security issues paradigms in mobile computing science networking

1. Security Issues & Paradigmsin Mobile Computing Science & Networking Michel Riguidel Tel : +33 1 45 81 73 02 riguidel@enst.fr

3. Feb-02 3 Information Technology evolution Before 80 : Middle Age, Computing Sc. belongs to fiefs (IBM, �), no network All proprietary, no flow : All is parchment or proprietary spreadsheet 80s : All is transparent for a computer scientist All is file : UNIX (/dev/null, /dev/lpr, ...) a file is a set of characters which can be manipulated by C language 85s : All is readable on a desk (or a PC) for anybody All is document (no more interoperability & transparency) 95s: All is an available object on the network for communication All is document, readable everywhere (HTML page) or executable everywhere (Java) Privilege to information access : kiosk, server 00s : All is a digital, fluid & live stream distributed over networks Nomadic user, virtual presence (user or sw/content move), Virtual Machine & JavaBeans Ubiquitous IT (networked planet grid) & Mobile computing infrastructure (Xeo satellites) 05s : All is program, alive on ad hoc networks An entity on the network is a Java Program (Jini Concept) Intentional architecture

4. Feb-02 4 The new Paradigm of IT

5. Feb-02 5 Infrastructure of a IS:Urbanization of an Information System

6. Feb-02 6 Software Intensive System:Architecture is a key issue

7. Feb-02 7 Urbanization :Versatility in Access NetworksHeterogeneity, Global roaming, QoS, Value Added Services

8. Feb-02 8 Global Interconnection : ��seamless��Heterogeneity, Multimedia, macroMobility

9. Feb-02 9 Dynamic Links :heterogeneity & mobility

10. Feb-02 10 New Services, Contents, Middleware,Network Service ProvidersClient-server => intermediation architecture

11. Feb-02 11 The digital World: Architecture & Urbanization Ubiquity of computing & storing resources communication anytime, anywhere, anyhow concept of datagrid (metacomputing) Externalization of General resources Mips Storage Trust content (secret keys available everywhere) Communicating Objects & Subjects Objects are dynamically connected Devices are permanently connected (IP v6) Subjects have representations over the network (avatars) Customization of its own Virtual Private Network & Community

12. Feb-02 12 The digital World:Architecture & Urbanization Customization of its own Virtual Private Network & Community Subjects have representations over the network (avatars) Devices are permanently connected (IP v6) Layer 2 : Data link Communicating Objects & Subjects Objects are dynamically connected Communication anytime, anywhere, anyhow Versatile medium access Layer 7 : Bottom of Application Layer Ubiquity of computing & storing resources concept of datagrid (metacomputing) Externalization of General resources Mips, Storage, Trust content (secret keys available everywhere) Semantic socket, ��pluget�� Quality of communication (QoS, Security) Nature of content Negotiated resources

13. Feb-02 13 The past & emergence of new context Information on Years 80s & 90s Simple and it works � Not enough mips � Proprietary Dedicated entities with specific intelligence & engine Assumptions which are no more verified for Years 00s Catalogues of fix Applications Bill Gates' concept is obsolete Dedicated Infrastructure Need of Global Interoperability & Roaming For "Beyond 3G networks", Routes do not exist any more The OSI model is no more "the" reference Herzian spectrum : static allocation by ranges Spectrum must be shared differently (new rules, UWB, �)

14. Feb-02 14 The Future :Open, Smart & Configurable Networks Non Functional Properties are essential Policy aware networks Mobility, QoS, interoperability, security Configurability : changes versus time & space Management issues, proactive & reactive mgt Potential solution Virtualization Openness Hw Trivial (not simple !) & Sw Virtual More Intelligence in the network Pros & Cons Performance Business models Technological issues Complexity reduction Software engineering does not follow

15. Feb-02 15 Long Term Vision Vision Hw & Sw separation and independence Smart intelligence within the open network Radio block (General Management of the Radio Resource) Lower layers (UMTS MAC layer) Upper Layers & Downloadable Applications Relationship between the layers Articulation between the architecture styles Implementation of these architectures are different Management subsidiarity Orientation Open Network (Next seism in Computing & networking) Software radio, software Terminal, "Software Network" : Ad hoc & Active Networks New Architectures : P2P, M2M, �

16. Feb-02 16 Convergence :Virtualization & Externalization Wireless Mobility & autonomy Adaptation, Configurability Depending of the context Ambient Networks Embedded Internet, Desegregating terminals Disappearing computing, pervasive computing ubiquity of access communicating objects and devices remote work (medicine, surgery) Augmented reality Data Grid & MetaComputing Global computation (Genomes, cryptography, astrophysics, �) Managing & securing Chain Value

17. Feb-02 17 Conclusions Convergence / Divergence dialectic Merging wired & wireless high date rate core networks diversity of access to the network New Content: multimedia, art creation exploration of the content cosmos Different Scales & heterogeneity Bluetooth, WLan (802.xx), UMTS, Internet Decentralization Not a revolution but smooth & permanent changes migration of standards IPv4 versus IPv6 de facto: Windows towards Linux (open software) GSM to GPRS Etc.

18. Feb-02 18 Computing &/or Networking

19. Feb-02 19 Gilder�s versus Moore�s law

20. Feb-02 20 Mobile Context & Digital World More Mobility Nomadic people (with terminals) Mobile services, content (caches), infrastructure (satellite constellation) Downloading applications, agent framework, liquid software, VHE, �

21. Feb-02 21 Evolution of mobile networks :from vertical to horizontal segmentation

22. Feb-02 22 Dynamic Provision of Services to Users

23. Feb-02 23 Quality of Service QoS defined by UIT-T E.800 norm

24. Feb-02 24 Information Flows, Streams & Cachesefficiency of the whole Loop : Content Delivery Networks, ...

25. Feb-02 25 The ecology of networks Social networks who knows who => Virtual Private Communities Knowledge networks who knows what => Knowledge Management Information networks who informs what => �� la Internet� Work networks who works where => GroupWare Competency networks what is where => Knowledge with time and space Inter-organizational network organizational linkages => Semantic Interoperability

26. Feb-02 26 Mobility & InfospheresEvolution of Spaces : regular & intelligent

27. Feb-02 27 The Seven OSI Layers

28. Feb-02 28 Communication Infrastructure : Client-server is dead =>Policy Aware Networks

29. Feb-02 29 Active Network Model

30. Feb-02 30 R�seaux actifs : d�fis Ouvrir le r�seau aux (fournisseurs de) services Modification dynamique du comportement du r�seau par les utilisateurs, applications, et op�rateurs D�finir une interface (API) de programmation des r�seaux

31. Feb-02 31 Active Networks To keep the Network proprietary ! over an Open Infrastructure To distribute intelligence within the Network DiffServ is a straightforward Active Network ! The Java Packet program is a constant (flow header) MPLS is an elegant simple Active Network ! The program is a stack of constant (shim header) which is run over the entry and exit nodes to create Tunnels More to come Filtering, �

32. Feb-02 32 Spontaneous Device Networking :self-organizing, ad-hoc Wireless : no route Access control ? Net etymology : mesh, graph How to find his own way ? Some Issues Service discovery Spectrum coexistence Management Security

33. Feb-02 33 Ad hoc Networks Each node can be a router and/or a terminal Astrid cannot talk to Charlotte (hidden nodes) Basil : potential collisions C can reach the cell A via B

34. Feb-02 34 Ad hoc Networks No more Routes No more Topology Blind search Search with Reminiscence Extension to Self organizing Network

35. Feb-02 35 Zimmermann�s open interconnection model From top to bottom and from A to B Seven layers model: isotropic, no time and space Homology to win interoperability Vertical software engineering To shred any content into packets, datagrams, frames, and finally bits We ignore content semantics

36. Feb-02 36 Theory of communicationShannon & Weaver model (1949) Linear & unidirectional model Neither the relationship between the actors nor the situation are taken into consideration Eliminate semantics J Lacan (seminar II, 1954), R Barthes (ethos, logos, pathos)

37. Les exigences de s�curit� dans un univers mobile

38. Feb-02 38 Security issues in a mobile world Specification of policies compatible with the Content and the Container Set up of a context-oriented, plural, configurable policy Design of new encryption protocols Placing cryptology and steganography in perspective Introducing security in an open world

39. Feb-02 39 Challenges Years 2001 Distorting reality prism with Internet (asynchronous messages & meshes of routers) and GSM (voice content & cellular architecture with Base stations) Security & mobility Use of infrastructures Need of geographical references Need of protecting the spatial structure Fix infrastructure : articulation of mobile part and fix part via a cryptographic protocol Mobile part (ad hoc networks) : search for invariant structures Use of history of movements Traceability of moving objects and subjects Building alibis Ontologies are moving in these virtual spaces Identification and then confirming their existence in a defined location using alibis

40. Feb-02 40 New situation : no more deterrence Before 11th September (QQ33N) Symbolic attack : no more undetectable or discrete attack balance between investment protection cost & risk to lose assets After 11th September (QQ33N) The whole communities can lose confidence Security against on cyberwar at a greater scale for large infrastructure Main threat Denial of service for a long time with multiple accidental coincidences Basic security Audit, accountability (identification & authentication)

41. Feb-02 41 Classical Security solutions PKIs, Certificates (X509), SSL, IPSec, Firewalls Security classical cryptography model Audrey & Basil share a secret can be used to scramble the message (cryptography) can be used to insert a subliminal mark in order to leave a trace (steganography)

42. Feb-02 42 Security Solutions IT today : 2 focal key points

43. Feb-02 43 Digital era :vulnerability & customized security

44. Feb-02 44 Mobility within a Convergence world Open or closed ? Both : M�bius ribbon Historical world : footprint & witness We must authenticate the scene, the situation We must trust a witness located at t = t0 and at x = x0 Audrey & Basil know each other Local confidence Mobility introduces new threats a subject S is going to travel : trajectory x(t) S is not alone S leaves traces, depends upon the ��ambience�� S wants to trust the object O S and O are going to create alibis depending upon time and space Alibis are trusted relationships between the infrastructure, S & O E.g. : the individual is going to sign with the station base that he/she was present in this cell

45. Feb-02 45 Security policy depending upon space & time User point of view he/she defines his/her own security policy for comfort Service access if the user in inside a perimeter One restricts on his own our mobile phone usage inside a given zone for a certain period of time One asks for a control from the telecom operator Secret shared with the operator Service Provider point of view Creation of a cryptographic protocol to sign the user ID with the location ID (here the base station name) Buyer may be anonymous but one knows that he was here at t = t0 It is no more a virtual world

46. Feb-02 46 Object traceability Trust model Content security (end-to-end) Container security (depending upon operator, Internet, etc) The whole system has a memory Audit function (.log files to record events) Historical signature Digital signature of the content : integrity Digital signature of the traces Labeling, watermarking Ephemeral watermarking

47. Feb-02 47 Security functions in a mobile universe Identification Biometry, smart card, trusted entity Anonymous need to find a witness for the situation capture a secret depending upon the situation Authentication Of the scene: to exchange a secret with someone that we will see again Audit History of the objects /subjects trajectory Ephemeral watermarking Data Protection Both Cryptography & steganography

48. Feb-02 48 Architecture : Projection of constraints Architecture Expression of constraints Design : Projection of the specification onto an implementation The expression of the constraints (QoS, Security, mobility, interoperability) must be incarnate and instantiate through The network architecture The protocol specification The applications Some expressions will be through markers In a clear world

49. Feb-02 49 Reconstruction of space, time and trust Network models Anarchical model Internet, WLAN, WPAN Master-slave WLAN Hierarchical Cellular networks Semantics of protocols Oligarchic PKIs Architectures of Applications Client server architecture model Audrey & Basil are living in an isotropic world Producer & consumer of content Administration ��management�� : very often a bureaucracy Others

50. Feb-02 50 The new paradigms :the focal point is not IP Computation ubiquity (bottom of layer 7) Horizontal software engineering (M2M, P2P), Agents XML metalanguage To find an Esperanto (interoperability) Allows to describe policies, rules, intentions, predicates Metacomputation: ��grid�� Swarm of computers (10 6) running one single application Issue : the semantical socket at the bottom of the application layer Access ubiquity (layer 2 � MAC) Vertical software engineering High data rate Internet (digital divide) Urbanization Construction of an Harlequin mantle (802.11, 802.15, UMTS, �) Dialectic of usages

51. Feb-02 51 Remedies to mobility vulnerabilities Distribution Trusted hierarchy by subsidiarity One can distribute secrets which are longer Intelligence everywhere Inside the network Network have a better throughput Capillarity larger & larger Security hopping (security evasion) Classical cryptography : immutable world To zap one billions of security policy implementations 1 single security policy but 10 9 implementations Each solution is fallible but the whole is highly secure Secret contents Delivery Content Network (DCNs), Storage Area Networks Flood the network with machines able to compute secrets Secret Content Networks : huge repository of keys

52. Feb-02 52 Conclusion L�urbanisation des syst�mes de communication Ubiquit�, universalit� Complexit� : Structure, Architecture, Urbanisme Les nouvelles exigences dans les futurs r�seaux QoS, mobilit�, configurabilit�, s�curit� Le seuil de la complexit� des architectures Performance versus intelligence Les points de vue op�rateurs, manufacturiers, fournisseurs de services et utilisateurs La complexit� projet�e dans l�urbanisme, l�architecture, les protocoles, les extr�mit�s et la subsidiarit� (management r�parti) Le rythme des ruptures et des �volutions dans le cadre de la convergence et des r�ajustements de la tectonique des 3 plaques T�l�coms, Informatique, Audiovisuel