Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley.

Published byArleen Hampton Modified over 9 years ago

Similar presentations

Presentation on theme: "Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley."— Presentation transcript:

1 Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley

2 Outline Background and motivation Existing solutions Our approach –Design principles –Enforcing scheme –Evaluation Conclusion and future work

3 Ubiquitous Computing One consequence of Ubicomp –Way more data about us can be gathered (and used). –This is potentially a great thing for collaborative algorithms But, it’s potentially a great problem because...

4 Issues Addressed Protection of the user data generated and maintained by the environment Privacy of individuals who use the env. Ability of legitimate users to make use of data recorded in the environment Dealing with high-speed streams of data Trustworthiness of the environments (in progress)

5 Challenges Unfamiliar environments Dynamic and ad hoc and shared –difficult to determine access rights No central control High data rate –must be processed in real-time Collaborative applications

6 Existing Solutions Focus on access control Based on authentication/authorization model (e.g. RBAC) Require a piece of running code to actively check permissions Inadequate for ubicomp –Dynamic, distributed, environment –Protecting agent can be bypassed –Completely ignored the untrusted env issue

7 Our Approach Not rely on access control Make data secure by themselves In line with philosophy in cryptography: –Obscurity is not security –Assume the adversary has access to the communication

8 Our Principle – Data Discretion Data discretion: Users should always have access to, and control of (recorded or live) information that would be available to them in “real-world” situations. They should not have direct access in other situations. Matches “real-world” privacy norms Consistent with emerging legal principles Users are involved in decisions regarding data about them – users are in control of their data!

9 Smart room Testbed Good example of ubicomp environment RFID tag reader to establish who’s in the room 4 cameras to record images Smartborad to log electronic activity

10 Enforcing Scheme Assume all data are stored in files that represent short time intervals Data file is encrypted with a unique secret key

11 Enforcing Scheme The secret keys are encrypted with public keys of the people in the room (determined by the tag reader):

12 Enforcing Scheme User who were in the room can recover the keys and access the data while they were in the room

13 Key Embedding Conceal who and how many users have access Key set: fixed-length data structure with slots > max number of users in the room K 1 K 2 K 3 K 4 h j1 (F i, K 1 ) h j2 (F i, K 2 ) … h jn (F i, K m )

14 Master Key Escrow Every encryption key is also encrypted with a master public key. The master private key is shared by say, 3 people. Any 2 of the 3 can unlock any of the images, but they have to cooperate.

15 General Access Structure Equal access may not be appropriate in some applications Can realize general access structure –Secret-share the secret key among users –Embed the shares in the key set An example: AND access –r 1, r 2, … r m-1  {0, 1} l, r m = r 1  r 2  …  r m-1  k s

16 Execution Time includes: Encryption (Triple-DES) + Disk I/O Platform: PIII 900MHz + Linux 2.4.18 Kernel Performance Evaluation

17 What We Have Achieved? A principle that mimics real-world norms A scheme to enforce it –“Zero-knowledge”: cancels even the number of users who have access –Efficient to deal with real-time data –Economical to be implemented using commodity hardware Data sharing made safe –The encryption does not hinder collaboration [Canny 02]

18 Not Enough The scheme works if the environment is honest Unfamiliar environments  untrusted environments How can we be sure the system performs the encryption and does not leak data?

19 Dealing With Untrusted Env – Data Transparency Data Transparency: Encrypted data recorded or transmitted by a ubicomp system should be easily observable.Where possible, the data itself should demonstrate compliance with stated principles.

20 Dealing With Untrusted Env – Data Transparency Data observable, not comprehensible –Obscurity is not security! Security and privacy based on cryptography, not access control Makes it easy to verify systems’ compliance with any stated privacy policy

21 Towards Trustworthy Environments (In Progress) Trusted computing framework –Assume most components untrusted –Some devices (from 3 rd party) more trusted –Exploit the mutual distrust between them to build trusted system Verification –ZKP to guarantee access right The demo that the system does what it is supposed to is a ZKP itself –Bit commitment to minimize leakage

Download ppt "Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments Yitao Duan and John Canny UC Berkeley."

Similar presentations

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Operating System Security

Operating System Security
Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.

Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005.

An Application-led Approach for Security-related Research in Ubicomp Philip Robinson TecO, Karlsruhe University 11 May 2005.
Gaia Context and Location-Aware Encryption for Pervasive Computing Environments Jalal Al-MuhtadiRaquel Hill Roy Campbell Dennis Mickunas University of.

Gaia Context and Location-Aware Encryption for Pervasive Computing Environments Jalal Al-MuhtadiRaquel Hill Roy Campbell Dennis Mickunas University of.
Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.

Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Certificate Management Using Distributed Trusted Third Parties Alexander W. Dent Joint work with Geraint Price.

Certificate Management Using Distributed Trusted Third Parties Alexander W. Dent Joint work with Geraint Price.

Similar presentations

Ads by Google