Gaia Context and Location-Aware Encryption for Pervasive Computing Environments Jalal Al-MuhtadiRaquel Hill Roy Campbell Dennis Mickunas University of Illinois at Urbana-Champaign
Gaia Outline n n Background n n Motivation n n Assumptions n n System Overview – –Gaia Context File System – –Gaia Publish/Subscribe Channel n n Implementation & Evaluation n n Conclusion & Future Work
Gaia Active Spaces Middleware – Gaia Active Space homeofficecarcampus Physical space coordinated by a responsive context-based software infrastructure that enhances the ability of mobile users to interact and configure their physical and digital environment seamlessly.
Gaia Introducing Gaia n Gaia OS, a distributed meta-operating system that runs on top of existing operating systems. n Provides infrastructure and core services for constructing general-purpose ubiquitous computing environments. homeofficecarcampus hospital
Gaia Introducing Gaia MS Windows, OS X, Linux, Symbian OS, Mobile Windows, etc.
Gaia Motivation n n Goal: defining an efficient authorization mechanism which leverages contextual information –context information changing frequently expensive re- keying
Gaia Motivation n n Security in pervasive computing is essential n n Major barrier to real-world deployment n n New computing paradigm new challenges – –Integration of digital & physical infrastructures – –Context & Location Awareness n n Context and Location Awareness as an additional parameter to security
Gaia Scenarios n Active Space –only provide services to devices inside the space n Classroom n Hospital Scenario –authorized nurses inside specific hospital units (intensive care, x-ray room, nursery) n Military Scenarios –reveal next plan only when soldier arrives at destination
Gaia Gaia MS Windows, OS X, Linux, Symbian OS, Mobile Windows, etc. * a framework to store & update location info in real-time * aggregates location info from various devices * distributed components
Gaia Assumptions –Existence of a trusted infrastructure »Active Space consists of a plethora of machines and services, some are trusted (Kernel services) –Infeasibility to forge location data »Tamper-resistant hardware + certified location data –Cryptography has much less overhead than access control »Access control requires reference monitors to check all accesses expensive for mobile devices! –We will focus on Location-based encryption
Gaia System Overview n Gaia Context File System (CFS) –Context-Aware file system –Aggregates related material from different mount points –Trigger automatic data conversions on-the-fly –Location and context-based encryption provides efficient security
Gaia Location-Encryption in CFS
Gaia Location-Encryption in CFS n Step 1: admin creates an encryption region n LS creates a private key K R n LS replies with ID R
Gaia Location-Encryption in CFS n When creating a location-encrypted file ID R is provided (2) n Data is sent to a Location Encryptor (LE) (3) n LE has access to K R encrypts the data using K R
Gaia Location-Encryption in CFS n When requesting the file the CFS invokes a LV object (Location Verifier) (4, 5) n Iff user is located within region R then decrypt data (5)
Gaia Multi-Layer Encryption n In some cases, context- based encryption is not enough –e.g. exam scenario n Introduce Multi-layer encryption n 1 st layer must be peeled off by LS n 2 nd layer must be peeled off by authorized user
Gaia Gaia Publish/Subscribe Channels n Gaia Publish/Subscribe Channel –The underlying communication is facilitated by an “event channel” –Implemented as publish/subscribe channels –Provides an efficient technique for dispersing events to various entities in the system –Features asynchronous and decoupled message transmission
Gaia Gaia Publish/Subscribe Channels n P publishes information n EB is responsible for creating the channel and managing access for it –ex. museums n Subscribers try to peel off both layers
Gaia Implementation n Implemented the different components in a prototype Active Space –services require physical location in the space –light control etc. n Use of Bluetooth discovery for approximate location capturing n Use of a 2-layer encryption to access location- restricted services
Gaia Crypto Performances on some Gaia Devices DeviceAES 128-bit performance AES 256-bit performance Pentium™ GHz, Windows™ XP PC MB/s48.23 MB/s HP Pocket PC H5550, Intel® PXA MHz processor MB/s10.84 MB/s Treo 600, Palm OS, Arm MHz 5.76 MB/s0.452 MB/s Onhand PC watch, 16- bit 3.67 MHz KB/s[too slow]
Gaia Latency in Location-Aware Publish/Subscribe Channel No. of subscribers Latency (ms)
Gaia Challenges & Future Work n Preventing “Relay Attacks” –difficult to solve. –Maybe some “restrictions” can be introduced n Expanding the mechanism to accommodate groups –Only when k of n people are under a specific context access is granted –(use of threshold cryptography)
Gaia Conclusions n The need to accommodate contextual information into security n We presented an efficient authorization mechanism that leverages contextual information n Provided a prototype implementation
Gaia Thank you! Any questions?