Authentication and Access Control Agent Framework for Context-Aware Services

  • 格式:pdf
  • 大小:716.96 KB
  • 文档页数:4

Authentication and Access Control Agent Framework for Context-Aware Services

Kenya Nishiki and Erika Tanaka Systems Development Laboratory, Hitachi, Ltd. nishiki@sdl.hitachi.co.jp, erika@sdl.hitachi.co.jp

Abstract A key challenge in a ubiquitous network society is the design of effective authentication and access control schemes that adequately meet the unique security issues posed by the context-aware service paradigm. Despite recent advances in Web services security approaches, issues remain that impede the development of context-aware authentication and access control framework for the ubiquitous computing environment. In this paper, we propose a distributed system based on authentication and access control agents characterized by autonomic policy decision, network federation and dynamic access control for context-aware services. We will describe the travel navigation service system implementation as one of the context-aware services and also report unresolved issues, which include network mobility support, trust relationship among agents and device interconnection.

1. Introduction The ubiquitous network society provides a variety of services and allows individuals greater flexibility through their ability to link to networks at any time, from anywhere, and from any device. Individuals and businesses believe ensuring information security, including personal information, is of the utmost importance [1]. Ubiquitous computing imposes peculiar constraints, for example, in terms of connectivity, computational power and energy budget. These constraints are significantly different from those encountered when using the canonical doctrine of security in distributed systems [2]. Security is one of many applications a small device must hold in a small storage space with low power levels. The ubiquitous computing environment is characterized by people constantly moving, and engaged in numerous activities simultaneously. Fast and easy authentication is therefore a fundamental prerequisite. The usability goal is where the user should do nothing to log in, they should simply use services, and the service knows the user’s identity [3] [4]. We believe that it is important for authentication and access control technologies to expand to the ubiquitous computing environment, and the establishment of identity󰀂based secure service platform will enable to emerge new service market. Therefore, we proposed and implemented an authentication and access control agent framework for context-aware services. Previous approaches to obtain high-level security combined various authentication methods and encryption techniques, and were found to be cost ineffective. Our framework’s objectives are to provide the most suitable security scheme on the basis of context, such as user location and profiles, and to protect personal information, including user location and access records. Another objective is to provide a seamless and non-intrusive user experience, whereby users are not continuously required to enter passwords and services are not interrupted when the user is moving. The rest of this paper is as follows. The context-aware authentication and access control characteristics are described in Section 2. Our proposed agent framework is introduced in Section 3. We describe the service details in Section 4. Unresolved issues for the development of services on ubiquitous computing environment are clarified in Section 5. Finally, this paper concludes with future work described in Section 6. 2. Context-aware authentcaton and access control Ubiquitous computing environments change constantly. For example, in the office situation, some rooms are multipurpose, and are used for internal meeting as well as for business conferences, where stricter access control might be required. In the case of an apartment, a caretaker goes around during the day and automatic surveillance might be needed during the night. The concept of context-aware authentication and access control is: (1) Collect and recognize the user’s current context, and (2) Generate and control a secure user environment based on the current context.

Figure 1. Context-aware authentication and access control.

Generally, the context includes user’s location and services, present information, environmental information (temperature, loudness, brightness), terminal attributes, and network status (QoS). However, in Figure 1, the context also includes the following attributes.