Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication in Ubiquitous Computing Laurent BUSSARD and Yves ROUDIER Institut Eurecom Workshop on Security in Ubiquitous Computing UBICOMP 2002, Goteborg.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Authentication in Ubiquitous Computing Laurent BUSSARD and Yves ROUDIER Institut Eurecom Workshop on Security in Ubiquitous Computing UBICOMP 2002, Goteborg."— Presentation transcript:

1 Authentication in Ubiquitous Computing Laurent BUSSARD and Yves ROUDIER Institut Eurecom Workshop on Security in Ubiquitous Computing UBICOMP 2002, Goteborg Sweden, 29 Sept 2002

2 Security in Ubicomp User-centric interactions in Ubicomp User-centric interactions in Ubicomp Intuitive interaction Intuitive interaction Physical entities (artifacts) Physical entities (artifacts) Security Security Rights, Delegation Rights, Delegation Trust, Ownership Trust, Ownership Non-repudiation of interactions Non-repudiation of interactions  Requires authentication of artifacts (personal digital assistants, electronic rings, doors or even clothes, offer embedded chips with computation power and communication facilities and are generally called artifacts)

3 Service Authentication in Ubicomp Classical network security Classical network security Authentication of a virtual service Authentication of a virtual service Verify knowledge of a private key Verify knowledge of a private key Ubiquitous computing Ubiquitous computing Authenticate an artifact offering a service Authenticate an artifact offering a service Provide rights to a given artifact Provide rights to a given artifact Verifying that a user is present Verifying that a user is present

4 The Gap

5

6 Attack 1: Device Impersonation

7 Attack 2: Device Impersonation

8 Attack 3: P2P Discounts Sharing

9

10 Filling the Gap

11 Local Proof of Knowledge Time-based approach Time-based approach Dedicated hardware Dedicated hardware − No application-level approach Simple distance evaluation Simple distance evaluation − Contact based approach No cryptography during exchange No cryptography during exchange − Responses pre-computed Simple exchanges Simple exchanges − One-bit challenge − One-bit response

12 Local Proof of Knowledge

13

14 No more Man-in-the-middle attacks No more Man-in-the-middle attacks No proxying in between (distance + logic) No proxying in between (distance + logic) Cannot get both responses Cannot get both responses One bit challenge-response One bit challenge-response Precise location Precise location High probability of successful attack p = 3/4 High probability of successful attack p = 3/4 Multiple rounds (n) Multiple rounds (n) Precise location Precise location Low probability of successful attack = (3/4)n Low probability of successful attack = (3/4)n

15 Conclusion: Impact on Usability Tamper resistance + cryptography not sufficient Changes in previous examples Changes in previous examples Point of Sale Terminal: LED on smart card Point of Sale Terminal: LED on smart card Shop offering discounts: board Shop offering discounts: board New user-centric interactions New user-centric interactions Touch to authenticate Touch to authenticate Drag-and-drop Drag-and-drop Touch to transfer ownership, delegate rights Touch to transfer ownership, delegate rights Authentication: a building block for developing Authentication: a building block for developing Access control Access control Ownership Ownership

Download ppt "Authentication in Ubiquitous Computing Laurent BUSSARD and Yves ROUDIER Institut Eurecom Workshop on Security in Ubiquitous Computing UBICOMP 2002, Goteborg."

Similar presentations

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.

Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.
Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.

Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.
The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.

The Italian Academic Community’s Electronic Voting System Pierluigi Bonetti Lisbon, May 2000.
SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.

SPEKE S imple Password-authenticated Exponential Key Exchange Robert Mol Phoenix Technologies.
Www.mobilevce.com © 2004 Mobile VCE 3G 20041. www.mobilevce.com © 2004 Mobile VCE 3G 20042 19 th October 2004 Regional Blackouts: Protection of Broadcast.

© 2004 Mobile VCE 3G © 2004 Mobile VCE 3G th October 2004 Regional Blackouts: Protection of Broadcast.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.

SecureMR: A Service Integrity Assurance Framework for MapReduce Wei Wei, Juan Du, Ting Yu, Xiaohui Gu North Carolina State University, United States Annual.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.

Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.

LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.

1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.
Providing Trusted Paths Using Untrusted Components Andre L. M. dos Santos Georgia Institute of Technology

Providing Trusted Paths Using Untrusted Components Andre L. M. dos Santos Georgia Institute of Technology
CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.
Multimedia Security Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Nov 20, 2002 Department of Computer.

Multimedia Security Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Nov 20, 2002 Department of Computer.
1. Outline 1. Background 1. Attacks on distance-bounding 2. Symmetric vs asymmetric protocol 3. Motivation: DBPK-Log 2. VSSDB 1. Building blocks 2. Protocol.

1. Outline 1. Background 1. Attacks on distance-bounding 2. Symmetric vs asymmetric protocol 3. Motivation: DBPK-Log 2. VSSDB 1. Building blocks 2. Protocol.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Similar presentations

Ads by Google