Access Control to Information in Pervasive Computing Environments

Pervasive computing envisions a world in which our environment is full of embedded devices that gather and share vast amounts of information about people, such as their location, activity, or even their feelings. Some of this information is confidential and should not be released to just anyone. In this thesis, I show how existing solutions for controlling access to information are not sufficient for pervasive computing because of four challenges: First, there will be many information services, potentially offering the same information, run by different organizations, even in a single social environment. Second, there will be complex types of information, such as a person’s calendar entry, which reveal other kinds of information, such as the person’s current location. Third, there will be services that derive specific information, such as a person’s activity, from raw information, such as a videostream, and that become attractive targets for intruders. Fourth, an individual’s ability to access information could be constrained based on confidential information about the individual’s context. This thesis presents a distributed access-control architecture for pervasive computing that supports complex and derived information and confidential context-sensitive constraints. In particular, the thesis makes the following contributions: First, I introduce a distributed accesscontrol architecture, in which a client proves to a service that the client is authorized to access requested information. Second, I show how to incorporate the semantics of complex information as a first-class citizen into this architecture, based on information relationships. Third, I propose derivation-constrained access control, which reduces the influence of intruders by making a service prove that the service is accessing information on behalf of an authorized client. Fourth, I study the kinds of information leaks that context-sensitive constraints can cause. I introduce access-rights graphs and hidden constraints for avoiding these leaks. Fifth, I show how pervasive computing makes it difficult for a client to prove that the client is authorized to access complex confidential information. I propose a cryptographic solution based on an extension of hierarchical identity-based encryption. Sixth, as an alternative approach, I introduce an encryption-based access-control architecture for pervasive computing, in which a service gives information to any client, but only in an encrypted form. I present a formal model for my contributions based on Lampson et al.’s theory of authentication. All of my contributions have been implemented in an actual pervasive computing environment. A performance analysis of my implementation demonstrates the feasibility of my design.