A Domain-Oriented Approach for Access Control in Pervasive Environments

Pervasive computing envisions an environment in which we are surrounded by many embedded computer devices. Those networked devices provide us with a mobile, spontaneous and dynamic way to access various resources provided by domains with different security policies. The conventional approach to secure access over multiple domains is to implement a universal trusted infrastructure, extending local identity- or capability-based security systems and combining them with cross-domain authentication mechanisms. However, this does not adequately meet the security requirements of communicating with strangers in pervasive environments. This paper presents an intrinsically multi-domain oriented approach which incorporates an identity-based encryption (IBE) access control mechanism. This approach allows the right domain to get involved with its local playerspsila interactions by helping them to convert a token to a usable access capability, whilst facilitating revocation.