A non-intrusive technique for asserting user identity in pervasive computing environments

Abstract

Pervasive computing environments are an exciting new computing scene due to the
recent advances in wireless communications and digital electronics. These
environments are small smart worlds that have many advantages, such as
continuous and distributed interaction with people using a variety of wireless
devices, which are ubiquitous and sharable, to provide useful services. In addition,
each user has wide interaction with a huge number of entities. It would be
impractical to require people to authenticate themselves every time they cross
various network boundaries, as the frequent authentication process would disrupt
the users' normal activities. The use of frequent authentication contradicts the
objectives of pervasive computing in creating seamless environments and delivering
distributed services. Due to the characteristics of these environments there is a
challenge in dealing with asserting user identity. As a result, the need for a system
to apply a non-intrusive authentication technique to assert user identity across the
environment, and for every interaction within these environments, becomes one of
the main challenges in these environments.
This research aims to develop a technique for verifying user identity when
interacting with such environments. User identity information is used by the system
in pervasive environments to retrieve a variety of contextual information, which is
necessary for providing the required services. In doing so, a new approach for
asserting user identity that is non-intrusive and adaptable is developed. The
proposed approach, called Non-Intrusive Identity Assertion System (MAS), would
be aware of the intentions of the user and authenticate her/him continuously
throughout the day to maintain confidence in user identity. It is assumed that users
in smart environments carry identification devices which are used by NIAS to
detect when users attempt to access resources. Although these devices provide a
basic mechanism for identifying users, they are not sufficient to assert users'
identity, for they could easily be picked up by other people. Therefore, NIAS
attempts to assert users' identity by monitoring a minimum amount of their
activities instead of extensive tracking. The system then uses these activities to infer
user events. User events inference is achieved using an unsupervised clustering
technique, which gathers a group of user activities and creates an event. Then each
user event has to be converted to a numeric value and passed to the system to assert
user identity.
The system should be able to cope with various situations, such as users losing their
smart tags or people impersonating other people and raise an alarm to block an
intruder from being asserted as a legitimate user. NIAS provides an alternative to
the intrusive periodic user authentication process and, at the same time, minimize
the risk of false identity in pervasive computing environments.