Documente Academic
Documente Profesional
Documente Cultură
6, JUNE 2010
Combined Authentication-Based
Multilevel Access Control in Mobile
Application for DailyLifeService
Hyun-A Park, Jong Wook Hong, Jae Hyun Park,
Justin Zhan, Fellow, IEEE, and Dong Hoon Lee, Fellow, IEEE
Abstract—In current computing environments, collaborative computing has been a central concern in Ubiquitous, Convergent, and
Social Computing. “MobiLife” and “MyLifeBits” are the leading projects for representing dailylifeservices and their systems require
complicate and collaborative network systems. The collaborative computing environments remain in high potential risks for users’
security and privacy because of diverse attack routes. In order to solve the problems, we design combined authentication and
multilevel access control, which deals with cryptographic methods in a personal database of “MyLifeBits” system. We propose a
scheme which is flexible in dynamic access authorization changes, secure against all the attacks from various routes, a minimum
round of protocol, privacy preserving access control, and multifunctional.
Index Terms—Combined authentication, multilevel access control, integrated security management dailylifeservice, MyLifeBits,
mobile phone, information classification, personal DB.
1 INTRODUCTION
the reach of users in their everyday life by innovating and three levels, A, B, and C, according to their
deploying new applications and services based on the sensitivity. Except for A-level data, all data should
evolving capabilities of the 3G systems and beyond” [2]. be encrypted, where decryption is allowed to
“MyLifeBits” is a Microsoft’s research project to create a legitimate users passing their all authentication
“lifetime store of everything.” We take “MyLifeBits” system processes. This makes it impossible for a server
as our application model and it will be dealt with in the next manager or other attackers to misuse or abuse users’
section in detail. information without their consent1 so that we can
The challenge of collaborative network technologies is achieve self-regulation of private information.
that the skills and knowledge of attackers become more . Stronger Authentication for Multilevel Access
sophisticated as much as the rapid development of Control. We design our scheme by complementing
collaborative network technologies. Various attack routes the weaknesses of each technology and combining the
in collaborative network systems may cause serious authentication methods. Our scheme can provide
problems of privacy infringement in data protection. Users multilevel authentication. According to levels, the
are always monitored and exposed when they are con- classified data are stored in different databases as
nected to their network for 24 hours and store their events. different styles. Under different levels of database
Especially, there are some potentials for privacy in the cases tables, a valid user can access the authorized
of interdomain Web service usages or sharing their data attributes through the multiauthentication. These
with others. Without the users’ consent, the stored data in ways of authentication processes are mutual so that
mobile phones or personal databases can be abused or our scheme is secure against spoofing or masquer-
misused by unauthorized accesses or server managers. ading attack.
Authentication and access control are very important . Flexibility to Dynamic Access Authorization
factors in the intricately networked systems to protect Changes. Our scheme is efficient and secure against
users’ privacy and security. the dynamic access authorization changes. This is
Our application, DailyLifeService in MyLifeBits project, because users cannot know real encryption/decryp-
is a converging technology including Information and tion keys and AC only has to change access-
Communication Technologies (ICTs) and Biotechnology. authorization-polynomials.
The DailyLifeService needs diverse integrated high tech- . Blinding. In every transfer time of biometric
nologies as well as collaborative network technologies. template or secret keys, we use newly generated
These kinds of applications have high potential risks for random numbers. This blinding or masking method
various attack routes and privacy infringements so that does not allow an attacker to know or to guess real
these applications necessarily require Integrated Security contents correctly.
Management (ISM). However, most prior researchers have . Multifunctionality. Authentication and access con-
narrowly focused on, independently or, respectively, their trol are necessary for most Web service sites as well
own research concentrations in the issues of combined as dailylifeservice. Our main focus is authentication
authentication, multimodal biometrics, biometrics with and access control for data retrieval. Our scheme
applications, security and privacy issues in certain environ- covers other functions: session key sharing, private
key management of PKI, biometric management,
ments, access control, secure retrieval, etc. Here, security
data sharing over an encrypted database, etc.
and privacy issues have not been considered for integrated
Therefore, our scheme can be applied to other
technologies or systems in prior researches.
applications including authentication and access
In this paper, we seek to create applications including the control processes.
issues of collaborative computing in social and ubiquitous . Minimum Round Protocol and Minimum Storage
networks for providing integrated various services with Biometric Information. All authentication processes
safety. In order to do that, we first analyze anticipated as well as mutual authentication, data sharing or
attack routes and countermeasures and then design a retrieval, and all of the other functions can be
combined authentication and multilevel access control accomplished in only one round. Biometric informa-
using cryptographic methods for secure information retrie- tion is stored only in the Authentication Client (AC,
val and sharing of DailyLifeService in mobile applications. a kind of TTP)’s database as biometric template.
Finally, we achieve secure and privacy-preserving conver-
ging technologies.
Goal and contribution. The following are our goals in 2 PRELIMINARIES AND RELATED WORK
designing a scheme, and simultaneously, our contributions: 2.1 MyLifeBits
The “MyLifeBits” project that began in 2001 got an
. Privacy Preserving Converging Technology in inspiration from Bush (1945)’s Memex. “MyLifeBits” is a
Collaborative Environments. Our application sce- system that deals with a personal lifetime store and it
nario is based on “dailylifeservice” requiring many considers every digital media and data including e-mail,
collaborative works in a mobile phone. This applica- calendar events, documents, audio, and video. The entities
tion may have potential risks about security and
privacy. In order to protect our system from these 1. It means data protection of privacy, in other words, fair information
risks, we use the combined authentication including practices (FIPs). Privacy is the ability to control private information, which
is not to hide all information from all parties, but rather to have the ability to
biometrics, PKI, USIM, and access control using disclose selected information to selected parties under certain circum-
cryptographic methods. All data are classified into stances, while preventing other disclosure [30].
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
826 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 9, NO. 6, JUNE 2010
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
PARK ET AL.: COMBINED AUTHENTICATION-BASED MULTILEVEL ACCESS CONTROL IN MOBILE APPLICATION FOR DAILYLIFESERVICE 827
can provide scalablity and flexibility. Argarwal et al. [5] face and fingerprint, they demonstrate that integration of
proposed a model for trust establishment and management multiple biometrics results in a consistent and significant
in computer systems supporting collaborative work, not for performance improvement.
the human-to-human interactive computer software. The In [14], Tikkanen et al. studied both biometric technology
model supports the dynamic addition of new users to a and wireless setting-based constraints that determine the
collaboration with very little initial trust and supports the feasibility and performance of the authentication feature.
incremental building of trust relationships. In [6], Al-Qayedi They reviewed the most well-known biometric approaches
et al. indicated the problems of the previous papers, a single briefly and appraised their feasibility for wireless use by
communication channel which is prone to eavesdropping presenting a number of quantitative and qualitative para-
attacks. They proposed a new combined Web/Mobile meters for evaluation. [15], [16], [17] present an overview of
authentication system via two different communication the SecurePhone project whose primary aim is to realize a
channels, which is relatively immune to eavesdropping mobile phone prototype(SecurePhone). It enables users to
attacks. Kagal et al. [7] issued security and privacy methods deal secure, dependable transactions over a mobile network
for data management in relation to authentication and through biometrical authentication. Based on a commercial
identification. Their issue caused information systems to PDA-phone supplemented with specific software modules
evolve into distributed systems that are open and dynamic. and a customized SIM card, the authors exploited a fused
In [8], [9], in order to preserve privacy in electronic combination of three different biometric methods: voice,
collaborative environments, Skinner developed a compre- face, and handwritten signature verification. Their results
hensive multidimensional privacy protecting framework also showed that the fused combination of three different
Technical, Legal, and Community Privacy Protecting biometric methods can lower the percentage of Equal Error
(TLC-PP), and proposed an authentication framework Rate (EER), FAR, FRR. Gelbord and Roelofsen [18] intro-
Combined Authentication Scheme Encapsulation (CASE) duced a technique for biometric identification to be used in
methodology, which uniquely combines both traditional PKI applications. They considered that biometric techni-
and biometric authentication methods with an additional ques have great potential for privacy issues in bridging the
novel audiovisual authentication method. This provides an gap between authentication and the end user in PKI
effective visual representation of the authentication and applications. By applying secret sharing to fingerprint
information privacy hierarchies. identification, they showed various benefits over traditional
Mutimodal Biometrics. Garcia-Salicetti et al. [10] re- fingerprint identification and it can be easily integrated into
corded the biometric database BIOMET with five different existing PKI applications.
modalities such as face, voice, fingerprint, hand, and In this paper, we use four categories of authentication
signature to study how different modalities can be com- methods: traditional, biometric, audiovisual, and Universal
Subscriber Identity Module (USIM). As traditional methods,
bined. The BIOMET multimodal database for person
based on PKI, we use ID/password. As for biometric and
authentication is described and the detailed acquisition
audiovisual methods, fingerprint, voice, and image are used.
protocols of each modality are introduced. The book by Ross
et al. [11] introduces multibiometric systems, which are 2.4 Multilevel Access Control
expected to meet the stringent performance requirements In personal database of MyLifeBits system, we focus on
imposed by large-scale authentication systems. The system sharable data, which other users can retrieve, to preserve a
outlines different fusion methodologies to integrate multiple user’s privacy. On the encrypted data, our combined
biometric traits: fusion at the feature extraction level/the authentication method allows that the only legitimate users
matching score level/the decision level. The advantages of can decrypt what they want. This kind of privacy preserving
these systems over their unimodal counterparts are also access control has been worked through various directions.
demonstrated. In [12], Hong and Jain indicated the problem In 2002, Agrawal et al. published “A Hippocratic
that face recognition is fast but not extremely reliable, while Databases.” It uses privacy metadata, which consist of
fingerprint verification is reliable but inefficient in database privacy policies and privacy authorizations stored in two
retrieval. They developed a biometric system integrating tables. The policies and authorizations associate each
faces and fingerprints, which overcomes the limitations of attribute with each user and the usage purpose(s) [19]. In
face recognition systems as well as fingerprint verification purpose-based access control by Byun et al. [20], [21], they
systems. Their experimental results show that the integrated proposed an access control model for privacy protection
system operates with an admissible response time and False based on the notion of purpose. However, purpose
Reject Rates (FRRs) of the integrated system on the test set management introduces a great deal of complexity at the
with different values of False Accept Rates (FARs) are much access control level. In another aspect, Sabah and Fedaghi
less than face recognition systems and fingerprint verifica- [22] introduced an alternative privacy access control
tion systems, respectively. For example, for 1 percent of mechanism that is not based on purpose. It defined the
FAR, FRRs of face, fingerprint, and integration are 15.8, 3.9, intended purpose of personal information as a chain of acts
1.8 percent, respectively. Since it is not clear what mechan- on this type of information. Mun et al. [23] provided
isms could be used to improve the performance, Hong et al. personwise access control mechanism for the personal
formulated the problem of multiple biometrics integration information directory system according to their policy. Ge
and examined about the improvement of performance from and Zdonik [24] and Ozsoyoglu et al. [25] described
integrating multiple biometrics in [13]. For two practical and attribute(column)wise access control by applying column-
commonly used situations of multibiometric integration, level encryption methods to DBMS.
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
828 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 9, NO. 6, JUNE 2010
In this paper, we use a column-level encryption method [28] in which a check is made on the degree of correlation
to the personal DB of MyLifeBits system for access control between mouth opening and speech energy [29].
and data protection.
3.2 Mobile Device
Mobile devices, exactly mobile phone in our scheme, are
3 ATTACK ROUTES AND COUNTERMEASURES portable and relatively small. If they get lost or stolen, they
Our scheme uses the combined techniques in a collabora- can be easily found by others and misused. These captured
tive environment using a mobile phone, which has high devices can present “false biometric” such as fake finger
risks of various attack routes. and latent images. Furthermore, some data or processes can
be modified and attacked by guessing a password.
3.1 Biometric Computational powers and storages are also restricted.
A common biometric authentication is to capture the This weakness makes it vulnerable to Denial of Service
biometric features of all users at the enrollment phase and (DoS) attack and malware such as worms and viruses on
to store the generated templates in a reference database. wireless devices because it could be hard to deploy
During the authentication phase, new measurements are enterprise-wide antivirus software on all wireless clients
matched against the original template in the reference and a network-based intrusion detection system (NIDS) on
database [26]. the wireless network.
Biometric data are noisy. Because of variable presenta- Countermeasure. If somebody wants to protect their
tion, a matching test is inexact and inaccurate. The ability of own personal stored data in a mobile phone when they get
authentication depends on technologies such as False lost or stolen, the mobile phone could have been blocked
Acceptance Rate (FAR) or False Rejection Rate (FRR). and files, messages, and contacts would have been deleted
The fact that biometric templates are stored in a database remotely. Our solutions for the theft problems are encryp-
can cause a number of security and privacy risks. One of the tion and strong authentication. Currently, some products
most serious problems is impersonation. An attacker steals such as “Kaspersky Mobile Security 8.0” provide reliable
templates in a database and constructs artificial biometrics antivirus and antimalware protection as well as the theft
that pass authentication. It can make the exposure of solutions2 for smartphone. However, these problems are a
sensitive personal information much easier. little out of the scopes of this paper so that we do not deal
The using frequency of a biometric has influence on its with them precisely.
security. The more frequently a biometric is used, the less
secure it is. This is because people may leave fingerprints 3.3 Network and Communication Channel
anywhere, and iris images may be captured by a hidden Our system consists of two types of communication
camera, so that biometrics can be found and copied easily. channels, wired channels and wireless channels. Wireless
Biometric features are inherent and unique, and it means channels cover from a user/mobile device to AC and wired
that they cannot be changed. The unchanging biometric channels cover from AC to a server. The transferring data
features are hard to be updated, reissued, or destroyed when can be intercepted, eavesdropped, modified, or inserted by
the biometric is compromised. Therefore, once compro- an attacker and lost by an unstable network condition. The
mised, it may cause some problems as well as verification. intercepted data can cause “Session Hijacking” known as
Countermeasure. A multimodal system such as a “man in the middle,” “replay,” or “reflection” attack.
combination of fingerprint verification, face recognition, Malicious clients can pretend to be legitimate end points
voice verification, and SIM card, or any other combination and malicious access points can trick clients into logging in.
of biometrics can be a countermeasure to take advantage of Wireless access points are easy to install. As a result, many
the proficiency of each individual biometric and can be individuals within companies have taken it upon them-
used to overcome some of the limitations of a single selves to set up an authorized access point, without
biometric. For instance, it is estimated that 5 percent of the informing the network administrator. Typically, these
population does not have legible fingerprints, a voice could access points are not protected, which means that they
be altered by a cold, and face recognition systems are can be used by an attacker just as they can be a valid user.
susceptible to changes in ambient light and the pose of the Rogue access points can also be used to lure valid users
subject’s head. A multimodal system, which combines the away from their corporate network. If an attacker can set up
conclusions made by a number of unrelated biometrics an access point with a stronger signal than the valid one, the
indicators, can overcome many of these restrictions [26]. As target’s computer automatically connects to the attackers’
we mentioned in Section 2, the FRR of the integrated system access point. This style of abuse is difficult to prevent since
on the test set with different values of FAR can be much less many systems will adjust connection details (type of
than face recognition systems and fingerprint verification
2. SMS Block—In the event of loss, you can send a “hidden SMS
systems, respectively [13]. message” to block access to your smartphone until a preset password is
As the solution to protect biometric templates stored in entered.
database, we hash and encrypt biometric templates and SMS Clean—Similar to SMS Block, this will completely clean out your
smartphone’s memory and memory cards.
then store them only in AC’s server(minimum storage). As SIM Watch—If your phone is stolen, the new owner will most likely
for the transferring biometric template, we blind it using a replace the original SIM card. The SIM Watch will prevent the thief from
newly generated random number. accessing your data without the original SIM card in the device. If the
original SIM card is replaced with a new one, SIM Watch automatically
The copied or imposture scenario could be avoided if it sends to you the new telephone number of the device without the thief’s
were feasible to implement the liveness test proposed in knowledge.
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
PARK ET AL.: COMBINED AUTHENTICATION-BASED MULTILEVEL ACCESS CONTROL IN MOBILE APPLICATION FOR DAILYLIFESERVICE 829
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
830 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 9, NO. 6, JUNE 2010
information, the keys need to be managed by AC because user oneself and access authorization, AC makes authentica-
valid users’ access authorization can be changed dynami- tion polynomials for each user.
cally. Other users’ access authorization to B level informa-
tion is determined through negotiations between users or 4.3.1 Polynomial for Multilevel Database Access Control
obtained in the enrollment(registration) time. In order to provide a user with his or her privilege to access
C level information is high-sensitive information and the each level of the database table, AC generates a polynomial
owner does not share this information with anyone. Thus, LPi for user i’s access control and each level of verification
all C level informations are encrypted by the user’s secret values, ALi , BLi , CLi :
key in his/her mobile phone and the information should
LPi ¼ ri1 þ ðx Ai Þ fri2 þ ðx Bi Þðri3 þ ðx Ci ÞÞg;
not be revealed to anyone, even AC as well. It only has to be
decrypted by the user oneself and it does not need the
reencryption process to mask the real encryption keys such ALi ¼ LPi ðAi Þ ¼ ri1 ;
as in 2nd Encryption of B level. BLi ¼ LPi ðBi Þ ¼ ri1 þ ri2 ðBi Ai Þ;
Each level of information is stored in the corresponding CLi ¼ LPi ðCi Þ ¼ ri1 þ ri2 ðCi Ai Þ þ ri3 ðCi Bi ÞðCi Ai Þ;
database table.
[Decryption Algorithm] fun BUij g are a user n’s authentication values to access the
1) B level: CBUij gðk BUij þÞ ¼ m BUij jth column of B level database of a user i, where i, j, and n
or D ðCBU0
Þ ¼ f BUij . are positive integers. We call these “Attribute Identifiers.” ri
ij
is a random number for a user i. The polynomials i BPj are
2) C level: Dk CUi ðEk CUi ðm CUij ÞÞ ¼ m CUij
l-degree polynomials (l < n, n is the total number of users).
or Dk CUi ðEk CUi ðf CUij ÞÞ ¼ f CUij . i BPj verifies the set of users who can access to a user i’s
In B level, the 1st encryption is a storage form and 2nd jth column of B level information. For retrieving some
encryption is a reencryption process by AC to mask the real information from other users’ personal database, each
keys. A short message is denoted by m BUij and f BUij is a user n should store “Column Identifiers,” un BUij , in one’s
file, which are encrypted differently. A short message own mobile database. The jth column of B level database
m BUij is encrypted with ElGamal style of encryption for user i is encrypted with k BUij . AC should keep these
method (not the public-key-based encryption but actually polynomials i BPj in its database.
symmetric key) and the symmetric encryption algorithm
4.3.3 Storage of Information
such as AES is applied to a file f BUij . and are newly
All of the generated information should be stored in a user’s
generated random numbers every query time.
mobile database or AC’s database.
4.3 Enrollment and Generation of Authentication
Information . Mobile Device (user i’s mobile device MDi )
All users who use Web services as well as dailylifeservice - Database:
have to register on AC and they produce biometric
information, ID, password, a special key(Xi ). The special hðpwi Þ; Vi ; Ii ;
key Xi encrypts a user’s private key and C level of ai ; bi ; ci ; ui BUij ; ui BUoj , where o 6¼ i;
encryption key, and all of the information related to EXi ðski Þ; Epki ðk CUi Þ;
authentication. The private key of PKI is stored in mobile - IMEI of USIM.
database in this way of EXi ðski Þ. The encryption key for C . AC’s Database:
level information, k CUi , is encrypted with a user’s public - For a user i
key like this: Epki ðk CUi Þ.
AC associates Xi with International Mobile Equipment ijIMEIi ; Ekc ðhðpwi Þ; hðBTi Þ; Xi Þ;
Identity (IMEI) of USIM in a user i’s mobile phone and stores LPi ¼ ri1 þ ðx Ai Þ
them(Xi and its IMEI) for each user. For authentication of a fri2 þ ðx Bi Þðri3 þ ðx Ci ÞÞg;
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
PARK ET AL.: COMBINED AUTHENTICATION-BASED MULTILEVEL ACCESS CONTROL IN MOBILE APPLICATION FOR DAILYLIFESERVICE 831
[AC] x gw ¼ m BUij ,
7. Check IMEI and TTL(Time to Live) and Integrity: v gu ¼ m BUoj ,
d ¼ hðtjbjcÞ. Dk CUi ðyÞ ¼ m CUij ,
8. Decrypt: Ekc ðhðpwi Þ; hðBTi Þ; Xi Þ.
9. Compute: hðpwb
¼ , c ¼ hðBTi0 Þ. Or
iÞ
D ðx0 Þ ¼ f BUij ,
10. Decrypt E ðeÞ: D ðE ðeÞÞ ¼ D ðv0 Þ ¼ f BUoj ,
fðbi ; ui BUij ; q BUij Þ; ðbo ; ui BUoj ; q BUoj Þ; ððci ; j; q CUij Þg. Dk CUi ðy0 Þ ¼ f CUij .
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
832 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 9, NO. 6, JUNE 2010
1. User i inputs his password pw0i , fingerprint B0 , voice E ðeÞ : D ðE ðeÞÞ ¼ e ¼ fðbi ; ui BUij ; q BUij Þ;
information Vi0 , and image information Ii0 on each ðbo ; ui BUoj ; q BUoj Þ; ðci ; j; q CUij Þg:
sensor of the mobile phone.
2. MDi generates hðpw0i Þ and biometric template hðBT 0 Þ.
11. AC computes and verifies through the following
Then, MDi verifies hðpw0i Þ ¼ hðpwi Þ, Vi0 ¼ Vi , Ii0 ¼ Ii .
hðpwi Þ, Vi , and Ii are the stored values in the mobile process: Bi ¼ hðbi Þ; Bo ¼ hðbo Þ; Ci ¼ hðci Þ þ hðBTi0 Þ
phone at enrollment time. We use a user’s password and LPi ðBi Þ ¼ BLi ; LPi ðBo Þ ¼ BLo ; LPi ðCi Þ ¼ CLi .
and audiovisual information including voice and This process is about whether a user has valid
image(face) for the authentication. authorization to access the level of database or not.
3. MDi randomly generates with the same size as Especially, if LPi ðCi Þ ¼ CLi , the user’s biometric
hash value’s output. This value is generated newly input is matched to the stored biometric template. It
can provide a user authentication too.
every session and should be different. It will be used
12. AC computes and verifies: i BPj ðui BUij Þ ¼ k BUij ,
as a session key and a masking value.
o BPj ðui BUoj Þ ¼ k BUoj . In this process, AC authen-
4. MDi computes
ticates the access authorization to B level informa-
tion and gets the encryption keys for the columns.
a ¼ Epkc ðtÞ; b ¼ hðpwi Þ0 ; c ¼ hðBTi0 Þ þ ; 13. If all verifications are successful, AC queries a
server with Ekcs fðBUij ; q BUij Þ; ðBUoj ; q BUoj Þ; ðCUij ;
and d ¼ hðtjbjcÞ. t is a time stamp and pkc is AC’s q CUij Þg. kcs is a secret key shared between AC and
public key. the server.
5. User i=MDi selects the columns that s/he wants to 14. Server S implements AC’s query and returns the
retrieve from one’s own and the other’s personal results to AC with the form of R or R0 :
databases. Where bi ; ci are values that a user i
received from AC to access one’s own B and C level R ¼ fgk BUij m BUij ; gk BUoj m BUoj ;
databases at the enrollment time. bo is a value that a Ek CUi ðm CUij Þg;
user i received to access other user o’s B level R0 ¼ fEk BUij ðf BUij Þ; Ek BUoj ðf BUoj Þ;
database at the enrollment time. BUij represents the Ek CUi ðf CUij Þg:
jth column of user i’s B level database and BUoj
represents the jth column of other user o’s B level R is the case that the results are messages with the
database. ui BUij ; ui BUoj are a user i’s access authen- size less than 1,024 bits. R0 is that the results are files.
tication values (Column Identifier) to the columns For example, m BUoj is a message or record and
BUij and BUoj . q BUij ; q BUij ; and q CUij are queries f BUoj is a file, which a user i wants to know in the
column BUoj .
to the columns BUij , BUoj , and CUij . Because C level
15. This step is the reencryption process to hide real
information can be decrypted only by the user
decryption keys. For the result R, AC computes:
oneself, all columns of C level table are encrypted
by the user’s C level encryption key k CUi . There- x ¼ g gk BUij
m BUij ; w ¼ ð þ k BUij Þ;
fore, C level information does not need “Column 0
v¼g g
m BUoj ; u ¼ ð 0 þ k BUoj Þ;
k BUoj
Identifier,” but it needs to represent which column
the user wants to retrieve. y ¼ Ek CUi ðm CUij Þ; p ¼ E ðXi Þ; s ¼ h ðyjxjwjvjujpÞ;
6. i=MDi sends a ¼ Epkc ðtÞ, b ¼ hðpwi Þ0 , c ¼ hðBTi0 Þ þ where w and u are the masked decryption keys by
, d ¼ hðtjbjcÞ, and random numbers and 0 . The real keys are k BUij
and k BUoj and the random numbers and 0 are
E fðbi ; ui BUij ; q BUij Þ; ðbo ; ui BUoj ; q BUoj Þ; generated newly every session. For R0 , at first, AC
ðci ; j; q CUij Þg decrypts the results:
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
PARK ET AL.: COMBINED AUTHENTICATION-BASED MULTILEVEL ACCESS CONTROL IN MOBILE APPLICATION FOR DAILYLIFESERVICE 833
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
834 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 9, NO. 6, JUNE 2010
we use a polynomial LP as a verification method. If the comparison and analysis on performance with other papers
verification is successful, the next column access is verified are inappropriate.
with the polynomial i BPj . Therefore, our scheme can We discuss the performance of our scheme with separate
control all accesses to the authorized level of database and seven parts as follows:
the authorized columns.
. Steps 1-5: These Steps are about a user authentica-
5.2.2 User Access Control tion to his/her mobile device and the generation of
According to different levels of databases, combined and querying information.
multilevel authentication methods are applied to our . Step 6: The user sends the information for authenti-
cation and queries to AC.
scheme CAMAC to retrieve what a user wants. All sensitive
. Steps 7-12: AC authenticates the user and his/her
informations are encrypted and the access is limited. Here,
authorization for the querying data.
users cannot know the contents of the columns if they do
. Steps 13 and 14: AC queries a server with the data
not have the access authorization. Under the condition that
which the user wants and the server implements
a user passes all the authentication processes, the user can
the queries.
obtain the valid decryption keys for the columns. . Step 15: AC masks decryption keys and reencrypts
5.2.3 Intractability of Decryption by a Server the results from the server with the masked
decryption keys.
Our scheme assumes that the server is untrustworthy and
. Step 16: The masked decryption keys and reen-
an inner attacker so that there is not any decryption process
crypted results are sent to the user.
in a server through whole protocols because the server . Steps 17 and 18: The user decrypts the results.
cannot know any decryption key. Where the server just
We implement only three parts, i.e., Steps 7-12, Step 15,
implements the queries that AC requests. Only AC knows
and Steps 17 and 18, which have relatively much influence
the decryption keys for B level information and only valid
on our performance. In fact, our whole performances are
users can decrypt the results that the server returns. C level
determined much more by environmental factors such as
information can be decrypted by the user oneself.
network stability and speed, mobile phone capability,
5.2.4 Unobservability server’s computing power other than our proposed scheme.
Steps 6, 13, and 16 are transferring phases through networks
Unobservability means that when a user uses a resource or
and Step 14 is implemented by a dailylifeservice provider’s
service, others cannot know the resource or service is being
server. The performance of these parts is influenced by
used. Attackers including outside attackers and an inner
other factors, not our proposed scheme. Furthermore, there
attacker can learn nothing about data by encrypting even is not any prior studies to be compared with our scheme
the transferring data. This is possible because the decryp- considering whole processes over authentication, access
tion process is allowed in only valid users’ mobile devices. control, retrieval, private key management, etc. Conse-
quently, respective analysis for each part seems to be quite
5.2.5 Unlinkability
proper for our scheme.
Unlinkability means that when resources and services are The actual performance of Steps 1-5 is up to mobile
used by someone, others cannot link these being used capability and the amount of data which a user wants to
together. However, our scheme cannot satisfy this property retrieve. Especially, biometric authentication process is
because we use a deterministic columnwise encryption much more influenced by the used methods (such as
method. In other words, the same contents within a column extraction method or matching algorithm) and embedded
have the same encrypted values so that attackers can know devices (sensor or matcher). We did not develop a new
that this is the same information even if they don’t know biometric authentication algorithm but can apply known
what it means. efficient biometric methods to our scheme. Hence, because
the performance of this part is more determined by
5.3 Performance
environmental factors other than by the schemes we
This paper deals with all technologies of the combined designed newly, this part is excluded from our experiment.
authentication, access control, and data retrieval. Current
and coming collaborative computing services such as 5.3.1 Steps 7-12
dailylifeservice of MyLifeBits project require diverse and Most of Steps 7-12 are consisted of our newly designed
complex networking technologies. However, there is a protocol in AC’s server, only except for the matching
research paucity. To the best of our knowledge, there is no process of fingerprint template. We experiment on this part
paper which deals with all of these areas comprehensively. with a personal computer with Intel Core Quad 2.83 GHz
As described in Section 2, all the previous works only processor and 4 GB RAM. We use Microsoft Visual Studio
handled one specific research area independently and do 2008 as Integrated Development Environment (IDE) and
not consider whole scope of these research concerns. OpenSSL cryptography modules for cryptographic opera-
The main purpose of our paper is not for the design of tions such as SHA-1(hash function), 128-bit-AES(symmetric
building block algorithms. It is true that the performance of encryption algorithm), and Elliptic Curve operation.
our scheme definitely depends on efficiency of the sub- The biometric template matching test is implemented by
ordinate algorithms. The algorithms can be selected accord- the equality test with a binary expression. The polynomial
ing to the organization’s policy. By these reasons, the LPi for access control to each level of database is three
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
PARK ET AL.: COMBINED AUTHENTICATION-BASED MULTILEVEL ACCESS CONTROL IN MOBILE APPLICATION FOR DAILYLIFESERVICE 835
TABLE 2 TABLE 4
The Performance of Steps 7-12 The Performance of Steps 15 and 17 and 18 for Files
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
836 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 9, NO. 6, JUNE 2010
to know the real decryption keys. If access authorization [8] G. Skinner, “Shield Privacy: A Conceptual Framework for
Information Privacy and Data Access Controls,” WSEAS Trans.
changes happen, AC only has to change the corresponding Computers, vol. 5, no. 6, pp. 1375-1384, 2006.
authentication polynomials and a server S does not need to do [9] G. Skinner, “The TLC-PP Framework for Delivering a Privacy
anything over the stored data. The disqualified users cannot Augmented Collaborative Environment (PACE),” Proc. Third Int’l
Conf. Collaborative Computing, Networking, Applications and Work-
access and cannot decrypt the columns any more because sharing, 2007.
the access authorization polynomial is changed and the [10] S. Garcia-Salicetti, C. Beumier, G. Chollet, B. Dorizzi, J. Jardins, J.
users do not know the real decryption keys. It means that Lunter, Y. Ni, and D. Petrovska-Delacretaz, “BIOMET—a Multi-
our scheme can guarantee the efficient and secure flexibility modal Person Authentication Database Including Face, Voice,
Fingerprint, Hand and Signature Modalities,” Audio- and Video-
to dynamic access authorization changes. Based Biometric Person Authentication, pp. 845-853, Springer, 2003.
[11] A.A. Ross, K. Nandakumar, and A.K. Jain, Handbook of Multi-
biometrics, first ed. Springer, 2006.
6 CONCLUSION [12] L. Hong and A. Jain, “Integrating Faces and Fingerprints for
Personal Identification,” IEEE Trans. Pattern Analysis and Machine
Converging technology with collaborative computing has Intelligence, vol. 20, no. 12, pp. 1295-1307, Dec. 1998.
been a central concern for the community of researchers [13] L. Hong, A. Jain, and S. Pankanti, “Can Multibiometrics Improve
and practitioners in network systems and its environments. Performance?” Proc. AutoID, pp. 59-64, 1999.
[14] P. Tikkanen, S. Puolitavial, and I. Kansala, “Capabilities of
In this kind of computing era, users also have been center of
Biometrics for Authentication in Wireless Device,” Audio- and
considerations in social computing development processes Video-Based Biometric Person Authentication, pp. 796-804, Springer,
because they are expanding their requirements to take 2003.
seamless collaborative supporting services in their life. [15] R. Riccia, G. Chollet, M.V. Crispino, S. Jassim, J. Koreman, M.
Olivar-Dimas, S. Garcia-Salicetti, and P. Soria-Rodriguez,
Although collaborative computing technologies have “SecurePhone: A Mobile Phone with Biometric Authentication
been rapidly developed and it has provided diverse social and e-signature Support for Dealing Secure Transactions on the
services to users, there are ongoing issues for users in safety Fly,” Proc. SPIE Symp. Mobile Multimedia/Image Processing for
Military and Security Applications, 2006.
and some scholars already have studied on security issues. [16] J. Koreman, A.C. Morris, D. Wu, S. Jassim, H. Sellahewa, J. Ehlers,
However, they only highlighted partly approaches with S. Garcia-Salicetti, B. Ly Van, L. Allano, G. Chollet, G. Aversano,
separate concentrations in applications and independent and H. Bredin, “Multi-Modal Biometric Authentication on the
SecurePhone PDA,” Proc. Multi-Modal User Authentication Work-
technologies for collaborative computing. Hence, there are shop (MMUA), 2006.
limitations and huge challenges to prevent higher risks for [17] L. Allano, A.C. Morris, H. Sellahewa, S. Garcia-Salicetti, J.
users’ security and privacy in collaborative computing Koreman, S. Jassim, B. Ly-Van, D. Wu, and B. Dorizzi, “Non
applications and technologies. Moreover, we believe that Intrusive Multi-Biometrics on a Mobile Device: A Comparison of
Fusion Techniques,” Proc. SPIE Conf. Biometric Techniques for
the identified problems and approaches between collabora- Human Identification III, 2006.
tive computing and security also should be managed as an [18] B. Gelbord and G. Roelofsen, “A Solution to Privacy Issues in the
integrated system. Use of Biometrics in PKI,” Proc. WAP2001, 2001.
[19] R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu, “Hippocratic
Databases,” Proc. 28th Int’l Conf. Very Large Databases (VLDB),
2002.
ACKNOWLEDGMENTS [20] J. Byun, E. Bertino, and N. Li, “Purpose-Based Access Control for
This work was supported by the IT R&D Program of MKE/ Privacy Protection in Relational Database Systems,” Technical
Report 2004-52, Purdue Univ., 2004.
IITA. (2009-F-056-01, Development of Security Technology
[21] J. Byun, E. Bertino, and N. Li, “Purpose Based Access Control of
for Car-Healthcare). This was also partly supported by the Complex Data for Privacy Protection,” Proc. 10th ACM Symp.
USN R&D Program of MKE/KEIT. (2009-67, 10033643, Access Control Models and Technologies, pp. 102-110, 2005.
Development of Core Technology based on USN for Safety [22] S. Sabah and A. Fedaghi, “Beyond Purpose-Based Privacy Access
Control,” Proc. 18th Australasian Database Conf. (ADC ’07), 2007.
Management of Industrial Fields). [23] H. Mun, K. Lee, and S. Lee, “Person-Wise Privacy Level Access
Control for Personal Information Directory Services,” Embedded
and Ubiquitous Computing, pp. 89-96, Springer, 2006.
REFERENCES [24] T. Ge and S. Zdonik, “Fast, Secure Encryption for Indexing in a
[1] A.P. McAfee, “Enterprise 2.0: The Dawn of Emergent Collabora- Column-Oriented DBMS,” Proc. 23rd Int’l Conf. Data Eng. (ICDE),
tion,” MIT Sloan Management Rev., vol. 47, no. 3, pp. 21-28, 2006. pp. 676-685, 2007.
[2] M. Klemettinen, “Enabling Technologies for Mobile Services,” The [25] G. Ozsoyoglu, D. Singer, and S. Chung, “Anti-Tamper Databases:
MobiLife Book, Wiley, 2007. Querying Encrypted Databases,” Proc. IFIP Conf. Database Security,
[3] J. Gemmell, G. Bell, and R. Lueder, “MyLifeBits: A Personal 2003.
Database for Everything,” Comm. ACM, vol. 49, no. 1, pp. 88-95, [26] P. Tuyls and J. Goseling, “Capacity and Examples of Template-
2006. Protecting Biometric Authentication Systems,” Biometric Authenti-
[4] L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke, “A cation, pp. 158-170, Springer, 2004.
Community Authorization Service for Group Collaboration,” Proc. [27] K. Delac and M. Grgic, “A Survey of Biometric Recognition
Third Int’l Workshop Policies for Distributed Systems and Networks, Method,” Proc. 46th Int’l Symp. Electronics in Marine (ELMAR ’04),
pp. 50-59, 2002. June 2004.
[5] D. Argarwal, M. Thompson, M. Perry, and M. Lorch, “A New [28] H. Bredin, A. Miguel, I.H. Witten, and G. Chollet, “Detecting
Security Model for Collaborative Environments,” Paper LBNL- Replay Attacks in Audiovisual Identity Verification,” Proc. Int’l
52894, Lawrence Berkeley Nat’l Laboratory, Univ. of California, Conf. Acoustics, Speech, and Signal Processing (ICASSP), 2006.
2003. [29] J. Koreman, A.C. Morris, D. Wu, S. Jassim, H. Sellahewa, J. Ehlers,
[6] A. Al Qayedi, W. Adi, A. Zahro, and A. Mabrouk, “Combined G. Chollet, and G. Aversano, “Multi-Modal Biometric Authentica-
Web/Mobile Authentication for Secure Web Access Control,” tion on the SecurePhone PDA,” Proc. Multi-Modal User Authentica-
Proc. Wireless Comm. and Networking Conf., vol. 2, pp. 677-681, 2004. tion Workshop (MMUA), 2006.
[7] L. Kagal, T. Finin, A. Joshi, and S. Greenspan, “Security and [30] M. Burmester, Y. Desmedt, R. Wright, and A. Yasinsac,
Privacy Challenges in Open and Dynamic Environments,” IEEE “Accountable Privacy,” Security Protocols, pp. 83-95, Springer,
Trans. Computers, vol. 39, no. 6, pp. 89-91, June 2006. 2006.
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
PARK ET AL.: COMBINED AUTHENTICATION-BASED MULTILEVEL ACCESS CONTROL IN MOBILE APPLICATION FOR DAILYLIFESERVICE 837
[31] M. Ouksel and O. Mayer, “The Nested Interpolation Based Grid Justin Zhan is a faculty member at Carnegie
File,” Proc. Symp. Mathematical Fundamentals of Database and Mellon University. His areas of expertise include
Knowledge Base Systems (MFDBS ’91), pp. 173-187, 1991. social computing, data privacy, and network
[32] http://www.tmotoday.com/forums/ground-zero/future- security. He is a founding steering chair of the
phones-and-rumors/upcoming-aws-smartphones-processing- IEEE International Conference on Social Com-
power, 2010. puting (SocialCom) and the IEEE International
[33] http://www.pharosgps.com/products/proddetail.asp?prod= Conference on Privacy, Security, Risk, and Trust
001_PTL137_8.00&cat=147, 2010. (PASSAT). He has served as a chair or a
committee member for international conferences
Hyun-A Park received the BS degree from the and workshops, and as an editorial board
Department of Mathematics at Korea University, member for journals. He is a fellow of the IEEE.
Seoul, in 2003, and the MS and PhD degrees in
information security from Korea University, Seoul, Dong Hoon Lee received the BS degree from
in 2005 and 2010, respectively. Currently, she is a the Department of Economics at Korea Univer-
researcher with the Eller College of Management sity, Seoul, in 1985, and the MS and PhD
at the University of Arizona. Her main research degrees in computer science from the University
interests include practical retrieval system on of Oklahoma, Norman, in 1988 and 1992,
encrypted database systems. She is interested in respectively. Currently, he is a professor and
database security, access control, privacy pre- the vice director of the Graduate School of
serving in data mining (PPDM), anonymous communication channel, Information Management and Security (GSIMS)
privacy enhancing technology (PET), and cryptographic protocols. at Korea University. Since 1993, he has been
with the Faculty of Computer Science and
Jong Wook Hong received the MS degrees in Information Security at Korea University. Since 2004, he has served
computer security from the University of Korea in as the president of Ubiquitous Information Security Organization, which
2007. He is a research scientist in the Depart- has been supported by BK21 Project in Korea. His research interests
ment Public and Original Technology Research include the design and analysis of cryptographic protocols in key
Center, Daegu Gyeongbuk Institute of Science agreement, encryption, signature, embedded device security, and
and Technology. His research interest includes privacy-enhancing technology (PET). He is a fellow of the IEEE.
mobile networking, specifically routing protocols,
network security, and advanced service support.
. For more information on this or any other computing topic,
please visit our Digital Library at www.computer.org/publications/dlib.
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.