' when carrying out a task [2].
The services that these ubiquitous environments
provide are subject to security and privacy constraints.
"Access control policies and mechanisms are necessary
to ensure that users only use the resources (both
hardware and software) in an Active Space in
authorised ways, and to allow shared use of the space"
(pervasive computing environment) [3].
2. Challenges of Access Control in
Ubiquitous Environments
Due to the pervasive nature of such environments,
additional challenges present themselves to researchers
when working on access control schemes. We have
listed four major issues that should be taken into
consideration.
2.1. Usability
In contrary to conventional computer systems, in
pervasive environment, users will be accessing a wide
range of services using a multitude variety of devices.
Requiring users to authenticate with ubiquitous services
one at a time is unacceptable and will make the life of
users more complicated than before. Therefore to make
sure that accessing these systems are user-friendly,
appropriate mechanisms for access control have to be
developed[4].
2.2. Privacy
According to M. Satyanarayanan [1] , when people
start to rely more on these pervasive computing
systems, the latter will have access to private data on
users. To what extent are we prepared to give away our
privacy is a sensitive issue [5]. Preserving privacy wasan important aspect in K.Jangseong et al's [6] access
control scheme.
2.3. Mobility
An inherent characteristic of ubiquitous computer
environment is the expectation that users' physical
locations will change as well as the devices being used
to access pervasive services which may have varying
capabilities such as screen resolution and bandwidth
[5,7].
2.4. Scalability
A major challenge in ubiquitous computing is for
protocols to be able to scale appropriately with a large
number of devices and physical size of such networks
[5]. Users are expected to be accessing many services
simultaneously.
-
8/14/2019 Access Control in Ubiquitous Environments-A Literature Search
2/4
3. Approaches adopted by researchers
Most approaches for tackling access control in this
area can be classified into four main groups that we
have listed below although in several cases, researchers
have come up with hybrids by combining two or morestrategies from the main categories. One example
would be the Hybrid Access Control model (HAC)
which combines all four categories [8].
3.1. Trust-Based Access Control (TBAC)
Trust establishment is a critical phase in TBAC
which according to Daoxi Xiu and Zhaoyu Liu [9]
presents limitations in existing Trust-Based Systems.
Therefore they have come up with a hybrid by using
several existing trust-establishment models. Other
works include the use of collaborative and reliance on
previous interactions for trust evaluation taking privacy
requirements into account [10] and also automated
resource-constrained trust negotiation [11]. A reward-
punishment strategy has been used to develop a
reputation-based trust model to identify 'rogue' nodes in
a ubiquitous network [12, 13]. Digital
certificates,signatures and proxy signatures have also
been used to perform trust checks [14, 15].
3.2. Context-Based Access Control (CBAC)
In CBAC, the context of entities consisting mainly of
characteristics such as location, posture and expression aretaken into account [16]. The properties of a physical channel
can be used to validate user location [17]. A. Corradi et al [7]
proposed a model in which a user's permissions are obtained
by fulling exploiting the context data. Context-
awareness has also been merged with role-based
(RBAC) whereby contextinformation is used to determine policies assigned to different membership roles [18]. An
specialisation of CBAC has been described as Evidence-
Based, controlling access by filtering messages and gathering
evidence [19]. Other derivatives include silent login and
proximity-based user authentication [4].
3.3. Role-Based Access Control (RBAC)
RBAC has been a quite popular access control
mechanism in the industry as well as governmental bodies
and a number of case studies and experience reports are
available online [30]. Unlike traditional access control
mechanisms, in RBAC, permissions are not in direct
relationship to users, instead roles are used as intermediaries
[20]. To adapt RBAC for use in a ubiquitous context,
additional parameters such as time and location have been
used [21]. There has been an attempt to address the issue of
privacy in RBAC through the use of privacy policies [22].
3.4. Policy-Based Access Control (PBAC)
The dynamic generation and enforcement of policies
allows a pervasive environment to interact with users in
"different modes" [3]. Polices can also be defined by
administrators at the middleware level through a
security specification policy language [23] or using Rei
policy specification language for flexible access control
[24].
4. References
[1] M. Satyanarayanan, Pervasive computing: visionand challenges, Personal Communications, IEEE
[see also IEEE Wireless Communications] 8, no. 4
(2001): 10-17, doi:10.1109/98.943998.
[2]
M. Weiser, The Computer for the 21st Century,
Sci. Amer., Sept., 1991.
[3] Geetanjali Sampemane, Prasad Naldurg, and Roy
Campbell, Access control for active spaces,
http://gaia.cs.uiuc.edu/papers/acsac02-space-
sec.pdf.
[4] Jakob Bardram, The trouble with login: on
usability and computer security in ubiquitous
computing, Personal and Ubiquitous Computing
9, no. 6 (November 6, 2005): 357-367,
doi:10.1007/s00779-005-0347-6.
[5] R.K. Thomas and R. Sandhu, Models, protocols,
and architectures for secure pervasive computing:
challenges and research directions, in Pervasive
Computing and Communications Workshops,
2004. Proceedings of the Second IEEE Annual
Conference on, 2004, 164-168,
doi:10.1109/PERCOMW.2004.1276925.
[6] Jangseong Kim, Zeen Kim, and Kwangjo Kim, A
Lightweight Privacy Preserving Authentication and
Access Control Scheme for Ubiquitous Computing
Environment, in Information Security and
Cryptology - ICISC 2007, 2007, 37-48,http://dx.doi.org/10.1007/978-3-540-76788-6_4.
[7] A. Corradi, R. Montanari, and D. Tibaldi,
Context-based access control for ubiquitous
service provisioning, in Computer Software and
Applications Conference, 2004. COMPSAC 2004.
Proceedings of the 28th Annual International,
2004, 444-451 vol.1,
-
8/14/2019 Access Control in Ubiquitous Environments-A Literature Search
3/4
doi:10.1109/CMPSAC.2004.1342877.
[8] Le Hung et al., A Flexible and Scalable Access
Control for Ubiquitous Computing Environments,
in Intelligence and Security Informatics, 2006,
688-689, http://dx.doi.org/10.1007/11760146_91.
[9] Daoxi Xiu and Zhaoyu Liu, A Dynamic Trust
Model for Pervasive Computing Environments, in
(presented at the Fourth annual security
conference, Las Vegas , NV, 2005),
http://coitweb.uncc.edu/~zhliu/Research/Papers/asc
.pdf.
[10] Pho Duc Giang et al., A Trust-Based Approach to
Control Privacy Exposure in Ubiquitous
Computing Environment, in (presented at the
IEEE International Conference on Pervasive
Services, Istanbul, Turkey, 2007),
http://icpsconference.org/2007/.
[11] Guo Ya-Jun et al., An Access Control Model for
Ubiquitous Computing Application, in Mobile
Technology, Applications and Systems,2nd
International Conference on Mobile Technology,
Applications and Systems, 2005, Pages 1-6.
[12] Azzedine Boukerche and Yonglin Ren, A trust-
based security system for ubiquitous and pervasive
computing environments, Computer
Communications In Press, Corrected Proof,
doi:10.1016/j.comcom.2008.05.007,
http://www.sciencedirect.com/science/article/B6TY
P-4SKK215-2/2/1430100aea7fb192425153a00b64f00e.
[13] Haiyun Luo et al., URSA: ubiquitous and robust
access control for mobile ad hoc networks,
Networking, IEEE/ACM Transactions on 12, no. 6
(2004): 1049-1063,
doi:10.1109/TNET.2004.838598.
[14] Urs Hengartner and Peter Steenkiste,
Implementing access control to people location
information, in Proceedings of the ninth ACM
symposium on Access control models and
technologies (Yorktown Heights, New York, USA:
ACM, 2004), 11-20, doi:10.1145/990036.990039,
http://portal.acm.org/citation.cfm?
doid=990036.990039.
[15] Jong-Phil Yang and Kyung Hyune Rhee, Securing
Admission Control in Ubiquitous Computing
Environment, in Networking - ICN 2005, 2005,
972-979,
http://www.springerlink.com/content/w3cjck3dbh2
9df18.
[16] M Anisetti et al., OpenAmbient: a Pervasive
Access Architecture, in ETRICS'06 Workshop on
Security in Autonomous Systems, vol. 183
(presented at the SecAS '06, Freiburg, Germany,
2006), http://ftp.informatik.rwth-
aachen.de/Publications/CEUR-WS/Vol-
183/paper6.pdf.
[17] Tim Kindberg and Kan Zhang, Context
Authentication Using Constrained Channels, In
Fourth IEEE Workshop on Mobile Computing
Systems and Applications (2002): 14--21,
doi:10.1.1.15.7590.
[18] Devdatta Kulkarni and Anand Tripathi, Context-
aware role-based access control in pervasive
computing systems, in Proceedings of the 13th
ACM symposium on Access control models andtechnologies (Estes Park, CO, USA: ACM, 2008),
113-122, doi:10.1145/1377836.1377854,
http://portal.acm.org/citation.cfm?
doid=1377836.1377854.
[19] Nishith Khantal et al., Evidence-Based Access
Control for Ubiquitous Web Services,
http://seclab.cs.rice.edu/w2sp/2008/papers/sp1.pdf.
[20] David F. Ferraiolo et al., Proposed NIST standard
for role-based access control, ACM Trans. Inf.
Syst. Secur. 4, no. 3 (2001): 224-274,
doi:10.1145/501978.501980.
[21] Song-hwa Chae, Wonil Kim, and Dong-kyoo Kim,
Role-Based Access Control Model for Ubiquitous
Computing Environment, in Information Security
Applications, 2006, 354-363,
http://dx.doi.org/10.1007/11604938_28.
[22] Sung-Ho Hong et al., RBAC-Based Access
Control Framework for ensuring Privacy in
Ubiquitous Computing, in Proceedings of the
2006 International Conference on Hybrid
Information Technology - Volume 01 (IEEE
Computer Society, 2006), 278-283,
http://portal.acm.org/citation.cfm?
id=1193208.1193401&coll=GUIDE&dl=GUIDE.
[23] Zhefan Jiang et al., Design of a Security
Management Middleware in Ubiquitous
Computing Environments,. Sixth International
Conference on Parallel and Distributed
Computing, Applications and Technologies, 2005,
-
8/14/2019 Access Control in Ubiquitous Environments-A Literature Search
4/4
Pages 306-308.
[24] Ryusuke Masuoka et al., Policy-based Access
Control for Task Computing Using Rei, in
Proceedings of the Policy Management for the
Web Workshop, WWW 2005 (W3C, 2005), 37-43,
http://ebiquity.umbc.edu/paper/html/id/220/Policy-
based-Access-Control-for-Task-Computing-Using-
Rei-.
5. Bibliography
[25] Computer Science Essays - Ubiquitous
Computing: Authentication techniques in
ubiquitous computing, http://www.ukessays.com/
essays/computer-science/ubiquitous-
computing.php. Accessed 24 November 2008
[26] Varuna Godara, Handbook of Research on
Assessment and Management in Pervasive
Computing, 2008. ISBN:1605662208,9781605662206. Repository: Google Books
[27] Tim Kindberg, Abigail Sellen, and Erik Geelhoed,
Security and Trust in Mobile Interactions: A
Study of Users Perceptions and Reasoning, in
UbiComp 2004: Ubiquitous Computing, 2004,
196-213,
http://www.springerlink.com/content/elj3jeqknr7ff
bpb.
[28] Anupam Joshi et al., Security policies and trust in
ubiquitous computing, Philosophical
Transactions of the Royal Society A:
Mathematical, Physical and Engineering Sciences
366, no. 1881 (October 28, 2008): 3769-3780,
doi:10.1098/rsta.2008.0142.
[29] C.A. Patterson, R.R. Muntz, and C.M. Pancake,
Challenges in location-aware computing,
Pervasive Computing, IEEE2, no. 2 (2003): 80-
89.
[30] RBAC CASE STUDIES,http://csrc.nist.gov/groups/SNS/rbac/case_studies.h
tml.Accessed on 25 November 2008