A context-aware method for verifying user identity in pervasive computing environments

Abstract

The necessity of verifying user identity is a crucial element of any system to avoid potential identity attacks. Selecting an appropriate verification method impacts on the system’s overall behaviour since it is a trade-off between security and usability. It is even more significant when that system is situated in a pervasive environment since this type of environment is more vulnerable to such attacks. Any proposed method for this environment needs to be seamless (nonintrusive) and secure. As users in such environments tend to access a variety of resources across multiple networking domains, verifying their identity in a secure way requires a real-time verification method. Therefore, a seamless verification process with a reliable level of security is required.

Most existing methods of user identity verification are obtrusive, as they are not devised to work within a pervasive computing environment. This obtrusiveness is particularly germane when the main system uses more than one method in the verification process to enhance system security.
Most existing solutions are either unaware of the context of the user, or context-aware but rely on part of the context. The context (current status) of a user can be determined through some primitives such as time and location, which are interpreted in a meaningful user context such as role or privilege.

This research proposes a new approach for user identity verification, called Context-Aware Identity Verification (CAIV) which uses multiple context parameters to increase the reliability of the verification process, yet does not rely on obtrusive methods such as biometrics like iris and facial recognition. It uses fuzzy logic reasoning to infer the identity of the user from knowledge about the user’s context. The rules of the fuzzy system were derived by extracting experts’ opinions and casting that knowledge into a fuzzy inference engine. The inference engine makes the system capable of taking decisions in a similar way to that of experienced security personnel. The output of the inference engine is a trust value which reflects how much trust the system has in the claimed identity of the user. Thus, the system interprets the current context of the user into a trust value which eventually enables the system to determine the trustworthiness of the claimed identity.

Results obtained from extensive testing of the implemented system on the designated simulator show that the proposed approach as a primary method for user identity verification in pervasive computing environments maintains satisfactory rates in specificity, sensitivity and accuracy. It maintains two aspects: security and seamless access to secured resources in pervasive computing environments.

Moreover, the proposed approach guarantees that any compromised user credential information will not threaten the user’s security and privacy in other domains. This kind of threat happens when a user’s credentials are stolen by an intruder, which may give the intruder the ability to use them in other domains. In CAIV situation, these parameters are extracted from contextual information of the system environment; hence, the data breach affects only the CAIV domain without compromising other domains.