A Progressive Exposure Approach for Secure Service discovery in Pervasive Computing Environments

Introduction

In pervasive computing environments, intelligent devices are ubiquitously embedded within our personal belongings, homes, offices, and even public environments. These devices provide us various network services (services for short). Via service discovery protocols, these services are discovered just in time. Client devices and services automatically configure themselves without users’ involvement. Much research has been conducted on service discovery, as reviewed in (Zhu et al., 2005). However, the problem of involving only necessary service providers and users in a service discovery session has not been well addressed. If unnecessary users and service providers are involved, then security and privacy may be sacrificed. Services may be illegally discovered or accessed and personal privacy may be exposed and inferred.

For traditional network service accesses, it is not difficult to involve only necessary and legitimate service providers and users. Usually, a user explicitly specifies a service and supplies a credential such as a username and password pair to authenticate with a service provider. Then, the service provider verifies the user and checks the user’s privilege. The user has prior knowledge of the service, service provider, credential, and relationship among them. Nevertheless, in pervasive computing environments, a user may not have such knowledge.

Challenges arise when environments change. First, a user may interact with many more services and service providers in pervasive computing environments than in conventional computing environments. For instance, a room may be saturated with hundreds of devices and services. Furthermore, everyone may become a service provider. For example, if Bob shares his MP3 player with Alice, then Bob becomes a service provider. A significant growth in the number of services and service providers makes it difficult to memorize the relationships among the services, service providers, and credentials. Second, pervasive computing environments are extremely dynamic. Devices and services may be unattended, services are added and removed, service providers’ mobility causes the devices that they wear and carry to move, and partial failures cause services to be inaccessible. The dynamic property of pervasive computing hinders users to have complete knowledge of the relationship among services, service providers, and credentials.

Without such knowledge, the problem to involve only necessary service providers and users becomes difficult when users and service providers have privacy concerns. If a user is too cautious to interact with a service provider, then a user may miss the opportunity to access a service and a service provider misses an opportunity to serve a user. However, unnecessary interaction between a user and a service provider may expose a user’s intent (what service a user is looking for), his credentials, and presence information. Similarly, a service provider may unnecessarily expose his service information, identity, and presence information.

Many service discovery protocols have been proposed, but it seems that no protocol addresses the problem without sacrificing security, privacy, or convenience. Several protocols and their security extensions adopt the traditional approach such that users start service discovery by supplying credentials

together with service discovery requests (Ellison, 2003, p.37) . The design is secure and only involves necessary users and service providers besides the server system. Nevertheless, both users and service providers expose their privacy to the central server system. In PrudentExposure (Zhu et al., 2006, p. 418), only users and service providers that share secrets discover and communicate with each other, but there is still a privacy leak among insiders. For example, if Bob only shares an MP3 player with Alice, then it is unnecessary to contact Bob when Alice discovers an electronic book.