Security &Trust Enforcement in Pervasive Computing Environment (STEP) Naima Iltaf, Umar Mahmud, Farrukh Kamran Military College of Signals (NUST) Pakistan, Military College of Signals (NUST) Pakistan, Center for Advanced Studies in Engineering Pakistan Abstract - The propagation of ubiquitous computing is bringing in an environment, where multitudes of diverse entities interact with each other. It is widely acknowledged that traditional security measures do not scale well in environments which are epitomized by unforeseen circumstances, unexpected interactions, and unknown entities. We propose the trust based security architecture based on the human notion of trust as a mechanism to secure computing in ubiquitous environments. Keywords-TrustiAccess Controltl'ervasive Computing I. INTRODUCTION The propagation of ubiquitous computing is bringing in an environment, where multitudes of diverse entities interact with each other. In ubiquitous computing infrastructure not only a entity can request a service but can provide the services to other entities. The entities which offer services will be confronted with requests from both known and unknown entities. Similarly, mobile entities can also request to access services within foreign environments. Access to shared resources in ubiquitous environment requires some way of authenticating an entity requesting for a resource, as well as a way of determining what level of access that entity may have to the shared resources. Interaction between mutually unknown entities can take place only if there is an adequate level of trust between the entities [1]. Hence, in order to build ubiquitous systems where initially unknown entities from different domains interact, it is necessary to develop trust based security mechanisms that give useful information about trustworthiness of the interacting entities If we live without trust, then human interaction will not progress beyond the very trivial, as only limited forms of action and cooperation is possible in such an environment [2]. Humans when interacting with each other implicitly use trust to define credibility of fellow beings. As the computer is merely an extension of human interaction, therefore there must also exist, the ability to transfer human trust reasoning. This capability is currently lacking in the present computer systems, and thus a trust managing tool must be designed which will complement current security technology. As the trust is an elementary channel of socializing in a human world, we propose to use trust as a central concept for allowing known, partially known and unknown entities to interact with each other in ubiquitous computing environment. Reasoning about the level of trust involved in interaction between entities allows us to determine the level of access that entity may have or may not have to shared resources. Recommendations from trusted third parties will provide the possibility for trust to be propagated between unknown entities. The system will also learn from past interactions. The outcome of each interaction will be observed and will help to evolve the trust value to reflect the observed behavior of the entity. This paper is structured as follows. Related work has been briefly overviewed in section 2. In section 3 we discuss the building blocks of our proposed framework and we give details on how trust can be formalized and evaluated. Before concluding, section 4 provides a ubiquitous scenario through which working of the framework has been explained. II. RELATED WORK The rapid development of collaborative environments has highlighted new concerns over security and trust. Many approaches to securing distributed systems in general rely on the Role-based Access Control system [3]. Most trust related projects in the area of distributed computing allow access of collaborative resources to unregistered users by certificate- based delegation. Kagal et al. [4,5] argue that large, open systems do not scale well with centralized security solutions. They instead, propose a security solution (Vigil) based on trust management, which involves developing a security policy and assigning credentials to entities. Vigil depends heavily on the delegation of trust to third party. Now much research has been done to build autonomous trust managements as fundamental building block to design future security framework. SECURE project [6] presents a formal trust and risk framework to secure collaboration between ubiquitous computer systems. III. PROPOSED FRAMEWORK As it is widely acknowledged that traditional security measures fail to provide necessary flexibility for interactions between unknown entities, the need of trust model for secure collaboration between unknown entities in an uncertain environment leverage us to design our trust based security architecture An overview of our proposed trust-based security framework is shown in Figure 1.