Security and Privacy 세종대학교 컴퓨터공학부 권 태 경. Contents Introduction Security and privacy? Some related topics  Authentication and Access Control Identity

  • View
    215

  • Download
    1

Embed Size (px)

Transcript

  • Slide 1
  • Security and Privacy
  • Slide 2
  • Contents Introduction Security and privacy? Some related topics Authentication and Access Control Identity Management and HCI RFID Security Blocker Tag MANET Security General Concepts Database Security Search on Encrypted Data Terms Revisited
  • Slide 3
  • Introduction
  • Slide 4
  • Slide 5
  • Slide 6
  • What is Ubiquitous Computing? Wirelessly networked processors embedded in everyday objects Smart environments characterized by: Transparent interaction Automated capture Context awareness Proactive and reactive Example projects AT&T Active bat/badge, HP Cooltown, Microsoft Aura, Intel Place Lab and PersonalServer EQUATOR
  • Slide 7
  • At UC Berkeley WEBS (http://webs.cs.berkeley.edu) WEBS (Wireless Embedded Systems) WEBS (Wireless Embedded Systems) NEST (Network Embedded System Technology) NEST (Network Embedded System Technology) SesnorWebs Smart Dust
  • Slide 8
  • Where Do We Currently Stand? Ubiquitous devices (always at hand): Mobile phones, Personal Digital Assistants, Laptops, etc. Computationally bounded Limited battery Ubiquitous networks (always available): (W)LAN/MAN (Ethernet & IEEE 802.11) GSM/GPRS/3G PANs (Bluetooth, IrDA, AudioNet etc.) Ubiquitous services Currently mostly location-based
  • Slide 9
  • Paradigm Shift From Resource-Centric to User-Centric Past Super Distribution Are the clients satisfied? Please give me Servants for human and society. Java I like -Logic-aware -Resource centered -Context-aware -Resource distributed Resource
  • Slide 10
  • So What? Ubiquitous / pervasive computing Access to services and information ANYWHERE and EVERYWHERE Security and privacy infringement ANYWHERE and EVERYWHERE UbiComp Pervasive disclosure of user information
  • Slide 11
  • Security and Privacy?
  • Slide 12
  • The Old Model a Castle Security perimeter, inside and outside Firewalls for access control Static security policy Static trust model Tendency to focus on network layer Pre-evaluated, non- or slowly-evolving thre at model.
  • Slide 13
  • Security and Privacy? Confidentiality/Secrecy The assets of a computing system are accessible only by authorized parties Preventing unauthorized disclosure Secrecy Issue Privacy Issue Integrity The assets of a computing system can be modified only by authorized parties or only in authorized ways Preventing unauthorized modification Availability The assets of a computing system are accessible to authorized parties Preventing denial of authorized access
  • Slide 14
  • Source Destination Normal Flow Source Destination Interruption: Availability Source Destination Interception: Confidentiality Source Destination Modification: Integrity Source Destination Fabrication: Authenticity
  • Slide 15
  • UbiComp Characteristics Billions of potential subjects Continual change in network configuration Frequent disconnection An absence of known online servers in many environme nts Most likely absence (or unavailability) of administrators Limited capabilities and power of small smart appliances Privacy concerns, i.e. big brother or ubiquitous surveilla nce Physical tamper resistance of smart devices themselves
  • Slide 16
  • Security and Privacy! The New Model which is flexible, adapta ble, robust, effective and un-obtrusive
  • Slide 17
  • Security and Privacy! Authentication secure transient associations proximity Recognition vs. Authentication activities/behaviour situation interpretation (Dynamic) Identity Management (Dynamic) Group Management
  • Slide 18
  • Security and Privacy! Confidentiality eavesdropping on wireless links not a major is sue device capabilities (processor, battery etc.) confidentiality of data and meta data on devic es real problem Integrity again, not messages in transit but devices tamper resistance/evidence
  • Slide 19
  • Security and Privacy! Availability jamming communications channels sleep deprivation Dynamic Trust Model localized decisions context aware Context-awareness Generalised RBAC Location-based access control
  • Slide 20
  • Security and Privacy! Security policies prevent formation of evidence: forming a link between contexts, objects, users and objectiv es. e.g. number, credit card, foo bar, credit limi t Location information privacy One of the burning issues
  • Slide 21
  • Authentication and Access Control
  • Slide 22
  • Authentication Ambient intelligent environments : roaming digital entities, most likely presence of strangers Collaboration with most likely unknown entities: enrol ment needed for authentication is missing Identity in absolute terms is less meaningful than recognition of previous interaction to choose whether to collaborate or not New requirements lead to new schemes, e.g. the Resurr ecting Duckling security model [StajanoAnderson1999] Any identifier can work as long as it allows for referencing the entity involved
  • Slide 23
  • Authentication: subset of recognition recognition patterns IP address authentication duckling Kerberos PKIWindows login location
  • Slide 24
  • Authentication/Recognition comparison Authentication Process (AP)Entity Recognition (ER) A.1. Enrolment: generally involves an administrator or human intervention A.2. Triggering: e.g., someone clicks on a Web link to a resource that requires authentication to be downloaded E.1. Triggering (passive and active sense): mainly triggering (as in A.2.), with the idea that the recognizing entity can trigger itself A.3. Detective work: the main task is to verify that the prinicpals claimed identity is the peers E.2. Detective work: to recognize the entity to-be recognized using the negotiated and available recognition scheme(s) E.3. Retention (optional): preservation of the after effects of experience and learning that makes recall or recognition possible [MerriamWebster] A.4. Action: the identification is subsequently used in some ways. Actually, the claim of the identity may be done in steps 2 or 3 depending on the authentication solution (loop to A.2.) E.4. Action (optional): the outcome of the recognition is subsequently used in some ways (loop to E.1.)
  • Slide 25
  • User: Kreutzer, Michael Access: 09:20 Withdraw: 500
  • Slide 26
  • User: Kreutzer, Michael Access: 10:21 Using: Bus #10
  • Slide 27
  • User: Kreutzer, Michael Access: 09:20 Withdraw: 500 User: Kreutzer, Michael Access: 10:21 Using: Bus #10 User: Kreutzer, Michael Access: 11:42 Query: Privacy+NSA
  • Slide 28
  • Library Client Profile Bruce Schneier Date: 24.03.02 Time: 11:42 Query: Location TrafficSystem Client Profile Bruce Schneier Date: 24.03.02 Time: 10:21 Using:Bus #10 Exit: Stop#11 TrafficSystem Client Profile Bruce Schneier Date: 24.03.02 Time: 10:21 Using:Bus #10 Exit: Stop#11 TrafficSystem Client Profile Bruce Schneier Date: 24.03.02 Time: 10:21 Using:Bus #103 Exit: Stop#11 Bank Client Profile Bruce Schneier Date: 24.03.02 Time: 09:20 Withdraw: 10032 Quit: 09:42 Bank Client Profile Bruce Schneier Date: 24.03.02 Time: 09:20 Withdraw: 100 Quit: 09:42 User: Kreutzer, Michael Access: 09:20 Withdraw: 500 User: Kreutzer Michael Access: 10:21 Using: Bus #10 User: Kreutzer, Michael Access: 11:42 Query: Privacy+NSA General Person Profile Bruce Schneier Date: 24.03.02 Time: 11:42 Location:Bus Exit: Stop#11 General Person Profile Bruce Schneier Date: 24.03.02 Time: 11:42 Location:Bus Exit: Stop#11 General Person Profile Bruce Schneier Date: 24.03.02 Time: 11:42 Location:Bus Exit: Stop#11 General Person Profile Bruce Schneier Date: 24.03.02 Time: 11:42 Location:Bus Exit: Stop#11 General Person Profile Michael Kreutzer Date: 24.03.02 Time: 11:42 Location:Library Query:Privacy+ NSA Library Client Profile Michael Kreutzer Date: 24.03.02 Time: 11:42 Query:Privacy+ NSA TrafficSystem Client Profile Michael Kreutzer Date: 24.03.02 Time: 10:21 Using:Bus #10 Exit: Stop#11 Bank Client Profile Michael Kreutzer Date: 24.03.02 Time: 09:20 Withdraw: 500 Quit: 09:42
  • Slide 29
  • The Problem: Prevention of User Profiling Conditions: Ad Hoc => Constantly changing networks/services Mobile => Constantly changing location Fully automatic authentication requests from the environment Linkability of the device!
  • Slide 30
  • Identity Management Shopping Willi Webster Public Authority Leisure Anonymous Name: Willi Weber Credit Card: VISA Card #: 9988 7766 5544 Valid until:01.01.2003 Address: Street: Friedrichstr. 50 ZIP-Code: 79098 City: Freiburg Birthday: 11.07.1974 Place of Birth: Paris Hobbies: Swimming, Books Identity Nickname: Webster Society: Friends of Privacy Berlin e.V.
  • Slide 31
  • Identity Management Context Sensors Services and Applications Banking Shopping Home Automation... Context Sensing Choice of Identity Configuration of Services RulesIdentities Filter
  • Slide 32
  • Identity: Anonymous Name: Michael Kreutzer Account#: 12927382 Identity: Bank Client User: Kreutzer, Michael Access: 09:20 Withdraw: 500
  • Slide 33
  • Ticket #: 23882 Identity: Bus Ticket#: 23882 Access: 10:21 Using: Bus #10 Bus User: Kreutzer, Michael Access: 09:20 Withdraw: 500