1 / 15

Security Infrastructure for Context-Aware Middleware

Security Infrastructure for Context-Aware Middleware. By L.X.Hung u-Security Group 2005.09.16. Agenda. Security Group introduction Fundamental Challenges Proposed Security model Working Plan. uSecurity Group Introduction. Prof. S.Y.Lee, Advisor. Prof. M. Kaykobad, Advisor.

chessa
Download Presentation

Security Infrastructure for Context-Aware Middleware

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Infrastructure for Context-Aware Middleware By L.X.Hung u-Security Group 2005.09.16

  2. Agenda • Security Group introduction • Fundamental Challenges • Proposed Security model • Working Plan

  3. uSecurity Group Introduction Prof. S.Y.Lee, Advisor Prof. M. Kaykobad, Advisor Le Xuan Hung, PhD Zhung Yonil, PhD Yuan Weiwei, PhD Riaz Ahmed Shaikh, PhD Hassan Jameel, MS Pho Duc Giang, MS Nguyen Ngoc Diep, MS Tran Van Phuong, MS

  4. Fundamental challenges to secure pervasive computing • The need to integrate the socio-technical perspective: • Related to usability, confidence (trust) in security techs • Related to the broader sociological, cognitive, economic and legal aspects of our lives • Recognize the different personas and roles (e.g. prof, student, …) • Breakdown of classical perimeter security and the need to support trust relationships • Firewall to enforce security, pre-registered authentication are not suitable • User community is anonymous and constantly changing

  5. Fundamental challenges to secure pervasive computing (2) • Balancing non-intrusive and security strength • needed to shift away from classical and intrusive security scheme (e.g. explicit user input such as password) to securely and automatically sense and exchange seamlessly. • Enable single-step authentication to multiplications and stove-piped systems • Context awareness • protocols and infrastructure required to sense, gather, and organize contextual information in secure manner. • Mobility, adaptability, and dynamism • a user may be mobile, interact with multiple devices and access multiple applications. • the user may also be disconnected from home network.

  6. Fundamental challenges to secure pervasive computing (3) • Resource constrained operation • CPU power, energy, memory, etc. • Limit cryptography operations, security protocol and security mechanism. • Balancing security and others tradeoffs • Ubicomp is composed of diverse applications, usage scenarios, and data handling demands. • Thus the central challenge is to diverse security models along with supporting architectures, protocols that can provide tunable tradeoff.

  7. Interactions in Context-Aware Middleware • Users and Mobile Devices • Administrating • Resource access • Services • Service lookup & delivery • Applications • Contextual information, services request / response • Resource access • Sensing Devices • Providing context, sensing data

  8. Securing Ubiquitous Environment with SiCAM • Our Solution: SiCAM • Security infrastructure for Context-Aware Middleware • Light-weight Cryptography • IDS Agents • Light-weight Cryptography • IDS Agents • Others • -Secure Sensing, Routing, Aggregation • -Key Management • -etc. • Light-weight Cryptography

  9. Hassan Riaz Weiwei Hung Giang Diep Phuong 1 2 3 4 5 6 7 Proposed Security Infrastructure 1 1 2 4 1 6 5 1 7 4

  10. Proposed Security Infrastructure (2) • Access Control • Core technology to enforce security and policies • Context-based Access Control • Provide both MAC and DAC (Mandatory and Discretion Access Control) • Can be broken down into 3 process • Identification: users recognition (wearable devices, voice/face recognition, badgeID, etc) • Authentication: verify identification • Authorization: ‘yes/no’ decision whether user can access resources and services

  11. Proposed Security Infrastructure (3) • Inference Engine • Intelligent part of SiCAM • Compute and provide level of confidence to authentication • Consulting authorization: evaluate queries from applications whether a certain entity is allow to access a certain resource • Composed of • Privacy: sensitive, personal data that is explicitly exchanged, that is ‘automatically sensed’ • Trust management: provide trust level of uncertainty entities • Intrusion detection: detecting intruder, malfunction entities…

  12. Proposed Security Infrastructure (4) • Inference Engine • Can access all authentication policy, access control policies • Can get context from difference provider of Context-aware middleware • Queries various context provider • Can access to context provider lookup service to look up various context providers • Authentication of various people

  13. Ongoing work • General Tutorial Presentation (weekly) • In progress (60%) • Security Infrastructure design • Proposed general architecture • Verifying and revising • Working on paper: Trust Model for Ubiquitous Environment, to submit to AINA’06

  14. Paper work • Hung Le Xuan, Sungyoung Lee and Young-Koo Lee, "A Key-Exchanging Scheme for Sensor Networks", The 2005 IFIP International Conference on Intelligence in Communication Systems (INTELLCOMM'05), Canada. October 17-19, 2005 • Hassan Jameel, Sungyoung Lee and Young-Koo Lee “A Secret Sharing Scheme for Preventing the Cheaters from Acquiring the Secret” submitted to SKLOIS Conference on Information Security and Cryptology • Hassan Jameel, Sungyoung Lee and Young-Koo Lee “Secure Information Exchange in a Mobile-to-Grid Middleware Environment” submitted to 3rd International IEEE Security in Storage Workshop • Hassan Jameel, Hung Le Xuan, Sungyoung Lee and Young-Koo Lee “A Vector Space Based Trust Evaluation Model for Ubiquitous Systems”3rd International IEEE Security in Storage Workshop

  15. Future Plan • End of this year • Complete infrastructure design and API • Publish technical report • Middle 2006 • Implementation • Prototype and testbed • Ultimate Goals • Commercialize source code. • 15 SCI papers • 3 SCI Journals

More Related