普适计算的信任认证

在普适计算环境中，用户能够在任何时间、任何地点访问资源，获得服务。但是这种无处不在性和移动性的环境带来了新的安全问题。资源的拥有者和请求者一般互相不知道。认证是安全的基石，没有认证，系统的保密性、完整性和可用性都将受到影响。可是传统认证是基于身份的认证，不适合普适环境中对陌生实体的认证。本文在分析普适计算的认证要求后，指出了在普适计算环境中应该先在陌生的实体间建立信任关系，然后可以用几乎所有的标准密钥交换协议进行安全认证。提出了用资源限制信任协商技术在陌生人之间建立信任关系。由于它避免了大量的公钥密码操作所带来的计算负担，因此比较适合计算能力有限的设备之间建立信任关系。

Trust Authentication in Pervasive Computing

Users can access resources and obtain services anytime and anywhere in pervasive computing environment. However, the ubiquitous and mobile environment presents a new security challenge. The resource owner and requestor do not foreknow each other. Authentication is the footstone of security. Without authentication, confidentiality, integrality and availability of a system will be affacted. It is unsuitable for pervasive computing environment which entities are strangers to use traditional identity-based authentication. In this paper, after analyzing the requirements of authentication that pervasive computing need, we indicate that authentication in pervasive computing is firstly to establish trust relationship. Then secure authentication is achieved using almost any traditional authentication key exchange protocols. The resource-constrained trust negotiation method is presented to established trust relationship among strangers. Owing to avoiding the heavy computational demands the public key cryptography operations bring about, resource-constrained trust negotiation is well-suited for resource constrained devices to negotiate trust in pervasive computing environment.