TelecomI+D08: Modelo de seguridad para entornos colaborativos de nueva generación (TelecomI+D08: Security model for next generation collaborative working environments)

Jasone Astorga (, Jon Matias (, Purificacion Saiz (, Mariví Higuero (, Eduardo Jacob (

Universidad del País Vasco - Euskal Herriko Unibertsitatea (UPV/EHU)
This paper appears in: Revista IEEE América Latina

Publication Date: July 2009
Volume: 7,   Issue: 3 
ISSN: 1548-0992

This paper presents a security architecture specifically adapted to distributed environments where the great majority of the participating entities are low capacity mobile devices. A typical case of this kind of environments are the Next Generation Collaborative Working Environments (NGCWEs) which are based on promoting the collaboration as a means to increase the efficiency and the quality of work. In these environments the client terminals are often implemented by sensors, mobile telephones, PDAs, and other limited resources wireless devices. The aim of our work is to provide a security solution to the users of this kind of environments, so that the communications between the different entities that compose the collaborative applications are authenticated, authorized, and protected from eavesdropping and modification by third parties. However, cryptographic operations are usually highly resource consuming. Therefore, considering the characteristics of the NGCWEs, our main goal has been to minimize the impact of the security architecture on the performance of the whole system. For this reason, the cryptographic operations are carried out using symmetric or secret key cryptography, and the authentication of users and the secure distribution of secret keys between the communicating pairs is performed thanks to a Kerberos based approach. The reason for selecting this protocol is that its efficiency is higher than the one of the solutions based on Public Key Infrastructures, and therefore, this protocol is considered to be the most suitable to be implemented in systems specially characterized by their low computing capacity and their limited resources. However, the Kerberos protocol does not cover all the necessities of this kind of environments, since it does not provide any solution to deal with the management of the rights of the authenticated users. This fact forces the target servers to implement and maintain their own access control mechanisms. In environments such as the NGCWEs, consisting of basic modules which are reused in order to dynamically create collaborative applications, it is not possible for the basic elements to maintain authorization information about the rest of the participating entities of the distributed environment, since one of their characteristics is that they must be neutral and independent from the higher level applications. This paper presents a solution based upon a centralized authorization server which gives answer to the raised matter. It also shows how the communications between the centralized authorization server and the rest of the entities of the distributed system are protected.

Index Terms:
authentication, authorization, distributed systems, Kerberos, Next Generation Collaborative Working Environments (NGCWE)   

Documents that cite this document
This function is not implemented yet.

[PDF Full-Text (681)]