Intrusion-Tolerant Jini Service Architecture for Integrating Security and Survivability Support in DSN

Ubiquitous service environment based on DSN (distributed sensor networks) is poor in reliability of connection and has a high probability that the intrusion and the system failure may occur. In this paper, we propose an intrusion-tolerant Jini service architecture for integrating security and survivability support in order to provide end users with Jini services having a persistent state in ubiquitous environments. The proposed architecture is able to protect Jini service delivery not only from faults such as network partitioning or server crash but also from attacks exploiting flaws. It is designed to provide performance enough to show a low response latency so as to support seamless service usage. Through the experiment on a testbed, we have confirmed that the architecture is able to provide high security and availability at the level that the degradation of services quality is ignorable. 1. Introduction Jini [1], also called Apache River [2], is a java-based middleware supporting share of resources such as ubiquitous devices and software on networks while it copes with the heterogeneity of the lower levels such as the various types of devices or communication protocols. A service that can cause us to use these pervasive resources is called the ubiquitous service. Jini provides a mechanism that discovers available services through the lookup services and make a connection to the services that clients requested. It is important to enhance the survivability of the ubiquitous service because we live depending on the ubiquitous service environment providing valuable services through pervasive use of computation in everyday experiences. However, the networked systems in the environment are apt to be partitioned due to a poor reliability of connection and have a high probability that the intrusion against a system providing services and the failure of the services may happen [3]. Therefore, it is very important to guarantee that the legitimate users make use of trustable services without discontinuance or obstacle of the services they are enjoying. The standard Jini has two main problems in regard to these requirements. First, the Jini does not support building of fault tolerance services to mask the failure of services leased for resource use [4]. Second, the Jini has an insufficient security mechanism that cannot support dynamic trust establishment within a Jini system [5]. The former problem means that clients cannot keep using their service they are enjoying persistently when a Jini system is partitioned due to both communication link failures and