Ownership Authentication Transfer Protocol for Ubiquitous Computing Devices

TL;DR

This paper introduces a secure ownership transfer protocol for ubiquitous devices to protect user data and privacy during ownership change, modeled and verified for security.

Contribution

It proposes a novel ownership authentication transfer protocol specifically designed for ubiquitous computing devices, ensuring security and privacy during ownership transfer.

Findings

Protocol is verified as secure using AVISPA

Prevents impersonation during ownership transfer

Ensures old owner cannot access device after transfer

Abstract

In ubiquitous computing devices, users tend to store some valuable information in their device. Even though the device can be borrowed by the other user temporarily, it is not safe for any user to borrow or lend the device as it may result the private data of the user to be public. To safeguard the user data and also to preserve user privacy we propose the technique of ownership authentication transfer. The user who is willing to sell the device has to transfer the ownership of the device under sale. Once the device is sold and the ownership has been transferred, the old owner will not be able to use that device at any cost. Either of the users will not be able to use the device if the process of ownership has not been carried out properly. This also takes care of the scenario when the device has been stolen or lost, avoiding the impersonation attack. The proposed protocol has been modeled and verified using Automated Validation of Internet Security Protocols and Applications (AVISPA) and is found to be safe.