UNIT I PART II R.S.Ponmagal
Pervasive Architecture Architecture is an abstraction of the system. Architecture defines the system elements and how they interact. Architecture suppresses the local information about the elements. Defines the properties of the components Provided services, required services, performance characteristics, fault handling, resource usage
Pervasive Architecture Software components for pervasive computing Device heterogeneity Access control
Software Components The pervasive computing environment forces us to face the need for components and their boundaries more clearly. Pervasive services will have to be composed from individual “components” residing in the large number of heterogeneous computing elements. The hardware environment itself will force a natural boundary between components. This may be the most clear-cut definition of a component.
A component will be an independently deployable piece of software that resides on one hardware element and provides a service element. Of course, there may be more than one component on each hardware element. Example – WEB SERVICES
Moore's law: Capacity of microchips doubles in 18 months => capacity grows an order of magnitude (10x) in 5 years
Security What data do I wish to expose? To whom? Who can presently access my data? How can I retract data exposed? Who am I communicating with? How do can the privacy of my communication and communication patterns? Who do I trust as a source of information? How do I convince others that I am trustworthy? How to make systems simultaneously secure and usable?
1. Establish strong identity Goal: Cryptographically strong identity to devices (endpoints) Means: Host Identity Protocol (HIP) – Identify each communicating device with a cryptographic public key – Insert the key into the TCP/IP stack 2. Assign and manage trust and authority Goal: Decentralised means for managing authorisation Means: SPKI and KeyNote2 certificates Express delegation with signed statements Eventually integrate to the operating system 3. Enable build-up of trust and reputation based on experiences Goal: Creation of trustworthy behaviour Means: Micro economic mechanism design Design the rules for the game Make unsocial behaviour uneconomical
Device Heterogeneity The basic premise of pervasive computing—everything connected—guarantees heterogeneity at all levels: infrastructure, hardware, software, and people. All kinds of devices must be supported. Perhaps in some specific application scenarios it is possible to restrict the kinds of devices that are supported but, in general, the environment must anticipate the existence of a wide variety of devices. If we consider devices used by the user to interact with the system, they can range from standard ones such as laptops, PDAs, and phones, to emerging ones such as those embedded in clothing and eyeglasses.
The variety of available devices has several implications. One is the kind of input-output devices: textual and graphic input-output will not be the only forms of human-machine interaction. Audio, visual, and other sensory modes of communication will be prevalent. Another implication is the requirement that the environment must be prepared to adapt to the device currently used by the user. For example, if the user is requesting information and he is currently driving, the retrieved data should be relayed to him with an audio message through the car radio.
Access Control The wide availability of services and the high mobility of users among different environments require the provision of security mechanisms to ensure the safe usage of services by legitimate users and the protection of services from unauthorized uses. Because of the wide range of services, many diverse and flexible security models and mechanisms will be needed. Either standard security mechanisms will have to be embedded in the environment and used by all applications or each application will have to build its own security mechanisms. Most likely, a combination of the two will be needed.
One of the most important aspects of security is access control, to ensure that services are only available to authorized users and those authorized users are allowed appropriate privileges. For example, a guest at a hotel may be allowed to print on the hotel’s printer available in the lobby but not change the contents of the event display in the same lobby. Single-sign on policy
Securing Pervasive Networks Using Biometrics
Challenges in pervasive computing environments Computing devices are numerous and ubiquitous Traditional authentication including login schemes do not work well with so many devices Proposed Solution Use biometrics for authentication At the same time, ensure security of biometric templates in an open environment Contributions Propose a biometrics based framework for securing pervasive environment Implemented a novel scheme for securing biometric data in an open environment using symmetric hash functions
Aspects of a Pervasive Environment User Interaction User interacts with speech, gestures and movements The sensors and computing devices are ‘aware’ of the user and in the ideal case are also aware of his ‘intent’. Proactivity The computing devices should interact and query other devices on Transparency Technology has to be transparent. behalf of the user and his intent Device interaction Frequent Multiparty interactions No central authority or third party
Security and Privacy Consequences of a pervasive network Devices are numerous, ubiquitous and shared The network shares the context and preferences of the user Smart spaces are aware of the location and intent of the user Security Concerns Only authorized individuals need to be given access Authentication should be minimally intrusive Devices should be trustworthy Privacy issues User should be aware of when he is being observed The user context should be protected within the network Need to balance accessibility and security Should be scalable with multiple users operating in the network
Solution: Biometrics? Definition Biometrics is the science of verifying and establishing the identity of an individual through physiological features or behavioral traits. Examples Physical Biometrics Fingerprint Hand Geometry Iris patterns Behavioral Biometrics Handwriting Signature Speech Gait Chemical/Biological Biometrics Perspiration Skin composition(spectroscopy)
Why Biometrics? Advantages of biometrics Uniqueness No need to remember passwords or carry tokens Biometrics cannot be lost, stolen or forgotten More secure than a long password Solves repudiation problem Not susceptible to traditional dictionary attacks
General Biometric System Database Biometric Sensor Feature Extraction Biometric Sensor Feature Extraction Matching ID : 8809 Authentication Enrollment Result
Framework for Authentication/Interaction Speaker Recognition Speech Recognition parsing and arbitration S1 S2 SK SN
Framework for Authentication/Interaction Speaker Recognition Speech Recognition parsing and arbitration Switch on Channel 9 S1 S2 SK SN
Framework for Authentication/Interaction Speaker Recognition Speech Recognition parsing and arbitration Who is speaking? Annie David Cathy S1 S2 SK SN “Authentication”
Framework for Authentication/Interaction Speaker Recognition Speech Recognition parsing and arbitration What is he saying? On,Off,TV Fridge,Door S1 S2 SK SN “Understanding”
Framework for Authentication/Interaction Speaker Recognition Speech Recognition parsing and arbitration What is he talking about? Channel->TV Dim->Lamp On->TV,Lamp S1 S2 SK SN “Switch”,”to”,”channel”,”nine” “Inferring and execution”
Speaker Recognition Speech Production Mechanism Speech production Model Impulse Train Generator Glottal Pulse Model G(z) Vocal Tract Model V(z) Radiation Model R(z) Impulse Train Generator Pitch AvAv ANAN Vocal Tract Modeling
Framework is Generic Face Recognition Gesture Recognition parsing and arbitration S1 S2 SK SN “Authentication”“Understanding”“Inferring and execution”
Security of Biometric Data Issues in biometrics Biometrics is secure but not secret Permanently associated with user Used across multiple applications Can be covertly captured Types of circumvention Denial of service attacks(1) Fake biometrics attack(2) Replay and Spoof attacks(3,5) Trojan horse attacks(4,6,7) Back end attacks(8) Collusion Coercion Fake Biometrics Threats to a Biometric System
Types of circumvention Denial of service attacks(1) Fake biometrics attack(2) Replay and Spoof attacks(3,5) Trojan horse attacks(4,6,7) Back end attacks(8) Collusion Coercion
Hashing Instead of storing the original password P, a hashed values P’=H(P) is stored instead. The user is authenticated if H(password) = P’. It is computationally hard to recover P given H(P) H() – one way hashing function Problem with biometrics Biometric data has high uncertainty Matching is inexact/probabilistic Therefore, hashing function should be error tolerant
Biometric Hashing Hashing Schema Hashing Personalized Hashing
Fingerprints Minutiae: Local anomalies in the ridge flow Pattern of minutiae are unique to each individual
Conclusion Smart spaces and pervasive computing are moving from concepts to implementations Security has to be incorporated in the design stage Traditional authentication and access control paradigms cannot scale to numerous and ubiquitous devices Biometrics serves as a reliable alternative for minimally intrusive authentication Biometrics solves key management and repudiation problem Securing biometrics is a major challenge in an open environment Biometric hashing can be used to create revocable biometric templates