Presentation is loading. Please wait.

Presentation is loading. Please wait.

Approaches for Ensuring Security and Privacy in Unplanned Ubiquitous Computing Environments V. Ramakrishna, Kevin Eustice, Matthew Schnaider Laboratory.

Published byJohnathan York Modified over 9 years ago

Similar presentations

Presentation on theme: "Approaches for Ensuring Security and Privacy in Unplanned Ubiquitous Computing Environments V. Ramakrishna, Kevin Eustice, Matthew Schnaider Laboratory."— Presentation transcript:

1 Approaches for Ensuring Security and Privacy in Unplanned Ubiquitous Computing Environments V. Ramakrishna, Kevin Eustice, Matthew Schnaider Laboratory for Advanced Systems Research Computer Science Department, UCLA

2 In a Nutshell Ubiquitous computing poses new security and privacy challenges, … and exacerbates existing ones Usability goals necessitate security and privacy tradeoffs Threat mitigation is a more realistic goal than threat elimination 3-layer classification of the solution space helps in better analysis and understanding

3 Ubiquitous Computing Internet Home Network Coffee Shop PHYSICAL INTEGRATION SPONTANEOUS INTEROPERATION No Milk ! Characteristics  Decentralized control  Heterogeneity  Ad hoc interactions  Open environments  Communication with strangers Personal Network Location (GPS) Video Change route! My location?

4 Trading off Security and Privacy with Usability Usability for naïve users Ease of handling and interfacing with devices Minimal required interaction Primary goal of ubicomp Characteristics of ubiquitous computing environments forces three-way tradeoff Examination of tradeoffs enable better understanding of system security limits We need to seriously think about security before it is too late … again

5 Security and Privacy Challenges GPS N/W Infrastructure N/W Infrastructure Coffee Shop Home Network Small devices are prime targets for theft. Who is my service provider? Is he authentic? More devices become vectors for spread of malware. Mobile code poses significant threats. Privacy concerns: Eavesdropping on Conversations; Location inference. Install Plug-in

6 Mitigating Failure Problem areas Theft of devices and content Applications releasing more data than necessary Applicable paradigms Least privilege Abdication of privilege Segregation of functionality Multiple fidelity levels for contextual info

7 Establishing Identity Leverage physical presence Enrollment: secure sideband interaction E.g., USB drives and PKI Physical contact creates logical connection Reduces dangers of anonymity Sensory mechanisms for authentication Infrared, RFID tags Embedded cameras, barcodes Audio cues

8 Protecting Devices: A 3-Layered View DEVICE / NETWORK RESOURCESDATA CONTROLLING / OWNING ENTITY Resource and Content Protection Mechanisms Secure Interaction Protocols Trust Frameworks and Mechanisms DEVICE / NETWORK RESOURCESDATA CONTROLLING / OWNING ENTITY Resource and Content Protection Mechanisms

9 Benefits of this Classification Analyze vulnerable ubicomp interactions in a top-down manner Demarcates scope of each solution Complementary, yet interdependent systems of defense Resource and Content Protection Mechanisms Secure Interaction Protocols Trust Frameworks and Mechanisms DEVICE / NETWORK RESOURCES DATA CONTROLLING ENTITY

10 Resource / Content Protection Examples Access control lists and capabilities Secure file systems Zero-interaction authentication Firewalls Proof-carrying code Resource and Content Protection Mechanisms Secure Interaction Protocols Trust Frameworks and Mechanisms DEVICE / NETWORK RESOURCES DATA CONTROLLING ENTITY

11 Secure Resource Discovery and Access Enforcing security policies through communication protocols Examples Protecting networks from vulnerable nomads Automated negotiation among peers Resource and Content Protection Mechanisms Secure Interaction Protocols Trust Frameworks and Mechanisms DEVICE / NETWORK RESOURCES DATA CONTROLLING ENTITY

12 Safeguarding Nomadic Behavior Network firewalls are inadequate Some solutions Quarantine, Examination and Decontamination Cisco Network Admission Control These solutions only scratch the surface Open issues: Running foreign code Verifying veracity of returned results Leveraging trusted hardware MOBILITY: Vulnerable Devices + OPEN NETWORKS: Offering Ubiquitous Services  EPIDEMIC: Spread of malware + CONTACT with STRANGERS

13 Automated Peer Negotiation Facilitate interactions among strangers Decentralized policy resolution Compromise on resource sharing Use trust model and utility model to determine risk/benefit tradeoff of action

14 Evaluating and Using Trust Cross-domain frameworks: trust as a basis for interaction among entities Possible approaches Globally centralized? Certificate hierarchies Webs and chains of trust, delegation Quantitative trust models Resource and Content Protection Mechanisms Secure Interaction Protocols Trust Frameworks and Mechanisms DEVICE / NETWORK RESOURCES DATA CONTROLLING ENTITY

15 Future Targets and Promising Approaches Problems inherent in infrastructure? → Work around it (e.g., enrollment) Mobility increases number of threats? → Flexible guards and enforce compliance (e.g., QED) Unplanned interactions may violate security policy? → Automated negotiation among peers → Least privilege paradigm Must communicate with strangers? → Leverage trust as far as possible → Develop better models for trust inference and use

16 Conclusion Ubicomp poses new security and privacy challenges, and exacerbates existing ones Usability goals necessitate security and privacy tradeoffs We should direct our efforts toward threat mitigation rather than threat elimination A 3-layer classification of the solution space helps in better analysis and understanding In practice, a hybrid solution will yield best results

17 References For more info, contact vrama@cs.ucla.edu Panoply project web page http://lasr.cs.ucla.edu/panoply

Download ppt "Approaches for Ensuring Security and Privacy in Unplanned Ubiquitous Computing Environments V. Ramakrishna, Kevin Eustice, Matthew Schnaider Laboratory."

Similar presentations

Context-awareness, cloudlets and the case for AP-embedded, anonymous computing Anthony LaMarca Associate Director Intel Labs Seattle.

Context-awareness, cloudlets and the case for AP-embedded, anonymous computing Anthony LaMarca Associate Director Intel Labs Seattle.
Rocket Software, Inc. Confidential James Storey General Manager, OSS Unit Rocket Software APNOMS 2003: Managing Pervasive Computing and Ubiquitous Communications.

Rocket Software, Inc. Confidential James Storey General Manager, OSS Unit Rocket Software APNOMS 2003: Managing Pervasive Computing and Ubiquitous Communications.
EMERGING TOPICS IN DATA, APPLICATION AND INFRASTRUCTURE PROTECTION Taher Elgamal ITU 12-2011.

EMERGING TOPICS IN DATA, APPLICATION AND INFRASTRUCTURE PROTECTION Taher Elgamal ITU
An Architecture for Privacy-Sensitive Ubiquitous Computing Jason I. Hong Group for User Interface Research Computer Science Division University of California.

An Architecture for Privacy-Sensitive Ubiquitous Computing Jason I. Hong Group for User Interface Research Computer Science Division University of California.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Issues of Security and Privacy in Networking in the CBA Karen Sollins Laboratory for Computer Science July 17, 2002.

Issues of Security and Privacy in Networking in the CBA Karen Sollins Laboratory for Computer Science July 17, 2002.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
Information Security Policies and Standards

Information Security Policies and Standards
Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.

Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.
Towards Security and Privacy for Pervasive Computing Author : Roy Campbell,Jalal Al-Muhtadi, Prasad Naldurg,Geetanjali Sampemane M. Dennis Mickunas.(2002)

Towards Security and Privacy for Pervasive Computing Author : Roy Campbell,Jalal Al-Muhtadi, Prasad Naldurg,Geetanjali Sampemane M. Dennis Mickunas.(2002)
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
CS 239: Advanced Security Spring 04 Security in Pervasive and Ubiquitous Environments Sam Irvine

CS 239: Advanced Security Spring 04 Security in Pervasive and Ubiquitous Environments Sam Irvine
Friendly Authentication and Communication Experience (Face) for Ubiquitous Authentication on Mobile Devices Author: Benjamin Halpert Presented by: 魏聲尊.

Friendly Authentication and Communication Experience (Face) for Ubiquitous Authentication on Mobile Devices Author: Benjamin Halpert Presented by: 魏聲尊.
RETSINA: A Distributed Multi-Agent Infrastructure for Information Gathering and Decision Support The Robotics Institute Carnegie Mellon University PI:

RETSINA: A Distributed Multi-Agent Infrastructure for Information Gathering and Decision Support The Robotics Institute Carnegie Mellon University PI:
Securing Nomads: The Case For Quarantine, Examination, Decontamination Kevin Eustice, Shane Markstrum, V. Ramakrishna, Dr. Peter Reiher, Dr. Leonard Kleinrock,

Securing Nomads: The Case For Quarantine, Examination, Decontamination Kevin Eustice, Shane Markstrum, V. Ramakrishna, Dr. Peter Reiher, Dr. Leonard Kleinrock,
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Emerging Research Dimensions in IT Security Dr. Salar H. Naqvi Senior Member IEEE Research Fellow, CoreGRID Network of Excellence European.

Emerging Research Dimensions in IT Security Dr. Salar H. Naqvi Senior Member IEEE Research Fellow, CoreGRID Network of Excellence European.

Similar presentations

Ads by Google