1 / 18

DEVELOPING A MODEL FOR TRUST MANAGEMENT IN PERVASIVE DEVICES

DEVELOPING A MODEL FOR TRUST MANAGEMENT IN PERVASIVE DEVICES. Florina Almenárez, Andrés Marín , Daniel Díaz, Juan Sánchez http://www.it.uc3m.es/pervasive. Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006. Outline. Motivation Related Work

cybill
Download Presentation

DEVELOPING A MODEL FOR TRUST MANAGEMENT IN PERVASIVE DEVICES

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. DEVELOPING A MODEL FOR TRUST MANAGEMENT IN PERVASIVE DEVICES Florina Almenárez, Andrés Marín, Daniel Díaz, Juan Sánchez http://www.it.uc3m.es/pervasive Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006

  2. Outline • Motivation • Related Work • PTM: Pervasive Trust Management Model • Requirements • Description • Mathematical Trust Evolution Model • Probabilistic Trust Evolution Model • Component-based PTM Implementation • Conclusions Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006

  3. Motivation • Pervasive Computing • Open and dynamic environments (zoo, airports, shopping mall) • Multitude of heterogeneous devices with communication, computing and storage capabilities  Pervasive devices • TRUST role in establishing new relations • Secure communication protocols (SSL, IPSec, DNSSEC, …) work well in fixed networks  traditional PKI • Problems to work when trust relationships are not preconfigured • Some management mechanisms for ad hoc networks • routing Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006

  4. Related Work • Previous works • 1994: Marsh, Beth • 1997: Abdul-Rahman • 1998: Jøsang • 1999: KeyNote, SPKI/SDSI (Access control infrastructures) • 2001: Poblano • Recent works • 2002 – 2004: SECURE (IST Project)  Trinity College Dublin • 2000 – 2010: Terminodes  NCCR (ad hoc networks) • 2003 – : SULTAN  Imperial College • 2004 – 2006: UBISEC Siemens • Problems: complexity, distrust modelling, trust evolution Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006

  5. Pervasive Trust Management ModelRequirements • Autonomous Independence on central server or previous configuration • to participate in ad hoc networks and peer-to-peer application • Dynamic evolution, context adaptation • Simple minimize human intervention and resource consumption • Secure protect resources from malicious entities • to make suitable decisions despite the uncertainty • Cooperative benefit from common knowledge • Granularity establish trust values • Include both trust and distrust concept Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006

  6. trustworthiness scarce very little little medium high very high 0,7 complete % of membership none 0,3 T(AB) 0 0,25 0,5 0,75 0,9 1 Distrust Trust Ignorance Distrust threshold Pervasive Trust Management ModelDescription • Fuzzy Logic • Trustworthiness  no trust for situation, category, etc. • Trust properties: reflexive, non-symmetrical, conditionally transitive (explicit), dynamic Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006

  7. A C1 Recommendations ➌ ➊ ➎ C2 B ➋ ➍ Pervasive Trust Management ModelHow it works? ➊ A (new user) requests access ➋ B searches trust information about A ➌ If A is unknown, B requests recommendations to Cs ➍ If there are trusted recommendations, B uses them (Indirect)  PRP If there are no recommendations, B uses trust rules (direct) ➎ If trust relationship is established, B recalculates trust value on A based on interactions Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006

  8. If a=a+ (a+ – a-)>0 else, but no attack If attack Pervasive Trust Management ModelMathematical Trust Evolution • “Trust comes on foot and goes by horse” • Current behaviour is measured based on: • Current interaction • Action weight (fuzzy logic) • Security level • Past behaviour • Positive and negative interactions • Increment factor (i)  restriction percentage () • A priori probability Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006

  9. If Vai>0 If Ii>0 If not If not Pervasive Trust Management ModelMathematical Trust Evolution (II) • Trust is recalculated based on: • Current behaviour • Previous trust value • Strictness factor () • Summarizing Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006

  10. Pervasive Trust Management ModelMathematical Trust Evolution (III) Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006

  11. Pervasive Trust Management ModelMathematical Trust Evolution (IV) PARAMETERS: Increment percentage: 2% Security level: m=2 Disposition Factor: 0.5 Positive action: 1 Wrong action: 0.5 (PTM) Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006

  12. Pervasive Trust Management ModelProbabilistic Trust Evolution • Bayes’ theorem • Posterioriprobabilities • Probabilities for binary events: Beta density function • Assign belief degrees between 0 and 1 • Risk model Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006

  13. Pervasive Trust Management ModelProbabilistic Trust Evolution (II) Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006

  14. Component-based PTM Implementation • Prototype • J2ME Personal Profile • OpenSSL cryptographic API • JNI wrappers • XACMLSun implementation • Extended  trust, context • PEP + PDP • Proofs • PDA  Windows Mobile 2003 • Linux, Windows • Available at: http://www.it.uc3m.es/florina/ptm Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006

  15. logs, policies Authorization Manager Monitor Context Provider Recommendation Manager Trust Manager Component-based PTM Implementation Pervasive device Applications Communication API Credentials Manager Authentication Manager keys, certificates, trust Cryptographic Provider Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006

  16. Conclusions & Future Work • Trust basis to establish relationships in a spontaneous way • Pervasive devices can interact with closed devices in a secure way, without depend on central server • Simple pervasive trust management model • to enhance the security architecture of pervasive devices • to minimize the uncertainty and take appropriate decisions • to allow the cooperation among closed trusted devices • Mathematical and probabilistic model • According to the intuitive human judgement • Simple calculations Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006

  17. Conclusions & Future Work (II) • Implementation of a generic prototype • to demonstrate its functionality • Security services for applications (client/server) • Future work • Integrating our model in the WCE security architecture • Trust providers • Analyse the performance and consumption of resources Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006

  18. more information at http://www.it.uc3m.es/pervasive 20 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006

More Related