PhD passed successfully


Abstract:
One of the main goals of the pervasive computing domain is to provide the user with task support for everyday tasks. This task support should be realized by pervasive applications that are seamlessly integrated in the environment for example into embedded, resource-constrained devices such as everyday objects. The interaction with the pervasive applications should be minimized for the user, they should not be distracted by them. In the end, the fact that pervasive technology is involved, should disappear from the perception of the user. This requires the pervasive applications to be deeply integrated into the current environment of a user. Often, system support is required to help to develop pervasive applications. Additionally, it provides developers with an already integrated environment that can share common knowledge of the situation of a user with applications they develop.

The situation of a user is usually expressed by context information that may contain private information, which should not be accessible to the public. System support should therefore contain mechanisms that utilize security and privacy methods when handling context. Pervasive applications can then use these mechanisms and create pervasive environments while preserving the user’s privacy.
This work ‘s contribution is the development of security and privacy mech­anisms in pervasive middlewares. First, we show how context information can be processed and queried in a privacy-preserving manner. By securing the authenticity and integrity of context information and creating a secure context distribution algorithm, we show how pervasive applications can use and share context securely. Second, we introduce secure role assignment as a mechanism for environment adaptation which is built on context informa­tion. Similarly to context, roles need to be protected and secured during distribution. Additionally, we add system support for secure roles which can be used for role-based access control by pervasive applications. Third, we create a secure key-exchange mechanism that can be used to secure the communication between users and devices. This is an essential step that needs to be performed before any private information can be shared among them.  Fourth, we introduce a framework for the automatic generation of a privacy policy. This framework creates an individual privacy policy that can be used to share context between users, devices or applications while preserving the user’s will with regard to context privacy.
All these mechanisms are integrated into a pervasive middleware that provides system support for pervasive applications. We have shown the feasibility of our work by the creation of several pervasive applications that make use of our four contributions. The applications were developed during the European research projects PECES and GAMBAS. In PECES, the first two approaches contribute to a pervasive middleware that allows the secure formation of a pervasive environment called smart space, including hierarchical grouping and secure communication among devices. Often, several pervasive environments exist next to each other as so-called islands of integration. Here, each island consists of a fully functioning pervasive environment, but does not support the interaction with other islands.  Using hierarchical grouping, the PECES middleware allows them to overcome the islands of integration. In GAMBAS, the pervasive middleware was extended with the second two approaches that allow a secure user-level authentication and therefore the sharing of context information in a privacy-preserving way. For this, a mechanism was designed that uses online collaboration tools such as Facebook or Google Calendar to piggyback a key-exchange on them. In the project, several context detection mechanisms were developed and integrated which makes the GAMBAS middleware an ideal platform for a wide range of pervasive applications.
In this dissertation, all contributions are described and discussed in detail. Several pervasive applications are presented that benefit from the system support which was created by these contributions. In the end, a thorough evaluation shows the applicability of them to the pervasive computing domain and its resource-constrained, embedded devices while providing a high level of security and privacy to the user.