1. Cerberus: A Context-Aware Security Scheme for Smart Spaces presented by L.X.Hung u-Security Research Group 2005.10.10 The First IEEE International Conference on Pervasive Computing and Communications (PerCom’03)

2. 2 Agenda  Security Requirement for Smart Space  Cerberus Overview  Security Service components Authentication Access Control Inference Engine Security Policy  Related work and paper contribution  Conclusion  References

3. 3 Security Requirements for Smart Space  Security itself has to be ‘ubiquitous’, non- intrusive, transparent  Has to be multiple level Provide different levels of security depending on policies, context, and resources,  Support security language that is: Descriptive, well-define, and flexible.  Authentication Support authenticating human users, devices that enter and leaves smart room, applications

4. 4 GAIA Project  A middleware infrastructure for ubiquitous applications  Provides core services that make up smart space.  Coordinates software entities and heterogeneous network devices Export services to query and utilize resources, Access and use current context, Provide framework to develop user-centric, resource-aware, context-sensitive, mobile applications.

5. 5 Cerberus overview  4 components Security service Context infrastructure Knowledge base (security policies) Inference engine

6. 6 Security Service components  Identification: links an entity with id  Authentication: to verify entity/principal (users, physical space, applications, mobile code) authentication strength vs. non-intrusiveness (smart badge) includes wearable devices, voice & face recognition, … Difference strength ~ confident values Need dynamic method to add new authentication devices Associate with access control policies and protocols

7. 7 Security Service components (cont’)  Authentication (cont’) GPAM: Gaia Pluggable Authentication Modules  extension of PAM GAMMs: Gaia Authentication Mechanism Module  General authentication modules or protocols GADMs: Gaia Authentication Device Module  Dependent on particular devices UIC based (Universally Interoperate Core): light- weight, high-performance, basic CORBA services

8. 8 Security Service components (cont’)  Access Control To check whether principal P can perform a particular operation Forward inquiries from apps, service providers to Inference Engine Support Callback to app to inform possible context change that may trigger a change in access decision.

9. 9 Security Service components (cont’)  Security Policies Written as rules Two kind of policies  Used by authentication server At the time of login or authentication Determine confident level of authentication examples  ConfidenceLevel (smart_watch, 70%)  ConfidenceValue (P, V) :- ∃ device X (Authenticated(P,X) ∧ ConfidenceLevel (X, V) )  Access control policies Determine whether principal P is allowed access to a particular resource. eg. CanAccess (P, ColorPrinter ) :- ∃ number V (ConfidenceValue(P, V) ∧ V>60%)

10. 10 Security Service components (cont’)  Inference Engine: 2 tasks 1 st  Give a level of confidence when a user authenticate himself.  Make use of authentication policies and context to assign confident level 2 nd  Evaluate queries from apps whether a certain entity can access to particular resource.  Make use of app-specific access control policies, credential of entities, contextual information

11. 11 Related work and Contribution  Covington et al. [14, 15] Securing ‘Smart Home’ Extend RBAC to develop non-intrusive Access control mechanisms are integrated with a toolkit for gathering context information from sensors. Drawback:  Language is based on logic, that is simplistic  Cerberus: More expressive rule language (support binary operator, quantification, complex inferring) Address some issues in Stajano [16]

12. 12 Conclusion  The dynamic, ubiquity and non-intrusiveness of Ubicomp present more challenges and raise issues  Cerberus: Support multiple level authentications, context infrastructure captures rapidly changing context information and incorporates it into our knowledge base. Context-aware security policies are described in an expressive language and can be evaluated efficiently using an inference engine. Present a simple and efficient method for revoking access if context related information changes.

13. 13 References  M. Román, C. K. Hess, R. Cerqueira, A. Ranganathan, R. H. Campbell, and K. Nahrstedt, "Gaia: A Middleware infrastructure to Enable Active Spaces," IEEE Pervasive Computing, 2002.  V. Samar and R. Schemers, "Unified Login with Pluggable Authentication Modules (PAM)," RFC 86.0, 1995.  M. Roman, F. Kon, and R. H. Campbell, "Reflective Middleware: From Your Desk to Your Hand," IEEE Distributed systems Online Journal, Special Issue on Reflective Middleware, 2001.  J. Al-Muhtadi, D. Mickunas, and R. Campbell, "The Gaia Authentication Architecture," UIUC Technical Report (number pending) 2003.

14. 14 Thank you ! Questions & Discussion