Trust and Security Issues for Pervasive Adaptationlibeccio.di.unisa.it/Papers/Talks/Perad/PersianoPerad.pdf · 2011. 3. 29. · Trust RFID Conclusions Pervasive Computing Security

ScenarioDealing with scarce resources

Context and LocalizationTrustRFID

Conclusions

Trust and Security Issues for Pervasive Adaptation

Giuseppe Persiano

Dipartimento di Informatica ed Appl. ”Renato M. Capocelli”Universita di Salerno

PerAd 2007

Giuseppe Persiano Trust and Security Issues



Conclusions

Outline

1 Scenario

2 Dealing with scarce resources

3 Context and Localization

4 Trust

5 RFID

6 Conclusions




Conclusions

Pervasive Adaptation

myriads of small devices

from low to no computational power

held by the user

PDAs, smart phonesRFID tagssensors

woven into the environment

sensors, actuators




Conclusions




held by the user



sensors, actuators




Conclusions




held by the user



sensors, actuators




Conclusions




held by the user



sensors, actuators




Conclusions




held by the user



sensors, actuators




Conclusions




held by the user



sensors, actuators




Conclusions


Interaction with the Environment on behalf of the User

getting information from the environment

PDA getting directions to the closest restaurant fromenvironment;sensors detecting smoke in a forest;

releasing information about the user to the environment

what type of restaurant I like (pizza, chinese, thai, . . .);where I bought my jacket;




Conclusions


Implementing the Environment

managing access to buildings/restricted areas;

advertising availability of services (coffee, newsstand, . . .);

advertising prices of services;

providing services (airplane check-in and seat assignments);




Conclusions

Pervasive Computing Security vs. Internet Security

Pervasive Computing: tens to hundreds of devices per person;

Internet: a few devices per person: home pc, workstation,laptop, PDA, smart phone;

Pervasive Computing: users (almost) always on-line andsometimes unaware of that;

Internet: users on-line in specific time intervals and alwaysaware of connection;




Conclusions


Pervasive Computing: tens to hundreds of devices per person;

Internet: a few devices per person: home pc, workstation,laptop, PDA, smart phone;

Pervasive Computing: users (almost) always on-line andsometimes unaware of that;

Internet: users on-line in specific time intervals and alwaysaware of connection;




Conclusions


Pervasive Computing: used to carry out most every-dayactivities:

taking a bus;entering your office;entering your house;. . . . . . . . .;

Internet: used for financial and leisure activities: homebanking, shopping, video on-demand, on-line videogames,. . . . . . . . .

Pervasive Computing: active physical environment;

Internet: no interaction with physical environment;




Conclusions


Pervasive Computing: used to carry out most every-dayactivities:

taking a bus;entering your office;entering your house;. . . . . . . . .;

Internet: used for financial and leisure activities: homebanking, shopping, video on-demand, on-line videogames,. . . . . . . . .

Pervasive Computing: active physical environment;

Internet: no interaction with physical environment;




Conclusions


Security/privacy threats posed by the Internet are at least oneorder of magnitude smaller compared to threats from PervasiveComputing

require new methodologies and protocols




Conclusions


Security/privacy threats posed by the Internet are at least oneorder of magnitude smaller compared to threats from PervasiveComputing

require new methodologies and protocols




Conclusions

The new challenges

low computational power;

need for a new framework for security protocols;need to re-design security protocols;new crypto primitives;

spatial localization:

location-based security;location privacy;new attacks are possible (physical attacks);

myriads:no centralized control;no a-priori trust structure;mobile device must adapt to environment;




Conclusions

The new challenges









Conclusions

The new challenges









Conclusions

Looking ahead...

Methodology

rethinking Security/Cryptography for small scale devices;

physical locality plays a role in security;

adopt concepts from Sociology, Economics, Evolution tomodel emerging trust.




Conclusions

Low computational power

Devices are not be capable of carrying-out current securityprotocols.

Devices might not be capable of implementing currentcryptographic primitives.




Conclusions

Low computational power

Devices are not be capable of carrying-out current securityprotocols.

Devices might not be capable of implementing currentcryptographic primitives.




Conclusions

New framework for security protocols

Proxy-based Security

computational load for carrying out a protocol can be sharedamong a group of security proxies;

security proxies can be woven into an active environment;

dedicated servers working as security proxies (not very realisticin some cases);




Conclusions

New framework for security protocols


computational load for carrying out a protocol can be sharedamong a group of security proxies;

security proxies can be woven into an active environment;

dedicated servers working as security proxies (not very realisticin some cases);




Conclusions


Requisites

private information must not be leaked from the device to theproxies;

proxies are not trusted;

efficiency;

no infrastructure should be assumed;

What is known

proxy-based implementations of some cryptographyprimitives are known;

RSA, ElGamal encryptions;

proxy-based implementations of secure protocols need are-design of the protocols;




Conclusions


Requisites



efficiency;


What is known







Conclusions


Requisites



efficiency;


What is known







Conclusions

Collaborative Security

Security protocols can be collaboratively carried out by mutuallytrusting devices.




Conclusions

Re-Designing Security Protocols for Pervasive Computing

Key Management in Sensor Networks

1 classical problem in Security;

2 solutions did not scale down to sensors;

3 new protocols and methods;

4 probabilistic analysis, percolation theory.




Conclusions

Scale down Crypto

Pairing-based Crypto

Elliptic Curves

small key size and parameters;

fast crypto operations;

low storage and bandwidth;

Pairings

e : E × E → F;

e(aP, bQ) = e(P,Q)ab, for all P,Q ∈ E ;

e(P,P) 6= 1, for all P ∈ E ;

Examples: Weil and Tate pairings.




Conclusions

Scale down Crypto

Pairing-based Crypto

Elliptic Curves

small key size and parameters;

fast crypto operations;

low storage and bandwidth;

Pairings

e : E × E → F;

e(aP, bQ) = e(P,Q)ab, for all P,Q ∈ E ;

e(P,P) 6= 1, for all P ∈ E ;

Examples: Weil and Tate pairings.Giuseppe Persiano Trust and Security Issues



Conclusions

Performance Comparison

Elliptic Curves ElGamal AES160 bit 1024 bit 80 bit

256 bit 3072 bit 128 bit384 bit 8192 bit 192 bit




Conclusions


Elliptic Curves ElGamal AES160 bit 1024 bit 80 bit256 bit 3072 bit 128 bit

384 bit 8192 bit 192 bit




Conclusions


Elliptic Curves ElGamal AES160 bit 1024 bit 80 bit256 bit 3072 bit 128 bit384 bit 8192 bit 192 bit




Conclusions


Elliptic Curves ElGamal AES160 bit 1024 bit 80 bit256 bit 3072 bit 128 bit384 bit 8192 bit 192 bit




Conclusions

Spatial localization

Context

Ability to track people and equipment within the environment andcapture contextual information.

Physical space plays a major role.

Cyberspace

Provides its own notion of space and context that substitutes thephysical notions.




Conclusions


Context



Cyberspace





Conclusions


Context



Cyberspace





Conclusions


Context-aware security

Contextual changes trigger changes in user’s privileges.

An Example

Slides from a confidential meeting are available only to users in themeeting room (and during the meeting).




Conclusions


Context-aware security

Contextual changes trigger changes in user’s privileges.

An Example

Slides from a confidential meeting are available only to users in themeeting room (and during the meeting).




Conclusions


Location-Aware Security Protocols/Primitives

location-aware encryption: can decrypt only in specificlocations;

location-aware authorization: authorized only in specificlocations;




Conclusions

Location Privacy

Possible attack

user A uses a hand-held device to authenticate with theenvironment to get some service;

environment knows A has been here;

cannot assume that environments will not share information;

omnipresent adversary with significant computation power;

Approaches

unlikable pseudonyms;

anonymous identification protocols (efficient enough to becarried-out on small devices);

what is a MIX Network in a Pervasive environment?




Conclusions

Location Privacy

Possible attack





Approaches







Conclusions

Location Privacy

Possible attack





Approaches







Conclusions

Location Privacy

Possible attack





Approaches







Conclusions

Location Privacy

Possible attack





Approaches







Conclusions

Location Privacy

Possible attack





Approaches







Conclusions

Location Privacy

Possible attack





Approaches







Conclusions

Location Privacy

Possible attack





Approaches







Conclusions

Physical Attacks: Node Capture

Scenario

sensors deployed over a large area to monitor temperature;

sensors queried to report temperature;

queries are authenticated;

Node capture

gaining full control over a device through a physical attack:reading its memory and changing its program.

possible even if there is no software bug (buffer overflowattack);

feasible only on a portion of the sensors;




Conclusions

Trust

Ensuring correct functioning of the system

Critical system functionality depend on each device followinginstructions.

Devices are selfish and want to reduce their cost.

No a priori trust relationship exists.

Question: How do we defend from selfishness?




Conclusions

Trust









Conclusions

Trust




Sensors belonging to different networks cooperating to routeinformation.Each sensor wants to save battery life;






Conclusions

Trust









Conclusions

Trust









Conclusions

Developing Trust from Within

What we cannot assume

1 existence of predefined roles and relations between roles;

2 across-domain interpretation of roles;

3 user sets “user-role” association when required;

4 user always in the same environment;

What we can assume

1 users will remember history;

2 users will maximize utility;

3 users have scarce computational resources;




Conclusions

Spontaneous Collaborative Behavior

Collaborative Routing in Sensor Networks

energy needed for communication grows super-linearly withdistance;

more advantageous to transmit packets in several small hops;

sensors from different domains might collaborate;




Conclusions

Approaches Spontaneous Collaborative Behavior

Promising Approach

Design protocols for reputation propagation that induce Nashequilibria in which collaboration is possible.

Protocol plays Mother Nature and leads the system to evolveinto collaboration.

Scarce resources.

We need concepts from

Sociology (Reputation, Subjective Reputation),

Economics (Nash Equilibria),

Theoretical Biology (Evolutionary Equilibria).




Conclusions

Approaches Spontaneous Collaborative Behavior

Promising Approach

Design protocols for reputation propagation that induce Nashequilibria in which collaboration is possible.

Protocol plays Mother Nature and leads the system to evolveinto collaboration.

Scarce resources.

We need concepts from

Sociology (Reputation, Subjective Reputation),

Economics (Nash Equilibria),

Theoretical Biology (Evolutionary Equilibria).




Conclusions

Radio-Frequency Identification (RFID)

a microchip that is capable of transmitting a static identifierfor a short distance;

activated by a query from a nearby reader, which alsotransmits power for the operation of the tag;

about 3 EuroCent per unit and size about .4× .4 mm.

RFID Tags have almost no computation power

RFID Tags can be used in conjunction with a reader




Conclusions










Conclusions










Conclusions










Conclusions










Conclusions

Privacy

RFID will broadcast its ID every time it is queried;

the item to which it is attached (and its owner) can be traced;do not want to remove RFID for post-sale management (e.g.,return of unwanted items, warranty)cannot remove if RFID needed to track borrowed items (e.g.,public library)

Insubvertible Encryption

encrypt ID;

can be re-randomized without changing the content andwithout knowing the decryption key;

adversary cannot replace legitimate ciphertext with his own;

Elliptic Curve Cryptosystems could be useful;




Conclusions

Privacy

RFID will broadcast its ID every time it is queried;the item to which it is attached (and its owner) can be traced;

do not want to remove RFID for post-sale management (e.g.,return of unwanted items, warranty)cannot remove if RFID needed to track borrowed items (e.g.,public library)


encrypt ID;







Conclusions

Privacy

RFID will broadcast its ID every time it is queried;the item to which it is attached (and its owner) can be traced;do not want to remove RFID for post-sale management (e.g.,return of unwanted items, warranty)

cannot remove if RFID needed to track borrowed items (e.g.,public library)


encrypt ID;







Conclusions

Privacy

RFID will broadcast its ID every time it is queried;the item to which it is attached (and its owner) can be traced;do not want to remove RFID for post-sale management (e.g.,return of unwanted items, warranty)cannot remove if RFID needed to track borrowed items (e.g.,public library)


encrypt ID;







Conclusions

Privacy



encrypt ID;







Conclusions

Privacy



encrypt ID;







Conclusions

Privacy



encrypt ID;







Conclusions

Privacy



encrypt ID;







Conclusions

Privacy



encrypt ID;







Conclusions

Counterfeiting

Attack

adversary could clone or forge RFID Tags;

need to authenticate RFID Tags;

current authentication protocols are too computationexpensive;

Approach

Use ideas from Human-Based Authentication Protocols




Conclusions

Counterfeiting

Attack




Approach





Conclusions

Counterfeiting

Attack




Approach





Conclusions

Counterfeiting

Attack




Approach





Conclusions

Counterfeiting

Attack




Approach





Conclusions

Conclusions

Possible Directions


active environment working as security-proxy;scale down Cryptography (pairings,...);


(location, context)-based security;location privacy;physical attacks;

trust emerges in a bottom-up manner;

adopt concepts from Sociology, Economics, Evolution to modelemerging trust.




Conclusions

Conclusions

Possible Directions


active environment working as security-proxy;

scale down Cryptography (pairings,...);








Conclusions

Conclusions

Possible Directions










Conclusions

Conclusions

Possible Directions










Conclusions

Conclusions

Possible Directions




(location, context)-based security;

location privacy;physical attacks;






Conclusions

Conclusions

Possible Directions




(location, context)-based security;location privacy;

physical attacks;






Conclusions

Conclusions

Possible Directions










Conclusions

Conclusions

Possible Directions










Conclusions

Conclusions

Possible Directions








Documents

Trust and Security Issues for Pervasive Adaptationlibeccio.di.unisa.it/Papers/Talks/Perad/PersianoPerad.pdf · 2011. 3. 29. · Trust RFID Conclusions Pervasive Computing Security