824 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 9, NO.

6, JUNE 2010

Combined Authentication-Based
Multilevel Access Control in Mobile
Application for DailyLifeService
Hyun-A Park, Jong Wook Hong, Jae Hyun Park,
Justin Zhan, Fellow, IEEE, and Dong Hoon Lee, Fellow, IEEE

Abstract—In current computing environments, collaborative computing has been a central concern in Ubiquitous, Convergent, and
Social Computing. “MobiLife” and “MyLifeBits” are the leading projects for representing dailylifeservices and their systems require
complicate and collaborative network systems. The collaborative computing environments remain in high potential risks for users’
security and privacy because of diverse attack routes. In order to solve the problems, we design combined authentication and
multilevel access control, which deals with cryptographic methods in a personal database of “MyLifeBits” system. We propose a
scheme which is flexible in dynamic access authorization changes, secure against all the attacks from various routes, a minimum
round of protocol, privacy preserving access control, and multifunctional.

Index Terms—Combined authentication, multilevel access control, integrated security management dailylifeservice, MyLifeBits,
mobile phone, information classification, personal DB.

1 INTRODUCTION

W Elive in digital information-oriented societies. The

digitalized technologies are embedded in our social
life with diverse collaborative works, which need Ubiqui-
tous, Convergent, and Social Computing skills.
Ubiquitous Computing Technologies require that all of
the computers, computerized devices, and sensors are
connected through Internet or wireless/wired networks.
People can use invisibly embedded or incorporated
technologies within their own real life without any
limitations over time and space.
Convergence Computing is combined technology con-
cepts between Information Technology (IT) and other
technologies in which a single device can provide various
services without any restrictions with external devices or
networks. These days, “smartphone” as a convergent single
device has diverse functions and activities such as calling,
Internet surfing, game, banking, and so on.
. H.-A Park is with the Artificial Intelligence Lab, Eller College of
Management, The University of Arizona, 1130E Hellen St., MCCL 430,
Tucson, AZ 85712. E-mail: kokokzi@naver.com.
. J.W. Hong is with the Public and Original Technology Research Center,
Daegu Gyeongbuk Institute of Science & Technology (DGIST), Room 401,
4th Floor, Daegu Technopark Venture 1 Plant, 75 Gongdanbuk2gil,
Dalseo-gu, Daegu 704-230, Republic of Korea. E-mail: jwhong@dgist.ac.kr.
. J.H. Park is with the Department of Information Systems, Weatherhead
School of Management, Case Western Reserve University, Cleveland, OH
44106-7235. E-mail: jxp354@case.edu.
. J. Zhan is with Carnegie Mellon University, 5000 Forbes Avenue,
Pittsburgh, PA 15321. E-mail: justinzh@andrew.cmu.edu.
. D.H. Lee is with the Center for Information Security Technology (CIST),
Korea University, 1, 5-Ka, Anam-dong, Sungbuk-ku, Seoul 136-701,
Republic of Korea. E-mail: donghlee@korea.ac.kr.
Manuscript received 25 Nov. 2008; revised 21 July 2009; accepted 10 Sept.
2009; published online 4 Feb. 2010.
For information on obtaining reprints of this article, please send e-mail to:
tmc@computer.org, and reference IEEECS Log Number TMC-2008-11-0470.
Digital Object Identifier no. 10.1109/TMC.2010.30.
1536-1233/10/$26.00 ß 2010 IEEE
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
Social Computing supports computation by groups of
people for creating new social behaviors. Blogs, instant
messaging, social network services, wikis, online auctions,
reputation systems, and other instances are examples to
represent the concepts of social computing as social softwares
[1]. Although the history of “Social Software” is not so long, it
is relatively popular. According to Allen’s essay “Tracing the
Evolution of Social Software,” the main ideas of social
software have originated from “Memex vision” (Bush 1945).
It illustrates how a device makes it possible for individuals to
store all their books, records, and communications.
These kinds of collaborative technologies enable people
to realize their ideas by sharing or taking advantage of their
various resources through connected networks. Dailylife-
service is one of the most representative trends to show how
people achieve their ideal thoughts in reality by collabora-
tive computing technologies. We address “MobiLife” and
“MyLifeBits” projects focusing on dailylifeservice in mobile
applications. MyLifeBits and MobiLife projects have been
conducted to develop social facilities for communicating
knowledge, sharing items, and managing complex lifestyles
on the foundation of users’ incremental participation in
various social contexts. The users of dailylifeservice can
store all their daily events which can be collected by their
own mobile phone, for example, SMS, photos, call, movie,
e-commerce information, Web service log and usage
information, location information, documents, media, bat-
tery charge, personal schedule, and so on. The stored data
are transferred to each user’s personal database by Internet,
and then they are stored and managed as a personal history
with the passage of time. This service allows users to share
their data with other people or a certain service provider.
“MobiLife” is an integrated project with IST-FP6 “to
bring advances in mobile applications and services within
Published by the IEEE CS, CASS, ComSoc, IES, & SPS
PARK ET AL.: COMBINED AUTHENTICATION-BASED MULTILEVEL ACCESS CONTROL IN MOBILE APPLICATION FOR DAILYLIFESERVICE
the reach of users in their everyday life by innovating and
deploying new applications and services based on the
evolving capabilities of the 3G systems and beyond” [2].
“MyLifeBits” is a Microsoft’s research project to create a
“lifetime store of everything.” We take “MyLifeBits” system
as our application model and it will be dealt with in the next
section in detail.
The challenge of collaborative network technologies is
that the skills and knowledge of attackers become more
sophisticated as much as the rapid development of
collaborative network technologies. Various attack routes
in collaborative network systems may cause serious
problems of privacy infringement in data protection. Users
are always monitored and exposed when they are con-
nected to their network for 24 hours and store their events.
Especially, there are some potentials for privacy in the cases
of interdomain Web service usages or sharing their data
with others. Without the users’ consent, the stored data in
mobile phones or personal databases can be abused or
misused by unauthorized accesses or server managers.
Authentication and access control are very important
factors in the intricately networked systems to protect
users’ privacy and security.
Our application, DailyLifeService in MyLifeBits project,
is a converging technology including Information and
Communication Technologies (ICTs) and Biotechnology.
The DailyLifeService needs diverse integrated high tech-
nologies as well as collaborative network technologies.
These kinds of applications have high potential risks for
various attack routes and privacy infringements so that
these applications necessarily require Integrated Security
Management (ISM). However, most prior researchers have
narrowly focused on, independently or, respectively, their
own research concentrations in the issues of combined
authentication, multimodal biometrics, biometrics with
applications, security and privacy issues in certain environ-
ments, access control, secure retrieval, etc. Here, security
and privacy issues have not been considered for integrated
technologies or systems in prior researches.
In this paper, we seek to create applications including the
issues of collaborative computing in social and ubiquitous
networks for providing integrated various services with
safety. In order to do that, we first analyze anticipated
attack routes and countermeasures and then design a
combined authentication and multilevel access control
using cryptographic methods for secure information retrie-
val and sharing of DailyLifeService in mobile applications.
Finally, we achieve secure and privacy-preserving conver-
ging technologies.
Goal and contribution. The following are our goals in
designing a scheme, and simultaneously, our contributions:
. Privacy Preserving Converging Technology in
Collaborative Environments. Our application sce-
nario is based on “dailylifeservice” requiring many
collaborative works in a mobile phone. This applica-
tion may have potential risks about security and
privacy. In order to protect our system from these
risks, we use the combined authentication including
biometrics, PKI, USIM, and access control using
cryptographic methods. All data are classified into
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
825
three levels, A, B, and C, according to their
sensitivity. Except for A-level data, all data should
be encrypted, where decryption is allowed to
legitimate users passing their all authentication
processes. This makes it impossible for a server
manager or other attackers to misuse or abuse users’
information without their consent1 so that we can
achieve self-regulation of private information.
. Stronger Authentication for Multilevel Access
Control. We design our scheme by complementing
the weaknesses of each technology and combining the
authentication methods. Our scheme can provide
multilevel authentication. According to levels, the
classified data are stored in different databases as
different styles. Under different levels of database
tables, a valid user can access the authorized
attributes through the multiauthentication. These
ways of authentication processes are mutual so that
our scheme is secure against spoofing or masquer-
ading attack.
. Flexibility to Dynamic Access Authorization
Changes. Our scheme is efficient and secure against
the dynamic access authorization changes. This is
because users cannot know real encryption/decryp-
tion keys and AC only has to change access-
authorization-polynomials.
. Blinding. In every transfer time of biometric
template or secret keys, we use newly generated
random numbers. This blinding or masking method
does not allow an attacker to know or to guess real
contents correctly.
. Multifunctionality. Authentication and access con-
trol are necessary for most Web service sites as well
as dailylifeservice. Our main focus is authentication
and access control for data retrieval. Our scheme
covers other functions: session key sharing, private
key management of PKI, biometric management,
data sharing over an encrypted database, etc.
Therefore, our scheme can be applied to other
applications including authentication and access
control processes.
. Minimum Round Protocol and Minimum Storage
Biometric Information. All authentication processes
as well as mutual authentication, data sharing or
retrieval, and all of the other functions can be
accomplished in only one round. Biometric informa-
tion is stored only in the Authentication Client (AC,
a kind of TTP)’s database as biometric template.
2 PRELIMINARIES AND RELATED WORK
2.1 MyLifeBits
The “MyLifeBits” project that began in 2001 got an
inspiration from Bush (1945)’s Memex. “MyLifeBits” is a
system that deals with a personal lifetime store and it
considers every digital media and data including e-mail,
calendar events, documents, audio, and video. The entities
1. It means data protection of privacy, in other words, fair information
practices (FIPs). Privacy is the ability to control private information, which
is not to hide all information from all parties, but rather to have the ability to
disclose selected information to selected parties under certain circum-
stances, while preventing other disclosure [30].
826
Fig. 1. The MyLifeBits store and collection.
of “MyLifeBits” are made up of as “type-specific attributes
(columns)” in their personal DBs. For instance, a photo has
a date-taken and a location-taken (latitude/longitude
coordinates). MyLifeBits uses an SQL Server database to
store metadata [3].
Initially, “MyLifeBits” focused on capturing and storing
scanned and encoded archival materials such as articles,
books, music, photos, video, and all digital data. The system
evolved to store everything that could be captured includ-
ing Webpages, phone calls, meetings, room conversations
for every active screen or document, and all the photos that
SenseCam captures every day. The software platform for
research in 2006 includes real-time data collection, ad-
vanced SenseCams, and particular applications, such as
health and wellness [3].
Fig. 1 shows the store and collections of MyLifeBits
system.
2.2 Authentication Client Model
Our scheme has three main parties: a user/a mobile device
(i=MDi ), an AC, and a server (S). Because of theft problem
of mobile device, we regard a user and a mobile device as
one party after the successful authentication between a user
and a mobile device. We grant a client a special role of an
“Authentication Authorities” as a kind of Third Trust Party
(TTP) and it is called AC. The AC is located in front of the
log server of MyLifeBits system. It authenticates a legitimate
user and verifies the accessible authorization to data which
the user wants to retrieve. In order to achieve this, AC
manages all of the things related to authentication such as
enrollment of biometric information, personal information,
and generation of instances for authentication processes,
with powerful computational and storage abilities. In
biometric systems, since the presence of a trusted party
for registration affairs is necessary, it will not cause a heavy
burden for a client in extending its role to an authentication
authority AC.
All the data of each user are stored in the user’s personal
DB, which is managed by a server manager S of MyLifeBits
system. An AC knows secret keys so that it can decrypt the
data stored in personal DBs. The secret keys should not be
given to any administrator and it means that the server
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 9, NO. 6, JUNE 2010
Fig. 2. System configuration of CAMAC.
cannot decrypt any data. A server S only has to store all
data and implement AC’s queries.
Fig. 2 is our scheme, Combined Authentication-based
Multi-Level Access Control)’s frame structure.
2.3 Combined and Strong Authentication
Actions to enter a user’s identity and password are classical
procedures to identify themselves in computer systems.
When users create complicate passwords for security, they
have to record it somewhere because of their memory
limitation. On the contrary, simple passwords are vulner-
able to guessing or dictionary attacks.
It is generally known that PKI deployment is very
complex. Most problems result from the security and
complex management and distribution of a private key.
However, most methods based on private key management
were password-based in which passwords must be con-
sidered insecure because of the aforementioned reasons.
Another method to protect private keys is a relatively
secure hardware token such as a tamper-resistant smart card.
A smart card should have a PIN or associated pass phrase.
This can be another source of repudiation if cards are shared
or stolen and passwords are guessed, shared, or stolen.
In biometrics, there is not a couple of samples to be
perfectly identical because the samples are different in
extraction and presentation on every time. A biometric is
personal information, however, it is not a secret. Biometric
data might be easy to copy and to find out. The features of
biometric are inherent for individuals so that they cannot be
changed easily. What if the biometric features would be
compromised, unchangeable inherency would have also
problems with respect to verification.
As we describe above, all the traditional methods have
their disadvantages so that we change the way to use each
method and combine the techniques to accomplish much
stronger authentication in this paper. At first, we look over
the previous combined authentication studies that have
been conducted together with collaborative environment
research area.
Combined authentication. In 2002, Pearlman et al. [4]
developed a Community Authorization Service (CAS) to
keep track of its membership and fine-grained access control
policies, whose mechanisms for distributing administration
PARK ET AL.: COMBINED AUTHENTICATION-BASED MULTILEVEL ACCESS CONTROL IN MOBILE APPLICATION FOR DAILYLIFESERVICE
can provide scalablity and flexibility. Argarwal et al. [5]
proposed a model for trust establishment and management
in computer systems supporting collaborative work, not for
the human-to-human interactive computer software. The
model supports the dynamic addition of new users to a
collaboration with very little initial trust and supports the
incremental building of trust relationships. In [6], Al-Qayedi
et al. indicated the problems of the previous papers, a single
communication channel which is prone to eavesdropping
attacks. They proposed a new combined Web/Mobile
authentication system via two different communication
channels, which is relatively immune to eavesdropping
attacks. Kagal et al. [7] issued security and privacy methods
for data management in relation to authentication and
identification. Their issue caused information systems to
evolve into distributed systems that are open and dynamic.
In [8], [9], in order to preserve privacy in electronic
collaborative environments, Skinner developed a compre-
hensive multidimensional privacy protecting framework
Technical, Legal, and Community Privacy Protecting
(TLC-PP), and proposed an authentication framework
Combined Authentication Scheme Encapsulation (CASE)
methodology, which uniquely combines both traditional
and biometric authentication methods with an additional
novel audiovisual authentication method. This provides an
effective visual representation of the authentication and
information privacy hierarchies.
Mutimodal Biometrics. Garcia-Salicetti et al. [10] re-
corded the biometric database BIOMET with five different
modalities such as face, voice, fingerprint, hand, and
signature to study how different modalities can be com-
bined. The BIOMET multimodal database for person
authentication is described and the detailed acquisition
protocols of each modality are introduced. The book by Ross
et al. [11] introduces multibiometric systems, which are
expected to meet the stringent performance requirements
imposed by large-scale authentication systems. The system
outlines different fusion methodologies to integrate multiple
biometric traits: fusion at the feature extraction level/the
matching score level/the decision level. The advantages of
these systems over their unimodal counterparts are also
demonstrated. In [12], Hong and Jain indicated the problem
that face recognition is fast but not extremely reliable, while
fingerprint verification is reliable but inefficient in database
retrieval. They developed a biometric system integrating
faces and fingerprints, which overcomes the limitations of
face recognition systems as well as fingerprint verification
systems. Their experimental results show that the integrated
system operates with an admissible response time and False
Reject Rates (FRRs) of the integrated system on the test set
with different values of False Accept Rates (FARs) are much
less than face recognition systems and fingerprint verifica-
tion systems, respectively. For example, for 1 percent of
FAR, FRRs of face, fingerprint, and integration are 15.8, 3.9,
1.8 percent, respectively. Since it is not clear what mechan-
isms could be used to improve the performance, Hong et al.
formulated the problem of multiple biometrics integration
and examined about the improvement of performance from
integrating multiple biometrics in [13]. For two practical and
commonly used situations of multibiometric integration,
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
827
face and fingerprint, they demonstrate that integration of
multiple biometrics results in a consistent and significant
performance improvement.
In [14], Tikkanen et al. studied both biometric technology
and wireless setting-based constraints that determine the
feasibility and performance of the authentication feature.
They reviewed the most well-known biometric approaches
briefly and appraised their feasibility for wireless use by
presenting a number of quantitative and qualitative para-
meters for evaluation. [15], [16], [17] present an overview of
the SecurePhone project whose primary aim is to realize a
mobile phone prototype(SecurePhone). It enables users to
deal secure, dependable transactions over a mobile network
through biometrical authentication. Based on a commercial
PDA-phone supplemented with specific software modules
and a customized SIM card, the authors exploited a fused
combination of three different biometric methods: voice,
face, and handwritten signature verification. Their results
also showed that the fused combination of three different
biometric methods can lower the percentage of Equal Error
Rate (EER), FAR, FRR. Gelbord and Roelofsen [18] intro-
duced a technique for biometric identification to be used in
PKI applications. They considered that biometric techni-
ques have great potential for privacy issues in bridging the
gap between authentication and the end user in PKI
applications. By applying secret sharing to fingerprint
identification, they showed various benefits over traditional
fingerprint identification and it can be easily integrated into
existing PKI applications.
In this paper, we use four categories of authentication
methods: traditional, biometric, audiovisual, and Universal
Subscriber Identity Module (USIM). As traditional methods,
based on PKI, we use ID/password. As for biometric and
audiovisual methods, fingerprint, voice, and image are used.
2.4 Multilevel Access Control
In personal database of MyLifeBits system, we focus on
sharable data, which other users can retrieve, to preserve a
user’s privacy. On the encrypted data, our combined
authentication method allows that the only legitimate users
can decrypt what they want. This kind of privacy preserving
access control has been worked through various directions.
In 2002, Agrawal et al. published “A Hippocratic
Databases.” It uses privacy metadata, which consist of
privacy policies and privacy authorizations stored in two
tables. The policies and authorizations associate each
attribute with each user and the usage purpose(s) [19]. In
purpose-based access control by Byun et al. [20], [21], they
proposed an access control model for privacy protection
based on the notion of purpose. However, purpose
management introduces a great deal of complexity at the
access control level. In another aspect, Sabah and Fedaghi
[22] introduced an alternative privacy access control
mechanism that is not based on purpose. It defined the
intended purpose of personal information as a chain of acts
on this type of information. Mun et al. [23] provided
personwise access control mechanism for the personal
information directory system according to their policy. Ge
and Zdonik [24] and Ozsoyoglu et al. [25] described
attribute(column)wise access control by applying column-
level encryption methods to DBMS.
828
In this paper, we use a column-level encryption method
to the personal DB of MyLifeBits system for access control
and data protection.
3 ATTACK ROUTES AND COUNTERMEASURES
Our scheme uses the combined techniques in a collabora-
tive environment using a mobile phone, which has high
risks of various attack routes.
3.1 Biometric
A common biometric authentication is to capture the
biometric features of all users at the enrollment phase and
to store the generated templates in a reference database.
During the authentication phase, new measurements are
matched against the original template in the reference
database [26].
Biometric data are noisy. Because of variable presenta-
tion, a matching test is inexact and inaccurate. The ability of
authentication depends on technologies such as False
Acceptance Rate (FAR) or False Rejection Rate (FRR).
The fact that biometric templates are stored in a database
can cause a number of security and privacy risks. One of the
most serious problems is impersonation. An attacker steals
templates in a database and constructs artificial biometrics
that pass authentication. It can make the exposure of
sensitive personal information much easier.
The using frequency of a biometric has influence on its
security. The more frequently a biometric is used, the less
secure it is. This is because people may leave fingerprints
anywhere, and iris images may be captured by a hidden
camera, so that biometrics can be found and copied easily.
Biometric features are inherent and unique, and it means
that they cannot be changed. The unchanging biometric
features are hard to be updated, reissued, or destroyed when
the biometric is compromised. Therefore, once compro-
mised, it may cause some problems as well as verification.
Countermeasure. A multimodal system such as a
combination of fingerprint verification, face recognition,
voice verification, and SIM card, or any other combination
of biometrics can be a countermeasure to take advantage of
the proficiency of each individual biometric and can be
used to overcome some of the limitations of a single
biometric. For instance, it is estimated that 5 percent of the
population does not have legible fingerprints, a voice could
be altered by a cold, and face recognition systems are
susceptible to changes in ambient light and the pose of the
subject’s head. A multimodal system, which combines the
conclusions made by a number of unrelated biometrics
indicators, can overcome many of these restrictions [26]. As
we mentioned in Section 2, the FRR of the integrated system
on the test set with different values of FAR can be much less
than face recognition systems and fingerprint verification
systems, respectively [13].
As the solution to protect biometric templates stored in
database, we hash and encrypt biometric templates and
then store them only in AC’s server(minimum storage). As
for the transferring biometric template, we blind it using a
newly generated random number.
The copied or imposture scenario could be avoided if it
were feasible to implement the liveness test proposed in
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 9, NO. 6, JUNE 2010
[28] in which a check is made on the degree of correlation
between mouth opening and speech energy [29].
3.2 Mobile Device
Mobile devices, exactly mobile phone in our scheme, are
portable and relatively small. If they get lost or stolen, they
can be easily found by others and misused. These captured
devices can present “false biometric” such as fake finger
and latent images. Furthermore, some data or processes can
be modified and attacked by guessing a password.
Computational powers and storages are also restricted.
This weakness makes it vulnerable to Denial of Service
(DoS) attack and malware such as worms and viruses on
wireless devices because it could be hard to deploy
enterprise-wide antivirus software on all wireless clients
and a network-based intrusion detection system (NIDS) on
the wireless network.
Countermeasure. If somebody wants to protect their
own personal stored data in a mobile phone when they get
lost or stolen, the mobile phone could have been blocked
and files, messages, and contacts would have been deleted
remotely. Our solutions for the theft problems are encryp-
tion and strong authentication. Currently, some products
such as “Kaspersky Mobile Security 8.0” provide reliable
antivirus and antimalware protection as well as the theft
solutions2 for smartphone. However, these problems are a
little out of the scopes of this paper so that we do not deal
with them precisely.
3.3 Network and Communication Channel
Our system consists of two types of communication
channels, wired channels and wireless channels. Wireless
channels cover from a user/mobile device to AC and wired
channels cover from AC to a server. The transferring data
can be intercepted, eavesdropped, modified, or inserted by
an attacker and lost by an unstable network condition. The
intercepted data can cause “Session Hijacking” known as
“man in the middle,” “replay,” or “reflection” attack.
Malicious clients can pretend to be legitimate end points
and malicious access points can trick clients into logging in.
Wireless access points are easy to install. As a result, many
individuals within companies have taken it upon them-
selves to set up an authorized access point, without
informing the network administrator. Typically, these
access points are not protected, which means that they
can be used by an attacker just as they can be a valid user.
Rogue access points can also be used to lure valid users
away from their corporate network. If an attacker can set up
an access point with a stronger signal than the valid one, the
target’s computer automatically connects to the attackers’
access point. This style of abuse is difficult to prevent since
many systems will adjust connection details (type of
2.  SMS Block—In the event of loss, you can send a “hidden SMS
message” to block access to your smartphone until a preset password is
entered.
 SMS Clean—Similar to SMS Block, this will completely clean out your
smartphone’s memory and memory cards.
 SIM Watch—If your phone is stolen, the new owner will most likely
replace the original SIM card. The SIM Watch will prevent the thief from
accessing your data without the original SIM card in the device. If the
original SIM card is replaced with a new one, SIM Watch automatically
sends to you the new telephone number of the device without the thief’s
knowledge.
PARK ET AL.: COMBINED AUTHENTICATION-BASED MULTILEVEL ACCESS CONTROL IN MOBILE APPLICATION FOR DAILYLIFESERVICE
encryption, channel, etc.) without any interaction from the
user. Hence, mutual authentication should be necessary to
solve this problem.
The attack through network such as worms and viruses
is also one the of serious security vulnerabilities. Such
attacks can intrude a server’s database, users’ mobile
devices, and even AC’s biometric reference database.
Countermeasure. As for secure communication channel,
we can use SSL, TLS, and message authentication code
(MAC) method. Mutual authentication, time stamp, and
strong authentication are used in this paper to prevent
replay, reflection, and masquerading attacks. To prevent the
attacks from network, VPN, IDS, antivirus software
program, Trust Platform Module (TPM) chip,3 and Access
control can be used.
3.4 Database
All daily events including sensitive information related to
users’ privacy are stored in each user’s personal DB in
MyLifeBits server, whereby we can anticipate illegal data
access, revealing of users’ personal information, virus or
worm intrusion, and other various attacks. As for preven-
tion, we should consider two aspects, system level of
security and data level of security.
Countermeasure. An antivirus software system, VPN,
intrusion detection system (IDS) can be applied as a system
level of security. We use cryptographic methods like
encryption or hashing as a data level of security. Our security
model assumes that our system should be secure against both
of the inside attacker such as a server manager and outside
attacker. This is because there have been some accidents that
users’ information is leaked by a server manager.
4 CONSTRUCTION OF COMBINED
AUTHENTICATION-BASED MULTILEVEL ACCESS
CONTROL (CAMAC)
4.1 Notation
. g: generator of a group G (of order q).
. E=D: encryption/decryption algorithm.
. h: collision resistant hash function: f0; 1g ! f0; 1gk ,
where k is a security parameter.
. j: concatenation.
. i=MDi : a user i and the mobile device.
. pwi : a user i’s stored password.
. Vi : a user i’s stored voice information.
. Ii : a user i’s stored image information.
. BTi : a user i’s stored bio template.
. B0i : a user i’s bio information input on a sensor.
. pw0i : a user i’s input password.
. Vi0 : a user i’s input voice information.
. Ii0 : a user i’s input image information
. BTi0 : a user i’s newly generated bio template by B0i .
. AUij : the jth column of A level database for a user i.
. BUij : the jth column of B level database for a user i.
. CUij : the jth column of C level database for a user i.
. BUoj : the jth column of B level database for a user o.
3. A kind of microchip embedded in devices for hardware integrity and
security.
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
829
TABLE 1
The Classification of Information Level
. m BUij : a result(message) of the jth column of
B level database for a user i.
. f BUij : a result(file) of the jth column of B level
database for a user i.
. k BUij : an encryption/decryption key of the
jth column of B level database for a user i.
. q BUij : a query of the jth column of B level database
for a user i.
. Xi : a special key for encryption of a user i’s private
key in a mobile device.
. ski =pki : a user i’s private key and public key.
. kc : AC’s symmetric secret key.
. kcs : a shared secret key between AC and a server.
. Ai /Bi /Ci : “Database Level Identifier”s for a user i to
access A/B/C level information.
. bi /ci : These values are given to a user i to generate
“Database Level Identifier” Bi =Ci .
. LPi : a polynomial for access control to each level of
database table for a user i.
. ALi /BLi /CLi : verification values for access to the
A=B=C level of database table.
. un BUij : a “Column Identifier” of a user n for the
jth column of a user i’s B level information.
. i BPj : a polynomial for access control to the column
j of a user i’s B level information.
4.2 System Setup
4.2.1 Information Classification and Multilevel Database
All of the data to be stored in a personal DB are classified into
three categories according to their sensitivity (see Table 1).
This classifying standard is determined by a user with his or
her subjective standard. Users can set up their routine daily
life information with the fixed levels in advance when they
enroll in dailylifeservice system, while other information is
optional. Users can determine the level of data when they
store with pop-up message. It is associated with self-
regulation of privacy [30]. In this way, users can control
their own information by themselves.
A level is public information so that anyone can access
and share the information.
B level is not public but sharable information so that this
level of information requires to be encrypted with distinctive
encryption keys for each column. Encryptions are imple-
mented in each user’s mobile phone and then the encrypted
data are transferred to AC. Decryption should be done only
in valid users’ mobile device. In order to share this level of
830
information, the keys need to be managed by AC because
valid users’ access authorization can be changed dynami-
cally. Other users’ access authorization to B level informa-
tion is determined through negotiations between users or
obtained in the enrollment(registration) time.
C level information is high-sensitive information and the
owner does not share this information with anyone. Thus,
all C level informations are encrypted by the user’s secret
key in his/her mobile phone and the information should
not be revealed to anyone, even AC as well. It only has to be
decrypted by the user oneself and it does not need the
reencryption process to mask the real encryption keys such
as in 2nd Encryption of B level.
Each level of information is stored in the corresponding
database table.
4.2.2 Encryption/Decryption Algorithm
The encryption and decryption algorithms for B and C level
information are as follows in our scheme:
[Encryption Algorithm]
1) B level
 1st Encryption: gk BUij  m BUij
or Ek BUij ðf BUij Þ;
 2nd Encryption: CBUij ¼ g  gk BUij  m BUij
¼ gðk BUij þÞ  m BUij
0
or CBUij ¼ E ðf BUij Þ.
2) C level
 Ek CUi ðm CUij Þ
or Ek CUi ðf CUij Þ.
[Decryption Algorithm]
1) B level: CBUij  gðk BUij þÞ ¼ m BUij
or D ðCBU0
Þ ¼ f BUij .
ij
2) C level: Dk CUi ðEk CUi ðm CUij ÞÞ ¼ m CUij
or Dk CUi ðEk CUi ðf CUij ÞÞ ¼ f CUij .
In B level, the 1st encryption is a storage form and 2nd
encryption is a reencryption process by AC to mask the real
keys. A short message is denoted by m BUij and f BUij is a
file, which are encrypted differently. A short message
m BUij is encrypted with ElGamal style of encryption
method (not the public-key-based encryption but actually
symmetric key) and the symmetric encryption algorithm
such as AES is applied to a file f BUij .  and  are newly
generated random numbers every query time.
4.3 Enrollment and Generation of Authentication
Information
All users who use Web services as well as dailylifeservice
have to register on AC and they produce biometric
information, ID, password, a special key(Xi ). The special
key Xi encrypts a user’s private key and C level of
encryption key, and all of the information related to
authentication. The private key of PKI is stored in mobile
database in this way of EXi ðski Þ. The encryption key for C
level information, k CUi , is encrypted with a user’s public
key like this: Epki ðk CUi Þ.
AC associates Xi with International Mobile Equipment
Identity (IMEI) of USIM in a user i’s mobile phone and stores
them(Xi and its IMEI) for each user. For authentication of a
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 9, NO. 6, JUNE 2010
user oneself and access authorization, AC makes authentica-
tion polynomials for each user.
4.3.1 Polynomial for Multilevel Database Access Control
In order to provide a user with his or her privilege to access
each level of the database table, AC generates a polynomial
LPi for user i’s access control and each level of verification
values, ALi , BLi , CLi :
LPi ¼ ri1 þ ðx  Ai Þ  fri2 þ ðx  Bi Þðri3 þ ðx  Ci ÞÞg;
ALi ¼ LPi ðAi Þ ¼ ri1 ;
BLi ¼ LPi ðBi Þ ¼ ri1 þ ri2 ðBi  Ai Þ;
CLi ¼ LPi ðCi Þ ¼ ri1 þ ri2 ðCi  Ai Þ þ ri3 ðCi  Bi ÞðCi  Ai Þ;
Ai ¼ hðpwi Þ; Bi ¼ hðbi Þ; Ci ¼ hðci Þ þ hðBTi Þ;
where LPi is a kind of nested interpolation [31] and ri1 , ri2 ,
and ri3 are random numbers. bi and ci are the values that user i
is given from AC for access authentication for B and C level
information. We call Ai ; Bi ; Ci as “Database Level Identi-
fiers,” which means an accessible level for database of a user i.
4.3.2 Polynomial for Column-Level Access Control over
Sharable Database
For user i, AC generates polynomials i BPj for the
jth column access authentication of B level information:
i BPj ¼ ri ðx  u1 BUij Þðx  u2 BUij Þ    ðx  ul BUij Þ
þ k BUij :
fun BUij g are a user n’s authentication values to access the
jth column of B level database of a user i, where i, j, and n
are positive integers. We call these “Attribute Identifiers.” ri
is a random number for a user i. The polynomials i BPj are
l-degree polynomials (l < n, n is the total number of users).
i BPj verifies the set of users who can access to a user i’s
jth column of B level information. For retrieving some
information from other users’ personal database, each
user n should store “Column Identifiers,” un BUij , in one’s
own mobile database. The jth column of B level database
for user i is encrypted with k BUij . AC should keep these
polynomials i BPj in its database.
4.3.3 Storage of Information
All of the generated information should be stored in a user’s
mobile database or AC’s database.
. Mobile Device (user i’s mobile device MDi )
- Database:
 hðpwi Þ; Vi ; Ii ;
 ai ; bi ; ci ; ui BUij ; ui BUoj , where o 6¼ i;
 EXi ðski Þ; Epki ðk CUi Þ;
- IMEI of USIM.
. AC’s Database:
- For a user i
 ijIMEIi ; Ekc ðhðpwi Þ; hðBTi Þ; Xi Þ;
 LPi ¼ ri1 þ ðx  Ai Þ
fri2 þ ðx  Bi Þðri3 þ ðx  Ci ÞÞg;
PARK ET AL.: COMBINED AUTHENTICATION-BASED MULTILEVEL ACCESS CONTROL IN MOBILE APPLICATION FOR DAILYLIFESERVICE 831

 ALi ¼ LPi ðAi Þ ¼ ri1 ; 11. Compute and verify:

 BLi ¼ LPi ðBi Þ ¼ ri1 þ ri2 ðBi  Ai Þ;
 CLi ¼ LPi ðCi Þ
¼ ri1 þ ri2 ðCi  Ai Þ þ ri3 ðCi  Bi ÞðCi  Ai Þ;
 i BPj ¼ ri ðx  u1 BUij Þðx  u2 BUij Þ
   ðx  ul BUij Þ þ k BUij .
Bi ¼ hðbi Þ; Bo ¼ hðbo Þ; Ci ¼ hðci Þ þ hðBTi0 Þ,
LPi ðBi Þ ¼ BLi ; LPi ðBo Þ ¼ BLo ; LPi ðCi Þ ¼ CLi .
12. Compute and Verify:
i BPj ðui BUij Þ ¼ k BUij , o BPj ðui BUoj Þ ¼ k BUoj .

4.4 Protocol [AC ! Servers]

4.4.1 Whole Protocol 13. If all verifications are successful, AC queries the
We take an example to illustrate the whole procedure. A following to a server:
user i tries to retrieve each jth column of B and C level Ekcs fðBUij ; q BUij Þ; ðBUoj ; q BUoj Þ; ðCUij ; q CUij Þg.
information from his own personal DB and other user o’s B
level database in o’s personal DB. The mobile phone for [Servers ! AC]
dailylifeservice should have biometric sensors and a feature 14. Receive the results R or R0 from a server:
extraction unit for biometric information input and template R ¼ fgk BUij  m BUij ; gk BUoj  m BUoj ; Ek CUi ðm CUij Þg,
generation. At first, a user i inputs one’s password pw0i and R0 ¼ fEk BUij ðf BUij Þ; Ek BUoj ðf BUoj Þ; Ek CUi ðf CUij Þg.
biometric information(fingerprint) B0i , voice information Vi0 ,
image information(face) Ii0 on each sensor, where we use a [AC]
fingerprint as biometric information. After authentication of 15. Compute(reencryption):
the user oneself, MDi generates a biometric template and
x ¼ g  gk BUij  m BUij ,
time stamp, and masks the biometric template and pass-
w ¼ ð þ k BUij Þ,
word with a new generated random number . This 0

information and column identifiers that a user wants to v ¼ g  gk BUoj  m BUoj ,

retrieve are sent to AC. After authenticating a user and u ¼ ð 0 þ k BUoj Þ,
access authorization to the valid level of database and y ¼ Ek CUi ðm CUij Þ,
columns, AC queries a server S with the columns that a user p ¼ E ðXi Þ,
wants. Receiving the results from the server, AC blinds the s ¼ h ðyjxjwjvjujpÞ.
decryption keys and reencrypts the results with the masked
keys, and then sends the results, the blinded keys, and a Or 150 . Compute(decryption and reencryption):
special key Xi to MDi . With the special key Xi , a user Dk BUij ðEk BUij ðf BUij ÞÞ ¼ f BUij ,
decrypts one’s private key ski and the level C’s decryption Dk BUoj ðEk BUoj ðf BUoj ÞÞ ¼ f BUoj ,
key k CUi . Finally, a user can decrypt all the columns that he x0 ¼ E ðf BUij Þ,
wants. The following show the whole flows of CAMAC: v0 ¼ E ðf BUoj Þ,
[Useri ! MDi ] y0 ¼ Ek CUi ðf CUij Þ,
1. Input: pw0i ; B0i ; Vi0 ; Ii0 . p ¼ E ðXi Þ,
s0 ¼ h ðy0 jx0 jv0 jpÞ.
[MDi ]
2. Generate: hðpwi Þ0 ; hðBTi0 Þ. [AC ! i=MDi ]
Verify: hðpw0i Þ ¼ hðpwi Þ, Vi0 ¼ Vi , Ii0 ¼ Ii . 16. Send: y, (x,w), (v,u), p, s.
3. Generate  randomly. Or 160 . Send: y0 , x0 , v0 , p, s0 .
4. Compute:
a ¼ Epkc ðtÞ, [i=MDi ]
b ¼ hðpwi Þ0 , 17. Check integrity: h ðyjxjwjvjujpÞ ¼ s.
c ¼ hðBTi0 Þ þ , Or 170 . Check integrity: h ðy0 jx0 jv0 jpÞ ¼ s0 .
d ¼ hðtjbjcÞ.
5. Select columns:
18. Decrypt:
e ¼ fðbi ; ui BUij ; q BUij Þ; ðbo ; ui BUoj ; q BUoj Þ; ðci ; j; q CUij Þg.
D ðpÞ ¼ Xi ,
DXi ðEXi ðski ÞÞ ¼ ski ,
[i=MDi ! AC]
Dski ðEpki ðk CUi ÞÞ ¼ k CUi ,
6. Send: a; b; c; d; E ðeÞ.

[AC] x  gw ¼ m BUij ,
7. Check IMEI and TTL(Time to Live) and Integrity: v  gu ¼ m BUoj ,
d ¼ hðtjbjcÞ. Dk CUi ðyÞ ¼ m CUij ,
8. Decrypt: Ekc ðhðpwi Þ; hðBTi Þ; Xi Þ.
9. Compute: hðpwb
¼ , c   ¼ hðBTi0 Þ. Or
iÞ
D ðx0 Þ ¼ f BUij ,
10. Decrypt E ðeÞ: D ðE ðeÞÞ ¼ D ðv0 Þ ¼ f BUoj ,
fðbi ; ui BUij ; q BUij Þ; ðbo ; ui BUoj ; q BUoj Þ; ððci ; j; q CUij Þg. Dk CUi ðy0 Þ ¼ f CUij .

Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
832
4.4.2 Detailed Process of CAMAC
1. User i inputs his password pw0i , fingerprint B0 , voice
information Vi0 , and image information Ii0 on each
sensor of the mobile phone.
2. MDi generates hðpw0i Þ and biometric template hðBT 0 Þ.
Then, MDi verifies hðpw0i Þ ¼ hðpwi Þ, Vi0 ¼ Vi , Ii0 ¼ Ii .
hðpwi Þ, Vi , and Ii are the stored values in the mobile
phone at enrollment time. We use a user’s password
and audiovisual information including voice and
image(face) for the authentication.
3. MDi randomly generates  with the same size as
hash value’s output. This value  is generated newly
every session and should be different. It will be used
as a session key and a masking value.
4. MDi computes
a ¼ Epkc ðtÞ; b ¼ hðpwi Þ0 ; c ¼ hðBTi0 Þ þ ;
and d ¼ hðtjbjcÞ. t is a time stamp and pkc is AC’s
public key.
5. User i=MDi selects the columns that s/he wants to
retrieve from one’s own and the other’s personal
databases. Where bi ; ci are values that a user i
received from AC to access one’s own B and C level
databases at the enrollment time. bo is a value that a
user i received to access other user o’s B level
database at the enrollment time. BUij represents the
jth column of user i’s B level database and BUoj
represents the jth column of other user o’s B level
database. ui BUij ; ui BUoj are a user i’s access authen-
tication values (Column Identifier) to the columns
BUij and BUoj . q BUij ; q BUij ; and q CUij are queries
to the columns BUij , BUoj , and CUij . Because C level
information can be decrypted only by the user
oneself, all columns of C level table are encrypted
by the user’s C level encryption key k CUi . There-
fore, C level information does not need “Column
Identifier,” but it needs to represent which column
the user wants to retrieve.
6. i=MDi sends a ¼ Epkc ðtÞ, b ¼ hðpwi Þ0 , c ¼ hðBTi0 Þ þ
, d ¼ hðtjbjcÞ, and
E fðbi ; ui BUij ; q BUij Þ; ðbo ; ui BUoj ; q BUoj Þ;
ðci ; j; q CUij Þg
to AC.
7. AC authenticates a user i=MDi with IMEI in USIM.
Receiving the data, AC decrypts a ¼ Epkc ðtÞ with his
private key skc and checks t 2 T T LðT ime to LiveÞ
and hðtjbjcÞ ¼ d.
8. If all verifications are successful, AC decrypts the
corresponding user i’s information Ekc ðhðpwi Þ;
hðBTi Þ; Xi Þ, which is stored in AC’s database. kc is
an AC’s secret key.
b
9. AC computes hðpw iÞ
¼ , where hðpwi Þ is the decrypted
value in point 8. As long as hðpwi Þ ¼ hðpwi Þ0 , AC can
compute correct . With this , AC can get hðBT 0 Þ by
computing c   ¼ hðBT 0 Þ.
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 9, NO. 6, JUNE 2010
10. Again, with this , AC decrypts
E ðeÞ : D ðE ðeÞÞ ¼ e ¼ fðbi ; ui BUij ; q BUij Þ;
ðbo ; ui BUoj ; q BUoj Þ; ðci ; j; q CUij Þg:
11. AC computes and verifies through the following
process: Bi ¼ hðbi Þ; Bo ¼ hðbo Þ; Ci ¼ hðci Þ þ hðBTi0 Þ
and LPi ðBi Þ ¼ BLi ; LPi ðBo Þ ¼ BLo ; LPi ðCi Þ ¼ CLi .
This process is about whether a user has valid
authorization to access the level of database or not.
Especially, if LPi ðCi Þ ¼ CLi , the user’s biometric
input is matched to the stored biometric template. It
can provide a user authentication too.
12. AC computes and verifies: i BPj ðui BUij Þ ¼ k BUij ,
o BPj ðui BUoj Þ ¼ k BUoj . In this process, AC authen-
ticates the access authorization to B level informa-
tion and gets the encryption keys for the columns.
13. If all verifications are successful, AC queries a
server with Ekcs fðBUij ; q BUij Þ; ðBUoj ; q BUoj Þ; ðCUij ;
q CUij Þg. kcs is a secret key shared between AC and
the server.
14. Server S implements AC’s query and returns the
results to AC with the form of R or R0 :
R ¼ fgk BUij  m BUij ; gk BUoj  m BUoj ;
Ek CUi ðm CUij Þg;
R0 ¼ fEk BUij ðf BUij Þ; Ek BUoj ðf BUoj Þ;
Ek CUi ðf CUij Þg:
R is the case that the results are messages with the
size less than 1,024 bits. R0 is that the results are files.
For example, m BUoj is a message or record and
f BUoj is a file, which a user i wants to know in the
column BUoj .
15. This step is the reencryption process to hide real
decryption keys. For the result R, AC computes:
x ¼ g  gk BUij
 m BUij ; w ¼ ð þ k BUij Þ;
0
v¼g g
 m BUoj ; u ¼ ð 0 þ k BUoj Þ;
k BUoj
y ¼ Ek CUi ðm CUij Þ; p ¼ E ðXi Þ; s ¼ h ðyjxjwjvjujpÞ;
where w and u are the masked decryption keys by
random numbers  and  0 . The real keys are k BUij
and k BUoj and the random numbers  and  0 are
generated newly every session. For R0 , at first, AC
decrypts the results:
Dk BUij ðEk BUij ðf BUij ÞÞ ¼ f BUij ;
Dk BUoj ðEk BUoj ðf BUoj ÞÞ ¼ f BUoj :
Then, AC reencrypts the result with the session
key , which is randomly generated in Step 3:
x0 ¼ E ðf BUij Þ; v0 ¼ E ðf BUoj Þ;
y0 ¼ Ek CUi ðf CUij Þ; p ¼ E ðXi Þ; s0 ¼ h ðy0 jx0 jv0 jpÞ:
16. AC sends the computed values fy; ðx; wÞ; ðv; uÞ; p; sg
or fy0 ; x0 ; v0 ; p; s0 g to i=MDi .
17. i=MDi checks the integrity: h ðyjxjwjvjujpÞ ¼ s or
h ðy0 jx0 jv0 jpÞ ¼ s0 . This process can provide mutual
authentication between a user i/MDi and AC as
PARK ET AL.: COMBINED AUTHENTICATION-BASED MULTILEVEL ACCESS CONTROL IN MOBILE APPLICATION FOR DAILYLIFESERVICE
well as integrity. The reason for this will be
explained in the next section.
18. i=MDi decrypts: D ðpÞ ¼ Xi , DXi ðEXi ðski ÞÞ ¼ ski .
ski is the user i’s private key, which is encrypted
with the special key Xi in i’s mobile device. Then, he
obtains C level decryption key k CUi through the
computation Dski ðEpki ðk CUi ÞÞ ¼ k CUi . Finally,
user i can obtain what he wants like this:
x  gw ¼ m BUij ; v  gu ¼ m BUoj ;
Dk CUi ðyÞ ¼ m CUij or D ðx0 Þ ¼ f BUij ;
D ðv0 Þ ¼ f BUoj ; Dk CUi ðy0 Þ ¼ f CUij :
5 ANALYSIS AND DISCUSSION
5.1 Protocol Security
The following is the security requirements under the
collaborative environments application. We show that our
scheme can satisfy the below properties.
5.1.1 Mutual Authentication
An attacker may try to pretend to be a valid user to access
unauthorized data or masquerade as a server to extract
users’ information. This property is against spoofing attack.
The authentication between a user and the mobile device
can be accomplished through verifying hðpw0i Þ ¼ hðpwi Þ,
Vi0 ¼ Vi , and Ii0 ¼ Ii . If AC’s verification of LPi ðCi Þ ¼ CLi ,
where Ci ¼ hðci Þ þ hðBTi0 Þ in Step 11, would be successful,
it means that the real authentication for a user and the
mobile device is completed.
The authentication between AC and a user/a mobile
device is done in Steps 8-12. The fact that AC can obtain their
session key  in Step 9 and encrypt some data with the
session key  means that a AC and a user i=MDi are the real
AC and the user i=MDi . This is because it is only possible as
long as the AC can decrypt this value Ekc ðhðpwi Þ; hðBTi Þ; Xi Þ,
then can obtain hðpwi Þ, and finally can obtain . In addition,
the mutual authentication between AC and a user/a mobile
device is also possible with USIM.
Between AC and a server S, their shared secret key kcs
can authenticate each other as well as communicate
securely by encrypting the transferring data with kcs . In
our scheme, there is no authentication process from a user/
the mobile device to a server. But this process is useless in
our scheme because AC deals with everything instead of
the user, once AC authenticates the user.
From a server to a user/the mobile device, if a user/
mobile device can obtain meaningful results from the last
process, a server is the real server what a user/mobile
device wants to access.
5.1.2 Multiauthentication
Our scheme has various authentication processes: first,
mutual authentication between entities, then the accesses to
the different level of database and columns. For each
authentication process, some combined authentication meth-
ods such as password, biometric, audiovisual, USIM, PKI,
and polynomial interpolations are applied by one round
protocol. If one of these authentication processes would fail,
the protocol would be aborted. Multilevel and combined
authentications can guarantee a high level of security.
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
833
5.1.3 Confidentiality
The A level information is not sensitive, which can be
disclosed in public. Except for this A level information, all
stored data and transferring instances are encrypted in our
scheme. Especially, the blinding method with random
numbers can hide real values. Every session, a user
generates the random number  for the use as a session
key and for the transfer of a biometric template hðBTi0 Þ. AC
generates random numbers  and  0 for decryption keys.
This makes it impossible for a user to correctly guess the
original decryption key and biometric template. Especially,
C level information can be decrypted only by the user
oneself. Even AC cannot know this information.
5.1.4 Integrity
By the attacks through communication channels or net-
works, stored and transferring data may be modified or
lost. To check the integrity, we have verification processes
in Steps 7 and 17. In addition, to keep the whole system’s
function available, we can use the Trusted Platform Module
(TPM) chip, which can be used to authenticate availability
of hardware devices and software.
5.1.5 Intractability of Replay or Reflection
In a wireless environment, it is easy for an attacker to
capture data. If an attacker tries to make a replay or
reflection attack, our system should detect the attack or
make an attacker fail in passing the verification and
accessing data. These attacks can be prohibited by the
every session-generated random numbers and a time
stamp t. The random number  should be different every
time. If AC finds the same value as the previous  from the
same user/mobile device in Step 9, AC aborts the protocol.
By checking  and a time stamp t 2 T T LðTime to LiveÞ, we
can prevent replay or reflection attack.
5.1.6 Self-Regulation for Privacy
In our scheme, information is classified into three levels by
the user’s own choice. Users receive the access authoriza-
tions to other users’ B level information at the enrollment
time if they satisfy the requirements and can obtain the
authorizations on real time through negotiation processes.
We should prevent abuse/misuse of users’ information
without their consent. For this problem, stored and
transferring data have to be minimized and every operation
should be able to guarantee the security at some level. In
biometrics of our scheme, a biometric template BT is hashed
and encrypted and then stored only in AC’s database at
enrollment time. At every authentication trial, the generated
biometric template BTi0 is hashed and masked with the
random number  and not stored. Except for the A level
information, our scheme satisfies confidentiality. Attackers
cannot know or correctly guess the real data and it means
that they cannot abuse or misuse other users’ information.
5.2 Retrieval Privacy and Security
5.2.1 Multilevel Access Control
A different access authorization requires a different level of
security. Our scheme is made up of three levels of data. In
order to control the access to different levels of databases,
834
we use a polynomial LP as a verification method. If the
verification is successful, the next column access is verified
with the polynomial i BPj . Therefore, our scheme can
control all accesses to the authorized level of database and
the authorized columns.
5.2.2 User Access Control
According to different levels of databases, combined and
multilevel authentication methods are applied to our
scheme CAMAC to retrieve what a user wants. All sensitive
informations are encrypted and the access is limited. Here,
users cannot know the contents of the columns if they do
not have the access authorization. Under the condition that
a user passes all the authentication processes, the user can
obtain the valid decryption keys for the columns.
5.2.3 Intractability of Decryption by a Server
Our scheme assumes that the server is untrustworthy and
an inner attacker so that there is not any decryption process
in a server through whole protocols because the server
cannot know any decryption key. Where the server just
implements the queries that AC requests. Only AC knows
the decryption keys for B level information and only valid
users can decrypt the results that the server returns. C level
information can be decrypted by the user oneself.
5.2.4 Unobservability
Unobservability means that when a user uses a resource or
service, others cannot know the resource or service is being
used. Attackers including outside attackers and an inner
attacker can learn nothing about data by encrypting even
the transferring data. This is possible because the decryp-
tion process is allowed in only valid users’ mobile devices.
5.2.5 Unlinkability
Unlinkability means that when resources and services are
used by someone, others cannot link these being used
together. However, our scheme cannot satisfy this property
because we use a deterministic columnwise encryption
method. In other words, the same contents within a column
have the same encrypted values so that attackers can know
that this is the same information even if they don’t know
what it means.
5.3 Performance
This paper deals with all technologies of the combined
authentication, access control, and data retrieval. Current
and coming collaborative computing services such as
dailylifeservice of MyLifeBits project require diverse and
complex networking technologies. However, there is a
research paucity. To the best of our knowledge, there is no
paper which deals with all of these areas comprehensively.
As described in Section 2, all the previous works only
handled one specific research area independently and do
not consider whole scope of these research concerns.
The main purpose of our paper is not for the design of
building block algorithms. It is true that the performance of
our scheme definitely depends on efficiency of the sub-
ordinate algorithms. The algorithms can be selected accord-
ing to the organization’s policy. By these reasons, the
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 9, NO. 6, JUNE 2010
comparison and analysis on performance with other papers
are inappropriate.
We discuss the performance of our scheme with separate
seven parts as follows:
. Steps 1-5: These Steps are about a user authentica-
tion to his/her mobile device and the generation of
querying information.
. Step 6: The user sends the information for authenti-
cation and queries to AC.
. Steps 7-12: AC authenticates the user and his/her
authorization for the querying data.
. Steps 13 and 14: AC queries a server with the data
which the user wants and the server implements
the queries.
. Step 15: AC masks decryption keys and reencrypts
the results from the server with the masked
decryption keys.
. Step 16: The masked decryption keys and reen-
crypted results are sent to the user.
. Steps 17 and 18: The user decrypts the results.
We implement only three parts, i.e., Steps 7-12, Step 15,
and Steps 17 and 18, which have relatively much influence
on our performance. In fact, our whole performances are
determined much more by environmental factors such as
network stability and speed, mobile phone capability,
server’s computing power other than our proposed scheme.
Steps 6, 13, and 16 are transferring phases through networks
and Step 14 is implemented by a dailylifeservice provider’s
server. The performance of these parts is influenced by
other factors, not our proposed scheme. Furthermore, there
is not any prior studies to be compared with our scheme
considering whole processes over authentication, access
control, retrieval, private key management, etc. Conse-
quently, respective analysis for each part seems to be quite
proper for our scheme.
The actual performance of Steps 1-5 is up to mobile
capability and the amount of data which a user wants to
retrieve. Especially, biometric authentication process is
much more influenced by the used methods (such as
extraction method or matching algorithm) and embedded
devices (sensor or matcher). We did not develop a new
biometric authentication algorithm but can apply known
efficient biometric methods to our scheme. Hence, because
the performance of this part is more determined by
environmental factors other than by the schemes we
designed newly, this part is excluded from our experiment.
5.3.1 Steps 7-12
Most of Steps 7-12 are consisted of our newly designed
protocol in AC’s server, only except for the matching
process of fingerprint template. We experiment on this part
with a personal computer with Intel Core Quad 2.83 GHz
processor and 4 GB RAM. We use Microsoft Visual Studio
2008 as Integrated Development Environment (IDE) and
OpenSSL cryptography modules for cryptographic opera-
tions such as SHA-1(hash function), 128-bit-AES(symmetric
encryption algorithm), and Elliptic Curve operation.
The biometric template matching test is implemented by
the equality test with a binary expression. The polynomial
LPi for access control to each level of database is three
PARK ET AL.: COMBINED AUTHENTICATION-BASED MULTILEVEL ACCESS CONTROL IN MOBILE APPLICATION FOR DAILYLIFESERVICE
TABLE 2
The Performance of Steps 7-12
degree of nested polynomial. The size of its input values is
the same as output size of hash function SHA-1. The
polynomial i BPj for access control to the column of B level
database is l degree polynomial if the number of authorized
users is l. We differentiate the number of authorized users l
into several sizes, 100, 200, 500, 1,000, 2,000, 5,000, and
10,000. l will influence on the performance of this part.
We evaluate the requiring time as our performance
according to various sizes of l of B level polynomials. The
result is shown in Table 2.
5.3.2 Step 15
Step 15 is also newly designed so that we experiment
similarly to Steps 7-12. The setting for PC is the same as
Steps 7-12. Since the encryption algorithm for a short
message is ElGamal style of exponentiation operation, the
calculation is very heavy. We use a group over “Elliptic
Curve” to solve that problem. We use “Koblitz curve,”
where the underlying field GF ð2163 Þ is defined by generat-
ing the polynomial x163 þ x7 þ x6 þ x3 þ x þ 1. This curve
has been used in many standards and identified in WAP
WTLS standard as WTLS Curve 3. Other functions and
parameters are the same as Steps 7-12. The performance of
this part depends on the sizes of messages and files. The
message sizes are set to 16(128 bits), 64(512 bits),
128(1,024 bits), 512, 1,024 Bytes and the file sizes are set
to 1, 40, 80, and 120 Kbytes.
5.3.3 Steps 17 and 18
Steps 17 and 18 are the process in a mobile phone, however,
we experiment with both on a PC and a mobile phone. The
processing power of our mobile phone is Qualcomm
QSD8250 1 GHz on Scorpion, 512 MB NAND flash memory,
512 MB DDR SDRAM. The sizes of parameters are the same
as above experiments. The result is shown in Tables 3 and 4
together with the result of Step 15.
5.3.4 Analysis of Performance
In the experiment on Steps 7-12, although the requiring time
increases linearly according to the size of l, the amount is
quite small as Table 2 shows.
Table 3 shows the requiring time for reencryption by
AC(Step 15) and decryption by a user (Steps 17 and 18)
when the results are short messages. Table 4 is for file sizes.
In Table 3 with exponentiation calculation, the requiring
TABLE 3
The Performance of Steps 15 and 17 and 18 for Messages
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
835
TABLE 4
The Performance of Steps 15 and 17 and 18 for Files
time increases much faster than Table 4 with the crypto-
graphic method as AES for files. For 1 kilobyte (1,024 bytes),
Table 3 (exponentiation) takes time 31 ms and Table 4 (AES)
0.015 ms in PC. This shows why we divide encryption
methods into two styles. While the exponentiation calcula-
tion of Table 3 has heavy computational overheads for long
size of data, decryption by AC in this process is not a
regular protocol so that, in general, AC does not know the
content of ElGamal style of encryption for short message.
However, it is true that AC is able to decrypt them if AC
wants to do. Therefore, the encryption method can be
selected according to the size and sensitivity of data.
Steps 17 and 18 of Tables 3 and 4 should be processed in
a user’s mobile phone. But we experimented with a PC and
a mobile phone and then compare the performance. We can
find that PC’s performance is approximately 2:2  3 times
faster than mobile phone. According to [32], we take
“Pharos Traveler 137” by Microsoft as an example of
upcoming Advanced Wireless Services (AWSs) Smart-
phones. Its processing power is Qualcomm 7201A
528 MHz, ROM: 512 MB, RAM: 256 MB, and its features
provide various and high technical services such as high-
speed 3.5 G Internet capability or triband UMTS/HSDPA/
HSUPA and quad-band GSM/GPRS/EDGE cellular mod-
ems offering industry-leading 7.2 Mb/s download and
2 Mb/s upload speeds [33]. Considering the current or
future capability of mobile phone and network, we firmly
believe that our proposed scheme does not have any
problems to apply it to dailylifeserviece, which includes
all of the parts without being experimented.
5.4 Flexibility to Dynamic Access Authorization
In a real world, access authorization changes can happen
very often if the organization is huge and complicated. In
most of the previous papers, users are given the corre-
sponding column keys for decryption. This makes it
possible for a user to know the decryption keys so that
there can be nonnegligible probability that a user may
reveal the disqualified keys to a third party or use them
maliciously. However, if a user is deprived of access
authorization to some columns, the user must not access
and must not decrypt the columns any more. The naive
solution will be reencryption for all data with newly
generated keys at every access authorization change, which
requires heavy computational overhead.
In our scheme, AC keeps the authentication polynomials
for access authorization of each user i and the decryption
keys of B level information. Each user i stores only
“Database Level Identifiers” and “Column Identifiers” in
one’s own mobile device. If all authentication processes are
successful, the user is given the masked decryption keys by
random numbers every time. This makes it impossible for a user
836
to know the real decryption keys. If access authorization
changes happen, AC only has to change the corresponding
authentication polynomials and a server S does not need to do
anything over the stored data. The disqualified users cannot
access and cannot decrypt the columns any more because
the access authorization polynomial is changed and the
users do not know the real decryption keys. It means that
our scheme can guarantee the efficient and secure flexibility
to dynamic access authorization changes.
6 CONCLUSION
Converging technology with collaborative computing has
been a central concern for the community of researchers
and practitioners in network systems and its environments.
In this kind of computing era, users also have been center of
considerations in social computing development processes
because they are expanding their requirements to take
seamless collaborative supporting services in their life.
Although collaborative computing technologies have
been rapidly developed and it has provided diverse social
services to users, there are ongoing issues for users in safety
and some scholars already have studied on security issues.
However, they only highlighted partly approaches with
separate concentrations in applications and independent
technologies for collaborative computing. Hence, there are
limitations and huge challenges to prevent higher risks for
users’ security and privacy in collaborative computing
applications and technologies. Moreover, we believe that
the identified problems and approaches between collabora-
tive computing and security also should be managed as an
integrated system.
ACKNOWLEDGMENTS
This work was supported by the IT R&D Program of MKE/
IITA. (2009-F-056-01, Development of Security Technology
for Car-Healthcare). This was also partly supported by the
USN R&D Program of MKE/KEIT. (2009-67, 10033643,
Development of Core Technology based on USN for Safety
Management of Industrial Fields).
REFERENCES
[1] A.P. McAfee, “Enterprise 2.0: The Dawn of Emergent Collabora-
tion,” MIT Sloan Management Rev., vol. 47, no. 3, pp. 21-28, 2006.
[2] M. Klemettinen, “Enabling Technologies for Mobile Services,” The
MobiLife Book, Wiley, 2007.
[3] J. Gemmell, G. Bell, and R. Lueder, “MyLifeBits: A Personal
Database for Everything,” Comm. ACM, vol. 49, no. 1, pp. 88-95,
2006.
[4] L. Pearlman, V. Welch, I. Foster, C. Kesselman, and S. Tuecke, “A
Community Authorization Service for Group Collaboration,” Proc.
Third Int’l Workshop Policies for Distributed Systems and Networks,
pp. 50-59, 2002.
[5] D. Argarwal, M. Thompson, M. Perry, and M. Lorch, “A New
Security Model for Collaborative Environments,” Paper LBNL-
52894, Lawrence Berkeley Nat’l Laboratory, Univ. of California,
2003.
[6] A. Al Qayedi, W. Adi, A. Zahro, and A. Mabrouk, “Combined
Web/Mobile Authentication for Secure Web Access Control,”
Proc. Wireless Comm. and Networking Conf., vol. 2, pp. 677-681, 2004.
[7] L. Kagal, T. Finin, A. Joshi, and S. Greenspan, “Security and
Privacy Challenges in Open and Dynamic Environments,” IEEE
Trans. Computers, vol. 39, no. 6, pp. 89-91, June 2006.
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 9, NO. 6, JUNE 2010
[8] G. Skinner, “Shield Privacy: A Conceptual Framework for
Information Privacy and Data Access Controls,” WSEAS Trans.
Computers, vol. 5, no. 6, pp. 1375-1384, 2006.
[9] G. Skinner, “The TLC-PP Framework for Delivering a Privacy
Augmented Collaborative Environment (PACE),” Proc. Third Int’l
Conf. Collaborative Computing, Networking, Applications and Work-
sharing, 2007.
[10] S. Garcia-Salicetti, C. Beumier, G. Chollet, B. Dorizzi, J. Jardins, J.
Lunter, Y. Ni, and D. Petrovska-Delacretaz, “BIOMET—a Multi-
modal Person Authentication Database Including Face, Voice,
Fingerprint, Hand and Signature Modalities,” Audio- and Video-
Based Biometric Person Authentication, pp. 845-853, Springer, 2003.
[11] A.A. Ross, K. Nandakumar, and A.K. Jain, Handbook of Multi-
biometrics, first ed. Springer, 2006.
[12] L. Hong and A. Jain, “Integrating Faces and Fingerprints for
Personal Identification,” IEEE Trans. Pattern Analysis and Machine
Intelligence, vol. 20, no. 12, pp. 1295-1307, Dec. 1998.
[13] L. Hong, A. Jain, and S. Pankanti, “Can Multibiometrics Improve
Performance?” Proc. AutoID, pp. 59-64, 1999.
[14] P. Tikkanen, S. Puolitavial, and I. Kansala, “Capabilities of
Biometrics for Authentication in Wireless Device,” Audio- and
Video-Based Biometric Person Authentication, pp. 796-804, Springer,
2003.
[15] R. Riccia, G. Chollet, M.V. Crispino, S. Jassim, J. Koreman, M.
Olivar-Dimas, S. Garcia-Salicetti, and P. Soria-Rodriguez,
“SecurePhone: A Mobile Phone with Biometric Authentication
and e-signature Support for Dealing Secure Transactions on the
Fly,” Proc. SPIE Symp. Mobile Multimedia/Image Processing for
Military and Security Applications, 2006.
[16] J. Koreman, A.C. Morris, D. Wu, S. Jassim, H. Sellahewa, J. Ehlers,
S. Garcia-Salicetti, B. Ly Van, L. Allano, G. Chollet, G. Aversano,
and H. Bredin, “Multi-Modal Biometric Authentication on the
SecurePhone PDA,” Proc. Multi-Modal User Authentication Work-
shop (MMUA), 2006.
[17] L. Allano, A.C. Morris, H. Sellahewa, S. Garcia-Salicetti, J.
Koreman, S. Jassim, B. Ly-Van, D. Wu, and B. Dorizzi, “Non
Intrusive Multi-Biometrics on a Mobile Device: A Comparison of
Fusion Techniques,” Proc. SPIE Conf. Biometric Techniques for
Human Identification III, 2006.
[18] B. Gelbord and G. Roelofsen, “A Solution to Privacy Issues in the
Use of Biometrics in PKI,” Proc. WAP2001, 2001.
[19] R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu, “Hippocratic
Databases,” Proc. 28th Int’l Conf. Very Large Databases (VLDB),
2002.
[20] J. Byun, E. Bertino, and N. Li, “Purpose-Based Access Control for
Privacy Protection in Relational Database Systems,” Technical
Report 2004-52, Purdue Univ., 2004.
[21] J. Byun, E. Bertino, and N. Li, “Purpose Based Access Control of
Complex Data for Privacy Protection,” Proc. 10th ACM Symp.
Access Control Models and Technologies, pp. 102-110, 2005.
[22] S. Sabah and A. Fedaghi, “Beyond Purpose-Based Privacy Access
Control,” Proc. 18th Australasian Database Conf. (ADC ’07), 2007.
[23] H. Mun, K. Lee, and S. Lee, “Person-Wise Privacy Level Access
Control for Personal Information Directory Services,” Embedded
and Ubiquitous Computing, pp. 89-96, Springer, 2006.
[24] T. Ge and S. Zdonik, “Fast, Secure Encryption for Indexing in a
Column-Oriented DBMS,” Proc. 23rd Int’l Conf. Data Eng. (ICDE),
pp. 676-685, 2007.
[25] G. Ozsoyoglu, D. Singer, and S. Chung, “Anti-Tamper Databases:
Querying Encrypted Databases,” Proc. IFIP Conf. Database Security,
2003.
[26] P. Tuyls and J. Goseling, “Capacity and Examples of Template-
Protecting Biometric Authentication Systems,” Biometric Authenti-
cation, pp. 158-170, Springer, 2004.
[27] K. Delac and M. Grgic, “A Survey of Biometric Recognition
Method,” Proc. 46th Int’l Symp. Electronics in Marine (ELMAR ’04),
June 2004.
[28] H. Bredin, A. Miguel, I.H. Witten, and G. Chollet, “Detecting
Replay Attacks in Audiovisual Identity Verification,” Proc. Int’l
Conf. Acoustics, Speech, and Signal Processing (ICASSP), 2006.
[29] J. Koreman, A.C. Morris, D. Wu, S. Jassim, H. Sellahewa, J. Ehlers,
G. Chollet, and G. Aversano, “Multi-Modal Biometric Authentica-
tion on the SecurePhone PDA,” Proc. Multi-Modal User Authentica-
tion Workshop (MMUA), 2006.
[30] M. Burmester, Y. Desmedt, R. Wright, and A. Yasinsac,
“Accountable Privacy,” Security Protocols, pp. 83-95, Springer,
2006.
PARK ET AL.: COMBINED AUTHENTICATION-BASED MULTILEVEL ACCESS CONTROL IN MOBILE APPLICATION FOR DAILYLIFESERVICE
[31] M. Ouksel and O. Mayer, “The Nested Interpolation Based Grid
File,” Proc. Symp. Mathematical Fundamentals of Database and
Knowledge Base Systems (MFDBS ’91), pp. 173-187, 1991.
[32] http://www.tmotoday.com/forums/ground-zero/future-
phones-and-rumors/upcoming-aws-smartphones-processing-
power, 2010.
[33] http://www.pharosgps.com/products/proddetail.asp?prod=
001_PTL137_8.00&cat=147, 2010.
Hyun-A Park received the BS degree from the
Department of Mathematics at Korea University,
Seoul, in 2003, and the MS and PhD degrees in
information security from Korea University, Seoul,
in 2005 and 2010, respectively. Currently, she is a
researcher with the Eller College of Management
at the University of Arizona. Her main research
interests include practical retrieval system on
encrypted database systems. She is interested in
database security, access control, privacy pre-
serving in data mining (PPDM), anonymous communication channel,
privacy enhancing technology (PET), and cryptographic protocols.
Jong Wook Hong received the MS degrees in
computer security from the University of Korea in
2007. He is a research scientist in the Depart-
ment Public and Original Technology Research
Center, Daegu Gyeongbuk Institute of Science
and Technology. His research interest includes
mobile networking, specifically routing protocols,
network security, and advanced service support.
Jae Hyun Park received the BFA degree in
visual communication design (2003)/BFA degree
in painting from Seoul National University, Korea,
and the MS degree in communication design
from the Illinois Institute of Technology, Chicago,
in 2007. Currently, he is working toward the PhD
degree in the Information System Department of
Weatherhead Management School at Case
Western Reserve University. He has conducted
diverse research projects on interdisciplinary
teams as an interaction designer, user experience designer, or
information architecture. His research interests include design informa-
tion system and system methodologies in social dynamic computing.
Authorized licensed use limited to: Korea University. Downloaded on July 01,2010 at 02:10:40 UTC from IEEE Xplore. Restrictions apply.
837
Justin Zhan is a faculty member at Carnegie
Mellon University. His areas of expertise include
social computing, data privacy, and network
security. He is a founding steering chair of the
IEEE International Conference on Social Com-
puting (SocialCom) and the IEEE International
Conference on Privacy, Security, Risk, and Trust
(PASSAT). He has served as a chair or a
committee member for international conferences
and workshops, and as an editorial board
member for journals. He is a fellow of the IEEE.
Dong Hoon Lee received the BS degree from
the Department of Economics at Korea Univer-
sity, Seoul, in 1985, and the MS and PhD
degrees in computer science from the University
of Oklahoma, Norman, in 1988 and 1992,
respectively. Currently, he is a professor and
the vice director of the Graduate School of
Information Management and Security (GSIMS)
at Korea University. Since 1993, he has been
with the Faculty of Computer Science and
Information Security at Korea University. Since 2004, he has served
as the president of Ubiquitous Information Security Organization, which
has been supported by BK21 Project in Korea. His research interests
include the design and analysis of cryptographic protocols in key
agreement, encryption, signature, embedded device security, and
privacy-enhancing technology (PET). He is a fellow of the IEEE.
. For more information on this or any other computing topic,
please visit our Digital Library at www.computer.org/publications/dlib.