Authentication in Ubiquitous Computing Laurent BUSSARD and Yves ROUDIER Institut Eurecom Workshop on Security in Ubiquitous Computing UBICOMP 2002, Goteborg.

Slides:



Advertisements
Similar presentations
Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.
Advertisements

Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.
© 2004 Mobile VCE 3G © 2004 Mobile VCE 3G th October 2004 Regional Blackouts: Protection of Broadcast.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.
Providing Trusted Paths Using Untrusted Components Andre L. M. dos Santos Georgia Institute of Technology
CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.
Multimedia Security Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Nov 20, 2002 Department of Computer.
1. Outline 1. Background 1. Attacks on distance-bounding 2. Symmetric vs asymmetric protocol 3. Motivation: DBPK-Log 2. VSSDB 1. Building blocks 2. Protocol.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Security Management.
Cloud Usability Framework
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Public Key Infrastructure Ammar Hasayen ….
Project supported by YESS 2009 Young Engineering Scientist Symposium « Identity Management » Cryptography for the Security of Embedded Systems Ambient.
Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
1 ECE453 – Introduction to Computer Networks Lecture 19 – Network Security (II)
Chapter 10: Authentication Guide to Computer Network Security.
Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,
Bridging the UI Gap for Authentication in Smart Environments Sebastian Unger Prof. Dirk Timmermann University of Rostock, Germany MuSAMA DFG Graduate Program.
Secure Encounter-based Mobile Social Networks: Requirements, Designs, and Tradeoffs.
Electronic Payment Systems. How do we make an electronic payment? Credit and debit cards Smart cards Electronic cash (digital cash) Electronic wallets.
Telecommunication, Internet, and E-Commerce. Communication hardware Communication channel Communication devices.
Threats, Risk Assessment, and Policy Management in UbiComp Workshop on Security in UbiComp UBICOMP 2002, 29th Sept. Göteborg, Sweden Philip Robinson, SAP.
1 Using EMV cards for Single Sign-On 26 th June st European PKI Workshop Andreas Pashalidis and Chris J. Mitchell.
Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks Authors: Saar Drimer and Steven J. Murdoch Presented in: Usenix Security Symposium.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
1 UCR Hardware Security Primitives with focus on PUFs Slide credit: Srini Devedas and others.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Ubiquitous learning. What is ubiquitous learning? Computing and communication technologies Characteristics of ubiquitous learning Context and ubiquitous.
Presented by: Suparita Parakarn Kinzang Wangdi Research Report Presentation Computer Network Security.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
Low-Cost Untraceable Authentication Protocols for RFID Yong Ki Lee, Lejla Batina, Dave Singelée, Ingrid Verbauwhede BCRYPT workshop on RFID Security February.
CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Smart Cards by Mahadev Karadigudda. * Introduction * How smart cards assist in enhancing security * Security vulnerabilities * Conclusion.
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
Codes & Ciphers Ltd 12 Duncan Road Richmond, Surrey TW9 2JD Information Security Group Royal Holloway, University of London Egham, Surrey TW20 0EX Impersonation.
Information Security in Distributed Systems Distributed Systems1.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Security Issues in Distributed Sensor Networks Yi Sun Department of Computer Science and Electrical Engineering University of Maryland, Baltimore County.
Hoda Jannati School of Computer Science
Approaches for Ensuring Security and Privacy in Unplanned Ubiquitous Computing Environments V. Ramakrishna, Kevin Eustice, Matthew Schnaider Laboratory.
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
多媒體網路安全實驗室 Anonymous Authentication Systems Based on Private Information Retrieval Date: Reporter: Chien-Wen Huang 出處: Networked Digital Technologies,
April 20023CSG11 Electronic Commerce Authentication John Wordsworth Department of Computer Science The University of Reading Room.
E-Commerce & Bank Security By: Mark Reed COSC 480.
Electronic Banking & Security Electronic Banking & Security.
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”
Challenge/Response Authentication
Computer Communication & Networks
Strong Password Authentication Protocols
The Italian Academic Community’s Electronic Voting System
Cryptocurrency and Blockchain Technology
Presentation transcript:

Authentication in Ubiquitous Computing Laurent BUSSARD and Yves ROUDIER Institut Eurecom Workshop on Security in Ubiquitous Computing UBICOMP 2002, Goteborg Sweden, 29 Sept 2002

Security in Ubicomp User-centric interactions in Ubicomp User-centric interactions in Ubicomp Intuitive interaction Intuitive interaction Physical entities (artifacts) Physical entities (artifacts) Security Security Rights, Delegation Rights, Delegation Trust, Ownership Trust, Ownership Non-repudiation of interactions Non-repudiation of interactions  Requires authentication of artifacts (personal digital assistants, electronic rings, doors or even clothes, offer embedded chips with computation power and communication facilities and are generally called artifacts)

Service Authentication in Ubicomp Classical network security Classical network security Authentication of a virtual service Authentication of a virtual service Verify knowledge of a private key Verify knowledge of a private key Ubiquitous computing Ubiquitous computing Authenticate an artifact offering a service Authenticate an artifact offering a service Provide rights to a given artifact Provide rights to a given artifact Verifying that a user is present Verifying that a user is present

The Gap

Attack 1: Device Impersonation

Attack 2: Device Impersonation

Attack 3: P2P Discounts Sharing

Filling the Gap

Local Proof of Knowledge Time-based approach Time-based approach Dedicated hardware Dedicated hardware − No application-level approach Simple distance evaluation Simple distance evaluation − Contact based approach No cryptography during exchange No cryptography during exchange − Responses pre-computed Simple exchanges Simple exchanges − One-bit challenge − One-bit response

Local Proof of Knowledge

No more Man-in-the-middle attacks No more Man-in-the-middle attacks No proxying in between (distance + logic) No proxying in between (distance + logic) Cannot get both responses Cannot get both responses One bit challenge-response One bit challenge-response Precise location Precise location High probability of successful attack p = 3/4 High probability of successful attack p = 3/4 Multiple rounds (n) Multiple rounds (n) Precise location Precise location Low probability of successful attack = (3/4)n Low probability of successful attack = (3/4)n

Conclusion: Impact on Usability Tamper resistance + cryptography not sufficient Changes in previous examples Changes in previous examples Point of Sale Terminal: LED on smart card Point of Sale Terminal: LED on smart card Shop offering discounts: board Shop offering discounts: board New user-centric interactions New user-centric interactions Touch to authenticate Touch to authenticate Drag-and-drop Drag-and-drop Touch to transfer ownership, delegate rights Touch to transfer ownership, delegate rights Authentication: a building block for developing Authentication: a building block for developing Access control Access control Ownership Ownership

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.