Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 239: Advanced Security Spring 04 Security in Pervasive and Ubiquitous Environments Sam Irvine

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CS 239: Advanced Security Spring 04 Security in Pervasive and Ubiquitous Environments Sam Irvine"— Presentation transcript:

1 CS 239: Advanced Security Spring 04 Security in Pervasive and Ubiquitous Environments Sam Irvine [sirvine@cs.ucla.edu]

2 What is ubiquitous and pervasive computing? ● Weaving useful computation within the fabric of an environment so it becomes “invisible” to the user ● Ex: The smart office – The environment knows your schedule, tracks your location, schedules meetings, gives you universal access to your data etc. – Best of all, it does this without forcing you to exceedingly interact with it – The environment consists of a multitude of computing devices all connected via a network

3 Security issues common to conventional computing systems ● The usual suspects – Message integrity – Availability ● Network resources ● Computing resources – Confidentiality ● Private data stays private – Even in the face of necessary disclosure

4 New issues introduced by the paradigm ● High degree of device mobility – Authentication issues – Increased number of potential attackers ● Significantly constrained resources – Energy – Available computing resources – Network bandwidth

5 New security issues (cont.) ● Heterogeneous network resources – Bluetooth – 802.11 – Wired ● Extremely limited human administration ● Confidentiality and Privacy issues

6 Security issues in more detail

7 Device Mobility Problems ● Devices can move from one environment to another, potentially carrying malware along the way – Ex: Your cellphone becomes infected with a worm at an airport. You then go to lunch with your business partners and your phone proceeds to infect theirs. ● Devices frequently move to unknown environments and must interact with those environments

8 Resource Constraints ● Computational devices – Not all devices will have the CPU power to perform asymmetric key cryptography – Some might not even have the power to perform symmetric key cryptography ● Battery Life – DoS by repeated “Hello” messages in ad hoc protocols – Battery attacks by faking encrypted messages

9 Network heterogeneity ● Most devices are linked by wireless – Passive/active snooping – Injection attacks – DoS by jamming – Ad hoc network vulnerabilities ● Multiple physical layers to protect

10 Limited human interaction ● By definition, it isn't ubiquitous if people must spend time managing their devices ● Most users will not have the technical ability to administrate ● Even if users have the technical capability to administrate devices, they will not have the time to properly admin hundreds of devices ● Corrupt or misbehaving devices may not readily demonstrate “bad” behavior to the user

11 Confidentiality ● Sometimes devices must give out information that is sensitive – Ex: A user wishes to print a confidential document. The printer, which may or may not be trusted, can do what it pleases with this document. ● How can we maintain a degree of confidentiality on information even when it is necessary to have some degree of disclosure?

12 Privacy ● Identity and location privacy – Devices can monitor a user's location or identity at any given time ● Sometimes this is necessary to perform a requested service – What is to stop someone from using these devices to perform surveillance?

13 Existing Solutions

14 Mobility issues ● QED – Network resource manager that helps slow the spread of malware infections. ● When a mobile device joins a network protected by QED it is first placed in isolation and not allowed to communicate with other devices ● The security state of the devices is then examined ● If the device is found to be insecure it must fix the vulnerabilities present ● Once a device is “disinfected” it is then allowed to communicate with other devices and services

15 Authentication ● Physical proximity – Ugly duckling “birth” process ● Handoff authentication proxy model – Devices authenticate themselves through one device, which then hands off that session to others as required

16 Resource Management ● Security proxies – Devices with few energy or computational resources communicate through a more powerful proxy ● Device to proxy link must be secured and trusted ● Proxy to proxy link can be established with a variety of well known security protocols

17 Discussion Questions

18 Discussion questions ● How do we provide authentication, message integrity and message confidentiality to devices that do not have the power to do strong cryptography? – Can we exploit the time limited nature of certain device interactions? ● Tiny Encryption Algorithm (TEA) – Can we exploit physical locality?

19 Discussion questions ● How can we provide security administrative services without significant human interaction? – QED and device proxies provide part of the solution – Environmental intrusion detection systems – Environmental DoS detection systems ● Can we design clever protocols to avoid the battery drain DoS problem?

20 Discussion questions ● Location and identity privacy vs. the needs of the system to correctly identify attackers and misbehaving devices – Is obviously not possible to both protect a users privacy and let the system record his location/identity. – Is it feasible to reach a trade off ● E.g. Privacy is protected so long as a device behaves ● When the devices stop behaving we record identifiable information ● The recorded information is analyzed to locate the misbehaving entity/user

Download ppt "CS 239: Advanced Security Spring 04 Security in Pervasive and Ubiquitous Environments Sam Irvine"

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Mobile and ubiquitous computing Chapter 16 Distributed systems, concepts and design, 4th edition, 2005, Coulouris et al Ylva-Li Lindh Gabriella Hammarin.

Mobile and ubiquitous computing Chapter 16 Distributed systems, concepts and design, 4th edition, 2005, Coulouris et al Ylva-Li Lindh Gabriella Hammarin.
Key Infection (smart trust for smart dust) Ross Anderson (Cambridge) Haowen Chan (CMU) Adrian Perrig (CMU)

Key Infection (smart trust for smart dust) Ross Anderson (Cambridge) Haowen Chan (CMU) Adrian Perrig (CMU)
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Chapter 15 Security Bernard Chen Spring Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.
OPSEC Awareness Briefing Man-In-The-Middle Attacks (MITM)

OPSEC Awareness Briefing Man-In-The-Middle Attacks (MITM)
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
1 Mobile and Wireless Networks and Applications: Introduction/Overview CS 444N, Spring 2002 Instructor: Mary Baker.

1 Mobile and Wireless Networks and Applications: Introduction/Overview CS 444N, Spring 2002 Instructor: Mary Baker.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 12 Network Security.

Chapter 12 Network Security.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Similar presentations

Ads by Google