Date post: | 12-Aug-2015 |
Category: |
Software |
Upload: | ville-seppaenen |
View: | 27 times |
Download: | 1 times |
Secure context-awarenessin ubiquitous computing
Ville Seppä[email protected]
TLT-2656 Special Course on Networking
Contents
• Research paper overview– Suomalainen, J., Hyttinen, P., & Tarvainen, P. (2010).
Secure information sharing between heterogeneousembedded devices. Proceedings of the FourthEuropean Conference on Software ArchitectureCompanion Volume - ECSA ’10
• Application design project– Context information from mobile device hardware
20.12.2012TLT-2656 Assignment 2
SMART SPACE SECURITY
Research Paper overview: “Secure information sharingbetween heterogeneous embedded devices”
20.12.2012TLT-2656 Assignment 3
Challenge in smart spaces
• One of the key challenges is security• Heterogenous devices use various security
measures– How to ensure sufficient security will be maintained
when giving away information?– Constrained devices cannot make complex
encryption/decryption• Mobile devices move between environments
– How to ensure that devices can communicate indifferent environments?
20.12.2012TLT-2656 Assignment 4
Their proposed solution
• Novel security architecture that guaranteessecure information sharing between deviceswithout a directly compatible securitymechanism– Features controlling and monitoring confidentiality,
integrity, authenticity and access control• Security profiles for measuring and mapping
security level of connections
20.12.2012TLT-2656 Assignment 5
Smart space securityarchitecture
20.12.2012TLT-2656 Assignment 6
Sour
ce:S
uom
alai
nen,
J.,H
yttin
en,P
.,&
Tarv
aine
n,P.
(201
0).S
ecur
ein
form
atio
nsh
arin
gbe
twee
nhe
tero
gene
ous
embe
dded
devi
ces.
Pro
ceed
ings
ofth
eFo
urth
Eur
opea
nC
onfe
renc
eon
Sof
twar
eA
rchi
tect
ure
Com
pani
onV
olum
e-E
CS
A’1
0
Architecture
• The architecture is an extension of Smart-M3architecture
• RDF Information Base Solution (RIBS) is aSIB based on Smart-M3 implementation
• Security administrators (and monitors) havebeen added– KPs authenticate with credentials (given when first
joining smart space) to access information– Desired security level stated in policy directive is
enforced by the security components20.12.2012TLT-2656 Assignment 7
Authorization elements
21.12.2012TLT-2656 Assignment 8
Source: Suomalainen, J., Hyttinen, P., & Tarvainen, P. (2010). Secure information sharing between heterogeneous embedded devices.Proceedings of the Fourth European Conference on Software Architecture Companion Volume - ECSA ’10
Access control
• Access control is done by restricting access tocertain information to a certain security level– Security level does not imply specific technologies
• Virtual Smart Spaces can be created forprivate space containers
21.12.2012TLT-2656 Assignment 9
Key points
• Not all devices support all security mechanisms,but in smart spaces, devices should be able tocommunicate securely– Sufficient security level is more important than
the use of specific technologies• Administrator of security configurations is
usually non-expert– Security levels must be simple but powerful
enough
20.12.2012TLT-2656 Assignment 10
APPLICATION DESIGNSmart-M3 Application Design Project
20.12.2012TLT-2656 Assignment 11
Scenario
• Adapting mobile application and device behavior tocontext– Network optimization based on battery power
• Context information can be received from manydevices and context information created on the mobiledevice can be sent to others
• Each KP gathers relevant context and makesdecisions based on it
• Higher-level behavioral context can be reasoned fromlow-level technical context– User is sleeping vs. low movement and light sensor values…
20.12.2012TLT-2656 Assignment 12
Application layout
• Focus on mobile devices (Linux, Android, Qt/Maemo)– Device platform (OS) has its own producer KP,
publishing context information– Each application can have their own consumer KP,
subscribing to context information and reasoning with it• Users affect the environment of the device which
causes applications to adapt to the context• Focus on primary-phone-centric smart space where
mostly a single user has only one device most of thetime
20.12.2012TLT-2656 Assignment 13
Architecture
21.12.2012TLT-2656 Assignment 14
Ontology
21.12.2012TLT-2656 Assignment 15
Ontology
• Ontology enables application and devicevendors to share (and understand)information, even to other devices and SIBs
• Ontology can be expanded to have moreabstract, higher-level properties and classesreasoned from lower-level ones
20.12.2012TLT-2656 Assignment 16
Knowledge Processor design
• Mobile device KP– Context information from QtMobility, Linux file system
/proc or D-Bus on Nokia N900– Publishes information to SIB on a Linux PC
• Mobile application KP– Retrieves information from SIB– Adapts behavior (e.g. sync rate of information to a
cloud service) based on information and simple user-specified rules
20.12.2012TLT-2656 Assignment 17