870 likes | 1.22k Views
Security and Privacy. 세종대학교 컴퓨터공학부 권 태 경. Contents. Introduction Security and privacy? Some related topics Authentication and Access Control Identity Management and HCI RFID Security Blocker Tag MANET Security General Concepts Database Security Search on Encrypted Data
E N D
Security and Privacy 세종대학교 컴퓨터공학부 권 태 경
Contents • Introduction • Security and privacy? • Some related topics • Authentication and Access Control • Identity Management and HCI • RFID Security • Blocker Tag • MANET Security • General Concepts • Database Security • Search on Encrypted Data • Terms Revisited
What is Ubiquitous Computing? • “Wirelessly networked processors embedded in everyday objects” • Smart environments characterized by: • Transparent interaction • Automated capture • Context awareness • Proactive and reactive • Example projects • AT&T Active bat/badge, HP Cooltown, Microsoft Aura, Intel Place Lab and PersonalServerEQUATOR
At UC Berkeley • WEBS (http://webs.cs.berkeley.edu) WEBS (Wireless Embedded Systems) NEST (Network Embedded System Technology) SesnorWebs Smart Dust
Where Do We Currently Stand? • Ubiquitous devices (always “at hand”): • Mobile phones, Personal Digital Assistants, Laptops, etc. • Computationally bounded • Limited battery • Ubiquitous networks (always available): • (W)LAN/MAN (Ethernet & IEEE 802.11) • GSM/GPRS/3G • PANs (Bluetooth, IrDA, AudioNet etc.) • Ubiquitous services • Currently mostly “location-based”
Paradigm Shift • From Resource-Centric to User-Centric Past Super Distribution I like… Resource Please give me… Java -Context-aware -Resource distributed -Logic-aware -Resource centered Are the clients satisfied? Servants for human and society.
So What? • Ubiquitous / pervasive computing • Access to services and information ANYWHERE and EVERYWHERE • Security and privacy infringement ANYWHERE and EVERYWHERE • UbiComp Pervasive disclosure of user information
Security and Privacy? • The “Old Model”– a Castle • Security perimeter, inside and outside • Firewalls for access control • Static security policy • Static trust model • Tendency to focus on network layer • Pre-evaluated, non- or slowly-evolving threat model.
Security and Privacy? • Confidentiality/Secrecy • The assets of a computing system are accessible only by authorized parties • Preventing unauthorized disclosure • Secrecy Issue • Privacy Issue • Integrity • The assets of a computing system can be modified only by authorized parties or only in authorized ways • Preventing unauthorized modification • Availability • The assets of a computing system are accessible to authorized parties • Preventing denial of authorized access
Normal Flow Destination Source Interruption: Availability Interception: Confidentiality Destination Destination Source Source Modification: Integrity Fabrication: Authenticity Destination Destination Source Source
UbiComp Characteristics • Billions of potential subjects • Continual changein network configuration • Frequent disconnection • An absence of known online servers in many environments • Most likely absence (or unavailability) of administrators • Limited capabilities and power of small smart appliances • Privacy concerns, i.e. “big brother” or ubiquitous surveillance • Physical tamper resistance of smart devices themselves • …
Security and Privacy! • The “New Model”which is flexible, adaptable, robust, effective and un-obtrusive
Security and Privacy! • Authentication • secure transient associations • proximity • Recognition vs. Authentication • activities/behaviour • situation interpretation • (Dynamic) Identity Management • (Dynamic) Group Management
Security and Privacy! • Confidentiality • eavesdropping on wireless links not a major issue • device capabilities (processor, battery etc.) • confidentiality of data and meta data on devices real problem • Integrity • again, not messages in transit but devices • tamper resistance/evidence
Security and Privacy! • Availability • jamming communications channels • sleep deprivation • Dynamic Trust Model • localized decisions • context aware • Context-awareness • Generalised RBAC • Location-based access control
Security and Privacy! • Security policies • prevent formation of “evidence”: forming a link between contexts, objects, users and objectives. • e.g. number, “credit card”, “foo bar”, credit limit • Location information privacy • One of the burning issues
Authentication • Ambient intelligent environments : roaming digital entities, most likely presence of strangers • Collaboration with most likely unknown entities: enrolment needed for authentication is missing • Identity in absolute terms is less meaningful than recognition of previous interaction to choose whether to collaborate or not • New requirements lead to new schemes, e.g. the Resurrecting Duckling security model [StajanoAnderson1999] • Any identifier can work as long as it allows for referencing the entity involved
recognition authentication Authentication: subset of recognition location Kerberos patterns PKI Windows login IP address duckling
User: Kreutzer, MichaelAccess: 09:20Withdraw: € 500 User: Kreutzer, MichaelAccess: 10:21Using: Bus #10
User: Kreutzer, Michael Access: 09:20Withdraw: € 500 User: Kreutzer, MichaelAccess: 10:21Using: Bus #10 User: Kreutzer, MichaelAccess: 11:42Query: „Privacy+NSA“
User: Kreutzer, MichaelAccess: 09:20Withdraw: € 500 Bank Client Profile Bruce Schneier Date: 24.03.02Time: 09:20Withdraw: 100 Quit: 09:42 User: Kreutzer Michael Access: 10:21Using: Bus #10 TrafficSystem Client Profile Bruce Schneier Date: 24.03.02Time: 10:21Using:Bus #10 Exit: Stop#11 TrafficSystem Client Profile Bruce Schneier Date: 24.03.02Time: 10:21Using:Bus #10 Exit: Stop#11 TrafficSystem Client Profile Bruce Schneier Date: 24.03.02Time: 10:21Using:Bus #103 Exit: Stop#11 Bank Client Profile Bruce Schneier Date: 24.03.02Time: 09:20Withdraw: 10032 Quit: 09:42 TrafficSystem Client Profile Michael Kreutzer Date: 24.03.02Time: 10:21Using:Bus #10 Exit: Stop#11 Bank Client Profile Michael Kreutzer Date: 24.03.02Time: 09:20Withdraw: 500 Quit: 09:42 General Person Profile Bruce Schneier Date: 24.03.02Time: 11:42Location:BusExit: Stop#11 General Person Profile Bruce Schneier Date: 24.03.02Time: 11:42Location:BusExit: Stop#11 General Person Profile Bruce Schneier Date: 24.03.02Time: 11:42Location:BusExit: Stop#11 General Person Profile Michael Kreutzer Date: 24.03.02Time: 11:42Location:LibraryQuery:Privacy+ NSA Library Client Profile Michael Kreutzer Date: 24.03.02Time: 11:42Query:Privacy+ NSA Library Client Profile Bruce Schneier Date: 24.03.02Time: 11:42Query: Location General Person Profile Bruce Schneier Date: 24.03.02Time: 11:42Location:BusExit: Stop#11 User: Kreutzer, MichaelAccess: 11:42Query: „Privacy+NSA“
The Problem: Prevention of User Profiling • Conditions: • Ad Hoc => Constantly changing networks/services • Mobile => Constantly changing location • Fully automatic authentication requests from the environment • Linkability of the device!
Leisure Willi Webster Anonymous Shopping Public Authority Identity Management Identity Name: Willi Weber Nickname: Webster Society: Friends of Privacy Berlin e.V. Credit Card: VISACard #: 9988 7766 5544 Valid until:01.01.2003 Birthday: 11.07.1974 Place of Birth: Paris Hobbies: Swimming, Books Address: Street: Friedrichstr. 50 ZIP-Code: 79098 City: Freiburg
Rules Identities Identity Management ContextSensors Identity Management Services andApplications ContextSensing Choice ofIdentity Configurationof Services Banking Shopping HomeAutomation Filter ...
User: Kreutzer, MichaelAccess: 09:20Withdraw: € 500 Identity: Bank Client Name: Michael Kreutzer Account#: 12927382 Identity: Anonymous
User: Kreutzer, MichaelAccess: 09:20Withdraw: € 500 Identity: Bus Ticket#: 23882Access: 10:21Using: Bus #10 Ticket #: 23882 Bus
User: Kreutzer, Michael Access: 09:20Withdraw: € 500 Ticket#: 23882Access: 10:21Using: Bus #10 Bus User: AnonymousAccess: 10:21Query: Privacy+NSA Identity: Anonymous
Bank Client Profile Bruce Schneier Date: 24.03.02Time: 09:20Withdraw: 10032 Quit: 09:42 User: Kreutzer, MichaelAccess: 09:20Withdraw: € 500 Bank Client Profile Michael Kreutzer Date: 24.03.02Time: 09:20Withdraw: 10000 Quit: 09:42 Bank Client Profile Bruce Schneier Date: 24.03.02Time: 09:20Withdraw: 100 Quit: 09:42 TrafficSystem Client Profile Ticket #5321 Date: 24.03.02Time: 14:31Using:Bus #12 Exit: Stop#123 Bus Bus Bus ? Ticket#: 23882Access: 10:21Using: Bus #10 TrafficSystem Client Profile Ticket #23882 Date: 24.03.02Time: 10:21Using:Bus #10 Exit: Stop#11 Bus TrafficSystem Client Profile Ticket #12321 Date: 24.03.02Time: 10:31Using:Bus #1 Exit: Stop#5 Library Client Profile Anonymous Date: 24.03.02Time: 11:42Query: Crypto Library Client Profile Anonymous Date: 24.03.02Time: 11:42Query:Privacy+ NSA User: AnonymousAccess: 10:21Query: Privacy+NSA
Role Based Access Control ( RBAC ) • Rights are associated with pre-defined roles, and not with users. • Roles can change in different environments, while user remains the same context – dependent semantics ! • Rules for assigning roles are the main access control mechanism • Dynamic creation of roles is possible, based on inferences • Drawback : dynamic delegation of rights not possible
Security vs. HCI • How does Security affect the user-friendliness of UbiComp? • Can security be achieved without explicit interaction?
Wig model #4456 (cheap polyester) Replacement hip medical part #459382 Das Capitaland Communist-party handbook 500 Euros in wallet Serial numbers: 597387,389473… 30 items of lingerie RFID Tags Everywhere
Simple Approaches to Privacy Method 1: Place RFID-tags in protective mesh or foil Problem: makes locomotion difficult… perhaps useful for wallets
Simple Approaches to Privacy Method 2: “Kill” RFID tags Problem: RFID tags are much too useful…
One Example • European Central Bank has announced plans to implant RFID tags in banknotes by 2005 • Uses? • Anti-counterfeiting • Tracking of illicit monetary flows
“Just in case you want to know, she’s carrying 700 Euro…” Privacy Infringement • More efficient mugging • Fairly easy tracking of people and transactions by anyone! • Law-enforcement snooping capabilities made freely available
External re-encryption • To thwart tracking, appearance of ID should change • RFID tags have too little computational power to generate new IDs • Key idea: Periodically change ID by performing public-key cryptographic operations (re-encryption) in external privacy agent
E[ID] E[ID] Cryptography performed by external privacy agent (e.g., reader)
Some other technical challenges • How do we ensure that banknote is accessed only by valid privacy machine? • Require optical scan for changes to banknotes – Writing can be restricted; reading is still easy • How do we ensure that privacy machine did its job properly? • Cryptographic tricks: Special composition of ciphertexts
“74AB8” “9JHHS” “LI7YY” Pseudonym management • RFID tag contains a number of pseudonyms • Every time it is queried, tag releases a different pseudonym