device and server-side authentication for participatory sensing systems

There has been an increasing trend to delegate more responsibility to the mobile devices we use. Due to the development of faster and cheaper devices and networks we are no longer limited to activities such as point-to-point communication. Today one can readily gather and share real-time information with remote users. The cost has become negligible and the benefits are manifold.

As we use the mobile devices for an increasing range of activities we also increase the risk of exposing sensitive information in our daily activity patterns. This information may eventually be used against us in criminal cases, be exploited by commercial interests, or used to pre-screen employees and customers. We further increase the risk of misuse when we transfer the information to third-party applications for analysis, storage, or collaborative purposes. How we handle the challenge of protecting user information without limiting the usefulness and ease-of-use of otherwise useful applications is a critical step in the adoption of pervasive applications.

The Urban Sensing Authentication system is a Kerberos and Public Private key enabled security system. The system is created to authenticate users and third party applications in a multimodal environment and supports safe authentication via web (HTTP), internet (TCP/IP), and cell phones. Secure tunnels (TLS) are used throughout verify the identity of clients and applications and establish encrypted connections.

Not all applications require the same level of safety and the trade-off between safety and performance should always be considered. Higher protection means lower performance. Therefore, the protection level is designed to be adjustable by the user. Applications may set a security template that users may easily adopt or approve. This model allows an individual tradeoff between ease of use, performance, and safety.