1 / 85

Security and Privacy

Security and Privacy. 세종대학교 컴퓨터공학부 권 태 경. Contents. Introduction Security and privacy? Some related topics Authentication and Access Control Identity Management and HCI RFID Security Blocker Tag MANET Security General Concepts Database Security Search on Encrypted Data

edwinclark
Download Presentation

Security and Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security and Privacy 세종대학교 컴퓨터공학부 권 태 경

  2. Contents • Introduction • Security and privacy? • Some related topics • Authentication and Access Control • Identity Management and HCI • RFID Security • Blocker Tag • MANET Security • General Concepts • Database Security • Search on Encrypted Data • Terms Revisited

  3. Introduction

  4. What is Ubiquitous Computing? • “Wirelessly networked processors embedded in everyday objects” • Smart environments characterized by: • Transparent interaction • Automated capture • Context awareness • Proactive and reactive • Example projects • AT&T Active bat/badge, HP Cooltown, Microsoft Aura, Intel Place Lab and PersonalServerEQUATOR

  5. At UC Berkeley • WEBS (http://webs.cs.berkeley.edu) WEBS (Wireless Embedded Systems) NEST (Network Embedded System Technology) SesnorWebs Smart Dust

  6. Where Do We Currently Stand? • Ubiquitous devices (always “at hand”): • Mobile phones, Personal Digital Assistants, Laptops, etc. • Computationally bounded • Limited battery • Ubiquitous networks (always available): • (W)LAN/MAN (Ethernet & IEEE 802.11) • GSM/GPRS/3G • PANs (Bluetooth, IrDA, AudioNet etc.) • Ubiquitous services • Currently mostly “location-based”

  7. Paradigm Shift • From Resource-Centric to User-Centric Past Super Distribution I like… Resource Please give me… Java -Context-aware -Resource distributed -Logic-aware -Resource centered Are the clients satisfied? Servants for human and society.

  8. So What? • Ubiquitous / pervasive computing • Access to services and information ANYWHERE and EVERYWHERE • Security and privacy infringement ANYWHERE and EVERYWHERE • UbiComp  Pervasive disclosure of user information

  9. Security and Privacy?

  10. Security and Privacy? • The “Old Model”– a Castle • Security perimeter, inside and outside • Firewalls for access control • Static security policy • Static trust model • Tendency to focus on network layer • Pre-evaluated, non- or slowly-evolving threat model.

  11. Security and Privacy? • Confidentiality/Secrecy • The assets of a computing system are accessible only by authorized parties • Preventing unauthorized disclosure • Secrecy Issue • Privacy Issue • Integrity • The assets of a computing system can be modified only by authorized parties or only in authorized ways • Preventing unauthorized modification • Availability • The assets of a computing system are accessible to authorized parties • Preventing denial of authorized access

  12. Normal Flow Destination Source Interruption: Availability Interception: Confidentiality Destination Destination Source Source Modification: Integrity Fabrication: Authenticity Destination Destination Source Source

  13. UbiComp Characteristics • Billions of potential subjects • Continual changein network configuration • Frequent disconnection • An absence of known online servers in many environments • Most likely absence (or unavailability) of administrators • Limited capabilities and power of small smart appliances • Privacy concerns, i.e. “big brother” or ubiquitous surveillance • Physical tamper resistance of smart devices themselves • …

  14. Security and Privacy! • The “New Model”which is flexible, adaptable, robust, effective and un-obtrusive

  15. Security and Privacy! • Authentication • secure transient associations • proximity • Recognition vs. Authentication • activities/behaviour • situation interpretation • (Dynamic) Identity Management • (Dynamic) Group Management

  16. Security and Privacy! • Confidentiality • eavesdropping on wireless links not a major issue • device capabilities (processor, battery etc.) • confidentiality of data and meta data on devices real problem • Integrity • again, not messages in transit but devices • tamper resistance/evidence

  17. Security and Privacy! • Availability • jamming communications channels • sleep deprivation • Dynamic Trust Model • localized decisions • context aware • Context-awareness • Generalised RBAC • Location-based access control

  18. Security and Privacy! • Security policies • prevent formation of “evidence”: forming a link between contexts, objects, users and objectives. • e.g. number, “credit card”, “foo bar”, credit limit • Location information privacy • One of the burning issues

  19. Authentication and Access Control

  20. Authentication • Ambient intelligent environments : roaming digital entities, most likely presence of strangers • Collaboration with most likely unknown entities: enrolment needed for authentication is missing • Identity in absolute terms is less meaningful than recognition of previous interaction to choose whether to collaborate or not • New requirements lead to new schemes, e.g. the Resurrecting Duckling security model [StajanoAnderson1999] • Any identifier can work as long as it allows for referencing the entity involved

  21. recognition authentication Authentication: subset of recognition location Kerberos patterns PKI Windows login IP address duckling

  22. Authentication/Recognition comparison

  23. User: Kreutzer, MichaelAccess: 09:20Withdraw: € 500

  24. User: Kreutzer, MichaelAccess: 09:20Withdraw: € 500 User: Kreutzer, MichaelAccess: 10:21Using: Bus #10

  25. User: Kreutzer, Michael Access: 09:20Withdraw: € 500 User: Kreutzer, MichaelAccess: 10:21Using: Bus #10 User: Kreutzer, MichaelAccess: 11:42Query: „Privacy+NSA“

  26. User: Kreutzer, MichaelAccess: 09:20Withdraw: € 500 Bank Client Profile Bruce Schneier Date: 24.03.02Time: 09:20Withdraw: 100 Quit: 09:42 User: Kreutzer Michael Access: 10:21Using: Bus #10 TrafficSystem Client Profile Bruce Schneier Date: 24.03.02Time: 10:21Using:Bus #10 Exit: Stop#11 TrafficSystem Client Profile Bruce Schneier Date: 24.03.02Time: 10:21Using:Bus #10 Exit: Stop#11 TrafficSystem Client Profile Bruce Schneier Date: 24.03.02Time: 10:21Using:Bus #103 Exit: Stop#11 Bank Client Profile Bruce Schneier Date: 24.03.02Time: 09:20Withdraw: 10032 Quit: 09:42 TrafficSystem Client Profile Michael Kreutzer Date: 24.03.02Time: 10:21Using:Bus #10 Exit: Stop#11 Bank Client Profile Michael Kreutzer Date: 24.03.02Time: 09:20Withdraw: 500 Quit: 09:42 General Person Profile Bruce Schneier Date: 24.03.02Time: 11:42Location:BusExit: Stop#11 General Person Profile Bruce Schneier Date: 24.03.02Time: 11:42Location:BusExit: Stop#11 General Person Profile Bruce Schneier Date: 24.03.02Time: 11:42Location:BusExit: Stop#11 General Person Profile Michael Kreutzer Date: 24.03.02Time: 11:42Location:LibraryQuery:Privacy+ NSA Library Client Profile Michael Kreutzer Date: 24.03.02Time: 11:42Query:Privacy+ NSA Library Client Profile Bruce Schneier Date: 24.03.02Time: 11:42Query: Location General Person Profile Bruce Schneier Date: 24.03.02Time: 11:42Location:BusExit: Stop#11 User: Kreutzer, MichaelAccess: 11:42Query: „Privacy+NSA“

  27. The Problem: Prevention of User Profiling • Conditions: • Ad Hoc => Constantly changing networks/services • Mobile => Constantly changing location • Fully automatic authentication requests from the environment • Linkability of the device!

  28. Leisure Willi Webster Anonymous Shopping Public Authority Identity Management Identity Name: Willi Weber Nickname: Webster Society: Friends of Privacy Berlin e.V. Credit Card: VISACard #: 9988 7766 5544 Valid until:01.01.2003 Birthday: 11.07.1974 Place of Birth: Paris Hobbies: Swimming, Books Address: Street: Friedrichstr. 50 ZIP-Code: 79098 City: Freiburg

  29. Rules Identities Identity Management ContextSensors Identity Management Services andApplications ContextSensing Choice ofIdentity Configurationof Services Banking Shopping HomeAutomation Filter ...

  30. User: Kreutzer, MichaelAccess: 09:20Withdraw: € 500 Identity: Bank Client Name: Michael Kreutzer Account#: 12927382 Identity: Anonymous

  31. User: Kreutzer, MichaelAccess: 09:20Withdraw: € 500 Identity: Bus Ticket#: 23882Access: 10:21Using: Bus #10 Ticket #: 23882 Bus

  32. User: Kreutzer, Michael Access: 09:20Withdraw: € 500 Ticket#: 23882Access: 10:21Using: Bus #10 Bus User: AnonymousAccess: 10:21Query: Privacy+NSA Identity: Anonymous

  33. Bank Client Profile Bruce Schneier Date: 24.03.02Time: 09:20Withdraw: 10032 Quit: 09:42 User: Kreutzer, MichaelAccess: 09:20Withdraw: € 500 Bank Client Profile Michael Kreutzer Date: 24.03.02Time: 09:20Withdraw: 10000 Quit: 09:42 Bank Client Profile Bruce Schneier Date: 24.03.02Time: 09:20Withdraw: 100 Quit: 09:42 TrafficSystem Client Profile Ticket #5321 Date: 24.03.02Time: 14:31Using:Bus #12 Exit: Stop#123 Bus Bus Bus ? Ticket#: 23882Access: 10:21Using: Bus #10 TrafficSystem Client Profile Ticket #23882 Date: 24.03.02Time: 10:21Using:Bus #10 Exit: Stop#11 Bus TrafficSystem Client Profile Ticket #12321 Date: 24.03.02Time: 10:31Using:Bus #1 Exit: Stop#5 Library Client Profile Anonymous Date: 24.03.02Time: 11:42Query: Crypto Library Client Profile Anonymous Date: 24.03.02Time: 11:42Query:Privacy+ NSA User: AnonymousAccess: 10:21Query: Privacy+NSA

  34. Role Based Access Control ( RBAC ) • Rights are associated with pre-defined roles, and not with users. • Roles can change in different environments, while user remains the same  context – dependent semantics ! • Rules for assigning roles are the main access control mechanism • Dynamic creation of roles is possible, based on inferences • Drawback : dynamic delegation of rights not possible

  35. Security Aware Computing

  36. Context Awareness Model

  37. Context Awareness Model

  38. Security vs. HCI • How does Security affect the user-friendliness of UbiComp? • Can security be achieved without explicit interaction?

  39. RFID Security

  40. Wig model #4456 (cheap polyester) Replacement hip medical part #459382 Das Capitaland Communist-party handbook 500 Euros in wallet Serial numbers: 597387,389473… 30 items of lingerie RFID Tags Everywhere

  41. Simple Approaches to Privacy Method 1: Place RFID-tags in protective mesh or foil Problem: makes locomotion difficult… perhaps useful for wallets

  42. Simple Approaches to Privacy Method 2: “Kill” RFID tags Problem: RFID tags are much too useful…

  43. One Example • European Central Bank has announced plans to implant RFID tags in banknotes by 2005 • Uses? • Anti-counterfeiting • Tracking of illicit monetary flows

  44. “Just in case you want to know, she’s carrying 700 Euro…” Privacy Infringement • More efficient mugging • Fairly easy tracking of people and transactions by anyone! • Law-enforcement snooping capabilities made freely available

  45. External re-encryption • To thwart tracking, appearance of ID should change • RFID tags have too little computational power to generate new IDs • Key idea: Periodically change ID by performing public-key cryptographic operations (re-encryption) in external privacy agent

  46. E[ID] E[ID] Cryptography performed by external privacy agent (e.g., reader)

  47. Some other technical challenges • How do we ensure that banknote is accessed only by valid privacy machine? • Require optical scan for changes to banknotes – Writing can be restricted; reading is still easy • How do we ensure that privacy machine did its job properly? • Cryptographic tricks: Special composition of ciphertexts

  48. “74AB8” “9JHHS” “LI7YY” Pseudonym management • RFID tag contains a number of pseudonyms • Every time it is queried, tag releases a different pseudonym

More Related