1 / 18

Security Issues in Ubiquitous Computing ( UbiComp )

Security Issues in Ubiquitous Computing ( UbiComp ). Frank Stajano Presented by Patrick Davis. UbiComp. Ubiquitous Computing Exact concept inception date is unknown Basically background computing in life Pervasive Computing Invisible / Disappearing Computing Sentient Computing

thai
Download Presentation

Security Issues in Ubiquitous Computing ( UbiComp )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Issues in Ubiquitous Computing (UbiComp) Frank Stajano Presented by Patrick Davis

  2. UbiComp • Ubiquitous Computing • Exact concept inception date is unknown • Basically background computing in life • Pervasive Computing • Invisible / Disappearing Computing • Sentient Computing • Ambient Intelligence • Calm computing • Different things to different people • Security • A virus broke my toaster and now my freezer won’t work!

  3. Security • Security is Risk Management • Defender thinks about • I have gold in my house - Asset • Someone can steal my gold - Threats • I leave the front door unlocked - Vulnerabilities • A thief can walk into the front door - Attacks • It costs a lot of money to replace the gold -Risks • Get a few dogs – Safeguards • Release the hounds - Countermeasure

  4. Threats to Information Systems • Not a complete list but traditionally… • Confidentiality • Integrity • Availability • To mitigate these risks • Authentication • Identification • Verification • Authorization

  5. Extend to UbiComp • Mobile Phone • What do you lose if some one steals the device • Cost of the device • Information On the device • Availability of the device • Your Identification (if the phone is used as a credit card) • What if the phone is hacked. (How do you know it isn’t) • Information on the phone is compromised • Components on the phone are compromised • Microphone • Your current location • Your current soundings

  6. Privacy • How important does it seem to be? • How important is it? • Think like the enemy…

  7. Privacy and Wearable Computing • What happens when you record every aspect of your life. • What if I wore one? • What kind of things would you be ok with sharing • How much do you want protect these • From your own memory loss • From hackers • How close are we to this already

  8. Location Privacy • Phones are sending location back almost 24 hours a day • One of the ways to get maintain privacy is to make each location marker anonymous • Another way is to have the interested parties broad cast their services and the users pickup or disregard those services as needed • The author disregards the situation where the location of any user (anonymous or not) is a security risk

  9. RFIDs • Basically barcodes that can remotely identify themselves • Can be powered by the request to read the tag • Economics of scale should bring down the price of RFIDs • Can be used as machine vision where as the vision is basically viewed as positions of the RFIDs • Are limited in processing ability meaning cryptology is limited

  10. RFID Safeguards • Some Safe Guards are • Killing the Tag • Hash-based access control • Randomized Access Control • Silent tree walking • Blocker-tag • Anti-Counterfeiting using PUFs • Distance bounding protocols • Multi-Factor Access Control in e-passports

  11. Authentication and Device Pairing • In UbiComp the server authenticates the client and if it is allowed does the requested actions. • A couple principles in authentication • Big Stick • Resurrecting Duckling • Multi Channel Protocols

  12. Resurrecting Duckling • The mother duck is the master and the duckling is the slave • Based on a set of four principles • Two State principle • Imprinting Principle • Death Principle • Assassination Principle

  13. Multi Channel Protocols • Data Origin Authenticity • DiffieHellman key exchange • Man in the middle attack • Have two channels • A high capacity Channel for “long” messages • A low capacity Channel for Data-Origin authentication

  14. Beyond Passwords • Do you really like entering your password for every site? • Why do we have single sign on or Identity Management (Face book sign on) • How do we get around password • Tokens • Biometrics

  15. Usability • Security is only to prevent dishonest people from performing bad Actions • This often gets in the way of honest user’s activities • Tax on the honest

  16. People • We must view though someone else's eyes • The attacker • The user • Quote: • Security cannot depend upon the user’s ability to read a message from the computer and act in an informed and sensible manner […] a machine must be secure out of the factory if given to a user who cannot read • Meaning the security glove must fit the user comfortably but still stop the attacker

  17. The Market • Systems are sold on the basis of features. • Customers really only care about security in terms of particular scenarios • Security features cost money to implement clients see security as an extra or just another feature that they never see. • Again how important is privacy… • Client must have a bad experience with security in order to see the importance of good security

  18. QUESTIONS?

More Related