280 likes | 407 Views
Chapter 11. Security, Privacy, & Trust Issues in Smart Environments. Consider, A Smart Home knows…. What time you go to bed, get up What time you leave for, come from work That you have a brand new $5,000 plasma TV Your password to your computer The combination to your safe
E N D
Chapter 11 Security, Privacy, & TrustIssues in Smart Environments
Consider, A Smart Home knows… • What time you go to bed, get up • What time you leave for, come from work • That you have a brand new $5,000 plasma TV • Your password to your computer • The combination to your safe • All your important numbers • SSN, bank account, security code ? How secure do you want your system to be ?
Introduction • Smart environment (space) - extensively equipped sensors, actuators, computing • Exploit combinations of small distributed sensing & computational nodes to identify & deliver personalized service • User interacts & exchanges information with environment * Must be secure, private, trustworthy *
Trust vs. Risk • Vast amount of personal information • What about safety? • These issues may delay or stop acceptance of smart environments • Cost + less privacy
How Ubicomp Differs- 4 Key Issues - • Ubiquity: everywhere • Invisibility: users won't know when they are "using" a computer • Sensing: inputs everything you do & say • Memory Amplification: all can be stored, queried, replayed * Sounds like a "bad" sci-fi movie! *
The Fundamental Change … • Today, can often see boundaries • RE: security, privacy, trust - can identify end points; i.e. who get information • Smart Environment • Don't know what's collected • Don't know where it goes • End points not visible
Technology Categories • Fixed Sensors: no computation • Window open or closed • Mobile Sensors: on the move; maybe GPS • Sensed information vs. supplied • Fixed Computing Elements: computation & storage • e.g. computer, air conditioner • Mobile Computing Elements: movement • e.g. PDA, laptops, robots, intelligent wheelchair No single component has full knowledge or control
Security • Need same as other computer systems, network • Ensure information is not stolen, modified, access denied • Respect privacy • Trustworthy interactions • Can "system" become an unwitting spy? • What about visitors?
Terminology Security:confidentiality, integrity, availability Confidentiality: protecting information/service from unauthorized access Integrity:protecting information/service from unauthorized changes (errors) Availability: ensure information/service remains accessible
Security - Smart Environments • Encryption, Decryption - the main issue • Authentication also important • Complex • Decentralized • Dynamic • Transient • Proposed, but not suitable, solution • Pretty Good Privacy (PGP) • Decentralized Web of trust
More on Security • Devices have limited processing - storage • Less than suitable encryption • Focus on transmission - eavesdropping • Still • Hard to locate malicious mobile users • Invisible - hard to secure network, can't see • Denial-of-service attacks
Device Security • Device arrives from unknown domain • Has device been altered? • Theft - not just device • Can malicious user masquerade as sensor? • Limited battery life - intentionally run down
Privacy • Personalization of environment contributes to privacy problems • Lot of information collected; subject to misuse • 1984 - George Orwell - Big Brother
Terminology Privacy: individuals* ability to determine when, how & what information is communicated to others • Protecting private information • * Includes organizations Privacy Control: includes management • Set & enforce rules • How managed is adaptively based on changes in disclosure & location (mobility)
Principle of Fair Information Practices • Openness/transparency - no secret records • Individual participation - can see records • Collection limits - appropriate collection • Data quality - accurate & relevant
Principles #2 5.Use limits - only for specified purpose & authorized users 6. Appropriate security- reasonable efforts 7. Accountability- record keepers • Not a one-way responsibility (system to user) in smart environments • User must be aware
P3P - Platform for Privacy Preferences • From W3C - consortium • Aims to define open standards for web sites to enhance user control • User can describe own privacy preferences • Aimed at e-commerce • So far, not adapted to smart environments • Due to bi-direction nature • Conclusion: cannot achieve total privacy; • should base on openness
Privacy Guidelines • Based on principles & accidental invasion of privacy • Notice: make user aware, awareness infrastructure • Choice & consent: • Get explicit consent • Once notified, allow user to choose to participate • Invisible vs. less invisible • Natural vs. less natural • Anonymity & pseudonymity • hide user identity • Contrary to "personalization"
Privacy Guidelines #2 4.Proximity & locality • Related to filtering & multicasting • Information only distributed to those in guidelines 5.Adequate security • Encryption vs. small devices • Use encryption wisely 6. Access & recourse • Good practice in collection & distribution of data
Trust • Not well defined • How can you trust a mobile entity when you may not even know them? • Cryptography protects data, privacy but who do you communicate with? • Consider in your smart home … • Your kids’ friends • A repairperson • The date of your friend who comes to a party * Can you "trust" them? *
Trust Traditional security doesn't really cover the smart environment • Identification & Authentication • Unsuitable, inflexible • Mobility
Terminology Trust: difficult to define • Subjective: depends on context • Linked to risk, benefits • Intransitive • a trusts b trusts c • a doesn't necessarily trust c • Based on benevolence, honesty, competence, predictability
Trust Aspects System Trust: system measures in place to encourage successful interactions Dispositional Trust: expectations of the trustworthiness of others Situational Decision to Trust: situation specific nature of trust & formation of trust to an entity Trust is emotional; emotion modeling not well understood
Trust Managementfor Smart Environments • A unified approach to specifying & interpreting security policies, credentials, & relationships that follow direct authorization of security-critical actions (Blaze) • Viewed as assignment of privileges • e.g. PolicyMaker, KeyNote • e.g. (extension) REFEREE Trust Management System • Credential-based -- not for smart environments • Inflexible, credential problems
New Approaches to Trust • Lots of research; want humanly intuitive • Marsh • Based on utility, risk, importance • Formulas for trust values [-1, 1) • Very limited; not fully inclusive • Abdul-Rahman • Decentralized trust management • Incorporates trust levels & dynamics • Based on reputation, recommendations, & experience (of truster)
New Approaches #2 • Josang • Based on subjective logic & subjective beliefs • Involves propositional logic, probability, consensus • Jonker & Treur • Dynamics of trust in light of personal experience • Trust-negative & trust-positive evidence
New Approaches #3 • Grandison & Stoman • Trust management must be evaluated/analyzed • SULTAN - Simple Universal Logic-oriented Trust Analysis Notation • Includes trust establishment, analysis, risk, specification • SECURE Project • General trust model • Allows for application specific domains • Based on historical behavior
Security - Privacy - Trust • Issues are different • Mobile • Smart • Wireless • Other issues • Legal • Biometric • Sociotechnical • Access control • Others * Very Important Challenge! *