Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ubiquitous Systems Security Boris Dragovic Systems Research Group Computer Laboratory University of Cambridge, UK.

Published byAustin Ball Modified over 8 years ago

Similar presentations

Presentation on theme: "Ubiquitous Systems Security Boris Dragovic Systems Research Group Computer Laboratory University of Cambridge, UK."— Presentation transcript:

1 Ubiquitous Systems Security Boris Dragovic Boris.Dragovic@cl.cam.ac.uk Systems Research Group Computer Laboratory University of Cambridge, UK

2 Ubiquitous Systems Security What is Ubiquitous Computing? What is Ubiquitous Computing? What are the Security & Privacy issues? What are the Security & Privacy issues? The CASPEr project The CASPEr project EU initiative EU initiative Concluding remarks Concluding remarks

3 What is Ubiquitous Computing? (1) “Each person is continually interacting with hundreds of … interconnected computers” which ideally “weave themselves into the fabric of everyday life until they are indistiguinshable from it” -- “Some computer science issues in Ubiquitous computing.”, CACM, 1993. -- Mark Weiser, “The computer of the 21 st century.”, Scientific American, 1991.

4 What is Ubiquitous Computing? (2) “Wirelessly networked processors embedded in everyday objects” “Wirelessly networked processors embedded in everyday objects” Smart environments characterized by: Smart environments characterized by: Transparent interaction Transparent interaction Automated capture Automated capture Context awareness Context awareness Proactive and reactive Proactive and reactive Example projects Example projects AT&T Active bat/badge, HP Cooltown, Microsoft Aura, Intel Place Lab and PersonalServer, EQUATOR AT&T Active bat/badge, HP Cooltown, Microsoft Aura, Intel Place Lab and PersonalServer, EQUATOR

5 What is Ubiquitous Computing? (3) Where do we currently stand? Where do we currently stand? Ubiquitous devices (always “at hand”): Ubiquitous devices (always “at hand”): Mobile phones, Personal Digital Assistants, Laptops, etc. Mobile phones, Personal Digital Assistants, Laptops, etc. Ubiquitous networks (always available): Ubiquitous networks (always available): (W)LAN/MAN (Ethernet & IEEE 802.11) (W)LAN/MAN (Ethernet & IEEE 802.11) GSM/GPRS/3G GSM/GPRS/3G PANs (Bluetooth, IrDA, AudioNet etc.) PANs (Bluetooth, IrDA, AudioNet etc.) Ubiquitous services Ubiquitous services Currently mostly “location-based” Currently mostly “location-based”

6 What is Ubiquitous Computing? (4) Reference: Alan Daniel, Georgia Institute of Technology. http://www.cc.gatech.edu/classes/cs6751_97_fall/projects/gacha/daniels_essay.html

7 What is Ubiquitous Computing? (5) Effects (always-on, always-available) Effects (always-on, always-available) economy & businesses economy & businesses productivity productivity competitiveness competitiveness growth growth etc. etc. private lives private lives

8 Security & Privacy Issues (1) The “Old Model” – a Castle The “Old Model” – a Castle Security perimeter, inside and outside Security perimeter, inside and outside Firewalls for access control Firewalls for access control Static security policy Static security policy Static trust model Static trust model Tendency to focus on network layer Tendency to focus on network layer Pre-evaluated, non- or slowly-evolving threat model. Pre-evaluated, non- or slowly-evolving threat model.

9 Security and Privacy Issues (2) Relevant UbiComp characteristics: Relevant UbiComp characteristics: a) wireless media supporting from personal- area to wide-area networks b) ad-hoc device association at different layers c) location and context considerations in policy management d) heterogeneity of content encoding e) variability in processing and storage capabilities of devices f) heterogeneity of security & privacy policies

10 Security and Privacy Issues (3) The “New Model” The “New Model” Authentication Authentication secure transient associations secure transient associations proximity proximity Recognition vs. Authentication Recognition vs. Authentication activities/behaviour activities/behaviour situation interpretation situation interpretation Identity Management Identity Management

11 Security and Privacy Issues (4) The “New Model” The “New Model” Confidentiality Confidentiality eavesdropping on wireless links not a major issue eavesdropping on wireless links not a major issue device capabilities (processor, battery etc.) device capabilities (processor, battery etc.) confidentiality of data and meta data on devices real problem confidentiality of data and meta data on devices real problem Integrity Integrity again, not messages in transit but devices again, not messages in transit but devices tamper resistance/evidence tamper resistance/evidence

12 Security and Privacy Issues (5) The “New Model” The “New Model” Availability Availability jamming communications channels jamming communications channels sleep deprivation sleep deprivation Dynamic Trust Model Dynamic Trust Model localised decisions localised decisions context aware context aware Context-awareness Context-awareness Generalised RBAC Generalised RBAC Location-based access control Location-based access control

13 Security and Privacy Issues (6) The “New Model” The “New Model” Security policies Security policies prevent formation of “evidence”: forming a link between contexts, objects, users and objectives. prevent formation of “evidence”: forming a link between contexts, objects, users and objectives. e.g. number, “credit card”, “foo bar”, credit limit e.g. number, “credit card”, “foo bar”, credit limit Location information privacy Location information privacy One of the burning issues One of the burning issues

14 The CASPEr project Containment Aware Security for Pervasive Environments Goal: Data Protection in the UbiComp enhanced World Goal: Data Protection in the UbiComp enhanced World A new paradigm A new paradigm protection of individual data objects protection of individual data objects as they switch contexts as they switch contexts by being contained on mobile devices and communication channels in dynamic environments by being contained on mobile devices and communication channels in dynamic environments and thus threat models and thus threat models through proactive data format management through proactive data format management

15 The CASPEr project Containment Aware Security for Pervasive Environments Strong analogy to human behaviour Strong analogy to human behaviour Real-world examples, applications: Real-world examples, applications: persistant storage on mobile devices persistant storage on mobile devices environmental displays (PersonalServer) environmental displays (PersonalServer) communications channels trust communications channels trust email attachments email attachments etc. etc. Humans unable to cope with complexity Humans unable to cope with complexity an automatic, proactive mechanism needed an automatic, proactive mechanism needed

16 The CASPEr project Containment Aware Security for Pervasive Environments Overview: Overview: security policy (external): security policy (external): containment attributes and values containment attributes and values respective data format transformations respective data format transformations containment manager: containment manager: determines current containment attribute values determines current containment attribute values data object tracking system: data object tracking system: system-wide data-object location system-wide data-object location policy enforcement: policy enforcement: format transformation format transformation

17 The CASPEr project Containment Aware Security for Pervasive Environments Variable level of application awareness Variable level of application awareness granularity of format transformations granularity of format transformations Orthogonal to traditional access control Orthogonal to traditional access control traditional AC: ID x Obj x Action -> Perm traditional AC: ID x Obj x Action -> Perm CASPEr: ObjType x Containment -> Format CASPEr: ObjType x Containment -> Format Current activities: Current activities: OS Level implementation OS Level implementation GPRS/WLAN/LAN testbed implementation GPRS/WLAN/LAN testbed implementation Audio containment and location analysis Audio containment and location analysis

18 EU Cybersecurity Efforts European Commission European Commission Joint Research Council (JRC) Joint Research Council (JRC) Institute for Prospective Technological Studies – Information and Communications Technologies. Institute for Prospective Technological Studies – Information and Communications Technologies. Series of proposals and directives Series of proposals and directives OECD OECD Guidelines for data protection, information systems security and networks, crypto etc. Guidelines for data protection, information systems security and networks, crypto etc. Council of Europe Council of Europe Conventions on cybercrime, automatic data processing etc. Conventions on cybercrime, automatic data processing etc.

19 Conclusion In the Ubiquitous World enterprise borders disappear. In the Ubiquitous World enterprise borders disappear. Traditional, “Old Model”, approaches to protecting Security & Privacy are too rigid. Traditional, “Old Model”, approaches to protecting Security & Privacy are too rigid. Need for a “New Model” which is flexible, adaptable, robust, effective and un- obtrusive. Need for a “New Model” which is flexible, adaptable, robust, effective and un- obtrusive. Data-centric protection mechanism, CASPEr, promising. Data-centric protection mechanism, CASPEr, promising.

Download ppt "Ubiquitous Systems Security Boris Dragovic Systems Research Group Computer Laboratory University of Cambridge, UK."

Similar presentations

References Overview User attention is by far the most precious resource in a world where computational and networking infrastructure is becoming cheaper.

References Overview User attention is by far the most precious resource in a world where computational and networking infrastructure is becoming cheaper.
Electronic Books Whats in a Name? Are We Really Talking About Books?

Electronic Books Whats in a Name? Are We Really Talking About Books?
Www.mobilevce.com © 2004 Mobile VCE New Revenues through Ubiquitous Services: Removing the Barriers Steve Wright Head of Strategic Research, BT on behalf.

© 2004 Mobile VCE New Revenues through Ubiquitous Services: Removing the Barriers Steve Wright Head of Strategic Research, BT on behalf.
Context-Aware Security Gleneesha Johnson

Context-Aware Security Gleneesha Johnson
UBICOMP-RG BOF II Adrian Friday, Oliver Storz and Nigel Davies Lancaster University & University of Arizona.

UBICOMP-RG BOF II Adrian Friday, Oliver Storz and Nigel Davies Lancaster University & University of Arizona.
9 th June 2004GGF 11 Ad-hoc Meeting UBICOMP-RG: Bridging two communities Adrian Friday, Oliver Storz and Nigel Davies Lancaster University & University.

9 th June 2004GGF 11 Ad-hoc Meeting UBICOMP-RG: Bridging two communities Adrian Friday, Oliver Storz and Nigel Davies Lancaster University & University.
UBICOMP-RG Adrian Friday, Oliver Storz and Nigel Davies Lancaster University & University of Arizona.

UBICOMP-RG Adrian Friday, Oliver Storz and Nigel Davies Lancaster University & University of Arizona.
OneM2M Technical Requirements - Driven by EU BUTLER and IEEE PAC - Group Name: WG1 (REQ) Source: Friedbert Berens, FBConsulting Sarl,

OneM2M Technical Requirements - Driven by EU BUTLER and IEEE PAC - Group Name: WG1 (REQ) Source: Friedbert Berens, FBConsulting Sarl,
1 The Ubiquitous Web Eunchae Yoon. School of Engineering, Eunchae Yoon 2 Contents What is Ubiquitous computing? What is Ubiquitous Web? Ubiquitous computing.

1 The Ubiquitous Web Eunchae Yoon. School of Engineering, Eunchae Yoon 2 Contents What is Ubiquitous computing? What is Ubiquitous Web? Ubiquitous computing.
Beyond Prototypes: Challenges in Deploying Ubiquitous Systems N. Davies and H. Gellersen IEEE pervasive computing, 2002 Presenter: Min Zhang

Beyond Prototypes: Challenges in Deploying Ubiquitous Systems N. Davies and H. Gellersen IEEE pervasive computing, 2002 Presenter: Min Zhang
Peter Kropf Ubiquitous Computing - Hiver 2006/20071 Peter Kropf Université de Neuchâtel Institut d’informatique

Peter Kropf Ubiquitous Computing - Hiver 2006/20071 Peter Kropf Université de Neuchâtel Institut d’informatique
UBICOMP pervasive computing

UBICOMP pervasive computing
All rights reserved © 2005, Alcatel Risk Awareness in Enterprise IT Processes and Networks  Dr. Stephan Rupp.

All rights reserved © 2005, Alcatel Risk Awareness in Enterprise IT Processes and Networks  Dr. Stephan Rupp.
Ruhr University Bochum Cryptography in Heavily Constraint Environments Christof Paar EUROBITS Center for IT Security COmmunication SecuritY (COSY) Group.

Ruhr University Bochum Cryptography in Heavily Constraint Environments Christof Paar EUROBITS Center for IT Security COmmunication SecuritY (COSY) Group.
9 Lecture The Wireless Revolution. Identify the principal wireless transmission media and devices, cellular network standards and generations, and standards.

9 Lecture The Wireless Revolution. Identify the principal wireless transmission media and devices, cellular network standards and generations, and standards.
Towards Security and Privacy for Pervasive Computing Author : Roy Campbell,Jalal Al-Muhtadi, Prasad Naldurg,Geetanjali Sampemane M. Dennis Mickunas.(2002)

Towards Security and Privacy for Pervasive Computing Author : Roy Campbell,Jalal Al-Muhtadi, Prasad Naldurg,Geetanjali Sampemane M. Dennis Mickunas.(2002)
1 Ubiquitous Computing CS376 Reading Summary Taemie Kim.

1 Ubiquitous Computing CS376 Reading Summary Taemie Kim.
Reference: [1] TeamSpace paper

Reference: [1] TeamSpace paper
Gaia Context and Location-Aware Encryption for Pervasive Computing Environments Jalal Al-MuhtadiRaquel Hill Roy Campbell Dennis Mickunas University of.

Gaia Context and Location-Aware Encryption for Pervasive Computing Environments Jalal Al-MuhtadiRaquel Hill Roy Campbell Dennis Mickunas University of.
Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

Ubiquitous Access Control Workshop 1 7/17/06 Access Control and Authentication for Converged Networks Z. Judy Fu John Strassner Motorola Labs {judy.fu,

Similar presentations

Ads by Google