R. J. Hulsebosch
ABSTRACT
We investigate the practical feasibility of using context information for controlling access to services. Based solely on situational context, we show that users can be transparently provided anonymous access to services and that service providers can still impose various security levels. Thereto, we propose context-sensitive verification methods that allow checking the user's claimed authenticity in various ways and to various degrees. More precisely, conventional information management approaches are used to compare historic contextual (service usage) data of an individual user or group. The result is a relatively strong, less intrusive and more flexible access control process that mimics our natural way of authentication and authorization in the physical world.
- Hulsebosch, B., Salden, A., and Bargh, M. Context-Based Service Access for Train Travelers. In Proceedings of the 2nd European Symposium on Ambient Intelligence (EUSAI), Markopoulos et al. (Eds.), LNCS 3295, 84--87, Eindhoven, the Netherlands, 2004.]]Google Scholar
Cross Ref
- Bardram, J.E., Kjær, R.E., and Pedersen, M.ø. Context-Aware User Authentication - Supporting Proximity-Based Login in Pervasive Computing. In Proceedings of Ubicomp 2003 - Ubiqui-tous Computing, Vol. 2864 of Lecture Notes in Computer Science. Springer-Verlag, Seattle, Washington, USA, 2003, 107-123.]]Google Scholar
- Covington, M.J., Long, W., Srinivasan, S., Dey, A.K., Ahamad, M., Abowd, G.: Securing Context-Aware Applications Using Environment Roles. In Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT), Chantilly, Virginia, USA, 2001.]] Google ScholarDigital Library
- Moyer, M. and Ahamad, M. Generalized Role-Based Access Control. In Proceedings of the 2001 International Conference on Distributed Computing Systems (ICDCS), Mesa, AZ, 2001.]] Google ScholarDigital Library
- Wullems, C., Looi, M., and Clark, A. Towards Context-Aware Security: An Authorization Architecture for Intranet Environments. In Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshop (PERCOMW'04), March 14 - 17, 2004, Orlando, Florida, USA.]] Google ScholarDigital Library
- Zhang, G. and Parashar, M. Context-Aware Dynamic Access Control for Pervasive Applications. In Proceedings of the Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2004), 2004 Western MultiConference (WMC), San Diego, CA, USA, Society for Modeling and Simulation International (SCS), January 2004.]]Google Scholar
- Bacon, J., Moody, K., and Yao, W. Access Control and Trust in the Use of Widely Distributed Services. In Middleware 2001, volume 2218 of Lecture Notes in Computer Science, pages 295--308, Springer-Verlag, 2001.]] Google ScholarDigital Library
- Hada, S. and Kudo, M. XML Access Control Language: Provisional Authorization for XML Documents, October 2000, Tokyo Research Laboratory, IBM Research.]]Google Scholar
- XACML 1.0 Specification, www.oasis-open.org/committees/download.php/2406/oasis-xacml-1.0.pdf.]]Google Scholar
- Air Marshals Keep Close Eye on Travelers, NewsMax Wires, April 2004, Associated Press.]]Google Scholar
- Waterman, S. TSA looking at new screening techniques, The Washington Times, 3 October 2004.]]Google Scholar
- Salden, A. H. and Kempen, M. Sustainable Cybernetics Systems - Backbones of Ambient Intelligent Environments. In Remagnino, P., Foresti, G.L., and Ellis, T. (eds.), Ambient Intelligence, Springer, November 2004.]]Google Scholar
- Ferraiolo, D.F., Barkley, J.F., and Kuhn, D.R. A Role-Based Access Control Model and Reference Implementation Within a Corporate Intranet. ACM Transactions on Information and System Security, February 1999, 2, 34--64.]] Google ScholarDigital Library
- Ferraiolo, D. and Kuhn, D.R. Role-Based Access Controls. In Proceedings of 15th NIST-NCSC National Computer Security Conference, pages 554-563, Baltimore, MD, October 13-16 1992.]]Google Scholar
- Bhatti, R., Bertino, E., and Ghafoor, A. A Trust-based Context-Aware Access Control Model for Web-Services. In Proceedings of the 3rd International Conference on Web Services (ICWS), San Diego, July 2004.]] Google ScholarDigital Library
- Denning, D.E., and MacDoran, P.F. Location-Based Authentication: Grounding Cyberspace for Better Security. In Computer Fraud & Security. Elsevier Science Ltd. (1996).]]Google Scholar
- Brands S. and Chaum, D. Distance-Bounding Protocols, Proc. Eurocrypt 1993, Lecture Notes in Computer Science, no 765, Spring-Verlag, pp. 344--359.]] Google ScholarDigital Library
- Waters, B. and Felten, E. Proving the Location of Tamper Resistent Devices, http://www.cs.princeton.edu/~bwaters/research/location_proving.ps.]]Google Scholar
- Waters, B. and Felten, E. Secure, Private Proofs of Location, Princeton University Computer Science Technical Reports, TR-667-03, January 2003.]]Google Scholar
- Sastry, N., Shankar, U., and Wagner, D. Secure verification of Location Claims. ACM Workshop on Wireless Security (WiSe 2003). September 19, 2003.]] Google ScholarDigital Library
- Balfanz, D., Smetters, D.K., Stewart, P., and Wong, H.C. Talking to Strangers: Authentication in Ad-Hoc Wireless Networks. In Proceedings of Network and Distributed System Security Conference, February 6-8; San Diego; CA; USA. 2002.]]Google Scholar
- Kindberg, T., Zhang, K., and Shankar, N. Context Authentication Using Constraint Channels. Fourth IEEE Workshop on Mobile Computing Systems and Applications, June 20 - 21, 2002, Callicoon, New York, USA.]] Google ScholarDigital Library
- Orr, R.J. and Abowd, G.D. The Smart Floor: A Mechanism for Natural User Identification and Tracking. In Proceedings of the 2000 Conference on Human Factors in Computing Systems (CHI 2000), The Hague, Netherlands, April 1-6, 2000.]] Google ScholarDigital Library
- Musolesi, M., Hailes, S., and Mascolo, C. Prediction of Context Information Using Kalman Filter Theory, UCL Internal Research Note. June 2004.]]Google Scholar
- Ranganathan, A., Al-Muhtadi, J., and Campbell, R. Reasoning About Uncertain Contexts in Pervasive Computing Environments, IEEE Pervasive Computing Magazine, volume 3, no. 2, April-June 2004.]] Google ScholarDigital Library
- Mäntyjärvi, J., Himberg, J., and Huuskonen, P. Collaborative Context Recognition for Handheld Devices. In Proceedings of the First IEEE International Conference on Pervasive Computing and Communications (PerCom 2003), pp. 161--168, Dallas-Fort Worth, Texas, USA, 2003.]] Google ScholarDigital Library
- De Heer, J., Tokmakoff, A., Eertink, H., and Anijs, J. Uluru: Mobile Interactive Multimedia Experimental Service Environment. In ERCIM News No 54, Special issue on Applications and Platforms for the Mobile User, 2003.]]Google Scholar
- Indulska, J., McFadden, T., Kind, M.,and Henricksen, K. Scalable location management for context-aware systems. In Proceedings of the 4th International Conference on Distributed Applications and Interoperable Systems, DAIS 2003, volume 2893 of Lecture Notes in Computer Science, pages 224-235, Paris, France, November 19-21 2003. ENST, Springer-Verlag.]]Google ScholarCross Ref
- Cuellar, J., Morris, J., Mulligan, D., Peterson, D., and Polk, D. Geopriv Requirements, RFC 3693, IETF GeoPriv Working Group, February 2004.]] Google ScholarDigital Library
- Rosenberg, J. The Extensible Markup Language (XML) Configuration Access Protocol (XCAP), draft-ietf-simple-xcap-04, work in progress, October 2004.]]Google Scholar
- IST Advisory Group, Trust, dependability, security and privacy for IST in FP6, European Commission, 2002, ftp://ftp.cordis.lu/pub/ist/docs/istag_kk4402464encfull.pdf]]Google Scholar
- Ghosh, S., Razouqi, Q., Schumacher, H.J., and Celmins, A. A Survey of Recent Advances in Fuzzy Logic in Telecommunications Networks and New Challenges, IEEE Transactions on Fuzzy Systems, Vol. 6, No. 3, August 1998, pp. 443--447]] Google ScholarDigital Library
Index Terms
- Context sensitive access control
Recommendations
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed SystemsRole-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
A generalized context-based access control model for pervasive environments
SPRINGL '09: Proceedings of the 2nd SIGSPATIAL ACM GIS 2009 International Workshop on Security and Privacy in GIS and LBSPervasive Computing Environments enable new opportunities for users to share and to access resources anytime and anywhere in a more natural way, making access control a critical issue. These heterogeneous and dynamic sensor-rich environments ...
Context-Specific Access Control: Conforming Permissions With User Expectations
SPSM '15: Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile DevicesCurrent mobile platforms take an all-or-nothing approach to assigning permissions to applications. Once a user grants an application permission to access a particular resource, the application can use that permission whenever it executes thereafter. ...
Reviews
Andrew Robert Huber
Context-sensitive access control allows users to access services based on environmental attributes rather than solely on identity attributes. For example, train passengers could be granted access to a train's mobile network while riding the train, based on their location on the train. The claim is that context-sensitive access control can be more flexible and user-friendly. The difficulties with context-sensitive access control include verifying the correctness of contextual information, maintaining the privacy of contextual information, and the reproducibility and persistence of contextual information. The authors present a four-part context-sensitive access control architecture to address these problems: the context owner (user); a context provider, which stores and distributes the contextual information according to the owner's privacy requirements; a context broker, which provides service publishing and discovery mechanisms; and the context-aware service provider, which provides services based on context. This paper provides the implementation details of a working context-sensitive access control scheme using a wireless network along a train track to provide train passengers with anonymous access to online services, based on contextual information received from a global positioning system. The advantages of this approach include no static security infrastructure of usernames/passwords or public key infrastructure; continuous, but automatic (and therefore unobtrusive) access checking; and privacy, since users remain anonymous. The disadvantages of it are the need for a way to collect, manage, and interpret contextual information; the possible inability to reach as high a level of security as with traditional approaches; and the performance cost of the required periodic polling and verification of the context. This work will be of interest to security researchers and practitioners in mobile and ubiquitous computing environments. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments