1 / 13

Trust Reification and IoT

Trust Reification and IoT. Roy Campbell. ICDCS 2013 Panel “Is my toaster lying: security, privacy and trust issues in Internet of Things .”. Problems and Issues. ABI Research > 30 billion devices will be wirelessly connected to the Internet of Things (Internet of Everything) by 2020

celine
Download Presentation

Trust Reification and IoT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Trust Reification and IoT Roy Campbell ICDCS 2013 Panel “Is my toaster lying: security, privacy and trust issues in Internet of Things.”

  2. Problems and Issues • ABI Research >30 billion devices will be wirelessly connected to the Internet of Things (Internet of Everything) by 2020 • Peter-Paul Verbeek(professor of philosophy of technology) advocates viewing technology to consider it as an active agent. • “… the intelligence community views Internet of Things as a rich source of data,” Ackerman, We’ll spy on you through your dishwasher, Wired 2012. • David M. Nicol, Information Trust Institute, “in recent months, cybersecurity has made the news on a near-daily basis… an estimated 137.4 million cyber-attacks took place in 2012 alone, according to an IBM report, and former Secretary of Defense Leon Panetta has forewarned of a coming ‘cyber Pearl Harbor’.”

  3. Vision- Turing said it right!!! • Computers and Humans --- can one distinguish one from another? • Evolutionary Competition • No such thing as a good device or a bad human • spectrum of competing agents with differing motives • We need a theory and practice of distributed systems that provides us ways to reason about the outcome of systematized intelligent agent games

  4. Properties of Solution • Reification of trust: resiliency, availability, confidentiality, privacy… • Use of big data: monitoring ensembles formed by agreement and empowered by collective action. • Need to know or minimal information exchanges • Evidence chains, policies and evaluations • Endogenous formation of collective awareness

  5. Issues Trust as Discrete Events • e.g., configuration changes, failures, audit logs, changes beliefs, changes to risk, …. • Hard to summarize • Anonymization techniques Distributed architecture • Cannot rely on a single entity to process information • Confidentiality of records; liability reasons • Multiple monitoring systems interacting without a single point of aggregation

  6. Information Leaks Naming system • Requests for resolution reveals that an organization has control of a resource Requests • The presence of a request might imply the presence of a local sequence of events matching the policy Number of events • Repeating the process multiple times reveals the number of matching events

  7. Challenges and Barriers • Optimistic and somewhat static characterizations of history and stable societies • Monitoring and assessment of individual and collective risk • The formulization and analysis of a framework for shared distributed decision making by autonomous agents (human or machine). • Self-validating framework for monitoring and reasoning

  8. Trust* • Trust is a mental state comprising: • (1) expectancy – the trustorexpects a specific behavior from the trustee (such as providing valid information or effectively performing cooperative actions); • (2) belief- the trustor believes that the expected behavior occurs, based on the evidence of the trustee’s competence, integrity, and goodwill; • (3) willingness to take risk - the trustoris willing to take risk for that belief. * Huang J, Nicol D (2010) A formal-semantics-based calculus of trust. Internet Comput IEEE 14(5): 38–46.

  9. Trust • Confidence in or reliance on some person or quality--- in this case trust-related event notification • Such events are all time and context dependent • Unilateral and Conditional Sharing of Events • Reasoning about motives, events, risks, and outcomes.

  10. Tradeoff: Confidentiality vs Detection • Events provide knowledge about: • network topology • network traffic • configurations • installed programs • vulnerable programs • user behaviors • services • critical machines • … Complete confidentiality Complete openness Detection of global security concerns Only detection of local security concerns Can we find a tradeoff?

  11. Monitoring Architecture Multi-organization event-based monitoring • Built on top of current monitoring architecture • Each organization detect problems in its infrastructure independently Cloud Provider • Service Provider Monitoring server Contributions: • Minimum information sharing / need-to-know in multi-organization systems • Distributed logic reasoning algorithm for policy compliance • Minimal sharing obtainable for simple policies; reduces information exposure for more complex policies Monitoring server Cloud Provider Private Infrastructure

  12. Secure Two-Party Computation Conditional Sharing r=sharing if events a,b match the policy • Event a known only by org A • Event b known only by org B Determine if the two events match without revealing them to the other party • Garbled Circuits [Yao, 1986; Huang, 2012] • Fast secure two-party computation • Encode each resource-based rule as a combinatorial circuit • Event parameters as input from each organization • If result is true, the event is shared • If not, almost no information is leaked • Repeat for each couple of private events • runsCritService • (inst0, p) partial(inst0) 0/1

  13. References • “Limiting Data Exposure in Monitoring Multi-domain Policy Conformance,” MirkoMontanari, Jun Ho Huh, Rakesh B. Bobba and Roy H. Campbell, Trust 2013. • “Transforming Big Data into Collective Awareness,” Pitt, Bourazeri, Nowak, et al, Computer, June, 2013 • “Garbled Circuits” [Yao, 1986; Huang, 2012] • “A formal-semantics-based calculus of trust.” Huang J, Nicol D (2010)Internet Comput IEEE 14(5): 38–46.

More Related