Presentation on theme: "Page 1 An Anonymous Context Aware Access Control Architecture 2006.5.9 Shigetoshi YOKOYAMA NTT DATA Eiji KAMIOKA National Institution of Informatics Shigeki."— Presentation transcript:
Page 1 An Anonymous Context Aware Access Control Architecture Shigetoshi YOKOYAMA NTT DATA Eiji KAMIOKA National Institution of Informatics Shigeki YAMADA National Institution of Informatics ACA 2
Page 2 Table of Contents Context Aware Platform Problems of Access Control in Ubiquitous Environment Requirements Related Works Proposed Architecture （ ACA 2 ） Approach ACA 2 Connection Model Context-certificate validity monitoring context Conclusion
Page 3 Ubiquitous needs Context-Awareness ! It has been widely considered that needs for context-aware applications will increase as ubiquitous computing era comes … Select service and request explicitly provide services Users need to use computers actively to process tasks Conventional Computing Paradigm Computers offer appropriate services using ambient information Context-aware Computing Paradigm user computers user collect ambient info TROUBLESOME HAPPY! Automatically offer preferable services
Page 4 Context Description Description of a situation which is a moment for the application Condition Rules by which the context analyze the situation Parameter Query description to acquire certain events and status from sensors and other information sources Description for Action Action Generate events according to the situation
Page 5 Context Aware Platform Architecture Context Server Messaging Service (P2P, Publish/Subscribe) Retrieval Process Information Source (Sensor) Sensor Information Source (ex. RFID) RFID Reader RFID RFID Reader RFID Information Source (ex. Thin Client) HTTP Connector HTTP Context Client API Service Logic Client API Publish Subscribe Publish Subscribe SIP Connector Subscribe ex. Telephone Call Service Logic Context ・ Taro Nakao, Daisuke Yamada, Tatsuya Nakamura, Shigetoshi Yokoyama, Design and Implementation of an Application-Oriented Context Awareness Framework, pp , Eurescom 2005.
Page 6 Problems of Access Control in Ubiquitous Environment Problem1 ： The relationship between entities that need services and entities that provide services are often ad-hoc in nature, which makes an access-control mechanism based on ID and role difficult to implement. Problem2 ： Because access conditions in a ubiquitous environment are always changing, an access-control mechanism should follow such changes. Problem3 ： In a ubiquitous environment, the number of entities that need and provide services can be enormous. This makes it easy for operation bottlenecks to occur if access control is centralized. Access Control Mechanism Access Control Mechanism ？？？？ ? ?? ? Access Control Mechanism t1t1 t2t2 Change to t 2 Access should be suspended at t 2 Access Permission at t 1
Page 7 Requirements Ad-hoc Operation ： For two parties that begin to communicate with each other without having formed a trust-based relationship beforehand, access control must be based on current conditions such as the state of the service user. Tracking ： It must be possible to suspend a service if context changes during service provision and the range of permitted access is exceeded. Distributed Processing ： Access control and decision making must be implemented in a distributed manner instead of centralizing access functions at a single access-control server. Access Control Mechanism ！！！！ ? ?? ? Access control Mechanism Access control Mechanism Access control Mechanism Access control Mechanism Context Access Control Mechanism t1t1 t2t2 Change to t 2 Access should be suspended at t 2 Access Permission at t 1 ×
Page 8 Pre-registered ID Area Context Constraints Sensors Access Control Access Control Information Service Person Thing Access Permission Subject Object Policy DB Role Related Works (Extended RBAC) Role Subject Permission Context Condition1 Context Condition2 ・・・ ・ J. Canny and T. Duan, “ Protecting user data in ubiquitous computing environments: Towards trustworthy environments, ” Privacy-Enhancing Technologies (PET) 2004, pp , Toronto, Canada, May ・ Tripathi, T. Ahmed, D. Kulkarni, R. Kumar, and K. Kashiramka, “ Context- based secure resource access in pervasive computing environments, ” Proc. Second IEEE Annual Conf. on Pervasive Computing and Communications Workshops (PERCOMW04), pp.159 – 163, March 2004.
Page 9 Related Works (Delegation) ・ Lalana Kagal, Tim Finin, and Anupam Joshi, “ Trust-Based Security in Pervasive Computing Environments ”, pp , Computer Dec 2001 Pre-registered ID Area Information Service Person Thing Object Delegates Delegatee Subject Access control Access Permission Transfer rights Use transferred rights
Page 10 Related Works (Pure CAAC) Pre-registered ID Area Policy DB Context Control Sensors Access control Access control Information Service Person Thing Access Permission Subject Object Context Subject Permission ID for obtaining context ・ A. Corradi, R. Montanari, and D. Tibaldi, “ Context-based access control management in ubiquitous environments ”, Proc. third IEEE International Symposium on Network Computing and Applications, (NCA ’ 04), pp.253 – 260, Aug ・ G. Sampemane, P. Naldurg, and R.H. Campbell, “ Access control for active spaces ”, Proc. 18th Annual Computer Security Applications Conf. (ACSAC04), pp.343 – 352, Dec
Page 12 ACA 2 (Anonymous Context Aware Access Control Architecture) Pre-registered ID Area Policy DB Context Control Sensors Information Service Person Thing Attach Subject Object Context Subject Permission Certificate for obtaining context アクセス制御 Subject side Access control Subject side Access control アクセス制御 Object side Access control Object side Access control Control Access ① Ad-hoc operation アドホッ ク性 （匿名性 ） ③ Distributed processing Context-certificate validity monitoring context ② Tracking
Page 13 ACA 2 Components Subject Subject_ terminal Subject_ Proxy Context Server Object_ Proxy Object_ Terminal Object Sensors attach subscribe attach subscribe use (Service Consumer) (Service Provider) Message Service
Page 14 ACA 2 Connection Model Public-telephone connection model ① Pick up receiver ③ Submit money ④ Dial ⑤ Talk ⑥ Call terminates if money runs out ② Ask operator for charge ACA 2 connection model ① Attach subject to subject proxy ③ Transfer context-collection- source certificate ④ Transfer context certificate and request access to object ⑤ Access object ⑥ Access rights are revoked and access is cut off when context changes. ② Ask object proxy for policy ×
Page 15 Context Certificates and Anonymity （ 1/3 ） Subject_Proxy γ Subject_Proxy α Subject_Proxy β Subject_Proxy group Message Service Pre-registered ID Area ・・・ Attaches Subject_Proxy B in the Subject_Proxy pool to Subject_Terminal through a http session or other means Attach Connect with proxy? OK
Page 16 Subject_Proxy β Pre-registered ID Area Context-collection- source certificate Message Service Web service Cell phone Sensors Blog/WiKi RFID Sensors Sends context- collection-source certificate stored in Subject_Terminal so that Subject_Proxy can create the context certificate needed for accessing Object. Context-collection-source Put Send context- collection- source certificate? OK Context Certificates and Anonymity （ 2/3 ）
Page 17 Subject_Proxy β Pre-registered ID Area Context Server Context-certificate validity monitoring context Message Service Web service Cell phone Sensors Blog/WiKi RFID Sensors Context-collection Context-collection- source certificate Access Subscribe Configures a “context certificate” certifying that Subject has the necessary context to access Object, generates “context- certificate validity monitoring context” for monitoring change in context, and registers that context with Context Server. Subscribe Call Engineer-Y2 at 050-yy-YYYYYY? OK Context Certificates and Anonymity （ 3/3 ）
Page 18 Summary We proposed Anonymous Context Aware Access Control Architecture (ACA 2 ) assuming context that does not require the user to register beforehand on the service provider side. This scheme therefore has particular value in ubiquitous environments. In addition to requiring no pre-registration, ACA 2 features continuous monitoring of context for any changes and dynamic access control performed in step with those changes.
Page 19 Thank you
Page 20 Related Works TypeProsCons Extended RBAC Can be achieved by extending an existing and well-known solution. ID and role must be registered beforehand. DelegationCan be achieved by adding a delegation function to an existing solution. Places a burden on the delegates Pure CAACHolds the possibility of achieving access control based only on context. A new mechanism must be realized.
Page 21 Context construction on AOCA (Application Oriented Context Awareness) Application developers use schema of the data to monitor. Assumption: Data is expressed using domain-specific ontology and structured based on a schema of the each application domain. Therefore the schema is well-known among the application domain. content ( structured data ) data holder raw data sensor etc schema sensor etc real / virtual world content context context describer (=AP developer) service
Page 22 Service Triggering on AOCA other data context service E other data context service D other data context service C AOCA platform content current time light intensity a certain data in DB location change! Every data can be monitored by the platform. 1 time location Corresponding context is triggered when an event comes from the monitoring data. light intensity a certain data context 2 service A A service tied with the context is triggered. service B 3 The platform will collect necessary contextual data in addition to the changed data. 4 execute!
Page 23 ACA 2 Application Scenario Company-X Company-Y Inquiry Meeting Manager-x Salesman-y 1 Engineer-y 2 As long as Manager-x is escorting Salesman-y 1, he can borrows access points on SIP servers to talk with Engineer y 2
Page 24 Context-certificate validity monitoring context Message Service Subject_Proxy Context Server Context-certificate validity monitoring context Web service Cell phone Sensors Blog/WiKi RFID Subscribe Sensors Subscribe Context-certificate validity monitoring context Sensors （ Context source ） Object_Proxy Subscribe Context-certificate validity monitoring context Context-certificate
Page 25 ACA 2 Architecture Web service Message Service Context ServersObject_Proxy group Object_Proxy C Object_Proxy B Object_Proxy A Context certificate 1 validity-monitoring context Context certificate 2 validity-monitoring context Context certificate 3 validity-monitoring context Cell phone Sensors Blog/WiKi RFID Sensors attach Subject_Termina l Subject_Proxy γ Subject_Proxy group Subject_Proxy β Subject_Proxy α Object_Terminal attach Policy Servers Policy c Policy ｂ Policy a （ Context Source ）
Page 26 Stream Certificates Message Service Subject_Proxy Context Server Context-certificate validity monitoring context Web service Cell phone Sensors Blog/WiKi RFID Subscribe Sensors Subscribe Context-certificate validity monitoring context Object_Proxy Streaming context certificate Streaming context certificate Stream generator Stream