//img.uscri.be/pth/196e4f19da0449be27703a8dd6ad37be427172b9
Cet ouvrage fait partie de la bibliothèque YouScribe
Obtenez un accès à la bibliothèque pour le lire en ligne
En savoir plus

Une architecture d'authentification dynamique et sécurisé, sensible au contexte et basé sur la confiance pour les environnements pervasifs, A dynamic trust-based context-aware secure authentication framework for pervasive computing environments

De
195 pages
Sous la direction de Mounir Mokhtari
Thèse soutenue le 30 mars 2010: Institut national des télécommunications d'Evry
La prise en considération des exigences en matière de sécurité, de vie privée et de confiance au sein des environnements pervasifs (ubiquitaires) est indispensable à la fourniture des services personnalisés aux utilisateurs. L’objectif de cette thèse est de disposer d’une architecture souple et évolutive intégrant l’authentification des utilisateurs, la préservation de leur vie privée et la gestion de la confiance en vue d’optimiser la stratégie de contrôles d’accès aux services personnalisés. La première contribution porte sur la proposition d’un protocole d’authentification mutuelle construit à partir de schémas cryptographiques robustes d’établissement de clés basés sur les courbes elliptiques (MaptoPoint/Curve algorithm, Weil Pairing) et d’un modèle dynamique basé sur les attributs issus des données contextuelles. La seconde contribution porte sur la conception d’une nouvelle architecture bâti sur un modèle basé sur les attributs et organisée autour de 3 couches : la couche de contrôle de le vie privée qui assure la protection de la vie privée des utilisateurs en contrôlant leurs données personnelles, la couche d’accès associant les processus d’authentification et de contrôles d’accès en intégrant des mécanismes dédiés à la gestion des paramètres de confiance et la couche de service pour la gestion des accès aux services selon le profil de l’utilisateur et de son environnement. La troisième contribution porte sur le développement et la mise en œuvre d’un prototype au sein de la plateforme dédiée à la fourniture de services du laboratoire Handicom de Telecom SudParis.
-Informatique omniprésente
To provide personalized services to users in pervasive environments, we should consider both user's privacy, trust and security requirements. Traditional authentication and access control mechanisms are not able to adapt their security policies to a changing context while insuring privacy and trust issues. This thesis introduces a new global vision for the protection of pervasive environments, based on context-aware principle. The aim of this thesis is to get a flexible and scalable framework including user authentication, user privacy preserving and trust management in order to optimize the access control strategy to personalized services. The first contribution include the proposal of a mutual authentication protocol supported by both robust key establishment schemes based on elliptic curves (MaptoPoint/Curve algorithm, Weil Pairing) and a dynamic model based on attributes issued from contextual data. The second contribution include the design of a new architecture built on an attribute based model and organized over 3 layers: the privacy control layer which insure the protection of the user private life by controlling their personal data, the access layer which associate authentication and access control processes while providing mechanisms dedicated to trust parameters management , and finally the service layer for service access management according to the user profile and his environment. The third contribution the implementation and the deployment of a prototype within the service delivery platform in Handicom lab of Telecom & Management SudParis.
-Authentication
-Pervasive computing
-Cryptography
Source: http://www.theses.fr/2010TELE0006/document
Voir plus Voir moins




Ecole Doctorale EDITE




Thèse présentée pour l’obtention du diplôme de
DOCTEUR DE L’INSTITUT NATIONAL DES TELECOMMUNICATIONS

Doctorat délivré conjointement par
L’Institut National des Télécommunications et l’Université Pierre et Marie Curie - Paris 6



Spécialité : Informatique


Par
Pierre E. ABI-CHAR


A DYNAMIC TRUST-BASED CONTEXT-AWARE
SECURE AUTHENTICATION FRAMEWORK FOR
PERVASIVE COMPUTING ENVIRONMENTS


Soutenue le 30 Mars 2010 devant le jury composé de :

Bernard COUSIN Rapporteur IRISA, Université de Rennes, Rennes (France)
Lionel BUNIE LIRIS, INSA Lyon, Lyon (France)
Amal El Fallah SEGHROUCHNI Examinateur LIP6, Université Pierre et Marie Curie, Paris (France)
Zheng YAN Nokia Research Center, Helsinki (Finlande)
Bachar EL HASSAN LaSTRe, Université Libanaise, Tripoli (Liban)
Abdallah M’HAMED Examinateur Handicom, Telecom & Management SudParis (France)
Mounir MOKHTARI Directeur de thèse Handicom, Telecom & Management SudParis (France)



Thèse n° 2010TELE0006


tel-00542331, version 1 - 2 Dec 2010P
ARIS
OR
D
STUDIES
YN
THE
AMIC
2010
TR
ON
UST
ET
-B
AR
ASED
THE
CONTEXT
E.
-A
TION-TELECOM
W
THE
ARE
A
SECURE
UNIVERSITE
A
CURIE
UTHENTICA
IN
TION
FULFILLMENT
FRAMEW
UIREMENTS
ORK
OF
FOR
PHILOSOPHY
PER
May
V
TELECOMMUNICA
ASIVE
SUDP
COMPUTING
AND
ENVIR
COMMITTEE
ONMENTS
GRADU
A
TE
DISSER
OF
T
PIERRE
A
MARIE
TION
-
SUBMITTED
ARIS6
T
P
O
TIAL
THE
OF
DEP
REQ
AR
FOR
TMENT
DEGREE
OF
DOCT
RESEA
OF
UX
Pierre
ET
ABI-CHAR
SER
DE
VICE
A
tel-00542331, version 1 - 2 Dec 2010ed
Reserv
All
ii
E.
Cop
2010
yright
Rights
by
ABI-CHAR
Pierre
c
°
tel-00542331, version 1 - 2 Dec 2010Graduate
is
I
certify
of
that
of
I
this
ha
a
v
ed
e
for
read
y
this
ha
dissertation
in
and
scope
that,
de
in
(Bachar
my
v
opinion,
iii
it
de
is
of
fully
(Abdallah
adequate
that
in
e
scope
and
and
opinion,
quality
adequate
as
quality
a
for
dissertation
of
for
y
the
Appro
de
the
gree
Committee
of
a
Doctor
dissertation
of
the
Philosoph
gree
y
Doctor
.
Philosoph
(Mounir
.
MOKHT
M'HAMED)
ARI)
certify
Principal
I
Adviser
v
I
read
certify
dissertation
that
that,
I
my
ha
it
v
fully
e
in
read
and
this
as
dissertation
dissertation
and
the
that,
gree
in
Doctor
my
Philosoph
opinion,
.
it
EL-HASSAN)
is
v
fully
for
adequate
Uni
in
ersity
scope
on
and
Studies.
quality
as
I
tel-00542331, version 1 - 2 Dec 2010v
i
tel-00542331, version 1 - 2 Dec 2010e
v
v
CKNO
b
WLEDGEMENTS
people
The
ould
completion
I
of
Their
this
It
dissertation
both
represents
been
more
my
than
their
just
thesis
a
thesis
demonstration
helpful
of
abroad
compe-
memorable
tence
has
as
also
a
the
researcher
a
.
thanks
Rather
xpress
,
me
the
y
process
the
in
time
v
re
olv
their
ed
ations
in
A
its
hosting
formulation
elecom
and
v
writing
also
has
Studying
pro-
e
vided
en
me
the
with
path
an
I
opportunity
all
for
with
both
to
personal
o
gro
w
wth
them
and
and
de
v
v
and
elopment.
discussions.
F
ould
or
of
me,
for
the
of
k
schedule
e
w
y
also
to
and
success
and
represents
e
the
this
desire
thanks
to
eryone
accomplish
during
something,
at
and
P
the
as
belief
nice
that
xperience.
it
all
can
met
be
at
done.
a
The
caused
latter
e
ho
ment
we
of
v
that
er
crossed
,
v
could
y
not
v
ha
Thank
v
ha
e
time
been
I
possible
lik
without
xpress
the
my
support
and
of
.
those
to
who
gratitude
ha
their
v
and
e
bearing
been
them
close
for
to
help
me.
man
F
inspiring
or
Also,
that
w
reason,
thanks
there
rest
are
my
a
committee
number
taking
of
out
persons
their
to
usy
whom
to
I
vie
w
this
ould
and
lik
for
e
support
to
comments.
e
suggestions
xpress
observ
my
were
gratitude.
xtremely
First
throughout
I
thesis.
w
special
ould
to
lik
v
e
for
to
me
thank
my
my
stay
supervisor
T
Abdallah
Sud-
M'HAMED
aris.
for
w
his
a
help,
ery
guidance,
and
advise
e
as
I
well
thank
as
the
his
I
enthusiasm
there.
and
here
man
INT
y
been
v
great
aluable
xperience,
contrib
by
utions
the
to
xcellent
this
viron-
w
and
ork.
because
W
all
ithout
friends
his
ha
input,
e
I
my
w
o
ould
er
not
man
ha
years
v
ha
e
e
been
here.
able
you
to
for
complete
ving
this
great
thesis.
here
I
you.
am
w
also
also
grateful
e
to
e
Mounir
my
MOKHT
to
ARI
tw
and
brothers
Bachar
to
El-HASSAN
sister
for
I
gi
ant
ving
e
me
my
the
to
opportunity
for
to
lo
pursuing
e
my
support,
Ph.D.
for
I
with
need
during
to
thanks
A
tel-00542331, version 1 - 2 Dec 2010sure
ou
in
periods
thing
when
I
w
what
ork
completion
took
yes
a
o
v
constant
ery
me
big
trusting
part
ou
of
not
my
une
time.
re-v
W
w
ithout
y
your
thank
support,
a
encour
thanks
-
means
agement,
v
guidance,
and
I
of
ne
forw
v
Unfortunately
er
to
w
v
ould
death
ha
helped
v
wn
e
where
made
us
it
I
through
vi
the
ant
whole
for
Ph.D.
and
process.
ering
Thank
abilities.
you
sho
all.
it
Last,
care,
b
I
ut
Thanks
not
accepting
least,
me.
I
a
w
ethos.
ould
also
lik
to
e
this
to
He
present
with
all
the
my
Ho
respect
,
to
and
one
my
v
life
ery
re-estimate
special
my
person;
I
my
is
Mother
there
,
w
N
.
ADIA
ou
ABI-CHAR.
So
Man
ABI-
y
CHAR.
thanks
w
Mom;
to
for
him
all
his
your
care
understanding,
unw
your
v
patience
belief
and
my
most
Dad,
of
for
all,
wing
for
what
your
really
lo
to
v
and
e.
can
Y
achie
ou
e.
ha
for
v
me,
e
me,
gi
supporting
v
Y
en
were
me
man
the
impeccable
strength
Y
to
were
pursue
looking
my
ard
dreams,
the
the
of
courage
dissertation.
to
,
stand
is
up
here
for
us
my
see
beliefs,
whole
and
nished.
the
we
condence
er
that
his
I
xpected
need
tragic
to
opened
succeed.
e
Lo
to
v
and
e
me
Y
and
ou
alue
Mom.
o
Finally
life.
,
am
this
he
dissertation
some
is
out
dedicated
al
to
ays
the
atching
lo
closely
ving
T
memory
Y
of
Dad,
my
Owe
f
Man
ather
Thanks.
Emile
N.
those
tel-00542331, version 1 - 2 Dec 2010are
y
to
TIONS
2009,
RESUL
Book
TING
2010.
FR
Journal
OM
Pri
THIS
Directions
THESIS
in
-
Nokia
P
and
.
Mobile
ABI-CHAR,
IJCSIS,
M.
vii
Mokhtari,
in
A.
of
Mhamed
the
and
rust
B.
ronments:
EL-Hassan,
elopment.
A
Finland,
Fle
M.
xible
Authenticated
Pri
ith
v
Proceed-
ac
and
y
No.
and
A
T
rust
rust
ac
Conte
xt-A
xt-A
vironments,
w
and
are
Procceding
Secure
Publishing
Frame
itle:
w
and
ork.
En
Presented
Social
to
De
the
Edited
8th
Center
International
pp
Conference
P
on
A
Smart
EL-Hassan,
Homes
K
and
Protocols
Health
Control
T
vironments,
elematics.
of
(Accepted
Computer
T
Security
o
ol.
Appear).
pp.
-
P
P
.
.ABI-CHAR,
T
M.
and
MoKhtari,
v
A
y
Mhamed
Conte
and
w
B.
En
EL-Hassan,
State
A
Art
Dynamic
Future
T
In
rust-based
of
Conte
IGI
xt-A
under
w
T
are
T
Authentication
Modeling
Frame
management
w
Digital
ork
vi-
W
From
ith
Concept
Pri
System
v
v
ac
Book
y
by
Preserving,
Research
In
,
Proceeding
2009,
of
352-377,
the
-
International
.ABI-CHAR,
Journal
MoKhtari,
of
Mhamed
Computer
B.
and
Secure
Netw
and
ork
e
Security
Agreement
,
W
IJCNS,
Access
V
for
ol.
En
2,
In
No.
ing
2,
International
pp.87-102,
of
2010.
Science
-
Information
P
,
.
V
ABI-CHAR,
6
A.
2,
Mhamed,
170-183,
B.
Best
EL-Hassan
aper
and
ward
M.
Controlling
Mokhtari
PUBLICA
tel-00542331, version 1 - 2 Dec 2010Conference
Protocol
Cardif
P
29-31,
.
K
ABI-CHAR,
236-241.
M.
posium
Mokhtari,
Standard:
A.
NDU,
Mhamed
T
and
IEEE
B.
EL-Hassan,
EL
,
-Hassan,
,
T
ABI-CHAR,
o
A
w
and
ards
Mhamed,
a
of
Rob
2007,
ust
ales,
Pri-
September
v
ABI-CHAR,
ac
K
y
Curv
and
the
Anon
and
ymity
IEEE
Preserving
89-94.
Architecture
A.
for
and
Ubiquitous
Proc.
Computing,
rends
in
Science,
Proc.
P
of
An
the
ment
Third
Conference
International
and
Conference
May
on
f,
Risks
Kingdom
and
Society
Security
2007,
of
P
Internet
Mhamed,
and
Secure
Systems.
y
T
on
ozeur
Cryptograph
,
Proc.
T
International
unisia,
Information
IEEE
IAS2007,
Computer
Kingdom
Society
Society
Press,
2007,
October
P
28-30,
EL-Hassan
2008,
IEEE
pp.
vie
125-132.
Analysis
-
A,
P
the
.
Current
ABI-CHAR,
the
A.
of
Mhamed,
A
B.
2007.
EL
ABI-CHAR,
-Hassan,
EL
A
cient
Secure
y
Authenticated
in
K
rst
e
Ne
y
Mobil-
Agreement
,
Protocol
ARIS,
F
pp.
or
viii
W
W
ireless
United
Security
,
,
Computer
in
Press,
Proc.
12-14,
of
pp.
the
-
Third
.
International
A.
Symposium
B.
on
A
Infor
Authenticated
-
e
mation
Agreement
Assurance
Based
and
Elliptic
Security
e
IAS2007,
y
Manchester
in
,
of
United
Third
Kingdom,
Sym-
IEEE
on
Computer
Assurance
Society
Security
Press,
Manchester
August
United
2007,
,
29-31
Computer
pp.
Press,
33-38.
August
-
pp.
P
-
.
.
ABI-CHAR,
B.
A.
and
Mhamed,
Mhamed,
B.
802.11i
EL-Hassan,
Re
A
w
F
Security
ast
Using
and
VISP
Secure
in
Elliptic
of
Curv
National
e
on
Based
T
Authenticated
in
K
Theory
e
Applications
y
Computer
Agreement
CTT
Protocol
CS07,
F
Lebanon,
or
-
Lo
.
w
A.
Po
B.
wer
-Hassan,
Mobile
Ef
Communications,
Authenticated
in
e
Proc.
Agree-
of
Protocol,
the
Proc.
International
the
Conference
International
and
on
Exhibition
w
On
echnologies,
Ne
ity
xt
Security
Generation
NTMS
Mobile
P
Applications,
France,
Services
2007,
And
45.
T
echnologies.
-
tel-00542331, version 1 - 2 Dec 2010a
olv
when
SUMMAR
interactions
Y
lead
The
w
gro
require
wing
mechanisms
e
principals
v
long
olution
that
of
y
Information
platforms).
and
manual
Communication
ubiquitous
T
y
echnology
in
(ICT)
xtual
systems
number
to-
en
w
also
ards
incompetent
more
becoming
perv
relationship
asi
users,
v
and
e
in
and
le
ubiquitous
of
infrastructures
authentication
contrib
v
ute
their
signicantly
Moreo
to
e
the
wn
deplo
this
y-
e
ment
be
of
time,
services
ugs.
an
asi
ywhere,
.
at
entional
an
needs
ytime
ments.
and
their
for
ix
an
in
yone.
entities
T
vices,
o
raditional
pro
control
vide
user
personalized
form
services
logouts,
in
These
such
the
infrastructures,
v
we
T
should
access
consider
conte
both
i.e.
user'
not
s
policies
pri
conte
v
er
ac
asi
y
vironments
and
typically
security
where
requirements
frequently
within
approach
conte
a
xt-a
of
w
policies
areness
force
en
v
vironment.
e
This
potential
can
traditional
be
to
really
e
achie
e
v
we
ed
con
o
schemes
wing
satisfying
to
conte
conte
en
xt
users
a
concerned
w
v
are-
the
ness
trust
systems
among
which
v
allo
ed
w
(e.g.
us
de
to
and
benet
T
from
authentication
sensing
access
and
methods
mobile
much
technologies
interaction
to
the
deri
of
v
login,
e
and
more
permission.
accurate
manual
data,
violate
i.e
vision
user'
non-intrusi
s
e
prole
computing.
and
raditional
conte
and
xtual
control
information.
are
While
xt-insensiti
the
e,
a
the
v
do
ailability
adapt
of
security
conte
to
xtual
changing
information
xt.
may
v
introduce
,
ne
perv
w
v
threats
en
ag
where
ainst
are
security
unkno
and
and
pri
conte
v
conditions
ac
change,
y
traditional
,
may
it
to
can
combinatorial
also
xplosion
be
the
used
of
to
to
impro
written,
v
a
e
de-
dynamic,
elopment
adapti
and
v
v
e
introduce
and
b
autonomic
The
aspects
approach,
of
applied
security
perv
,
v
and
scenarios,
user
lacks
pri-
xibility
v
Therefore,
ac
conjecture
y
the
.
v
Moreo
authentication
v
are
er
in
,
the
conte
in
xt-a
xt-a
w
are
are
viron-
information
Furthermore,
of
are
fers
increasingly
ne
about
w
pri
opportunities
ac
for
and
the
of
establishment
EXECUTIVE
tel-00542331, version 1 - 2 Dec 2010