1. Frank Stajano Presented by Patrick Davis 1

2.  Ubiquitous Computing ◦ Exact concept inception date is unknown ◦ Basically background computing in life  Pervasive Computing  Invisible / Disappearing Computing  Sentient Computing  Ambient Intelligence  Calm computing ◦ Different things to different people  Security ◦ A virus broke my toaster and now my freezer won’t work! 2

3.  Security is Risk Management  Defender thinks about ◦ I have gold in my house - Asset ◦ Someone can steal my gold - Threats ◦ I leave the front door unlocked - Vulnerabilities ◦ A thief can walk into the front door - Attacks ◦ It costs a lot of money to replace the gold -Risks ◦ Get a few dogs – Safeguards ◦ Release the hounds - Countermeasure 3

4.  Not a complete list but traditionally… ◦ Confidentiality ◦ Integrity ◦ Availability  To mitigate these risks ◦ Authentication  Identification  Verification ◦ Authorization 4

5.  Mobile Phone ◦ What do you lose if some one steals the device  Cost of the device  Information On the device  Availability of the device  Your Identification (if the phone is used as a credit card) ◦ What if the phone is hacked. (How do you know it isn’t)  Information on the phone is compromised  Components on the phone are compromised  Microphone  Your current location  Your current soundings 5

6.  How important does it seem to be?  How important is it?  Think like the enemy… 6

7.  What happens when you record every aspect of your life. ◦ What if I wore one?  What kind of things would you be ok with sharing  How much do you want protect these ◦ From your own memory loss ◦ From hackers  How close are we to this already 7

8.  Phones are sending location back almost 24 hours a day  One of the ways to get maintain privacy is to make each location marker anonymous  Another way is to have the interested parties broad cast their services and the users pickup or disregard those services as needed  The author disregards the situation where the location of any user (anonymous or not) is a security risk 8

9.  Basically barcodes that can remotely identify themselves  Can be powered by the request to read the tag  Economics of scale should bring down the price of RFIDs  Can be used as machine vision where as the vision is basically viewed as positions of the RFIDs  Are limited in processing ability meaning cryptology is limited 9

10.  Some Safe Guards are ◦ Killing the Tag ◦ Hash-based access control ◦ Randomized Access Control ◦ Silent tree walking ◦ Blocker-tag ◦ Anti-Counterfeiting using PUFs ◦ Distance bounding protocols ◦ Multi-Factor Access Control in e-passports 10

11.  In UbiComp the server authenticates the client and if it is allowed does the requested actions.  A couple principles in authentication ◦ Big Stick ◦ Resurrecting Duckling ◦ Multi Channel Protocols 11

12.  The mother duck is the master and the duckling is the slave  Based on a set of four principles ◦ Two State principle ◦ Imprinting Principle ◦ Death Principle ◦ Assassination Principle 12

13.  Data Origin Authenticity  DiffieHellman key exchange  Man in the middle attack  Have two channels ◦ A high capacity Channel for “long” messages ◦ A low capacity Channel for Data-Origin authentication 13

14.  Do you really like entering your password for every site?  Why do we have single sign on or Identity Management (Face book sign on)  How do we get around password ◦ Tokens ◦ Biometrics 14

15.  Security is only to prevent dishonest people from performing bad Actions  This often gets in the way of honest user’s activities  Tax on the honest 15

16.  We must view though someone else's eyes ◦ The attacker ◦ The user  Quote: ◦ Security cannot depend upon the user’s ability to read a message from the computer and act in an informed and sensible manner […] a machine must be secure out of the factory if given to a user who cannot read ◦ Meaning the security glove must fit the user comfortably but still stop the attacker 16

17.  Systems are sold on the basis of features.  Customers really only care about security in terms of particular scenarios  Security features cost money to implement clients see security as an extra or just another feature that they never see.  Again how important is privacy… ◦ Client must have a bad experience with security in order to see the importance of good security 17

18. 18 QUESTIONS?