Security Infrastructure for
Context-Aware Middleware
By L.X.Hungu-Security Group
2005.09.16
2
Agenda Security Group introduction Fundamental Challenges Proposed Security model Working Plan
3
uSecurity Group Introduction
Le Xuan Hung, PhD Zhung Yonil, PhD Yuan Weiwei, PhD
Hassan Jameel, MS Pho Duc Giang, MS Nguyen Ngoc Diep, MS Tran Van Phuong, MS
Prof. M. Kaykobad,Advisor
Prof. S.Y.Lee,Advisor
Riaz Ahmed Shaikh, PhD
4
Fundamental challenges to secure pervasive computing The need to integrate the socio-technical
perspective: Related to usability, confidence (trust) in security techs Related to the broader sociological, cognitive, economic
and legal aspects of our lives Recognize the different personas and roles (e.g. prof,
student, …) Breakdown of classical perimeter security
and the need to support trust relationships Firewall to enforce security, pre-registered
authentication are not suitable User community is anonymous and constantly changing
5
Fundamental challenges to secure pervasive computing (2) Balancing non-intrusive and security strength
needed to shift away from classical and intrusive security scheme (e.g. explicit user input such as password) to securely and automatically sense and exchange seamlessly.
Enable single-step authentication to multiplications and stove-piped systems
Context awareness protocols and infrastructure required to sense, gather, and
organize contextual information in secure manner. Mobility, adaptability, and dynamism
a user may be mobile, interact with multiple devices and access multiple applications.
the user may also be disconnected from home network.
6
Fundamental challenges to secure pervasive computing (3) Resource constrained operation
CPU power, energy, memory, etc. Limit cryptography operations, security protocol and
security mechanism. Balancing security and others tradeoffs
Ubicomp is composed of diverse applications, usage scenarios, and data handling demands.
Thus the central challenge is to diverse security models along with supporting architectures, protocols that can provide tunable tradeoff.
7
Interactions in Context-Aware Middleware
•Users and Mobile Devices
•Administrating•Resource access
•Services•Service lookup & delivery
•Applications •Contextual information, services request / response•Resource access
•Sensing Devices•Providing context, sensing data
8
Securing Ubiquitous Environment with SiCAMOur Solution: SiCAMSecurity infrastructure for Context-Aware Middleware
•Light-weight Cryptography
•Light-weight Cryptography•IDS Agents
•Light-weight Cryptography•IDS Agents•Others -Secure Sensing, Routing, Aggregation -Key Management -etc.
9
Proposed Security Infrastructure
1
1
1
2
56
7
4
HassanRiazWeiweiHungGiangDiepPhuong
1234567
4
1
10
Proposed Security Infrastructure (2) Access Control
Core technology to enforce security and policies
Context-based Access Control Provide both MAC and DAC (Mandatory and
Discretion Access Control) Can be broken down into 3 process
Identification: users recognition (wearable devices, voice/face recognition, badgeID, etc)
Authentication: verify identification Authorization: ‘yes/no’ decision whether user can
access resources and services
11
Proposed Security Infrastructure (3) Inference Engine
Intelligent part of SiCAM Compute and provide level of confidence to
authentication Consulting authorization: evaluate queries from
applications whether a certain entity is allow to access a certain resource
Composed of Privacy: sensitive, personal data that is explicitly
exchanged, that is ‘automatically sensed’ Trust management: provide trust level of uncertainty
entities Intrusion detection: detecting intruder, malfunction
entities…
12
Proposed Security Infrastructure (4) Inference Engine
Can access all authentication policy, access control policies
Can get context from difference provider of Context-aware middleware
Queries various context provider Can access to context provider lookup service
to look up various context providers Authentication of various people
13
Ongoing work General Tutorial Presentation (weekly)
In progress (60%) Security Infrastructure design
Proposed general architecture Verifying and revising
Working on paper: Trust Model for Ubiquitous Environment, to submit to AINA’06
14
Paper work Hung Le Xuan, Sungyoung Lee and Young-Koo Lee, "A Key-
Exchanging Scheme for Sensor Networks", The 2005 IFIP International Conference on Intelligence in Communication Systems (INTELLCOMM'05), Canada. October 17-19, 2005
Hassan Jameel, Sungyoung Lee and Young-Koo Lee “A Secret Sharing Scheme for Preventing the Cheaters from Acquiring the Secret” submitted to SKLOIS Conference on Information Security and Cryptology
Hassan Jameel, Sungyoung Lee and Young-Koo Lee “Secure Information Exchange in a Mobile-to-Grid Middleware Environment” submitted to 3rd International IEEE Security in Storage Workshop
Hassan Jameel, Hung Le Xuan, Sungyoung Lee and Young-Koo Lee “A Vector Space Based Trust Evaluation Model for Ubiquitous Systems”3rd International IEEE Security in Storage Workshop
15
Future Plan End of this year
Complete infrastructure design and API Publish technical report
Middle 2006 Implementation Prototype and testbed
Ultimate Goals Commercialize source code. 15 SCI papers 3 SCI Journals