Spontaneous security services for ubiquitous computing

Trabelsi, Slim
Thesis

The ubiquitous computing paradigm assumes an essentially dynamic model of interaction that relies in the first place on the discovery of ambient applications and surrounding devices. Even though discovery is at the heart of such systems, in particular those organized according to a service-oriented architecture, the need to secure this critical component and the complexity of such a task have been largely underestimated so far, if considered at all. This thesis tackles the design of secure protocols and reliable architectures to overcome the vulnerabilities of state of the art service discovery techniques. After setting out the security requirements of such protocols, we propose three secure solutions for service discovery, each addressing various degrees of organization and scale of the underlying deployment infrastructure. We first show how encryption is enough to protect LAN or WLAN type decentralized architectures by restricting the access to discovery messages according to an attribute based policy. We then propose discovery policies as the core concept to securing service discovery in centralized architectures that rely on a registry as a trusted third party. We finally introduce a secure service discovery architecture adapted to larger-scale networks using a peer to peer indexing system accessed through an anonymizing onion routing layer. In a second part of the thesis, we analyze the efficiency of the secure service discovery mechanisms proposed using a performance study approach. A Markovian model is built to evaluate the robustness, availability, efficiency, and resource consumption of service discovery under load as well as under denial of service attacks. We finally discuss in the last part of the thesis the security and trust issues related to the introduction of context awareness into service discovery mechanisms


HAL
Type:
Thèse
Date:
2008-07-07
Department:
Sécurité numérique
Eurecom Ref:
2543
Copyright:
© TELECOM ParisTech. Personal use of this material is permitted. The definitive version of this paper was published in Thesis and is available at :

PERMALINK : https://www.eurecom.fr/publication/2543