Three Way Authentication Protocol for Privacy Preserving and Ownership Authentication Transfer for Ubiquitous Computing Devices PRADEEP B.H Department of I & CT Manipal Institute of Technology Manipal University, Manipal-576104 INDIA pradeep.kabbar@gmail.com SANJAY SINGH Department of I & CT Manipal Institute of Technology Manipal University, Manipal-576104 INDIA sanjay.singh@manipal.edu Abstract: Now a days almost everybody is having a portable communication device, be it a laptop, a tablet or smart phones. The user would like to have all the services at his fingertips and access them through the portable device he owns. The user would exchange data with the other user or the service provider or control the smart appliances at his home. The interactions between the user’s device and the service provider must be secure enough regardless of the type of device used to access or utilize the services. In this paper we propose a ”Three Way Authentication (TWA)” technique intended to preserve the user privacy and to accomplish ownership authentication in order to securely deliver the services to the user devices. This technique will also help the users or the service providers to check whether the device is compromised or not with the help of the encrypted pass-phrases that are being exchanged. The users use the devices to store most of the valuable information and will prove risky when the device is borrowed by the other user or when it is lost or stolen. To safeguard the user data and also to preserve user privacy we also propose the technique of Authenticated Ownership Transfer (AOT). The user who sells the device has to transfer the ownership of the device under sale. Once the ownership has been transferred, the old owner will not be able to use that device at any cost. Neither of the users will be able to use the device if the process of ownership has not been carried out properly. This also takes care of the scenario when the device has been stolen or lost, avoiding the impersonation attack. The proposed protocol has been modeled and tested with Automated Validation of Internet Security Protocols and Applications (AVISPA) and is found to be safe. Key–Words: Ubiquitous Computing, Three Way Authentication, Ownership Authentication Transfer 1 Introduction A ubiquitous computing (Ubicomp) is imagined as a system with large number of invisible, collaborat- ing computers, sensors and actuators interacting with user devices. Data about individuals who are in the environment is constantly being generated, transmit- ted, modified and stored. The user data present in the ubiquitous environment is very sensitive and protect- ing private data of every user is a major concern. In the this era of the sophisticated technology and gad- gets the user owns a number of portable devices like the PDAs, Laptops, Mobile Phones etc. with vary- ing computing capabilities in order to access various types of services that are being provided by the ser- vice providers. It is very much important to secure the service interactions between the user and the ser- vice providers. If interactions or the transactions are not secure then the user will be hesitant to avail the services by providing the most sensitive data hence revenue loss for the service providers. For example a user who wants to have a secure bank transaction will not go for accessing his account by providing the username, password and also his account details if he is not sure whether the connection is secure. Hence it is important that the user’s details are hidden from the third party and provide the required security. In developing countries with slow economy, peo- ple tend to buy a used device as they can not afford for a new device. In such cases there will be scenario of selling and buying a used device for a lesser price. If a user wishes to sell his device, the ownership of the device has to be transfered. Since the device contains valuable information about the user and also will have the access to the valuable information present at the server, due care should be taken to delete the informa- tion of the old owner before the devices is sold to the new owner and store the details of the new owner in the device as well as in the server. Previously many WSEAS TRANSACTIONS on COMMUNICATIONS Pradeep B. H., Sanjay Singh E-ISSN: 2224-2864 430 Volume 13, 2014