1 / 64

Context-Aware Computing Network Architectures, NCA/ECA, and a Privacy Protection Technology EMAPP

Context-Aware Computing Network Architectures, NCA/ECA, and a Privacy Protection Technology EMAPP. National Institute of Informatics (NII), Japan Shigeki Yamada and Eiji Kamioka {shigeki, kamioka}@nii.ac.jp http://www.nii.ac.jp/index.html. National Institute of Informatics (NII) at a Glance.

ewan
Download Presentation

Context-Aware Computing Network Architectures, NCA/ECA, and a Privacy Protection Technology EMAPP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Context-Aware Computing Network Architectures, NCA/ECA, and a Privacy Protection Technology EMAPP National Institute of Informatics (NII), Japan Shigeki Yamada and Eiji Kamioka {shigeki, kamioka}@nii.ac.jp http://www.nii.ac.jp/index.html

  2. NII National Institute of Informatics (NII) at a Glance • Established in April, 2000 as one of the inter-university research institutes by the Ministry of Education, Culture, Sports, Science and Technology of Japanese Government • Became a new corporate body and affiliated with Research Organization of Information and Systems in April, 2004 • Broad range of researches in informatics research areas from basic theories to applications: • Foundations of Informatics, Infrastructure Systems, Software, Multimedia Information, Intelligent Systems, Human and Social Information, and Information Research • Close cooperation with industries and universities to promote utilization of the outcomes of research in our society

  3. NII NII at a Glance (Contd.) • Providing a scientific information infrastructure in Japan • SINET (Science Information Network) and Super-SINET • Inter-university library-related services such as catalog information service (NACSIS-CAT) and electronic library service (NACSIS-ELS) • Started a PhD graduate school in 2002: currently 50 PhD candidates • Annual budget of 100 Million Dollars and 340 members, including 170 researchers

  4. NII Topics in this Presentation • Our Activities of Research on Ubiquitous Computing Networks • Context-Aware Computing Network Architectures NCA/ECA and their Preliminary Network Performance Evaluation • Privacy-Protection Technology, EMAPP (Encapsulated Mobile Agent-based Privacy Protection)

  5. (1) Context-Aware Computing Network Architectures and their Preliminary Network Performance Evaluation • Definition • Service scenario examples • Requirements • Functional modules • Network architecture • Preliminary performance evaluation • Future work

  6. NII Ubiquitous Computing • Next Generation Mobile Computing Networks will evolve into ubiquitous computing networks • Concepts of Ubiquitous Computing • Ubiquity: Everywhere • Invisibility: Computers will disappear below the threshold of our awareness. • Invisibility requires computers to capture and analyze the user’s context: Context-awareness

  7. NII Context-Aware Application Model Implicit Input http://lieber.www.media.mit.edu/people/lieber/Teaching/Context/ Out-of-Context-Paper/Out-of-Context.html

  8. NII Context-Aware Service Scenario 1 Tour guide in Paris • You are walking in Paris • You ask your wearable computer how to get to the Eiffel Tower • The context-aware system automatically captures your context: • your voice (<- microphone) • your location and direction (<- GPS) • analyzes and interprets the context • retrieves the route information • displays the information on your HMD (Head Mount Display) • nearest subway station, subway fare and walking route on the map of Paris I want to visit the Eiffel Tower!How can I get there?

  9. NII Context-Aware Service Scenario 2 Personal communication service • You are sleeping in an airplane • Your boss phones you at your office • The context-aware system detects the call and analyzes your context: • your location • your activity status • available communication devices • understands • you cannot answer the call as you are asleep • you have a headset-type device near your seat • stores the phone message in a voice mail server • sends a message to your handset device • You read the message when you wake up --- Context --- Location: on an airplane Activity status: sleeping Available device: headset

  10. NII Previous Researches on Ubiquitous Computing • Most of the research efforts for the context-aware computing have been devoted to sensor devices, computer-human interactions, and context-aware application software • Few research works focus on the networking issues

  11. NII Our Approach on Ubiquitous Computing Networks • To spread context-aware services widely, we need a universal context-aware service network infrastructure • Context-aware services should be available anywhere but not restricted in local areas • We should make use of the WAN’s capability of covering both the small and wide areas and enabling seamless network connection

  12. NII Functional Requirements of Context-Aware Services • Context-Awareness • Captures,stores, and updates the user context • Information Binding • interprets the user context and associates it with the appropriate contents and services that the users wants • Information Provision • Finds the location of contents and services, makes an access to them, and converts them to be adapted to the information receiver’s communication environment if necessary • Provides the contents and services with the information receiver at the right timing

  13. NII Context-Aware Service Category and Service Model Context-Aware Personal Communication Services Communication Context Communication Context Network Communication Receiver Communication Sender Context Analysis, Conversion Media and Services Media and Services Context-Aware Information Delivery Services User Context Network User Content Server Context Analysis, conversion Contents and Services Contents And Services

  14. NII Consideration on Context-Aware Network Architecture • Context-aware services must seamlessly be available • indoor --- outdoor • LANs --- WANs • stationary --- mobile • Wide-area coverage and mobility management capabilities must be supported • Network Architecture that integrates a 3G network architecture with a wireless LAN (WLAN)

  15. NII Functional Modules for Context-Aware Services • Four functional modules for context-aware services • to handle the user context and the relevant content • (1) UIN (Universal Information delivery Navigator) • decision making module • collects user context from user devices • executes user authentication • analyzes and interprets the context • decides the content that the user needs • refers to a directory server to obtain the location of the content • sends the content itself or the content location information to the user

  16. NII Functional Modules for Context-Aware Services (Contd.) • (2) DA (Directory Agent) • Manages the location of content servers connected to the Internet • Processes service discovery queries from the UIN • Responds to the UIN with service replies including the location of the content server • (3) UMD (User Management Database) • Manages information about users (e.g., authentication information, preferences and user context information that users have sent in the past) • User context information is updated when user’s context changes • (4) MPS (Media Processing Server) • Converts the contents and services provided by a content server into an appropriate form, if necessary

  17. NII Access Network for Context-Aware Services • Integration of UMTS release 5 (all IP network architecture) and Wireless LAN WLAN ISP Network MT AP R Internet R PSTN/ISDN UTRAN PS-CN HSS IMS MT BS RNC SGSN GGSN P-CSCF S-CSCF I-CSCF UMTS Release 5

  18. NII Disposition of Functional Modules in the Network • Disposition of the functional modules in a network plays a key part in the context-aware network architecture • Content servers should be placed on the end-user side in local area networks connected to the Internet • Two alternatives on the location where the four functional modules (UIN, DA, UMD, and MPS) should be placed

  19. NII Two Alternative Network Architectures • Network-Centric Architecture (NCA) • stores, analyze, interprets the user context in various functional components managed by the network operator and connects relevant functional components with SIP. • End-user-centric architecture (ECA) • stores and interprets the user context in the end-user’s functional components managed by end-users or service providers and connects relevant functional components with HTTP.

  20. NII NCA (Network Centric Architecture) User information is managed by the UMD through GGSN LAN Internet R Content Server ISP network WLAN AP MT R R HSS MPS (4,9) UMD (11) UIN DA [5,10] [12] IMS UTRAN PS-CN [13] (3) [6] (8) (1) MT BS RNC SGSN GGSN P-CSCF (2) [16] (7) S-CSCF [15] I-CSCF [14]

  21. NII MT P-CSCF I-CSCF S-CSCF UIN UMD DA Content Server REGISTER REGISTER Authentication + Getting S-CSCF (1) (2) SIP SIP (3) (4) [5] [6] Referring to preference and past context REGISTER (7) SIP Based on the 3GPP specification (8) (9) SLP [10] Response time (11) [12] SLP Getting location of content server SIP SIP SIP [13] OK OK OK [16] [15] [14] HTTP GET HTTP OK (download) NCA Information Flow from Capturing User Context to Displaying the Content

  22. ECA (End-User Centric Architecture) NII LAN Content Server Internet R WLAN ISP network MT AP R R ECA R DA UIN MPS UMD IMS UTRAN PS-CN GWTI S-CSCF MT BS RNC SGSN GGSN P-CSCF HSS I-CSCF

  23. NII MT UIN UMD DA Content Server SYN SYN+ACK ACK HTTP PUT ACK Authentication Response time Request Processing time Get location of content server Reply HTTP OK ACK FIN ACK FIN ACK HTTP GET HTTP OK (download) ECA Information Flow from Capturing User Context to Displaying the Content

  24. NII Preliminary Performance Evaluation of NCA and ECA • Need to evaluate the network architecture from various viewpoints and criteria • Ease of deployment of new services, network cost, network flexibility and scalability • As a first step: comparison of overall network performance of NCA and ECA • Purpose: • Not to obtain precise or absolute network performance values • But to reveal the general characteristics of the two architectures • to clarify which design parameters have the most significant influence on performance • Performance model to measure the response time of the network

  25. NII Network Performance Evaluation • The response time • The interval between the time when a user generates a user context and the time when the user receives the contents/services location information. • Mean and 95th percentile response times of the two architectures are obtained by queuing theory and simulation

  26. NII Performance Models • The response time can be broken down into three delay elements • Processing delay for processing SIP/UDP/IP, HTTP/TCP/IP, and SLP/UDP/IP packets • IP-network delay includes all of the network-layer, data link layer and physical layer delays • Wireless communication delaygenerated at wireless access sections

  27. NII Performance Simulation Parameters

  28. NII Server-processing time of 50-ms and Network Delays of 10-ms for NCA and 50-ms for ECA

  29. NII Server-processing time of 50-ms and Network Delays of 20-ms for NCA and 100-ms for ECA

  30. NII Analysis in Low-Performance Application Servers • For Small Network Delays • ECA has smaller response times than NCA has • For Large Network Delays • ECA has smaller response times than NCA has except for the cases with low application-server utilization • For low performance application servers, ECA is better in the response time than NCA because server processing time is a dominant factor and NCA requires many traversals of application servers

  31. NII Server-processing time of 10-ms and Network Delays of 10-ms for NCA and 50-ms for ECA

  32. NII Server-processing of 10-ms and Network Delays of 20-ms for NCA and 100-ms for ECA

  33. NII Analysis in High-Performance Application Servers • For Small Network Delays • For Server utilization under 0.7, NCA has smaller response times than ECA • For Server utilization over 0.7, ECA has smaller response times than NCA • For Large Network Delays • Similar results are obtained • The ECA response times suffers from much larger delays while NCA response times are almost unchanged as in the cases of small network delays • For High-performance application servers, • When the application servers are busy, NCA is better in the response time than ECA • When the application servers are not busy, ECA is better than NCA • This is because network delay is a dominant factor and ECA suffers from large internet delays while NCA will have smaller network delays maintained by the network operator

  34. NII Summary of Performance Evaluation • Response times of NCA and ECA greatly changes depending upon given network parameter values • Average network delays will increase over time because of continuous network growth and geographical expansions • Application servers may enjoy higher performance over time, assuming continuous improvement of device technologies • This implies that NCA will be slightly advantageous in terms of response times because the NCA’s response times are mitigated by fast servers

  35. NII Future Work • Detail component design • Comparisons of the NCA and ECA from other technical viewpoints such as network scalability and reliability • Distributed Allocation of Context-Aware Functional Components over the Network • Incorporation of Privacy and Security Mechanisms • Performance Simulation Considering User Mobility, Frequent Context Updates and Heterogeneous Network Topology

  36. (2) Privacy-Protection in Ubiquitous Computing Environments : EMAPP:Encapsulated Mobile Agent-based Privacy Protection • Background • Privacy model • Features and problems • Verification by scenarios • Overall Architecture • Future work

  37. NII Why is Privacy ProtectionImportant in Ubicomp Environments? • Two major concepts of ubiquitous computing • Ubiquity • Invisibility • Invisibility requires context-awareness that captures and interprets user context • User context includes privacy–sensitive personal data such as user’s location, activity status, and preferences • New privacy protection technologies are required for ubiquitous environments • Dynamic changes of user’s computing and communication environments

  38. NII Why Do We Need New Security and Privacy Technologies? • Two major concepts of ubiquitous computing • Ubiquity • distributed and ad-hoc in nature • devices are not always administered by the same entity • every device becomes a potential gateway to leak information across network perimeters • Invisibility • requires context-awareness that captures and interprets user context • user context includes privacy–sensitive personal data such as user’s location, activity status, and preferences • New security and privacy protection technologies are required for ubiquitous environments

  39. NII Privacy Invasions in Ubicomp Environments Bob (Data Collector) Improper use of Alice’s personal data Data Collection Data Copy Little control over how her data will be used Unauthorized use of Alice’s personal data Alice (Personal Data Owner) Carol (Data User)

  40. NII Privacy Issues • Where to store personal data? • End-User Centric Architecture (ECA) • Into stationary servers and devices • Into wearable servers and devices • Network- Centric Architecture (NCA) • Who manages privacy? • User, Network Operator, or Service Provider • How to protect privacy? • Existing Technologies:P3P and pawS system • Our approach: EMAPP

  41. NII Context Data Storage Management: ECA • User context data are stored in user facilities (UMD) and managed by users or service providers • Users feel easy • User has all the responsibility LAN (18) Contents/ Services Server WLAN R Internet (17) ISP Network (19) (20) MT AP R R (6) (11) LAN R (5) (12) UTRAN DA PS-CN (8) (7) (2) (3) (4) (10) (1) (9) MT BS RNC SGSN GGSN UIN (16) (13) (15) (14) UMD MPS

  42. NII Context Data Storage Management:NCA (Network Centric Architecture) • User context data are stored inside the 3GPP All Network (UMD) managed by Network Operators • Secure and uniform management • Users may feel uneasy LAN (23) WLAN Internet Contents/ Services Server ISP Network (22) R MT AP R R (25) (24) (21) IMS DA (26) UTRAN PS-CN (11) (12) (3) UMD UCN (2) (4) (5) (1) (13) MT BS RNC SGSN GGSN P-CSCF MPS (10) (20) (18) (17) (7) (8) (19) (16) (15) (6) S-CSCF (9) I-CSCF (14)

  43. NII Design Space for Privacy Protection Data Collector (Service Provider or web site) Access Prevention Avoidance Detection Data Collection Second Use Prevention Avoidance Detection Prevention Avoidance Detection Personal Data Owner Data User

  44. NII Classification of Privacy Protection Technologies (by X. Jiang (UCB)) RBAC Anonymization Pseudonymization Prevention Location Support Wearables P3P Avoidance User Interfaces for Feedback, Notification, and Consent Privacy Millers Detection Collection Access Second use

  45. NII pawS: a Privacy Protection System (ETH) (3) Privacy Policy Download Privacy Proxy Service Proxy (4) Comparison of Privacy Policy with User Preferences (5)Personal Data (2) Personal Data & Service Name (1) Service Announcement Privacy Beacon Privacy Assistant

  46. NII Encapsulated Mobile Agent-based Privacy Protection: EMAPP • Most of Existing Privacy Models: “Outgoing Data” model • Once an access is authorized, personal data may flow out or may be copied from the original database • This may cause improper use of personal data by service providers and data collectors • EMAPP Privacy Model: “Incoming Agent” model • does not move personal data from the database, but move programs (mobile agents) into the location where the personal data are stored • Personal data are referred to by mobile agents only inside a secure space (privacy capsule) • Personal data are prohibited to directly flow out from the privacy capsule: they must be wrapped in the mobile agent that migrates to another location if necessary

  47. NII EMAPP Privacy Model Personal data are referred to by mobile agents only inside the privacy capsule and prohibited to flow out from the privacy capsule Privacy Proxy Download Privacy Capsule Privacy Policy User’s Preferences Migration Mobile Agent Personal Data Execution Results

  48. NII Features of EMAPP • Advantages • Prevents personal data from being copied and used improperly • Provides a preventive mechanism to prevent undesirable use of personal data • Provide an avoidance mechanism in the data collection phase, combined with P3P technology • Problems • Can the EMAPP model be applied to a wide variety of applications? • How can the EMAPP model be implemented? • Performance overhead

  49. NII Our Approach • Assumes a general secure mobile agent execution environment and PKI (Public Key infrastructure) • Adds privacy protecting mechanisms to the above secure environment • Classifies the patterns of mobile agent behaviors • Sets the discipline of mobile agent behaviors • Verifies the discipline from various service scenarios • Provides the mechanism to enforce the discipline • Builds up a privacy protection architecture

  50. NII Mobile Agent (MA) Behavior Patterns Service Provider/ User’s Privacy Capsule Service Provider/ User’s Privacy Capsule Personal data (PD2) Personal Data (PD1) (2) Migration with Personal Data MA MA PD1 PD1 (5) Other Device/ MA Control (3) Message Communication with Personal Data (1) MA Erase (4) Personal Data Takeover to Other MA Personal data (PD1) MA Device PD1 MA Erase MA PD1

More Related