Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 Florina Almenárez, Andrés Marín, Daniel Díaz, Juan Sánchez

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 Florina Almenárez, Andrés Marín, Daniel Díaz, Juan Sánchez"— Presentation transcript:

1 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 Florina Almenárez, Andrés Marín, Daniel Díaz, Juan Sánchez http://www.it.uc3m.es/pervasive DEVELOPING A MODEL FOR TRUST MANAGEMENT IN PERVASIVE DEVICES

2 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 2 Outline Motivation Related Work PTM: Pervasive Trust Management Model ○Requirements ○Description ○Mathematical Trust Evolution Model ○Probabilistic Trust Evolution Model Component-based PTM Implementation Conclusions

3 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 3 Motivation Pervasive Computing ○Open and dynamic environments (zoo, airports, shopping mall) ○Multitude of heterogeneous devices with communication, computing and storage capabilities  Pervasive devices TRUST role in establishing new relations ○Secure communication protocols (SSL, IPSec, DNSSEC, …) work well in fixed networks  traditional PKI  Problems to work when trust relationships are not preconfigured ○Some management mechanisms for ad hoc networks  routing

4 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 4 Related Work Previous works ○1994: Marsh, Beth ○1997: Abdul-Rahman ○1998: Jøsang ○1999: KeyNote, SPKI/SDSI (Access control infrastructures) ○2001: Poblano Recent works ○2002 – 2004: SECURE (IST Project)  Trinity College Dublin ○2000 – 2010: Terminodes  NCCR (ad hoc networks) ○2003 – : SULTAN  Imperial College ○2004 – 2006: UBISEC  Siemens –Problems: complexity, distrust modelling, trust evolution

5 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 5 Pervasive Trust Management Model Requirements Autonomous  Independence on central server or previous configuration ○to participate in ad hoc networks and peer-to-peer application Dynamic  evolution, context adaptation Simple  minimize human intervention and resource consumption Secure  protect resources from malicious entities ○to make suitable decisions despite the uncertainty Cooperative  benefit from common knowledge Granularity  establish trust values Include both trust and distrust concept

6 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 6 Pervasive Trust Management Model Description Fuzzy Logic Trustworthiness  no trust for situation, category, etc. Trust properties: reflexive, non-symmetrical, conditionally transitive (explicit), dynamic Distrust 010,50,250,750,9 Trust Ignorance % of membership 0,7 0,3 Distrust threshold T(A  B) complete very highhighmediumlittlevery littlescarce none  trustworthiness

7 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 7 Pervasive Trust Management Model How it works? ➊ A (new user) requests access ➋ B searches trust information about A ➌ If A is unknown, B requests recommendations to Cs ➍ If there are trusted recommendations, B uses them (Indirect)  PRP If there are no recommendations, B uses trust rules (direct) ➎ If trust relationship is established, B recalculates trust value on A based on interactions A Recommendations ➊ ➋ ➌ ➍ B C1C1 C2C2 ➎

8 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 8 Pervasive Trust Management Model Indirect Trust Formation Combining online recommendations (weigthed average)  Source trustworthiness  Lower complexity  Dempster-Shafer, normalized Dempster-Shafer, and consensus operator from Josang  Similar results  according to the intuitive human judgement Certificates are used as offline recommendations

9 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 9 Pervasive Trust Management Model Mathematical Trust Evolution “ Trust comes on foot and goes by horse ” Current behaviour is measured based on: ○Current interaction  Action weight (fuzzy logic)  Security level ○Past behaviour  Positive and negative interactions  Increment factor (  i )  restriction percentage (  ) ○A priori probability If a=a +  (a + – a - )>0 else, but no attack If attack

10 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 10 Pervasive Trust Management Model Mathematical Trust Evolution (II) Trust is recalculated based on: ○Current behaviour ○Previous trust value ○Strictness factor (  ) Summarizing If V a i >0 If not If I i >0 If not

11 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 11 Pervasive Trust Management Model Mathematical Trust Evolution (III)

12 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 12 Pervasive Trust Management Model Mathematical Trust Evolution (IV) PARAMETERS: Increment percentage: 2% Security level: m=2 Disposition Factor: 0.5 Positive action: 1 Wrong action: 0.5 (PTM) PARAMETERS: Increment percentage: 2% Security level: m=2 Disposition Factor: 0.5 Positive action: 1 Wrong action: 0.5 (PTM)

13 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 13 Pervasive Trust Management Model Mathematical Trust Evolution (V) PARAMETERS: Increment percentage: 2% Security level: m =2 Disposition Factor: 0.5 Positive action: 1 Wrong action: 0.5 (PTM) 0, 0.3 (Wang) PARAMETERS: Increment percentage: 2% Security level: m =2 Disposition Factor: 0.5 Positive action: 1 Wrong action: 0.5 (PTM) 0, 0.3 (Wang)

14 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 14 Pervasive Trust Management Model Probabilistic Trust Evolution Bayes’ theorem ○Posteriori probabilities Probabilities for binary events: Beta density function ○Assign belief degrees between 0 and 1 Risk model

15 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 15 Pervasive Trust Management Model Probabilistic Trust Evolution (II) P(a + |H act )P(a - |H act ) a1.0000.000 b0.8000.200 c0.7500.250 d0.7860.214 e0.5790.421 f0.500

16 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 16 Component-based PTM Implementation Prototype J2ME Personal Profile OpenSSL  cryptographic API JNI wrappers XACML  Sun implementation Extended  trust, context PEP + PDP Proofs PDA  Windows Mobile 2003 Linux, Windows Available at: http://www.it.uc3m.es/florina/ptm http://www.it.uc3m.es/florina/ptm

17 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 17 Component-based PTM Implementation Pervasive device keys, certificates, trust Cryptographic Provider Credentials Manager Communication API Applications Authentication Manager Trust Manager Recommendation Manager logs, policies Authorization Manager Context Provider Monitor

18 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 18 Conclusions & Future Work Trust  basis to establish relationships in a spontaneous way Pervasive devices can interact with closed devices in a secure way, without depend on central server Simple pervasive trust management model ○to enhance the security architecture of pervasive devices ○to minimize the uncertainty and take appropriate decisions ○to allow the cooperation among closed trusted devices Mathematical and probabilistic model ○According to the intuitive human judgement ○Simple calculations

19 Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 19 Conclusions & Future Work (II) Implementation of a generic prototype ○to demonstrate its functionality ○Security services for applications (client/server) Future work ○Integrating our model in the WCE security architecture  Trust providers ○Analyse the performance and consumption of resources

20 more information at http://www.it.uc3m.es/pervasive Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 20

Download ppt "Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006 Florina Almenárez, Andrés Marín, Daniel Díaz, Juan Sánchez"

Similar presentations

A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.

A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
A Pervasive Reminder System for Smart Homes Sylvain GIROUX and Simon GUERTIN Département d’informatique, Université de Sherbrooke 2500 boul. Université,

A Pervasive Reminder System for Smart Homes Sylvain GIROUX and Simon GUERTIN Département d’informatique, Université de Sherbrooke 2500 boul. Université,
PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.
Arrow color indicates specific subset of Security Service Desk Common Backplane API. is DC Backplane API impledmented by the Backplane Services. Devices.

Arrow color indicates specific subset of Security Service Desk Common Backplane API. is DC Backplane API impledmented by the Backplane Services. Devices.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
Risk Aware Decision Framework for Trusted Mobile Interactions September 2005 Daniele Quercia and Stephen Hailes CS department University College London.

Risk Aware Decision Framework for Trusted Mobile Interactions September 2005 Daniele Quercia and Stephen Hailes CS department University College London.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
On Data-Centric Trust Establishment in Ephemeral Ad Hoc Networks Maxim Raya, Panos Papadimitratos, Virgil D. Gligor, Jean-Pierre Hubaux INFOCOM 2008.

On Data-Centric Trust Establishment in Ephemeral Ad Hoc Networks Maxim Raya, Panos Papadimitratos, Virgil D. Gligor, Jean-Pierre Hubaux INFOCOM 2008.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
AutonomicTrustManagementforaPervasiveSystemZheng Yan 1 Autonomic Trust Management for a Pervasive System Zheng Yan Nokia Research Center, Helsinki, Finland.

AutonomicTrustManagementforaPervasiveSystemZheng Yan 1 Autonomic Trust Management for a Pervasive System Zheng Yan Nokia Research Center, Helsinki, Finland.
Some contributions to the management of data in grids Lionel Brunie National Institute of Applied Science (INSA) LIRIS Laboratory/DRIM Team – UMR CNRS.

Some contributions to the management of data in grids Lionel Brunie National Institute of Applied Science (INSA) LIRIS Laboratory/DRIM Team – UMR CNRS.
Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.

Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.
Think. Learn. Succeed. Aura: An Architectural Framework for User Mobility in Ubiquitous Computing Environments Presented by: Ashirvad Naik April 20, 2010.

Think. Learn. Succeed. Aura: An Architectural Framework for User Mobility in Ubiquitous Computing Environments Presented by: Ashirvad Naik April 20, 2010.
Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.

Trust Level Based Self-Organized Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi 12/3/2002.
TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi October 28, 2003.

TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi October 28, 2003.
TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Xiaoqi Li, Michael R. Lyu, and Jiangchuan Liu IEEE Aerospace Conference March 2004.

TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Xiaoqi Li, Michael R. Lyu, and Jiangchuan Liu IEEE Aerospace Conference March 2004.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Similar presentations

Ads by Google