Approaches for Ensuring Security and Privacy in Unplanned Ubiquitous Computing Environments V. Ramakrishna, Kevin Eustice, Matthew Schnaider Laboratory.

Slides:

Advertisements

Similar presentations

Context-awareness, cloudlets and the case for AP-embedded, anonymous computing Anthony LaMarca Associate Director Intel Labs Seattle.

Advertisements

Rocket Software, Inc. Confidential James Storey General Manager, OSS Unit Rocket Software APNOMS 2003: Managing Pervasive Computing and Ubiquitous Communications.

EMERGING TOPICS IN DATA, APPLICATION AND INFRASTRUCTURE PROTECTION Taher Elgamal ITU

An Architecture for Privacy-Sensitive Ubiquitous Computing Jason I. Hong Group for User Interface Research Computer Science Division University of California.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

Issues of Security and Privacy in Networking in the CBA Karen Sollins Laboratory for Computer Science July 17, 2002.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Information Security Policies and Standards

Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.

Towards Security and Privacy for Pervasive Computing Author ： Roy Campbell,Jalal Al-Muhtadi, Prasad Naldurg,Geetanjali Sampemane M. Dennis Mickunas.(2002)

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

CS 239: Advanced Security Spring 04 Security in Pervasive and Ubiquitous Environments Sam Irvine

Friendly Authentication and Communication Experience (Face) for Ubiquitous Authentication on Mobile Devices Author: Benjamin Halpert Presented by: 魏聲尊.

RETSINA: A Distributed Multi-Agent Infrastructure for Information Gathering and Decision Support The Robotics Institute Carnegie Mellon University PI:

Securing Nomads: The Case For Quarantine, Examination, Decontamination Kevin Eustice, Shane Markstrum, V. Ramakrishna, Dr. Peter Reiher, Dr. Leonard Kleinrock,

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Emerging Research Dimensions in IT Security Dr. Salar H. Naqvi Senior Member IEEE Research Fellow, CoreGRID Network of Excellence European.

The Future of the Internet Jennifer Rexford ’91 Computer Science Department Princeton University

Cloud Usability Framework

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Self-Organizing Adaptive Networks Hari Balakrishnan MIT Laboratory for Computer Science

CHAPTER OVERVIEW SECTION 7.1 – Connectivity: The Business Value of a Networked World Overview of a Connected World Benefits of a Connected World Challenges.

Lessons Learned in Smart Grid Cyber Security

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

Computer Science and Engineering 1 Cloud ComputingSecurity.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

Overview of Research Activities Aylin Yener

Trust- and Clustering-Based Authentication Service in Mobile Ad Hoc Networks Presented by Edith Ngai 28 October 2003.

A Holistic Security Architecture for Distributed Information Systems – A Categorical Approach.

1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.

Wireless Hotspots: Current Challenges and Future Directions CNLAB at KAIST Presented by An Dong-hyeok Mobile Networks and Applications 2005.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

1 4/23/2007 Introduction to Grid computing Sunil Avutu Graduate Student Dept.of Computer Science.

Wireless Network Security Presented by: Prabhakaran Theertharaman.

Information Security What is Information Security?

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Living in a Network Centric World Network Fundamentals – Chapter 1.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Living in a Network Centric World Network Fundamentals – Chapter 1.

Introduction to Information Security

Lecture 24 Wireless Network Security

July 14 th SAM 2008 Las Vegas, NV An Ad Hoc Trust Inference Model for Flexible and Controlled Information Sharing Danfeng (Daphne) Yao Rutgers University,

Internet of Things. IoT Novel paradigm – Rapidly gaining ground in the wireless scenario Basic idea – Pervasive presence around us a variety of things.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.

NCP Info DAY, Brussels, 23 June 2010 NCP Information Day: ICT WP Call 7 - Objective 1.3 Internet-connected Objects Alain Jaume, Deputy Head of Unit.

Erik Jonsson School of Engineering and Computer Science The University of Texas at Dallas Cyber Security Research on Engineering Solutions Dr. Bhavani.

Version 4.0 Living in a Network Centric World Network Fundamentals – Chapter 1.

DOCUMENT #:GSC15-PLEN-27 FOR:Presentation SOURCE:ETSI AGENDA ITEM:PLEN 6.4 CONTACT(S): Amardeo Sarma, ISG INS Chair Identity & Access Management activities.

© 2012 Eucalyptus Systems, Inc. Cloud Computing Introduction Eucalyptus Education Services 2.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.

CS457 Introduction to Information Security Systems

SAP Enterprise Digital Rights Management by NextLabs

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Securing the Internet of Things: Key Insights and Best Practices Across the Industry Theresa Bui Revon IoT Cloud Strategy.

Unit V Mobile Middleware.

Smart Learning concepts to enhance SMART Universities in Africa

UNIT No: IV IDENTITY MANAGEMENT MODELS IN IoT

Module 2 OBJECTIVE 14: Compare various security mechanisms.

Reinhard Scholl, GTSC-7 Chairman

System Software for Ubiquitous Computing

Cloud Computing for Wireless Networks

Presentation transcript:

Approaches for Ensuring Security and Privacy in Unplanned Ubiquitous Computing Environments V. Ramakrishna, Kevin Eustice, Matthew Schnaider Laboratory for Advanced Systems Research Computer Science Department, UCLA

In a Nutshell Ubiquitous computing poses new security and privacy challenges, … and exacerbates existing ones Usability goals necessitate security and privacy tradeoffs Threat mitigation is a more realistic goal than threat elimination 3-layer classification of the solution space helps in better analysis and understanding

Ubiquitous Computing Internet Home Network Coffee Shop PHYSICAL INTEGRATION SPONTANEOUS INTEROPERATION No Milk ! Characteristics  Decentralized control  Heterogeneity  Ad hoc interactions  Open environments  Communication with strangers Personal Network Location (GPS) Video Change route! My location?

Trading off Security and Privacy with Usability Usability for naïve users Ease of handling and interfacing with devices Minimal required interaction Primary goal of ubicomp Characteristics of ubiquitous computing environments forces three-way tradeoff Examination of tradeoffs enable better understanding of system security limits We need to seriously think about security before it is too late … again

Security and Privacy Challenges GPS N/W Infrastructure N/W Infrastructure Coffee Shop Home Network Small devices are prime targets for theft. Who is my service provider? Is he authentic? More devices become vectors for spread of malware. Mobile code poses significant threats. Privacy concerns: Eavesdropping on Conversations; Location inference. Install Plug-in

Mitigating Failure Problem areas Theft of devices and content Applications releasing more data than necessary Applicable paradigms Least privilege Abdication of privilege Segregation of functionality Multiple fidelity levels for contextual info

Establishing Identity Leverage physical presence Enrollment: secure sideband interaction E.g., USB drives and PKI Physical contact creates logical connection Reduces dangers of anonymity Sensory mechanisms for authentication Infrared, RFID tags Embedded cameras, barcodes Audio cues

Protecting Devices: A 3-Layered View DEVICE / NETWORK RESOURCESDATA CONTROLLING / OWNING ENTITY Resource and Content Protection Mechanisms Secure Interaction Protocols Trust Frameworks and Mechanisms DEVICE / NETWORK RESOURCESDATA CONTROLLING / OWNING ENTITY Resource and Content Protection Mechanisms

Benefits of this Classification Analyze vulnerable ubicomp interactions in a top-down manner Demarcates scope of each solution Complementary, yet interdependent systems of defense Resource and Content Protection Mechanisms Secure Interaction Protocols Trust Frameworks and Mechanisms DEVICE / NETWORK RESOURCES DATA CONTROLLING ENTITY

Resource / Content Protection Examples Access control lists and capabilities Secure file systems Zero-interaction authentication Firewalls Proof-carrying code Resource and Content Protection Mechanisms Secure Interaction Protocols Trust Frameworks and Mechanisms DEVICE / NETWORK RESOURCES DATA CONTROLLING ENTITY

Secure Resource Discovery and Access Enforcing security policies through communication protocols Examples Protecting networks from vulnerable nomads Automated negotiation among peers Resource and Content Protection Mechanisms Secure Interaction Protocols Trust Frameworks and Mechanisms DEVICE / NETWORK RESOURCES DATA CONTROLLING ENTITY

Safeguarding Nomadic Behavior Network firewalls are inadequate Some solutions Quarantine, Examination and Decontamination Cisco Network Admission Control These solutions only scratch the surface Open issues: Running foreign code Verifying veracity of returned results Leveraging trusted hardware MOBILITY: Vulnerable Devices + OPEN NETWORKS: Offering Ubiquitous Services  EPIDEMIC: Spread of malware + CONTACT with STRANGERS

Automated Peer Negotiation Facilitate interactions among strangers Decentralized policy resolution Compromise on resource sharing Use trust model and utility model to determine risk/benefit tradeoff of action

Evaluating and Using Trust Cross-domain frameworks: trust as a basis for interaction among entities Possible approaches Globally centralized? Certificate hierarchies Webs and chains of trust, delegation Quantitative trust models Resource and Content Protection Mechanisms Secure Interaction Protocols Trust Frameworks and Mechanisms DEVICE / NETWORK RESOURCES DATA CONTROLLING ENTITY

Future Targets and Promising Approaches Problems inherent in infrastructure? → Work around it (e.g., enrollment) Mobility increases number of threats? → Flexible guards and enforce compliance (e.g., QED) Unplanned interactions may violate security policy? → Automated negotiation among peers → Least privilege paradigm Must communicate with strangers? → Leverage trust as far as possible → Develop better models for trust inference and use

Conclusion Ubicomp poses new security and privacy challenges, and exacerbates existing ones Usability goals necessitate security and privacy tradeoffs We should direct our efforts toward threat mitigation rather than threat elimination A 3-layer classification of the solution space helps in better analysis and understanding In practice, a hybrid solution will yield best results

References For more info, contact Panoply project web page