Secure access contol to personal sensor information in federations of personal networks

This thesis provides a secure access control architecture for personal sensor information in Federated Personal Networks (FedNets) applied to the context of the VITRUVIUS project. To that end suitable authentication protocols, cipher suites, credential providers and policy languages are analyzed. We provide and test a prototype of our proposed architecture. Security in this context entails more than the usual suspects being authentication, authorization, non-repudiation, data integrity and confidentiality. Due to the nature of a PN, confidentiality is notably complex. Privacy in this context consists of user and component identity confidentiality, user location confidentiality and user untraceability. Mobile devices are also susceptible to depletion attacks, aimed at draining the battery. We found EAP-IKEv2 the best suitable authentication protocol based applicable security requirements we adopted from several fields of study. We recommend a ciphersuite consisting of ECDH, ECDSA, AES and SHA-2 based upon keystrength, governmental and institutional recommendations and the wireless nature of PNs and FedNets. We recommend WebDAV as credential provider as its usage allows for more efficient revocation checking. We recommend PERMIS as reasoning engine along with its policy language. Our prototype shows that the suggested security framework can be run on a resource constrained device though further performance improvements to the authentication and the authorization engine are needed