Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 Florina Almenárez, Andrés Marín, Daniel Díaz, Juan Sánchez

Slides:

Advertisements

Similar presentations

A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.

Advertisements

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

A Pervasive Reminder System for Smart Homes Sylvain GIROUX and Simon GUERTIN Département d’informatique, Université de Sherbrooke 2500 boul. Université,

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

Arrow color indicates specific subset of Security Service Desk Common Backplane API. is DC Backplane API impledmented by the Backplane Services. Devices.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

Risk Aware Decision Framework for Trusted Mobile Interactions September 2005 Daniele Quercia and Stephen Hailes CS department University College London.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

On Data-Centric Trust Establishment in Ephemeral Ad Hoc Networks Maxim Raya, Panos Papadimitratos, Virgil D. Gligor, Jean-Pierre Hubaux INFOCOM 2008.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

AutonomicTrustManagementforaPervasiveSystemZheng Yan 1 Autonomic Trust Management for a Pervasive System Zheng Yan Nokia Research Center, Helsinki, Finland.

Some contributions to the management of data in grids Lionel Brunie National Institute of Applied Science (INSA) LIRIS Laboratory/DRIM Team – UMR CNRS.

Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.

Think. Learn. Succeed. Aura: An Architectural Framework for User Mobility in Ubiquitous Computing Environments Presented by: Ashirvad Naik April 20, 2010.

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.

TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi October 28, 2003.

TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Xiaoqi Li, Michael R. Lyu, and Jiangchuan Liu IEEE Aerospace Conference March 2004.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Friendly Authentication and Communication Experience (Face) for Ubiquitous Authentication on Mobile Devices Author: Benjamin Halpert Presented by: 魏聲尊.

Formalizing an Adaptive Security Infrastructure in Mob adtl Laura Semini & Carlo Montangero dip. Informatica, Pisa Outline Mob adtl instance ASI Mob adtl.

Security Models for Trusting Network Appliances From ： IEEE ( 2002 ) Author ： Colin English, Paddy Nixon Sotirios Terzis, Andrew McGettrick Helen Lowe.

Internet Protocol Security (IPSec)

Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse 2.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Clinic Security and Policy Enforcement in Windows Server 2008.

Trust Management in Mobile Ad Hoc Networks Using a Scalable Maturity-Based Model Authors: Pedro B. Velloso, Rafael P. Laufer, Daniel de O. Cunha, Otto.

Introduction to the Mobile Security (MD)  Chaitanya Nettem  Rawad Habib  2015.

1 Autonomic Computing An Introduction Guenter Kickinger.

Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.

Adaptive Trust Negotiation and Access Control Tatyana Ryutov, et.al. Presented by: Carlos Caicedo.

Information flow-based Risk Assessment in Access Control Systems

1 Secure Ad-Hoc Network Eunjin Jung

Trust Model Based Self-Organized Routing Protocol For Secure Ad Hoc Networks Li Xiaoqi CSE Department, CUHK 29/04/2003.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

1 Vigil : Enforcing Security in Ubiquitous Environments Authors : Lalana Kagal, Jeffrey Undercoffer, Anupam Joshi, Tim Finin Presented by : Amit Choudhri.

Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.

Distributed Authentication in Wireless Mesh Networks Through Kerberos Tickets draft-moustafa-krb-wg-mesh-nw-00.txt Hassnaa Moustafa

A security framework combining access control and trust management for mobile e-commerce applications Gregor v.Bochmann, Zhen Zhang, Carlisle Adams School.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Combining Theory and Systems Building Experiences and Challenges Sotirios Terzis University of Strathclyde.

Module 5: Designing Security for Internal Networks.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

CSIIR Workshop March 14-15, Privilege and Policy Management for Cyber Infrastructures Dennis Kafura Markus Lorch Support provided by: Commonwealth.

1 Service Sharing with Trust in Pervasive Environment: Now it’s Time to Break the Jinx Sheikh I. Ahamed, Munirul M. Haque and Nilothpal Talukder Ubicomp.

Scalable Grid system– VDHA_Grid: an e-Science Grid with virtual and dynamic hierarchical architecture Huang Lican College of Computer.

Security in Wireless Ad Hoc Networks. 2 Outline  wireless ad hoc networks  security challenges  research directions  two selected topics – rational.

July 14 th SAM 2008 Las Vegas, NV An Ad Hoc Trust Inference Model for Flexible and Controlled Information Sharing Danfeng (Daphne) Yao Rutgers University,

Dynamic Trust Models for Ubiquitous Computing Environments Colin English, Paddy Nixon, Sotirios Terzis, Andrew McGettrick, Helen Lowe Department of Computer.

Module 13: Enterprise PKI Active Directory Certificate Services (AD CS)

Computer Science and Engineering 1 Mobile Computing and Security.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

01/02/2016Web security and Trust Management 1 Reza Mousoli Web Security and Trust Management.

Policy-Based Dynamic Negotiation for Grid Services Authorization Ionut Constandache, Daniel Olmedilla, Wolfgang Nejdl Semantic Web Policy Workshop, ISWC’05.

XACML Showcase RSA Conference What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation logic n.

Newcastle uopn Tyne, September 2002 V. Ghini, G. Lodi, N. Mezzetti, F. Panzieri Department of Computer Science University of Bologna.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

Risk-Aware Mitigation for MANET Routing Attacks Submitted by Sk. Khajavali.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai Supervised.

Presented by Edith Ngai MPhil Term 3 Presentation

Recommendation Based Trust Model with an Effective Defense Scheme for ManetS Adeela Huma 02/02/2017.

Security Issues.

Module 8: Securing Network Traffic by Using IPSec and Certificates

A survey of trust and reputation systems for online service provision

Module 8: Securing Network Traffic by Using IPSec and Certificates

Presentation transcript:

Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 Florina Almenárez, Andrés Marín, Daniel Díaz, Juan Sánchez DEVELOPING A MODEL FOR TRUST MANAGEMENT IN PERVASIVE DEVICES

Pervasive Computing and Communication Security (PerSec 2006) March 13th, Outline Motivation Related Work PTM: Pervasive Trust Management Model ○Requirements ○Description ○Mathematical Trust Evolution Model ○Probabilistic Trust Evolution Model Component-based PTM Implementation Conclusions

Pervasive Computing and Communication Security (PerSec 2006) March 13th, Motivation Pervasive Computing ○Open and dynamic environments (zoo, airports, shopping mall) ○Multitude of heterogeneous devices with communication, computing and storage capabilities  Pervasive devices TRUST role in establishing new relations ○Secure communication protocols (SSL, IPSec, DNSSEC, …) work well in fixed networks  traditional PKI  Problems to work when trust relationships are not preconfigured ○Some management mechanisms for ad hoc networks  routing

Pervasive Computing and Communication Security (PerSec 2006) March 13th, Related Work Previous works ○1994: Marsh, Beth ○1997: Abdul-Rahman ○1998: Jøsang ○1999: KeyNote, SPKI/SDSI (Access control infrastructures) ○2001: Poblano Recent works ○2002 – 2004: SECURE (IST Project)  Trinity College Dublin ○2000 – 2010: Terminodes  NCCR (ad hoc networks) ○2003 – : SULTAN  Imperial College ○2004 – 2006: UBISEC  Siemens –Problems: complexity, distrust modelling, trust evolution

Pervasive Computing and Communication Security (PerSec 2006) March 13th, Pervasive Trust Management Model Requirements Autonomous  Independence on central server or previous configuration ○to participate in ad hoc networks and peer-to-peer application Dynamic  evolution, context adaptation Simple  minimize human intervention and resource consumption Secure  protect resources from malicious entities ○to make suitable decisions despite the uncertainty Cooperative  benefit from common knowledge Granularity  establish trust values Include both trust and distrust concept

Pervasive Computing and Communication Security (PerSec 2006) March 13th, Pervasive Trust Management Model Description Fuzzy Logic Trustworthiness  no trust for situation, category, etc. Trust properties: reflexive, non-symmetrical, conditionally transitive (explicit), dynamic Distrust 010,50,250,750,9 Trust Ignorance % of membership 0,7 0,3 Distrust threshold T(A  B) complete very highhighmediumlittlevery littlescarce none  trustworthiness

Pervasive Computing and Communication Security (PerSec 2006) March 13th, Pervasive Trust Management Model How it works? ➊ A (new user) requests access ➋ B searches trust information about A ➌ If A is unknown, B requests recommendations to Cs ➍ If there are trusted recommendations, B uses them (Indirect)  PRP If there are no recommendations, B uses trust rules (direct) ➎ If trust relationship is established, B recalculates trust value on A based on interactions A Recommendations ➊ ➋ ➌ ➍ B C1C1 C2C2 ➎

Pervasive Computing and Communication Security (PerSec 2006) March 13th, Pervasive Trust Management Model Indirect Trust Formation Combining online recommendations (weigthed average)  Source trustworthiness  Lower complexity  Dempster-Shafer, normalized Dempster-Shafer, and consensus operator from Josang  Similar results  according to the intuitive human judgement Certificates are used as offline recommendations

Pervasive Computing and Communication Security (PerSec 2006) March 13th, Pervasive Trust Management Model Mathematical Trust Evolution “ Trust comes on foot and goes by horse ” Current behaviour is measured based on: ○Current interaction  Action weight (fuzzy logic)  Security level ○Past behaviour  Positive and negative interactions  Increment factor (  i )  restriction percentage (  ) ○A priori probability If a=a +  (a + – a - )>0 else, but no attack If attack

Pervasive Computing and Communication Security (PerSec 2006) March 13th, Pervasive Trust Management Model Mathematical Trust Evolution (II) Trust is recalculated based on: ○Current behaviour ○Previous trust value ○Strictness factor (  ) Summarizing If V a i >0 If not If I i >0 If not

Pervasive Computing and Communication Security (PerSec 2006) March 13th, Pervasive Trust Management Model Mathematical Trust Evolution (III)

Pervasive Computing and Communication Security (PerSec 2006) March 13th, Pervasive Trust Management Model Mathematical Trust Evolution (IV) PARAMETERS: Increment percentage: 2% Security level: m=2 Disposition Factor: 0.5 Positive action: 1 Wrong action: 0.5 (PTM) PARAMETERS: Increment percentage: 2% Security level: m=2 Disposition Factor: 0.5 Positive action: 1 Wrong action: 0.5 (PTM)

Pervasive Computing and Communication Security (PerSec 2006) March 13th, Pervasive Trust Management Model Mathematical Trust Evolution (V) PARAMETERS: Increment percentage: 2% Security level: m =2 Disposition Factor: 0.5 Positive action: 1 Wrong action: 0.5 (PTM) 0, 0.3 (Wang) PARAMETERS: Increment percentage: 2% Security level: m =2 Disposition Factor: 0.5 Positive action: 1 Wrong action: 0.5 (PTM) 0, 0.3 (Wang)

Pervasive Computing and Communication Security (PerSec 2006) March 13th, Pervasive Trust Management Model Probabilistic Trust Evolution Bayes’ theorem ○Posteriori probabilities Probabilities for binary events: Beta density function ○Assign belief degrees between 0 and 1 Risk model

Pervasive Computing and Communication Security (PerSec 2006) March 13th, Pervasive Trust Management Model Probabilistic Trust Evolution (II) P(a + |H act )P(a - |H act ) a b c d e f0.500

Pervasive Computing and Communication Security (PerSec 2006) March 13th, Component-based PTM Implementation Prototype J2ME Personal Profile OpenSSL  cryptographic API JNI wrappers XACML  Sun implementation Extended  trust, context PEP + PDP Proofs PDA  Windows Mobile 2003 Linux, Windows Available at:

Pervasive Computing and Communication Security (PerSec 2006) March 13th, Component-based PTM Implementation Pervasive device keys, certificates, trust Cryptographic Provider Credentials Manager Communication API Applications Authentication Manager Trust Manager Recommendation Manager logs, policies Authorization Manager Context Provider Monitor

Pervasive Computing and Communication Security (PerSec 2006) March 13th, Conclusions & Future Work Trust  basis to establish relationships in a spontaneous way Pervasive devices can interact with closed devices in a secure way, without depend on central server Simple pervasive trust management model ○to enhance the security architecture of pervasive devices ○to minimize the uncertainty and take appropriate decisions ○to allow the cooperation among closed trusted devices Mathematical and probabilistic model ○According to the intuitive human judgement ○Simple calculations

Pervasive Computing and Communication Security (PerSec 2006) March 13th, Conclusions & Future Work (II) Implementation of a generic prototype ○to demonstrate its functionality ○Security services for applications (client/server) Future work ○Integrating our model in the WCE security architecture  Trust providers ○Analyse the performance and consumption of resources

more information at Pervasive Computing and Communication Security (PerSec 2006) March 13th,