The Community for Technology Leaders
RSS Icon
Issue No.06 - June (2008 vol.57)
pp: 821-834
In an attempt to expand Public Key Infrastructure (PKI) usage to a ubiquitous and mobile computing environment, we found that the deployment of the PKI on a resource constrained device leads to user-obstructive latency or an additional circuitry for the operations. To alleviate these limitations, we propose a new PKI-based authentication protocol and security infrastructure, PKASSO, which is enhanced with the single sign-on and delegation technology that is used especially for mobile devices with restricted computing power. The PKASSO offloads complex PKI operations from the mobile devices to the infrastructure so as to keep the hardware and software complexity of the devices as low as possible. In addition, even though a conventional delegation mechanism cannot support a non-repudiation mechanism against malicious user behavior, the PKASSO can provide such a mechanism by devising a referee server that, on the one hand, generates binding information between a device and authentication messages and, on the other hand, retains the information in its local storage for future accusation. We present the detailed design and performance evaluation of the PKASSO, and offer a protocol analysis in terms of user authentication latency and the completeness of the protocol.
Network-level security and protection, Authentication
Ki-Woong Park, Sang Seok Lim, Kyu Ho Park, "Computationally Efficient PKI-Based Single Sign-On Protocol, PKASSO for Mobile Devices", IEEE Transactions on Computers, vol.57, no. 6, pp. 821-834, June 2008, doi:10.1109/TC.2008.36
[1] J.I. Hong, J.D. Ng, S. Lederer, and J.A. Landay, “Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems,” Proc. Fifth Conf. Designing Interactive Systems, pp. 91-100, 2004.
[2] J. Lee, S.-H. Lim, J.-W. Yoo, K.-W. Park, H.-J. Choi, and K.H. Park, “A Ubiquitous Fashionable Computer with an i-Throw Device on a Location-Based Service Environment,” Proc. 21st IEEE Int'l Conf. Advanced Information Networking and Applications Workshops, vol. 2, pp. 59-65, 2007.
[3] H. Seok, K.-W. Park, S.S. Lim, and K.H. Park, “Implementation of U-Kiosk Based on Panda and VNC,” KISS, vol. 33, no. 2A, pp. 238-243, http://uci.or.krG300-c15985164.v33n2Ap238 , 2007.
[4] D. Cotroneo, A. Graziano, and S. Russo, “Security Requirements in Service Oriented Architectures for Ubiquitous Computing,” Proc. Second Workshop Middleware for Pervasive and Ad Hoc Computing, pp. 172-177, 2004.
[5] M. Fahrmair, W. Sitou, and B. Spanfelner, “Security and Privacy Rights Management for Mobile and Ubiquitous Computing,” Proc. Seventh Int'l Conf. Ubiquitous Computing, 2005.
[6] K.-W. Park, H. Seok, and K.-H. Park, “PKASSO: Towards Seamless Authentication Providing Non-Repudiation on Resource-Constrained Devices,” Proc. 21st IEEE Int'l Conf. Advanced Information Networking and Applications Workshops, vol. 2, pp. 105-112, 2007.
[7] P Working Group, , 2008.
[8] ATmega1280 Datasheet: 8-bit Microcontroller with 256 Kbytes In-System Programmable Flash. ATMEL Press, 2007.
[9] A.A. Pirzada and C. McDonald, “Kerberos-Assisted Authentication in Mobile Ad Hoc Networks,” Proc. 27th Australasian Conf. Computer Science, pp. 41-46, 2004.
[10] L. Zhu and B. Tung, RFC 4556: Public Key Cryptography for Initial Authentication in Kerberos (PKINIT). IETF Network Working Group, 2006.
[11] A. Harbitter and D.A. Menascé, “The Performance of Public Key-Enabled Kerberos Authentication in Mobile Computing Applications,” Proc. Eighth ACM Conf. Computer and Comm. Security, pp.78-85, 2001.
[12] M. Jalali-Sohi and P. Ebinger, “Towards Efficient PKIS for Restricted Mobile Devices,” Proc. IASTED Int'l Conf. Comm. and Computer Networks, pp. 42-47, 2002.
[13] S. Tuecke, V. Welch, D. Engert, L. Pearlman, and M. Thompson, RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile. IETF Network Working Group, 2004.
[14] K.-W. Park, S.S. Lim, and K.H. Park, “Ultra-Low-Power Security Card, PANDA, for PKI-Based Authentication and Ubiquitous Services,” Proc. Conf. Next-Generation Computing, pp. 367-373, 2006.
[15] ZigBee Specification v1.0. ZigBee Alliance Board of Directors, 2005.
[16] A. Gellert and L. Vintan, “Person Movement Prediction Using Hidden Markov Models,” Studies in Informatics and Control, vol. 15. ISI Thomson INSPEC, 2006.
[17] CC2420 Datasheet 2.4 GHz IEEE 802.15.4/ZigBee-Ready RF Transceiver. Chipcon Press, 2006.
[18] A. Harbitter and D.A. Menascé, “A Methodology for Analyzing the Performance of Authentication Protocols,” ACM Trans. Information and System Security, vol. 5, no. 4, pp. 458-491, 2002.
[19] Hitachi, Single-Chip Microcomputer H8/2168 Group Hardware v3.0. Renesas Tech nology, 2004.
[20] C.-H. Yang, H. Morita, and T. Okamoto, “Security and Performance Evaluation of ESIGN and RSA on IC Cards by Using Byte-Unit Modular Algorithms,” IEICE Trans. Comm., vol. E88-B, no. 3, pp. 1244-1248, , 2005.
21 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool