550 likes | 750 Views
Service Discovery in Pervasive Computing Environments. Matt Mutka Dept. of Computer Science & Engr. Michigan State University East Lansing, Michigan 48824 mutka@cse.msu.edu. Outline. Supermedia Networking not today’s main topic Service Discovery in Pervasive Computing Environments
E N D
Service Discovery in Pervasive Computing Environments Matt MutkaDept. of Computer Science & Engr.Michigan State UniversityEast Lansing, Michigan 48824mutka@cse.msu.edu
Outline • Supermedia Networking • not today’s main topic • Service Discovery in Pervasive Computing Environments • today’s main topic • The “Master Key”
Collaborators • Lionel Ni (HKUST) • Ning Xi (MSU ECE), • Ranjan Mukherjee (MSU ME) • Students • Feng Zhu, Zhiwei Cen, Amit Goradia, Michael Huntwork, Clayton Haffner, Chad Klochko
Supermedia - The Idea! USA Commands Internet Robots Sensors Internet Video, Haptic & Temperature Japan Force/Torque Sensor Commands Internet Temperature Rendering Device Internet Non-contact Temperature Sensor Hong Kong Video, Haptic & Temperature
Internet Based Teleoperation Internet Sensory Feedback Commands
Internet Based Tele-cooperation Japan USA Internet Internet Hong Kong
Outline • Supermedia Networking • Service Discovery in Pervasive Computing Environments • The “Master Key”
Pervasive Intelligent Devices with Wireless Communication Capability
Network Services Everywhere • Office • Mobile Commerce • Mobile entertainment • Location-based service • Home
Why Service Discovery? • Traditional Distributed Service Access • Administrative overhead • DNS and DHCP servers • Driver installation/update • Manually configure server name and port number • Difficult to handle partial failure • Device, service, network failure • Users are interested in services not administration • Service discovery facilitates service usage towards zero administration • Especially important in pervasive computing environments • Manual configuration is impossible
Some Service Discovery Protocols • Jini – Sun Microsystems • UPnP – Microsoft • Rendezvous – Apple Computer • Salutation – Salutation Consortium • Bluetooth – Bluetooth SIG • SLP – IETF • INS and INS/Twine – MIT • SSDS – UC Berkeley • Deapspace – IBM research
Service Discovery Models client-service model client-service-directory model
New Challenges • Services at a place belong to different owners • User mobility • Service mobility • Many user identities for different user roles • If no identity is required, access controlisviolated • If service discovery is device-based, access controlmay be violated • If an identity is required, difficult to implement on devices,usability problems, possibly miss opportunities
Dark Side • Users expose personal information of devices one is carrying to other users • Users expose service request information • Services expose information of the domains provided • Exposed devices have increased potential for attacks: man-in-middle, replay, DOS, SPAM, …
Our Goals • Maintain the good usability of service discovery • Protecting Sensitive Information • As an owner • Control services • Protect service information • Protect owner’s presence information • As a user • Protect identities • Protect service queries • Protect user’s presence information • No existing secure service discovery protocol meets these requirements so far
Status quo – 4 Approaches • Insecure service discovery • Apply traditional access control solutions • UPnP Security • Trusted central servers • Secure Service Discovery Service (SSDS) • Automated service provider discovery and credential management • PrudentExposure
Existing Secure Service Discovery Protocols • UPnP Security • Support various authorization methods • Access control lists, authorization servers, authorization certificates, and group definition certificates • Generic method to differentiate an owner’s devices from others • Example: Bob discovers his MP3 player • Service accesses are limited to device owners • Inefficient • Privacy problem
Existing Secure Service Discovery Protocols (cont’d) • SSDS • Many built-in security features • Authentication, authorization, data and service privacy, and integrity • Manage services centrally • Enterprise environments • Example • Why centralized approaches are not fit pervasive environments • For users • Exposes personal services to central servers? • Which user role? • For directories (servers) • Accepts any service registrations? • Who manages access control?
Existing Secure Service Discovery Protocols (cont’d) • PrudentExposure • Software manages a user’s credentials • Users and service providers exchange code words
A Chicken-and-egg Problem • From users’ point of view • Interact with necessary service providers • Ideally, service providers expose their information first • From service providers point of view • Interact with legitimate users • Hiding by not responding • Ideally, users expose their information first
Design Goal • From service providers point of view
The Progressive Approach • Strategy • Progressively expose partial information • Predictable exposure • The problem is false positive matches • Predictable overhead • Protect sensitive information • Only expose to legitimate parties
Protect Sensitive Information from Illegitimate Parties • Protect identities via code words • Protect service information via encryption
Basic Protocol Send code word bits Send service info bits Check code word bits Check service info bits Check code word bits Check service info bits Send code word bits Send service info bits
Experiments • Compaq iPAQs • ARM SA1110 206 MHz processor • 64MB RAM • An expansion pack • D-Link DCF-650W wireless card • 802.11 ad hoc mode and 2Mbps • Microsoft eMbedded Visual C++ 3.0 • Microsoft PocketPC 3.0 • Average time of 100 experiments
Experiment Results • About 100ms to interact with a service provider
Outline • Supermedia Networking • Service Discovery in Pervasive Computing Environments • The “Master Key”
Entity Authentication • Keys – the most common form • 4000 years of history since ancient Egypt • Today we also use • Magnetic stripe cards • Smart cards • RFID tags • Remote Keyless Entry systems (RKE) • Other tokens
Traditional Master Keys • One key opens many locks • Convenient • Delegation problem • Revocation problem Picture from: M. Blaze, "Rights Amplification in Master-Keyed Mechanical Locks," IEEE SECURITY & PRIVACY, vol. 1, pp. 24-32, 2003
Multiple Access Tokens • No delegation & revocation problems • Improved usability • Lock & unlock a car, RKE • Unlock a hotel door, magnetic stripe cards • Difficult to manage if too many
The Master Key • Aggregate all digital credentials • Automatically supply credentials • Advantages of the traditional master keys and multiple access tokens • One device • No revocation problem • No delegation problem Potential Master Key devices
Related work The Master Key design System analysis and evaluation Discussion Conclusion and future work Presentation Outline
Magnetic Stripe Technology • Since early 1960s • Widely used • Bank cards • Hotel room locks • Not secure enough • Loss due to counterfeit cards in UK is £130 million in 2004
Smart Cards • Since late 1960s • Processing capability and storage capacity • Secure! (Cryptography) • Contact & contact less • Wide application • Prepaid transit cards • ID cards • Health cards • Passports
RFID Tags • Passive ID tags are vulnerable • No processing capabilities for cryptography • Example, MIT card
Remote Keyless Entry Systems • Widely used on cars and garage-doors • Limited security • A “rolling code” for authentication
iButtons • Secure • Wide application • Keys • E-cash • Asset management devices • Example • 200,000 iButton owners accessing 10,000 buildings in New York
Other Related Work • Public key operations are possible on tiny devices, Berkeley/Crossbow Mica2 mote • Location-based or proximity-based authentication • Zero-Interaction Authentication (ZIA) • Biometric recognition: fingerprint, iris, hand geometry, and voice recognition • Personal Servers as digital keys
Related work The Master Key design System analysis and evaluation Discussion Conclusion and future work Presentation Outline
Many locks and keys Automatically find a key via discovery Discover Locks
Code word 1 Code word 2 Private Authentication • Key – lock pairs speak code words • No explicit identities exchanged
Code Words • The Bloom filter format • Multiple code words in a Bloom filter Code words
Code Word Length • Partial code word • The few bits the less exposure –privacy • The more bits the less false positive overhead
The Master Key Protocols • Mutual authentication in 3 messages • TVPs are challenges • Exposure order can be changed • Keys expose first or locks expose first
Overhead vs. Privacy Higher overhead & better privacy Precise & lower overhead
Performance Measurements • The Master Key • Compaq iPAQ, 206 MHz processor, 64MB RAM, and a D-Link DCF-650W wireless card • A Lock • Dell AXIM X5, 400 MHz processor, 64MB RAM, and a Dell TrueMobile 1180 wireless card • 0.5 second to unlock in a extreme case • The Master Key specifies 820 code words and the lock has 500 key owners.
Discussion • Susceptible to the mafia fraud attack • May not have countermeasures by cryptography alone • May use location information • Transmission time • Multiple channels • Securing the Master Key is critical