Security for Heterogeneous and Ubiquitous Environments Consisting of Resource-Limited Devices: An Approach to Authorization Using Kerberos

Recent widespread of small electronic devices with a low capacity microprocessor and wireless communication capabilities integrated, has given place to the emergence of new communication scenarios, mainly characterized by their heterogeneity and ubiquity. As an example, in the near future, it will be very common for users to access and control electrical appliances or high performance sensors in remote locations just by using their mobile phone or PDA. However, for these environments to achieve the expected success they must probe to be secure and reliable. The security algorithms and mechanisms used to date are meant for powerful workstations and not suitable for small devices with specific constraints regarding energy and processing power. Therefore, in this paper we present a lightweight authentication and authorization solution based on the Kerberos symmetric key protocol, and we propose an extension of its functionalities in order to add authorization support.