ÆTHER₀: The first instantiation of the general model has been designed to address the key management needs of small ad hoc computing environments whose requirements are simple. It utilizes only symmetric key cryptography in order to provide security services by sacrificing the local decentralization requirement. Consequently, it is appropriate for devices that have particularly limited processing capabilities (such as simple sensors). In ÆTHER₀ all authority flows from alpha-pads, devices that directly represent particular users in the system.

ÆTHER₁: The second instantiation addresses the management requirements of large ad hoc computing domains that have multiple owners with complicated security relationships. It relies on asymmetric cryptography and therefore is more fitting to domains that consist of devices that have sufficient information processing capabilities. ÆTHER₁ is both globally and locally decentralized. However, this greater flexibility comes at greater computational requirements from the participating devices since it uses public key cryptography and attribute certificates (ACs) for the required attribute assignments. In ÆTHER₁ the sets of principals that act as sources of authority for specific attributes, called attribute authority sets (AASs), are allowed to grow dynamically supporting the establishment of trust with unknown principals and authorizing their actions in the local domain.

The following table summarizes the differences between the two instantiations of the ÆTHER framework:

Characteristics	ÆTHER0	ÆTHER1
Management model	Globally decentralized, locally centralized	Globally decentralized, locally decentralized
Disconnected operation	Globally yes, locally no	Globally yes, locally yes
Namespace	Each alpha-pad has its own namespace	Each device has its own namespace
Cryptography	Symmetric	Both; Asymmetric for ACs and key agreement, symmetric for bulk data transfer
Authority attribute assignments	By alpha-pads; assignments stay local to the issuer	By any device that is a member of the corresponding AAS; assignments are ACs given to the subjects
Revocation	Short validity periods	Short validity periods
Context-awareness	Supported	Supported

Related Publications

Patroklos Argyroudis and Donal O'Mahony, "ÆTHER - Securing Ubiquitous Computing Environments", Book Chapter in "Handbook on Mobile and Ubiquitous Computing: Innovations and Perspectives", American Scientific Publishers, to appear.

Patroklos Argyroudis and Donal O'Mahony, "Towards Flexible Authorization Management", in Proceedings of 10th IEEE International Symposium on Computers and Communications (ISCC'05), IEEE, pp 421-426, Cartagena, Spain, June 2005.

Patroklos Argyroudis and Donal O'Mahony, "Towards a Context-aware Framework for Pervasive Computing Authorization Management", in Proceedings of 3rd UK-UbiNet Workshop: Designing, Evaluating and using Ubiquitous Computing Systems, Bath, UK, February 2005.

Patroklos Argyroudis and Donal O'Mahony, "Securing Communications in the Smart Home", in Proceedings of 2004 International Conference on Embedded and Ubiquitous Computing (EUC'04), LNCS 3207, Springer-Verlag, pp 891-902, Aizu-Wakamatsu, Japan, August 2004.

Patroklos Argyroudis and Donal O'Mahony, "ÆTHER: an Authorization Management Architecture for Ubiquitous Computing", in Proceedings of 1st European PKI Workshop: Research and Applications (EuroPKI'04), LNCS 3093, Springer-Verlag, pp 246-259, Samos island, Greece, June 2004.

---