L.A. Staffans and T. Saridakis (Finland)
Distributed Security Scheme, PKI, Security Policies
The existence of a central security authority is too restric tive for pervasive computing environments. Existing dis tributed security schemes fail in a pervasive computing en vironment with limited terminals. Better fitted are schemes, that do not rely on the presence of a central security au thority, yet allows for the application of a common secu rity policy. This paper presents such a distributed security scheme, where pieces of information of the same sensitiv ity are grouped together and protected by a pair of private encryption/decryption keys. Users gain access to certain information by obtaining the key pair of the corresponding group. Depending on the security policy applied in a given environment, the keys can be obtained either directly by the security authority which issues the keys or by another user that possesses them. Similarly, depending on the applied security policies, the access to information may require the user to authenticate himself. In the scheme we present, the authentication is based on certificates that users may obtain from the security authority at an unsuspected time prior to the information access.
Important Links:
Go Back
