Let us discuss about the various problems for security and device management in pervasive computing.
Security is an important aspect of transactions in computing systems, more so in pervasive computing. The concepts that require attention are identification, authentication, authorization, transaction authorization and non-repudiation. Let us discuss these in detail.
1.Identification: The most common method of identification by a pervasive device is either enters the ID or it is stored in the device. Another method to identify a user if the user a mobile phone is to use the user’s mobile phone number as ID. Certificate can also be used for ID. If the same user uses many devices and IDs for the same server access, all IDs can be mapped together.
2.Authentication: Authentication is a process of proving claimed ID of a user. Depending on the various devices used, authentication can be in different levels. The most widely used authentication is password. Many times the password is transmitted either from a PC or a WAP phone over a secured line using Secure Socket Layer (SSL) to the server and verified by the server. If the verification is successful, the user is allowed access or else the user access is rejected. More robust method of authentication is using smartcard from a PC or WAP phone with wireless identification module (WIM).
The concept of smartcard authentication is catching up world over, especially for payment systems and public- key infrastructure. In this case, the authentication is by interaction between the server and the smartcard through software. Normally, the server throws a challenge to the device that in turn gives it to the smartcard. The smartcard provides the answer that is relayed to the server. Figure explains the process of authentication.
Example of an Authentication Protocol
Authorization: Normally the authorization principle defines groups of users at different levels. Each level user will have different levels of authorization. Each user can invoke permission based on the level to which the user belongs. This type of authorization works well if there is only one type of client exists.
In pervasive computing various users may access the applications from various places with different authentication methods. In such cases, the same user, when accesses the application from a different device, the authorization varies. An example is given in Table.
Table : Examples of Authorization
User/Role
Device
Authentication Mechanism
Permissions (Applications/Function)
User A
PC
Smart Card 1024-bit signature
Home Banking/View Account
PC
Smart card 1024-bit signature
Home Banking/Transfer Amount
PC
User ID/password
Home Banking/View Account
WAP phone
User ID/Password
Home Banking/View Account
User B
Voice
User ID/password
Home Banking/View Account
Voice
User ID/password
Home Banking/Transfer Amount
User C
PDA
User ID/password
Home Banking/View Account
PDA
User ID/password
Home Banking/Transfer Amount
4.Transaction Authorization: IN some applications the users are allowed to initiate very sensitive transactions such as money transfer. As an added security measure the user is expected to authorize each and every transaction. That is, the authorization ensures hat the legitimate user accesses the details and also authorizes the individual transaction. Commonly used methods are digital signatures (Endorsed by a password) and use of transaction authorization numbers.
Digital signatures endorsed by a password: For this type of authorization, the user generates digital signatures with the aid of a secure key using a token. The token is so arranged that it will generate the signature only if the user provides a password. In the event of a transaction, the server will request the user to generate a digital signature with a challenge and the transaction with the help of the token. The user will generate the signature after entering the password.
The serve, on receiving the signature, verifies if it is correct and completes the transaction only if the signature is correct. Such an authorization makes it possible to ensure the security because anyone can generate the signature with the possession of the token and the knowledge of the password.
Transaction Authorization Numbers: TANs are available in blocks and are sent to the user by the organizations. There is a clear understanding (by means of signed document) between the user and the organization that the TANs are highly sensitive information and must be given utmost security. Whenever the user initiates a sensitive transaction the organization requests for the next valid TAN. The user refers to the block of TANs and sends the next valid TAN to the organization’s server. If the number received matches with the number expected, the server completes the transaction else the transaction is not completed.
5.Non-Repudiation: This is to ensure that the user does not deny the transaction at a later date. For ensuring non-repudiation, the transaction authorization is by means of a digital signature (for example) that can be produced when questioned.
Device Security
Different devices have different levels of security. Some can be used for even financial transactions. The security offered by a device depends on many factors. The variations are:
1.Some run unchangeable software; others run potential Trojan horses.
2.Some do not have memory protection. So, there could be mix-up of data of different applications resulting in increased risk.
3.Some support digital signature generation with smaller number of keys while others support higher number of keys.
4.Some devices have hardware modules to store the private keys securely. Others do not have such a facility.
For ensuring security in an application involving pervasive devices, all the above points are to be considered. Let us discuss security levels in WAP phones and PDAs.
WAP phones
WAP phones allow secured connection to WAP gateways or WAP servers. WAP phones allow RSA encryption algorithm with 786 bit keys. Currently WAP gateways terminate the secure WTLS connection between the WAP phone and the telecommunication company and establish a secure SSL connection instead to the application server. This introduces additional overheads.
It would have been better if the WAP phone could get direct connection to the application server. But this approach is slightly inconvenient to the users. Another problem is the over the air configuration capability of some WAP phones. This feature can be potentially misused by some attackers.
PDAs
Many PDAs allow the option of downloading and installing software. This will possibly allow Trojan horses to get installed in PDAs as PDAs have no memory protection to isolate applications. So, Trojan horse program can have access to data used by other applications.
Server Side Security
Pervasive computing brings in the new requirements for security in servers also. If the network has only PCs, it is easy for an application server to install security.
Set-up for a secure Web Application
As shown in Figure, the application provider can sets up an outer and inner firewall, have a central access control and can deploy the applications behind the inner firewall. PC to application server security can be easily ensured using SSL protocol. After PC approaches the application server through the user’s Internet Service Provider (ISP), client authentication is carried out using any one of the earlier mentioned authentication procedures.
However, for ensuring security of usage of application server by pervasive devices (such as WAP phones, PDAs and Voice-only phones), suitable gateways are to be provided. The situation needs changes from the set up shown in figure.
A pervasive Web Application using External Gateways
Figure shows the possible arrangement for ensuring the security in connection of pervasive devices to application server. While the server side remains the same, there are some additional requirements from the client side. For access in to the data of the server, access control authentication must be able to handle different types of client devices. Each device comes with its own mark up language. That is, HTML for PC, WML for WAP clients, Voice XML for voice-only phones and simple HTML for PDAs. For providing end-to-end security, for each type of device, different gateway needs to be used. So, all the data exchanged between the device and the application provider goes through the gateways.
In the process, they also undergo some changes. That is, WTLS connection from a WAP phone through WAP gateway reaches the application server through a secure SSL protocol connection. The original WAP certificate provided by the user is not presented to the server. The SSL certificate of the WAP gateway is provided instead.
A pervasive Web Application using Own Gateways
If the application provider wants to ensure end-to-end security and also get the original authentication certificate directly from the client, the gateways are to be modified as shown in Figure. In this case, the devices connect directly to the server.