1 / 17

The Security for Service Discovery Protocols in Pervasive Computing

The Security for Service Discovery Protocols in Pervasive Computing. Su Jin Kim Su.Kim@asu.edu. Outline. Overview Existing Protocols Security Issues PrudentExposure: Serive Discovery Protocol Conclusion. Pervasive Computing. Pervasive Computing Environments

ford
Download Presentation

The Security for Service Discovery Protocols in Pervasive Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Security for Service Discovery Protocols in Pervasive Computing Su Jin Kim Su.Kim@asu.edu

  2. Outline • Overview • Existing Protocols • Security Issues • PrudentExposure: Serive Discovery Protocol • Conclusion

  3. Pervasive Computing • Pervasive Computing Environments • Consist of networked computing devices in our surroundings ex) tiny sensors, embedded devices…

  4. Service Discovery Protocols • Service Discovery Protocols • Enable a user to discover, configure, and communicate with services • Are designed to minimize administrative overhead and increase usability • What types of services are available? • Where are the services? • How can clients contact the services?

  5. Security Access the personal information Access and use the devices

  6. Attackers • Passive attackers • An attacker eavesdrops on communications between devices. He is only interested in catching the secret information. • Active attackers • An attackers act as a legitimate user and ceases the functionality of the network.

  7. Security Requirements • Authentication • Confirm the identity of users • Authorization • Verify whether a user is allowed to do actions • Confidentiality • Is related to which users are allowed to read the messages being transferred • Integrity • Verify whether the message is modified by others • Privacy • Hide the information, identities and presence information

  8. Challenges • Characteristics of Pervasive Computing • Heterogeneity • Hardware, Software, Infrastructure, and Security Requirement • Mobility • Dynamic changes in environments • Limited resources • Hardware and Energy

  9. Service Discovery Infrastructure • Components • User Agents • Perform service discovery on behalf of client software • Service Agents • Advertise the location and attributes on behalf of services • Directory Agents • Aggregate and manage service information • Directory-based infrastructure • Large Networks • Nondirectory-based infrastructure • Small Networks

  10. Service Request:Printer Service Reply Nondirectory-based Service Discovery User Agent Service Agent

  11. Service Request:Printer Service Ack Service Reply Service Register Directory-based Service Discovery User Agent Directory Agent Service Agent

  12. Exiting Protocols

  13. PrudentExposure • Example Scenario • Alice and Bob work at the same office and they have various devices. They don’t want to expose any information of their own service and user account. • Provide privacy for services and users • At the service’s side, service information, identity, and presence information should be hidden from others • At the user’s side, user’s identity, information, and presence information should be hidden to others • Directory-based service discovery

  14. Fake bites 1 1 Bloom Filter • Domain Identity • Share between a directory and users in the domain • Bloom filters • Checks the membership Hash (Domain_ID | R) 0 1 2 3 4 5 6 7 …

  15. matched Reply Membership test User Agent Request + R Directory Agent

  16. Problems & Conclusion (1) • The absence of a directory • Need to support both directory and nondirectory-based systems • SLP has overhead to determine the infrastructure. • Revocation • To deregister a user, we need to update the new domain identity to each user in the domain.

  17. Problems & Conclusion (2) • Heterogeneity • Devices have different capabilities and security requirements. • We need to support different security policies based on categories. • Goals: • Provide the privacy • Provide the both infrastructures: directory & Nondirectory-based service discovery protocols • Minimize the overhead

More Related