SSRD+: A Privacy-aware Trust and Security Model for Resource Discovery in Pervasive Computing Environment Moushumi Sharmin, Sheikh I. Ahamed, Shameem Ahmed, and Haifeng Li Department of Mathematics, Statistics and Computer Science Marquette University, Milwaukee, Wisconsin, USA {msharmin, iq, sahmed02, hli}@mscs.mu.edu Abstract SSRD is a secure resource discovery model for devices running in a pervasive computing environment. SSRD is based on a lightweight trust model. SSRD+ is an extension of the existing SSRD model. In SSRD+, we enhance the trust model by adding dynamic trust relationship and also specifying behavioral characteristics that determine the level of trust among devices. We also add a risk model to address challenges posed by the pervasive and ad hoc nature of the network. These models work together to make the entire discovery process lightweight and secure. In this paper we present details of the trust and risk models. We illustrate the design and implementation of SSRD+ as a whole that optimally explores resources without degrading the performance of the devices while ensuring user security and privacy. 1. Introduction The pervasive computing environment is comprised of numerous devices that include PDAs, cell phones, smart phones, laptops, etc. Nowadays, these devices are truly everywhere making Weiser’s vision a reality [1]. These devices interact with other devices in an ad hoc manner. Resource discovery is an essential part of devices running in a pervasive computing environment [10]. The resource discovery process demands models that ensure privacy and security of the user [2, 3, 4]. The traditional security mechanism does not work in this environment, as the devices are computationally poor and the notion of physical security is not applicable [5]. The concept of human trust is now being used as a tool of ensuring security and protecting user privacy in pervasive computing. From a security viewpoint, resource discovery models can be divided into three broad categories. First are the resource discovery models that do not address security issues [11-15]. Secondly, there are models that consider a full-fledged security mechanism with the help of some fixed infrastructure support (powerful servers, proxies, etc.) [17-19]. Others support security with the assistance of hardware [20], authentication [21], and trust [22, 16]. In SSRD [6], we presented a trust based secure resource discovery model. Our model was designed for a truly pervasive environment, where we assume that the mobile devices would be able to handle necessary computations and communications by themselves without any fixed infrastructure support. This simple model allowed resource discovery and sharing based on mutual trust. However, for unknown devices building trust relationship is complicated and sometimes impossible. To handle situations like this, we feel that with trust model, a risk model should be added. The necessity of risk assessment for resource discovery is presented in [9]. In this paper, we present a new model SSRD+, which is an extension of our existing SSRD model. Here, we have modified the trust model to make the trust relationship more accurate. We also propose a risk model that allows unknown devices to get services. The outline of this paper is as follows: We present the design and architecture of our proposed model in Section 2. The evaluation of our proposed model is presented in Section 3 followed by concluding remarks and future research direction in Section 4. 2. Design and Architecture In this section, we present different models that comprise the SSRD+. We have added this to the existing SSRD model, which is a part of SAFE-RD [7], the resource discovery unit of MARKS [8]. The SSRD+ unit handles security related issues and consists of trust management and risk assessment sub units. The SSRD+ unit is directly linked to the resource discovery agent. The functionalities of all these units are maintained and controlled by the resource manager. A detail description of the architecture can be found in [6, 8]. All these units provide for user privacy and security without explicit user interaction. The model requires initial user input to set security levels for different services provided by the device. After this point, it needs user permission only in case of a highly secure service sharing time. This is necessary to maintain users’ privacy. In this paper, we describe the newly added features of our trust model and our risk assessment model. Description of the other features with architectural detail of MARKS, SAFE-RD, and SSRD can be found in [6-8]. Proceedings of the 30th Annual International Computer Software and Applications Conference (COMPSAC'06) 0-7695-2655-1/06 $20.00 © 2006 Authorized licensed use limited to: Marquette University. Downloaded on December 7, 2009 at 15:32 from IEEE Xplore. Restrictions apply.