1 / 17

Mobile Computing and Security

Mobile Computing and Security. Mobile Devices. Traditional computing and networking vs. mobile devices (smart phones, internet tables, etc.) Widely accepted consumerization: individuals and organizations Huge amount of sensitive data (personal and corporate) Security and privacy threats.

billyew
Download Presentation

Mobile Computing and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mobile Computing and Security Computer Science and Engineering

  2. Mobile Devices • Traditional computing and networking vs. mobile devices (smart phones, internet tables, etc.) • Widely accepted consumerization: individuals and organizations • Huge amount of sensitive data (personal and corporate) • Security and privacy threats Computer Science and Engineering

  3. Trust Management for Mobile Ad-Hoc Networks • Mobile Ad-hoc networks: • Increased connectivity • Improved information sharing • Collaboration, distributed decision making • Issues: • Temporary network • Resource constraints: bandwidth, battery life, memory, etc. • Openness, rapid changes, hostile environment • Trust in the components Computer Science and Engineering

  4. What is Trust? • Degree of subjective belief about the behaviors of a particular entity • Trust Management: approach for specifying and interpreting security policies, credentials, and relationships • MANET trust issues: establish a network with an acceptable level of trust relationships among the nodes • Trust information gathering • Trust evidence gathering Computer Science and Engineering

  5. Uncertainty • Incomplete evidence Computer Science and Engineering

  6. Types of Trust • Trust in sociology • Trust in economics • Trust in philosophy • Trust in psychology • Trust in organizational management • Trust in autonomic computing • Trust in communications and networking Computer Science and Engineering

  7. Trust Characteristics • Trust should be established based on potential risks • Trust should be context-dependent • Trust should be based on each party’s own interest • Trust is learned • Trust may represent system reliability Computer Science and Engineering

  8. Trust, Trustworthiness, and Risk Trustworthiness Trust = Trustworthiness 1 Misplaced mistrust 0.5 Misplaced Trust 0.5 1 Trust From:  Cho et al., A Survey on Trust Management for Mobile Ad Hoc Networks Computer Science and Engineering

  9. Risk and Trust Stake Risk value: determined based on stake Opportunity and positive consequences 1 High risk 0.5 Medium risk Low risk 0.5 1 Trust From:  Cho et al., A Survey on Trust Management for Mobile Ad Hoc Networks Computer Science and Engineering

  10. Trust in MANET • Dynamic • Subjective • Not necessarily transitive • Context-dependent Computer Science and Engineering

  11. Trust vs. Reputation • Trust: a node’s belief in the trust qualities of a peer • Emphasizes risk and incentives • Reputation: the perception that peers form about a node • Past actions that influence perception • Recommendation: an attempt at communicating a party’s reputation from one context to another context Computer Science and Engineering

  12. Trust Management Approaches • Policy-based trust management • Based on strong and objective security schemes • Verifiable properties • Binary decision • E.g., Charles C. Zhang, Marianne Winslett: Distributed Authorization by Multiparty Trust Negotiation • Reputation-based trust management • Trust is calculated by collecting, aggregating, and disseminating reputation among the entities • E.g., vendor evaluation for online shopping Computer Science and Engineering

  13. Trust Management Approaches • Evidence-based trust management • Considers anything that proves trust relationships among nodes (e.g., keys, identity, address), or • any evidence that any node can generate (e.g., a challenge and response process) • Monitoring-based trust management • Rates the trust level of each participating node based on direct information (e.g., observing the behavior) Computer Science and Engineering

  14. Trust Management Approaches • Certificate-based vs. behavior-based framework • pre-deployment knowledge of trust vs. continuous monitoring (reactive) • Hierarchical vs. distributed framework • Hierarchy based on capabilities or level of trust (e.g., certificate authorities, trusted third parties) Computer Science and Engineering

  15. Attacks on Trust Management • Routing based: routing loop attacks, wormhole attacks, blackhole attacks, grayhole attacks • Availability: DoS attacks • Integrity: false information or false recommendation, incomplete information, packet modification/insertion • Authenticity: newcomer attacks, Sybil attacks, replay attacks • Other: seective misbehaving attacks, on-off attacks, conflicting behavior attack Computer Science and Engineering

  16. MANET Trust Management • Secure routing • Authentication • Access control • Key management • Trust evaluation • Trust computation • General trust level identification Computer Science and Engineering

  17. Next Class • Web Application Security • The software Computer Science and Engineering

More Related