1. 多媒體網路安全實驗室 Routing Through the Mist: Privacy Preserving Communication in Ubiquitous Computing Environments Date:2011/05/05 報告人：向峻霈 出處 : Jalal Al-Muhtadi, Roy Campbell, Apu Kapadia, M. Dennis Mickunas Seung Yi : Distributed Computing Systems, pp. 74-83,2002

2. 多媒體網路安全實驗室 Outline Introduction 1 Problem statement 2 The Mist Hierarchy 33 Implementation 44 Conclusion 35 2

3. 多媒體網路安全實驗室  Distributed systems and mobile computing have converged to enhance global interconnectivity  Users can access services  Run programs  Utilize resources  Harvest computing power anytime and anywhere Introduction 3

4. 多媒體網路安全實驗室  Physical spaces augmented with sensors and actuators that can locate users Problem statement 4 收集網絡地址 物理位置 竊聽者 User 隱藏加密的溝通渠道

5. 多媒體網路安全實驗室  We aim to design and implement a privacy protocol  User 能在任意環境自由交流並保留隱私  防止內部人員的隱私協議  Sensors that can detect the presence of users in a room  但沒有能力積極辨識 user  Mist Routers  Preserve privacy  Hide information Problem statement 5

6. 多媒體網路安全實驗室  Our goal is to achieve the following  Location privacy  Anonymous connections  Confidentiality  We assume  Public Key Infrastructure (PKI) exists  Ubiquitous computing environment  Mist Routers  Third party that can’t be trusted Problem statement 6

7. 多媒體網路安全實驗室 The Mist Hierarchy 7

8. 多媒體網路安全實驗室  Portals are viewed as the gateways that bridge the virtual world to the physical one  Workstation  A sensor  An access point for wireless devices  RF transceiver The Mist Hierarchy 8

9. 多媒體網路安全實驗室 The Mist Hierarchy  “Smart” rooms  Detect the physical presence of one or more users  The users are anonymous and not authenticated as of yet  Location and discovery services that are available in Gaia OS  不包含 監控攝像機 語音識別裝置 9

10. 多媒體網路安全實驗室 Registering in the system 10

11. 多媒體網路安全實驗室  Mist Circuits employ hop-to-hop  handle-based routing to send data packets back and forth between the source and destination through the mist  Combining this routing with limited public- key encryption Mist Circuits 11

12. 多媒體網路安全實驗室 General format for Mist packets 12

13. 多媒體網路安全實驗室 Mist Circuit setup 13

14. 多媒體網路安全實驗室 Mist Circuits 14

15. 多媒體網路安全實驗室 Mist Circuits  Alice: Alice’s unique ID in the active information space  TS: A timestamp to prevent replay attacks  K session : A random session key to encrypt further communication between the user and her or his Lighthouse  TKN: A token to be presented to the user’s lookup service  E k : Means encrypt using the key ‘k’  PP: A predetermined “fixed” phrase 15

16. 多媒體網路安全實驗室 Locating Users 16  Once the Mist Circuit-Setup has been completed  LDAP Servers  Web Servers  Security issues

17. 多媒體網路安全實驗室 LDAP Servers  Lightweight Directory Access Protocol (LDAP)  users can register attributes with LDAP servers  unique LDAP Distinguished Name(DN) 17

18. 多媒體網路安全實驗室 Web Servers  Users to maintain their own webpages  These webpages can be updated by a CGI script 18

19. 多媒體網路安全實驗室 Security issues  We would like to prevent malicious Lighthouses or attackers  Constructs a special token (TKN) signed by the user’s private key  TKN Timestamp Unique ID of the chosen Lighthouse 19 TKN contents do not need to be encrypted

20. 多媒體網路安全實驗室 Mist Communication Setup 20

21. 多媒體網路安全實驗室 Mist Communication Setup 21

22. 多媒體網路安全實驗室 Conclusion  There is a fair possibility of creating a ubiquitous ‘surveillance’ system instead  We would like to “short circuit” their communication to take the shortest path possible 22

23. 多媒體網路安全實驗室