service discovery in pervasive computing environments n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Service Discovery in Pervasive Computing Environments PowerPoint Presentation
Download Presentation
Service Discovery in Pervasive Computing Environments

Loading in 2 Seconds...

play fullscreen
1 / 54

Service Discovery in Pervasive Computing Environments - PowerPoint PPT Presentation


  • 115 Views
  • Uploaded on

Service Discovery in Pervasive Computing Environments. Matt Mutka Dept. of Computer Science & Engr. Michigan State University East Lansing, Michigan 48824 mutka@cse.msu.edu. Outline. Supermedia Networking not today’s main topic Service Discovery in Pervasive Computing Environments

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Service Discovery in Pervasive Computing Environments' - whistler


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
service discovery in pervasive computing environments

Service Discovery in Pervasive Computing Environments

Matt MutkaDept. of Computer Science & Engr.Michigan State UniversityEast Lansing, Michigan 48824mutka@cse.msu.edu

outline
Outline
  • Supermedia Networking
    • not today’s main topic
  • Service Discovery in Pervasive Computing Environments
    • today’s main topic
  • The “Master Key”
collaborators
Collaborators
  • Lionel Ni (HKUST)
  • Ning Xi (MSU ECE),
  • Ranjan Mukherjee (MSU ME)
  • Students
    • Feng Zhu, Zhiwei Cen, Amit Goradia, Michael Huntwork, Clayton Haffner, Chad Klochko
supermedia the idea
Supermedia - The Idea!

USA

Commands

Internet

Robots

Sensors

Internet

Video, Haptic & Temperature

Japan

Force/Torque Sensor

Commands

Internet

Temperature Rendering Device

Internet

Non-contact Temperature Sensor

Hong Kong

Video, Haptic & Temperature

internet based teleoperation
Internet Based Teleoperation

Internet

Sensory

Feedback

Commands

internet based tele cooperation
Internet Based Tele-cooperation

Japan

USA

Internet

Internet

Hong Kong

outline1
Outline
  • Supermedia Networking
  • Service Discovery in Pervasive Computing Environments
  • The “Master Key”
network services everywhere
Network Services Everywhere
  • Office
  • Mobile Commerce
  • Mobile entertainment
  • Location-based service
  • Home
why service discovery
Why Service Discovery?
  • Traditional Distributed Service Access
    • Administrative overhead
      • DNS and DHCP servers
      • Driver installation/update
      • Manually configure server name and port number
    • Difficult to handle partial failure
      • Device, service, network failure
  • Users are interested in services not administration
  • Service discovery facilitates service usage towards zero administration
  • Especially important in pervasive computing environments
    • Manual configuration is impossible
some service discovery protocols
Some Service Discovery Protocols
  • Jini – Sun Microsystems
  • UPnP – Microsoft
  • Rendezvous – Apple Computer
  • Salutation – Salutation Consortium
  • Bluetooth – Bluetooth SIG
  • SLP – IETF
  • INS and INS/Twine – MIT
  • SSDS – UC Berkeley
  • Deapspace – IBM research
service discovery models
Service Discovery Models

client-service model client-service-directory model

new challenges
New Challenges
  • Services at a place belong to different owners
  • User mobility
  • Service mobility
  • Many user identities for different user roles
    • If no identity is required, access controlisviolated
    • If service discovery is device-based, access controlmay be violated
    • If an identity is required, difficult to implement on devices,usability problems, possibly miss opportunities
dark side
Dark Side
  • Users expose personal information of devices one is carrying to other users
  • Users expose service request information
  • Services expose information of the domains provided
  • Exposed devices have increased potential for attacks: man-in-middle, replay, DOS, SPAM, …
our goals
Our Goals
  • Maintain the good usability of service discovery
  • Protecting Sensitive Information
    • As an owner
      • Control services
      • Protect service information
      • Protect owner’s presence information
    • As a user
      • Protect identities
      • Protect service queries
      • Protect user’s presence information
  • No existing secure service discovery protocol meets these requirements so far
status quo 4 approaches
Status quo – 4 Approaches
  • Insecure service discovery
  • Apply traditional access control solutions
    • UPnP Security
  • Trusted central servers
    • Secure Service Discovery Service (SSDS)
  • Automated service provider discovery and credential management
    • PrudentExposure
existing secure service discovery protocols
Existing Secure Service Discovery Protocols
  • UPnP Security
    • Support various authorization methods
      • Access control lists, authorization servers, authorization certificates, and group definition certificates
    • Generic method to differentiate an owner’s devices from others
      • Example: Bob discovers his MP3 player
      • Service accesses are limited to device owners
      • Inefficient
      • Privacy problem
existing secure service discovery protocols cont d
Existing Secure Service Discovery Protocols (cont’d)
  • SSDS
    • Many built-in security features
      • Authentication, authorization, data and service privacy, and integrity
    • Manage services centrally
      • Enterprise environments
    • Example
  • Why centralized approaches are not fit pervasive environments
    • For users
      • Exposes personal services to central servers?
      • Which user role?
    • For directories (servers)
      • Accepts any service registrations?
      • Who manages access control?
existing secure service discovery protocols cont d1
Existing Secure Service Discovery Protocols (cont’d)
  • PrudentExposure
    • Software manages a user’s credentials
    • Users and service providers exchange code words
a chicken and egg problem
A Chicken-and-egg Problem
  • From users’ point of view
    • Interact with necessary service providers
    • Ideally, service providers expose their information first
  • From service providers point of view
    • Interact with legitimate users
    • Hiding by not responding
    • Ideally, users expose their information first
design goal
Design Goal
  • From service providers point of view
the progressive approach
The Progressive Approach
  • Strategy
    • Progressively expose partial information
  • Predictable exposure
  • The problem is false positive matches
    • Predictable overhead
  • Protect sensitive information
    • Only expose to legitimate parties
protect sensitive information from illegitimate parties
Protect Sensitive Information from Illegitimate Parties
  • Protect identities via code words
  • Protect service information via encryption
basic protocol
Basic Protocol

Send code word bits Send service info bits

Check code word bits Check service info bits

Check code word bits Check service info bits

Send code word bits Send service info bits

experiments
Experiments
  • Compaq iPAQs
    • ARM SA1110 206 MHz processor
    • 64MB RAM
    • An expansion pack
    • D-Link DCF-650W wireless card
    • 802.11 ad hoc mode and 2Mbps
    • Microsoft eMbedded Visual C++ 3.0
    • Microsoft PocketPC 3.0
  • Average time of 100 experiments
experiment results
Experiment Results
  • About 100ms to interact with a service provider
outline2
Outline
  • Supermedia Networking
  • Service Discovery in Pervasive Computing Environments
  • The “Master Key”
entity authentication
Entity Authentication
  • Keys – the most common form
    • 4000 years of history since ancient Egypt
  • Today we also use
    • Magnetic stripe cards
    • Smart cards
    • RFID tags
    • Remote Keyless Entry systems (RKE)
    • Other tokens
traditional master keys
Traditional Master Keys
  • One key opens many locks
    • Convenient
  • Delegation problem
  • Revocation problem

Picture from: M. Blaze, "Rights Amplification in Master-Keyed Mechanical Locks," IEEE SECURITY & PRIVACY, vol. 1, pp. 24-32, 2003

multiple access tokens
Multiple Access Tokens
  • No delegation & revocation problems
  • Improved usability
    • Lock & unlock a car, RKE
    • Unlock a hotel door, magnetic stripe cards
  • Difficult to manage if too many
the master key
The Master Key
  • Aggregate all digital credentials
  • Automatically supply credentials
  • Advantages of the traditional master keys and multiple access tokens
    • One device
    • No revocation problem
    • No delegation problem

Potential Master Key devices

presentation outline
Related work

The Master Key design

System analysis and evaluation

Discussion

Conclusion and future work

Presentation Outline
magnetic stripe technology
Magnetic Stripe Technology
  • Since early 1960s
  • Widely used
    • Bank cards
    • Hotel room locks
  • Not secure enough
    • Loss due to counterfeit cards in UK is £130 million in 2004
smart cards
Smart Cards
  • Since late 1960s
  • Processing capability and storage capacity
  • Secure! (Cryptography)
  • Contact & contact less
  • Wide application
    • Prepaid transit cards
    • ID cards
    • Health cards
    • Passports
rfid tags
RFID Tags
  • Passive ID tags are vulnerable
    • No processing capabilities for cryptography
    • Example, MIT card
remote keyless entry systems
Remote Keyless Entry Systems
  • Widely used on cars and garage-doors
  • Limited security
    • A “rolling code” for authentication
ibuttons
iButtons
  • Secure
  • Wide application
    • Keys
    • E-cash
    • Asset management devices
  • Example
    • 200,000 iButton owners accessing 10,000 buildings in New York
other related work
Other Related Work
  • Public key operations are possible on tiny devices, Berkeley/Crossbow Mica2 mote
  • Location-based or proximity-based authentication
  • Zero-Interaction Authentication (ZIA)
  • Biometric recognition: fingerprint, iris, hand geometry, and voice recognition
  • Personal Servers as digital keys
presentation outline1
Related work

The Master Key design

System analysis and evaluation

Discussion

Conclusion and future work

Presentation Outline
discover locks
Many locks and keys

Automatically find a key via discovery

Discover Locks
private authentication

Code word 1

Code word 2

Private Authentication
  • Key – lock pairs speak code words
    • No explicit identities exchanged
code words
Code Words
  • The Bloom filter format
  • Multiple code words in a Bloom filter

Code words

code word length
Code Word Length
  • Partial code word
  • The few bits the less exposure –privacy
  • The more bits the less false positive overhead
the master key protocols
The Master Key Protocols
  • Mutual authentication in 3 messages
    • TVPs are challenges
  • Exposure order can be changed
    • Keys expose first or locks expose first
overhead vs privacy
Overhead vs. Privacy

Higher overhead & better privacy

Precise & lower overhead

performance measurements
Performance Measurements
  • The Master Key
    • Compaq iPAQ, 206 MHz processor, 64MB RAM, and a D-Link DCF-650W wireless card
  • A Lock
    • Dell AXIM X5, 400 MHz processor, 64MB RAM, and a Dell TrueMobile 1180 wireless card
  • 0.5 second to unlock in a extreme case
    • The Master Key specifies 820 code words and the lock has 500 key owners.
discussion
Discussion
  • Susceptible to the mafia fraud attack
    • May not have countermeasures by cryptography alone
    • May use location information
    • Transmission time
    • Multiple channels
  • Securing the Master Key is critical
slide51

Multiple access tokens

Traditional master key

The Master Key

summary
Summary
  • Secure and Private Service Discovery
  • Protect sensitive information
      • Protect service information, presence information, identities, service queries
  • Support multiple coexisting domains
  • Help users to supply correct identities
  • The Master Key, single device for various entity authentication
recent papers supermedia
Recent papers-Supermedia
  • M. Huntwork, A. Goradia, N. Xi, C. Haffner, C. Klochko and M. Mutka, ``Pervasive Surveillance Using a Cooperative Mobile Sensor Network,'' Proceedings of IEEE International Conference on Robotics and Automation (ICRA 2006), May 2006.
  • A. Goradia, Z. Cen, C. Haffner, N. Xi, and M. Mutka, ``Design, Implementation and Performance Analysis of Pervasive Surveillance Networks,'' Proceedings of the 19th International FLAIRS Conference (FLAIRS 2006), May 2006.
  • Z. Cen, M. W. Mutka, Y. Liu, A. Goradia, and N. Xi, ``QoS Management of Supermedia Enhanced Teleoperation via Overlay Networks,'' Proceedings of IEEE International Conference on Intelligent Robots and Systems (IROS 2005), August, 2005.
  • A. Chobanyan, M. Mutka, Z. Cen, N. Xi, "One Way Delay Trend Detection for Available Bandwidth Measurement," Proceedings of IEEE Globecom 2005, November, 2005.
  • Z. Cen, M. W. Mutka, Y. Liu, A. Goradia, and N. Xi, "QoS Management of Supermedia Enhanced Teleoperation via Overlay Networks," Proceedings of IEEE International Conference on Intelligent Robots and Systems (IROS 2005), August, 2005.
  • A. Goradia, Z. Cen, N. Xi, and M. W. Mutka, "Modeling and Design of Mobile Surveillance Networks Using a Mutational Analysis Approach," Proceedings of IEEE International Conference on Intelligent Robots and Systems (IROS 2005), August, 2005.
  • A. Goradia, N. Xi, M. Prokos, Z. Cen, and M. W. Mutka, "Cooperative Multi-Target Surveilance Using a Mutational Analysis Approach," IEEE/ASME International Conference on Advanced Intelligent Mechatronics (AIM 2005) July, 2005.
  • A. Chobanyan, M. W. Mutka, V. S. Mandrekar, and N. Xi, Modeling Available Bandwidth for an Efficient QoS Characterization of a Network Path,'' Proceedings of NETWORKING 2005, May, 2005.
  • Z. Cen, M. W. Mutka, D. Zhu, and N. Xi, ``Supermedia Transport for Teleoperations over Overlay Networks,'' Proceedings of NETWORKING 2005, May, 2005.
  • Z. Cen, A. Goradia, M. .W. Mutka, N. Xi, W.-K. Fung, and Y-H. Liu, ``Improving the Operation Efficiency of Supermedia Enhanced Internet Based Teleoperation via an Overlay Network,'' Proceedings of IEEE International Conference on Robotics and Automation (ICRA 2005), April, 2005.
recent papers secure private service discovery
Recent papers - Secure, Private Service Discovery
  • F. Zhu, M. Mutka and L. Ni, ``A Private, Secure and User-centric Information Exposure Model for Service Discovery Protocols,'' IEEE Transactions on Mobile Computing, vol 5, no. 4, April 2006.
  • F. Zhu, M. W. Mutka and L. Ni, ``The Master Key: A Private Authentication Approach for Pervasive Computing Environments,'' Proceedings of IEEE International Conference on Pervasive Computing and Communications (PerCom2006), March 2006.
  • F. Zhu, M. W. Mutka and L. Ni, ``Service Discovery in Pervasive Computing Environments,'' IEEE Pervasive Computing. vol. 4, no. 4, pp. 81-90, October-December, 2005.
  • F. Zhu, M. Mutka and L. Ni, ``Facilitating Secure Ad hoc Service Discovery in Public Environments,'' Journal of Systems and Software, vol. 76, no. 1, pp. 45-54, April 2005.
  • F. Zhu, W. Zhu, M. Mutka and L. Ni, ``Expose or Not? A Progressive Exposure Approach for Service Discovery in Pervasive Computing Environments,'' Proceedings of IEEE International Conference on Pervasive Computing and Communications (PerCom2005), March 2005.
  • F. Zhu, M. Mutka and L. Ni, ``PrudentExposure: A Private and User-Centric Service Discovery Protocol,'' Proceedings of IEEE International Conference on Pervasive Computing and Communications (PerCom2004), pp. 329-338, March 2004.
  • F. Zhu, M. Mutka and L. Ni, ``Facilitating Secure Ad hoc Service Discovery in Public Environments,'' Proceedings of IEEE Computer Software and Applications Conference (COMPSAC 2003), pp. 433-438, November, 2003.
  • F. Zhu, M. Mutka and L. Ni, ``Splendor: A Secure, Private, and Location-aware Service Discovery Protocol Supporting Mobile Services,'' Proceedings of IEEE International Conference on Pervasive Computing and Communications (PerCom2003), pp. 235-242, March, 2003.