Trust-based security in pervasive computing environments

Traditionally, stand-alone computers and small networks rely on user authentication and access control to provide security. These physical methods use system-based controls to verify the identity of a person or process, explicitly enabling or restricting the ability to use, change, or view a computer resource. However, these strategies are inadequate for the increased flexibility that distributed networks such as the Internet and pervasive computing environments require because such systems lack central control and their users are not all predetermined. Mobile users expect to access locally hosted resources and services anytime and anywhere, leading to serious security risks and access control problems. We propose a solution based on trust management that involves developing a security policy, assigning credentials to entities, verifying that the credentials fulfill the policy, delegating trust to third parties, and reasoning about users' access rights. This architecture is generally applicable to distributed systems but geared toward pervasive computing environments     

Understanding identity exposure in pervasive computing environments

Various miniaturized computing devices that store our identity information are emerging rapidly and are likely to become ubiquitous in the future. They allow private information to be exposed and accessed easily via wireless networks. When identity and context information is gathered by pervasive computing devices, personal privacy might be sacrificed to a greater extent than ever before. People whose information is targeted may have different privacy protection skills, awareness, and privacy preferences. In this research, we studied the following issues and their relations: (a) identity information that people think is important to keep private; (b) actions that people claim to take to protect their identities and privacy; (c) privacy concerns; (d) how people expose their identity information in pervasive computing environments; and (e) how our RationalExposure model can help minimize unnecessary identity exposure. We conducted the research in three stages, a comprehensive survey and two in-lab experiments. We built a simulated pervasive computing shopping system, called InfoSource. It consisted of two applications and our RationalExposure model. Our data show that identity exposure decisions depended on participants’ attitudes about maintaining privacy, but did not depend on participants’ concerns or security actions that they claimed to have taken. Our RationalExposure model did help the participants reduce unnecessary disclosures.     

Situation-based testing for pervasive computing environments

A challenge for designing pervasive computing systems, particularly for indoor sensor-rich environments, is the complexity of causal relationships between contextual inputs, exhibited system behaviour, and overall appropriateness of resulting outcomes. Two key challenges faced by designers when testing these systems lie in the difficulty of monitoring the deployment environment for inappropriate outcomes and subsequently tracing the physical and digital causal factors leading to specific situations. This paper presents InSitu, a situation-based testing approach that applies generalised situation specifications to a global representation of simulated environment state to detect instances of specified situations. An access control case study demonstrates the modelling capabilities of InSitu and notes the importance of the overlap, exclusivity, and subsumption relationships between situation specifications in order to achieve informative results.     

On data management in pervasive computing environments

This paper presents a framework to address new data management challenges introduced by data-intensive, pervasive computing environments. These challenges include a spatio-temporal variation of data and data source availability, lack of a global catalog and schema, and no guarantee of reconnection among peers due to the serendipitous nature of the environment. An important aspect of our solution is to treat devices as semiautonomous peers guided in their interactions by profiles and context. The profiles are grounded in a semantically rich language and represent information about users, devices, and data described in terms of "beliefs," "desires," and "intentions." We present a prototype implementation of this framework over combined Bluetooth and Ad Hoc 802.11 networks and present experimental and simulation results that validate our approach and measure system performance.     

Context-driven personalized service discovery in pervasive environments

Pervasive environments are characterized by a large number of embedded devices offering their services to the user. Which of the available services are of most interest to the user considerably depends on the user’s current context. User context is often rich and very dynamic; making an explicit, user-driven discovery of services impractical. Users in such environments would instead like to be continuously informed about services relevant to them. Implicit discovery requests triggered by changes in the context are therefore prevalent. This paper proposes a proactive service discovery approach for pervasive environments addressing these implicit requests. Services and user preferences are described by a formal context model called Hyperspace Analogue to Context, which effectively captures the dynamics of context and the relationship between services and context. Based on the model, we propose a set of algorithms that can continuously present the most relevant services to the user in response to changes of context, services or user preferences. Numeric coding methods are applied to improve the algorithms’ performance. The algorithms are grounded in a context-driven service discovery system that automatically reacts to changes in the environment. New context sources and services can be dynamically integrated into the system. A client for smart phones continuously informs users about the discovery results. Experiments show, that the system can efficiently provide the user with continuous, up-to-date information about the most useful services in real time.     

Context-aware active task discovery for pervasive computing

Task computing is mainly involved with how to interact with equipment and services for users. In such new mode users can only concern with the task need to be completed, without having to consider how to complete it. In recent years, this new mode has been considered the preferred choice under the environment of pervasive computing. Active task discovery is the key to task computing, which depends on context and automatically relates the corresponding services to complete the given operation. In this paper, based on active task computing model we present a new context-aware active task discovery mode and raise a good algorithm for discovering and executing task.     

普适计算中上下文依赖的主动任务发现

任务计算是一种针对用户如何与设备和服务进行交互的新模式,用户可以只关注需要完成的任务,而不必考虑如何去完成。主动任务发现是任务计算的核心,它依赖于上下文,并能自动组合相应的服务完成规定的操作。在构建任务计算模型的基础上,描述了一种基于上下文依赖的主动任务发现模式,分析了主动任务的结构模型,提出了一种发现任务并执行任务的算法,并通过一个智能教室的应用环境说明了该算法的具体应用。     

面向普适计算环境的资源描述方法

普适计算环境下的资源描述是支持各项普适计算资源管理活动的基础,普适计算环境的开放性、面向用户特点和固有的不确定性因素对资源描述方法提出了新的要求。现有研究大多针对资源描述的服务化、语义化和用户化需求部分,对如何描述资源的不确定性信息支持不足。在语义Web服务描述OWL-S的基础上,增加对随机性信息表示的支持,扩展为新的OWL-SP。新方法较为全面地支持了普适资源描述的关键需求（服务化、语义化、用户化和随机化需求）,构成了一个较为完整的普适资源描述,可作为普适资源管理活动的基础。     

普适计算环境下上下文信息推理的研究

从各种低层上下文信息得到对人们更加有用的高层上下文信息即上下文推理是当前研究的热点.针对该问题,采用描述逻辑,研究基于本体模型的上下文推理方法.首先简要介绍基于本体的上下文模型,该模型增加了对上下文特性的建模,然后分别研究基于本体的推理、基于规则的推理及不一致性验证3种推理方式,借助Jena框架的推理接口实现,推理功能全面,通用性强,基本满足了普适计算系统中上下文推理的需求,最后给出了推理的可用性.     

Trust force-based service selection in pervasive computing environments

Trust is an important aspect of decision making for pervasive applications and it is important to choose and use services efficiently in pervasive computing environments. Trust force is presented to specify trust relationships among interactive entities in a pervasive computing environment by using experience and knowledge in a social network and the coulomb＇s law in real word. Based on trust force, a Trust Management and Service Selection model are presented, named TMSS. TMSS was tested and the experimental results show that our method for selecting service is not only more efficient than traditional and heuristic methods, but also can identify good services from bad ones.     

Reasoning about uncertain contexts in pervasive computing environments

Context-aware systems can't always identify the current context precisely, so they need support for handling uncertainty. A prototype pervasive computing infrastructure, Gaia, allows applications and services to reason about uncertainty using mechanisms such as probabilistic logic, fuzzy logic, and Bayesian networks.     

Affective e-Learning in residential and pervasive computing environments

This article examines how emerging pervasive computing and affective computing technologies might enhance the adoption of ICT in e-Learning which takes place in the home and wider city environment. In support of this vision we describe two cutting edge ICT environments which combine to form a holistic connected future learning environment. The first is the iSpace, a specialized digital-home test-bed that represents the kind of high-tech, context aware home-based learning environment we envisage future learners using, the second a sophisticated pervasive e-Learning platform that typifies the educational delivery platform our research is targeting. After describing these environments we then present our research that explores how emotion evolves during the learning process and how to leverage emotion feedback to provide adaptive e-Learning system. The motivation driving this work is our desire to improve the performance of the educational experience by developing learning systems that recognize and respond appropriately to emotions exhibited by learners. Finally we report on the results about the emotion recognition from physiological signals which achieved a best-case accuracy rate of 86.5% for four types of learning emotion. To the best of our knowledge, this is the first report on emotion detection by data collected from close-to-real-world learning sessions. We also report some finding about emotion evolution during learning, which are still not enough to validate Kort’s learning spiral model.

一种普适计算环境下基于语义的服务匹配算法

在普适计算环境中通过语义本体来表示环境中的概念进行服务发现可以提高服务发现的鲁棒性。给出了一种基于语义的服务匹配算法,根据不同的服务请求可以通过服务类型匹配、服务输入输出参数匹配和QoS参数匹配,实现了分层次、逐步过滤不匹配的服务。同时通过服务相似度的计算为服务请求者提供最满足需求的服务。实验结果证明该算法具有较高的匹配率和较好的匹配速度,完全适用于普适计算环境。     

Decentralized checking of context inconsistency in pervasive computing environments

Contexts are often inconsistent in pervasive computing environments, owing to many heterogeneous devices with limited processing capabilities, imperfect measurement techniques, and user movement. A variety of schemes have been proposed to check context inconsistency. However, they implicitly require central control. This requirement inhibits their effectiveness in some pervasive computing environments (e.g., transport systems) where all nodes are resource-constrained and cannot act as a centralized node. To this end, we propose in this paper DCCI—a scheme of Decentralized Checking of Context Inconsistency in pervasive computing environments. DCCI exploits a simple, yet efficient, preference-based locality that denotes nodes requiring that the same context can check the inconsistency on this type of contexts. According to this locality, DCCI constructs a preference-based shortcut structure such that it checks context inconsistency within the shortcut structure. Extensive experiments show that DCCI can accurately and efficiently check context inconsistency in the presence of node churns and heterogeneity.     

EASY: Efficient semAntic Service discoverY in pervasive computing environments with QoS and context support

Pervasive computing environments are populated with networked software and hardware resources providing various functionalities that are abstracted, thanks to the Service Oriented Architecture paradigm, as services. Within these environments, service discovery enabled by service discovery protocols (SDPs) is a critical functionality for establishing ad hoc associations between service providers and service requesters. Furthermore, the dynamics, the openness and the user-centric vision aimed at by the pervasive computing paradigm call for solutions that enable rich, semantic, context- and QoS-aware service discovery. Although the semantic Web paradigm envisions to achieve such support, current solutions are hardly deployable in the pervasive environment due to the costly underlying semantic reasoning with ontologies. In this article, we present EASY to support efficient, semantic, context- and QoS-aware service discovery on top of existing SDPs. EASY provides EASY-L, a language for semantic specification of functional and non-functional service properties, as well as EASY-M, a corresponding set of conformance relations. Furthermore, EASY provides solutions to efficiently assess conformance between service capabilities. These solutions are based on an efficient encoding technique, as well as on an efficient organization of service repositories (caches), which enables both fast service advertising and discovery. Experimental results show that the deployment of EASY on top of an existing SDP, namely Ariadne, enhancing it only with slight changes to EASY-Ariadne, enables rich semantic, context- and QoS-aware service discovery, which furthermore performs better than the classical, rigid, syntactic matching, and improves the scalability of Ariadne.     

Context reasoning using extended evidence theory in pervasive computing environments

Most existing context reasoning approaches implicitly assume that contexts are precise and complete. This assumption cannot be held in pervasive computing environments, where contexts are often imprecise and incomplete due to unreliable connectivity, user mobility and resource constraints. To this end, we propose an approach called CRET: Context Reasoning using extended Evidence Theory. CRET applies the evidence theory to context reasoning in pervasive computing environments. Because evidence theory is limited by two fundamental problems–computation-intensiveness and Zadeh paradox, CRET presents evidence selection and conflict resolution strategies. Empirical study shows that CRET is desirable for pervasive applications.     

Shadow attacks on users’ anonymity in pervasive computing environments

Privacy preserving technologies are likely to become an essential component of adaptive services in pervasive and mobile computing. Although privacy issues have been studied for a long time in computer science as well as in other fields, most studies are focused on the release of data from large repositories. Mobile and pervasive computing pose new challenges, requiring specific formal models for attacks and new privacy preserving techniques. This paper considers a specific pervasive computing scenario, and shows that the application of state-of-the-art techniques for the anonymization of service requests is insufficient to protect the privacy of users. A specific class of attacks, called shadow attacks, is formally defined and a defense technique is proposed. This defense is formally proved to be correct, and its effectiveness is validated by extensive experiments in a simulated environment.     

Direction-aware resource discovery in large-scale distributed computing environments

As a system scales up, the peer-to-peer (P2P) approach is attractive to distributed computing environments, such as Grids and Clouds, due to the amount of resources increased. The major issue in large-scale distributed systems is to prevent the phenomenon of a communication bottleneck or a single point of failure. Conventional approaches may not be able to apply directly to such environments due to restricted queries and varied resource characteristics. Alternatively, a fully decentralized resource discovery service based on an unstructured overlay, which relies only on the information of resource attributes and characteristics, may be a feasible solution. One major challenge of such service is to locate desired and suitable resources without the global knowledge of distributed sharing resources. As a consequence, the more nodes the resource discovery service involves, the higher the network overhead incurs. In this paper, we proposed a direction-aware strategy which can alleviate the network traffic among unstructured information systems for distributed resource discovery service. Experimental results have demonstrated that the proposed approach achieves higher success rate at low cost and higher scalability.     

普适环境下基于生物加密的认证机制

普适计算的出现对网络通信中的安全和隐私提出了新的挑战,传统的认证技术已经不能满足普适环境的安全需求。提出了一种普适环境中用于完成服务使用者与提供者之间双向认证及密钥建立的机制。该机制高度融合了生物加密技术和Diffie-Hellman密钥交换技术,在不泄露用户隐私的情况完成双向认证。该机制提供了安全的建立密钥的算法,并且通过使用生物加密技术实现了访问控制策略的区别对待。经分析证明,该协议能很好地抵抗各种攻击,尤其是拒绝服务（DoS）攻击。