MOSQUITO - Mobile workers' secure business applications in ubiquitous environments

Building the technical infrastructure for mobile workers for secure, trusted, and ubiquitous access to business applications MOSQUITO’s vision is that mobile workers have secure, trusted, and ubiquitous access to business applications. The project provided the technical infrastructure required so that workers and their clients can perform daily business processes collaboratively and safely according to determined security policies.

Networks have evolved tremendously in terms of wireless technology and mobility, but business application and service support has lagged behind. MOSQUITO enhanced this by delivering solutions and technologies that:

• Provide a security framework for taking advantage of developments in security for applications, services, and devices;
• Improve trust relationships and their set-up across multiple domains;
• Enable interoperability of applications, including underlying services that run on various hardware and software platforms;
• Build context-sensitivity into networks and applications to facilitate security policy enforcement; and
• Implement a service mediation infrastructure for building secure business applications.

Mobile workers will be enabled to perform business tasks in arbitrary environments— devices, networks, and domains—as well as with any users, with or without pre-established trust levels. Set-up of devices and environment will be done transparently, but remain controlled by policies defined in respective domains. The project’s contributions enabled innovative applications, ambient security services, and context-sensitive service provisioning.

The developed technologies include an open architecture for ambient security services and a service mediation infrastructure that provides for interoperability of said applications and services. MOSQUITO technologies thus offer capabilities to self-configure devices, security credentials, and attributes: trusted context information provider services and context-sensitive security policy enforcement. MOSQUITO developed business applications to validate its solutions.

The contribution of the European Microsoft Innovation Center (EMIC):

The European Microsoft Innovation Center (EMIC) lead the work package on “ambient security architecture and services.” We defined with partners the architecture of the framework focusing on context-aware security services: proofs of context, access control based on context, non-repudiation, strong authentication, signature, etc. We defined with partners the threat model of each component to have a clear view on mitigation mechanisms in place.

The European Microsoft Innovation Center (EMIC) developed two components of the MOSQUITO framework. First, the “SOAP Security Proxy” enables complex modification of SOAP messages (e.g. encryption, signature, attaching credentials). This component is used to offer secure channel and access control to legacy applications or development tools that do not support WS-Security. Second, a Security Token Service (STS) with MOSQUITO-specific plug-ins has been implemented. The STS issues credentials by getting context information (e.g. location of a party) from external services and encapsulating it in SAML tokens, which are used to secure messages. This STS also relies on external services to validate credentials. Both components are used in a demonstration focusing on e-health applications where a physician has to verify his or her role and prove that he or she is related (e.g. close) to a patient before accessing that patient’s medical data.

For more information, visit the project’s Web site at:
http://www.mosquito-online.org