Service Discovery in Pervasive Computing

Environments

Matt MutkaDept. of Computer Science & Engr.Michigan State UniversityEast Lansing, Michigan 48824mutka@cse.msu.edu

2

Outline

Supermedia Networking not today’s main topic

Service Discovery in Pervasive Computing Environments today’s main topic

The “Master Key”

3

Collaborators

Lionel Ni (HKUST) Ning Xi (MSU ECE), Ranjan Mukherjee (MSU ME) Students

Feng Zhu, Zhiwei Cen, Amit Goradia, Michael Huntwork, Clayton Haffner, Chad Klochko

4

Supermedia - The Idea!Supermedia - The Idea!

Robots

Sensors 

USA

Japan

Hong Kong

Internet

Commands

Video, Haptic & Temperature

Internet

Video, Haptic & Temperature

Internet

Commands

Internet

 

Non-contact Temperature Sensor

Force/Torque Sensor

Temperature Rendering Device

5

Internet Based TeleoperationInternet Based Teleoperation

Sensory Feedback

Commands

Internet

6

Internet Based Tele-cooperationInternet Based Tele-cooperation

USA

Japan

Hong Kong

Internet

Internet

7

Outline

Supermedia Networking Service Discovery in Pervasive

Computing Environments The “Master Key”

8

Pervasive Intelligent Devices with Wireless Communication Capability

9

Network Services Everywhere

Office

Location-based service

Mobile Commerce

Mobile entertainment

Home

10

Why Service Discovery? Traditional Distributed Service Access

Administrative overhead DNS and DHCP servers Driver installation/update Manually configure server name and port number

Difficult to handle partial failure Device, service, network failure

Users are interested in services not administration Service discovery facilitates service usage towards

zero administration Especially important in pervasive computing

environments Manual configuration is impossible

11

Some Service Discovery Protocols

Jini – Sun Microsystems UPnP – Microsoft Rendezvous – Apple Computer Salutation – Salutation Consortium Bluetooth – Bluetooth SIG SLP – IETF INS and INS/Twine – MIT SSDS – UC Berkeley Deapspace – IBM research

12

Service Discovery Models client-service model client-service-directory model

13

Alice Meets Bob in the Office

14

New Challenges

Services at a place belong to different owners User mobility Service mobility Many user identities for different user roles

If no identity is required, access control is violated If service discovery is device-based, access

control may be violated If an identity is required, difficult to implement on

devices, usability problems, possibly miss opportunities

15

Dark Side

Users expose personal information of devices one is carrying to other users

Users expose service request information

Services expose information of the domains provided

Exposed devices have increased potential for attacks: man-in-middle, replay, DOS, SPAM, …

16

Our Goals Maintain the good usability of service discovery Protecting Sensitive Information

As an owner Control services Protect service information Protect owner’s presence information

As a user Protect identities Protect service queries Protect user’s presence information

No existing secure service discovery protocol meets these requirements so far

17

Status quo – 4 Approaches

Insecure service discovery Apply traditional access control solutions

UPnP Security Trusted central servers

Secure Service Discovery Service (SSDS) Automated service provider discovery and

credential management PrudentExposure

18

UPnP Security Support various authorization methods

Access control lists, authorization servers, authorization certificates, and group definition certificates

Generic method to differentiate an owner’s devices from others Example: Bob discovers his MP3 player Service accesses are limited to device owners Inefficient Privacy problem

Existing Secure Service Discovery Protocols

19

Existing Secure Service Discovery Protocols (cont’d)

SSDS Many built-in security features

Authentication, authorization, data and service privacy, and integrity Manage services centrally

Enterprise environments Example

Why centralized approaches are not fit pervasive environments For users

Exposes personal services to central servers? Which user role?

For directories (servers) Accepts any service registrations? Who manages access control?

20

Existing Secure Service Discovery Protocols (cont’d)

User Service provider

Matched code word

Code word using another hash function

Message 1:

Each bit represents a code word

Message 2:

00 00 0 0 0 0 0111111

00 00 0 0 0 0 011 0 0 0 0

User Service provider

PrudentExposure Software manages a user’s credentials Users and service providers exchange code words

21

A Chicken-and-egg Problem

From users’ point of view Interact with necessary service providers Ideally, service providers expose their information

first From service providers point of view

Interact with legitimate users Hiding by not responding Ideally, users expose their information first

22

Design Goal From service providers point of view

23

The Progressive Approach

Strategy Progressively expose partial information

Predictable exposure The problem is false positive matches

Predictable overhead Protect sensitive information

Only expose to legitimate parties

24

Protect Sensitive Information from Illegitimate Parties

Protect identities via code words Protect service information via encryption

HMAC using MD5

Time variant parameter Shared secret

HMAC using SHA1Code word

One-time secret

... 000 ...00 111

For the 1st messageFor the 2nd message

For the Kth message

For the 1st message

For the Kth message

bytebyte...bytebytebyte

For the 2nd message

25

Basic Protocol

Check code word bits Check service info bits

Check code word bits Check service info bits

Send code word bits Send service info bits

Send code word bits Send service info bits

26

Predictable Exposure

p(user)

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

0 1 2 3 4 5 6 7 8 9

10

11

12

13

Number of bits exchanged after 1st message

p(n

ot

us

er|

ma

tch

)

0.001

0.002

0.004

0.008

0.016

0.032

0.064

0.128

0.256

0.512

0.75

)| ( matchusernotp) |( usernotmatchp

)(userp

27

Predictable Exposure Cont’d

p(service)

00.10.20.30.40.50.60.70.80.9

1

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

Number of bits exchanged after the 1st message

p(n

ot

se

rvic

e|m

atc

h)

0.0010.0020.0040.0080.0160.0320.0640.1280.2560.5120.75

)| ( matchservicenotp )(servicep) |( servicenotmatchp

services#

services 320 hasprovider service A

28

Experiments

Compaq iPAQs ARM SA1110 206 MHz processor 64MB RAM An expansion pack D-Link DCF-650W wireless card 802.11 ad hoc mode and 2Mbps Microsoft eMbedded Visual C++ 3.0 Microsoft PocketPC 3.0

Average time of 100 experiments

29

Experiment Results

About 100ms to interact with a service provider

30

Outline

Supermedia Networking Service Discovery in Pervasive

Computing Environments The “Master Key”

31

Entity Authentication

Keys – the most common form 4000 years of history since

ancient Egypt Today we also use

Magnetic stripe cards Smart cards RFID tags Remote Keyless Entry systems

(RKE) Other tokens

32

Traditional Master Keys

Picture from: M. Blaze, "Rights Amplification in Master-Keyed Mechanical Locks," IEEE SECURITY & PRIVACY, vol. 1, pp. 24-32, 2003

One key opens many locks Convenient

Delegation problem Revocation problem

33

Multiple Access Tokens

No delegation & revocation problems Improved usability

Lock & unlock a car, RKE Unlock a hotel door, magnetic stripe cards

Difficult to manage if too many

34

The Master Key

Aggregate all digital credentials

Automatically supply credentials

Advantages of the traditional master keys and multiple access tokens One device No revocation problem No delegation problem

Potential Master Key devices

35

Presentation Outline

Related work The Master Key design System analysis and evaluation Discussion Conclusion and future work

36

Magnetic Stripe Technology

Since early 1960s Widely used

Bank cards Hotel room locks

Not secure enough Loss due to counterfeit

cards in UK is £130 million in 2004

37

Smart Cards

Since late 1960s Processing capability

and storage capacity Secure! (Cryptography) Contact & contact less Wide application

Prepaid transit cards ID cards Health cards Passports

38

RFID Tags

Passive ID tags are vulnerable No processing

capabilities for cryptography

Example, MIT card

39

Remote Keyless Entry Systems

Widely used on cars and garage-doors

Limited security A “rolling code” for

authentication

40

iButtons

Secure Wide application

Keys E-cash Asset management

devices Example

200,000 iButton owners accessing 10,000 buildings in New York

41

Other Related Work

Public key operations are possible on tiny devices, Berkeley/Crossbow Mica2 mote

Location-based or proximity-based authentication Zero-Interaction Authentication (ZIA) Biometric recognition: fingerprint, iris, hand

geometry, and voice recognition Personal Servers as digital keys

42

Presentation Outline

Related work The Master Key design System analysis and evaluation Discussion Conclusion and future work

43

Discover Locks

The Master Key

LockLock Lock

1

1 1

2 3

1. Broadcast message: any lock in this set nearby?2. Unicast message: this lock is nearby.3. Unicast message: this is the key.

Many locks and keys Automatically find a key via discovery

44

Private Authentication

Key – lock pairs speak code words No explicit identities exchanged

Code word 1

Code word 2

45

Code Words

The Bloom filter format Multiple code words in a Bloom filter

Code words

46

Code Word Length

Partial code word The few bits the

less exposure –privacy

The more bits the less false positive overhead

47

The Master Key Protocols

Mutual authentication in 3 messages TVPs are challenges

Exposure order can be changed Keys expose first or locks expose first

The Master Key Lock

1. TVP1 + code words (TVP1)

2. The last bit of the matched code word + another code word (TVP1) + TVP 2

3. Code word (TVP2)

48

Overhead vs. Privacy

Higher overhead &

better privacy

Precise & lower

overhead

49

Performance Measurements

The Master Key Compaq iPAQ, 206 MHz processor, 64MB RAM,

and a D-Link DCF-650W wireless card A Lock

Dell AXIM X5, 400 MHz processor, 64MB RAM, and a Dell TrueMobile 1180 wireless card

0.5 second to unlock in a extreme case The Master Key specifies 820 code words and the

lock has 500 key owners.

50

Discussion

Susceptible to the mafia fraud attack May not have countermeasures by cryptography

alone May use location information Transmission time Multiple channels

Securing the Master Key is critical

The Master Key

Multiple access tokens

Traditional master key

52

Summary

Secure and Private Service Discovery Protect sensitive information

Protect service information, presence information, identities, service queries

Support multiple coexisting domains Help users to supply correct identities The Master Key, single device for various

entity authentication

53

Recent papers-Supermedia M. Huntwork, A. Goradia, N. Xi, C. Haffner, C. Klochko and M. Mutka, ``Pervasive Surveillance Using a Cooperative

Mobile Sensor Network,'' Proceedings of IEEE International Conference on Robotics and Automation (ICRA 2006), May 2006.

A. Goradia, Z. Cen, C. Haffner, N. Xi, and M. Mutka, ``Design, Implementation and Performance Analysis of Pervasive Surveillance Networks,'' Proceedings of the 19th International FLAIRS Conference (FLAIRS 2006), May 2006.

Z. Cen, M. W. Mutka, Y. Liu, A. Goradia, and N. Xi, ``QoS Management of Supermedia Enhanced Teleoperation via Overlay Networks,'' Proceedings of IEEE International Conference on Intelligent Robots and Systems (IROS 2005), August, 2005.

A. Chobanyan, M. Mutka, Z. Cen, N. Xi, "One Way Delay Trend Detection for Available Bandwidth Measurement," Proceedings of IEEE Globecom 2005, November, 2005.

Z. Cen, M. W. Mutka, Y. Liu, A. Goradia, and N. Xi, "QoS Management of Supermedia Enhanced Teleoperation via Overlay Networks," Proceedings of IEEE International Conference on Intelligent Robots and Systems (IROS 2005), August, 2005.

A. Goradia, Z. Cen, N. Xi, and M. W. Mutka, "Modeling and Design of Mobile Surveillance Networks Using a Mutational Analysis Approach," Proceedings of IEEE International Conference on Intelligent Robots and Systems (IROS 2005), August, 2005.

A. Goradia, N. Xi, M. Prokos, Z. Cen, and M. W. Mutka, "Cooperative Multi-Target Surveilance Using a Mutational Analysis Approach," IEEE/ASME International Conference on Advanced Intelligent Mechatronics (AIM 2005) July, 2005.

A. Chobanyan, M. W. Mutka, V. S. Mandrekar, and N. Xi, Modeling Available Bandwidth for an Efficient QoS Characterization of a Network Path,'' Proceedings of NETWORKING 2005, May, 2005.

Z. Cen, M. W. Mutka, D. Zhu, and N. Xi, ``Supermedia Transport for Teleoperations over Overlay Networks,'' Proceedings of NETWORKING 2005, May, 2005.

Z. Cen, A. Goradia, M. .W. Mutka, N. Xi, W.-K. Fung, and Y-H. Liu, ``Improving the Operation Efficiency of Supermedia Enhanced Internet Based Teleoperation via an Overlay Network,'' Proceedings of IEEE International Conference on Robotics and Automation (ICRA 2005), April, 2005.

54

Recent papers - Secure, Private Service Discovery F. Zhu, M. Mutka and L. Ni, ``A Private, Secure and User-centric Information Exposure Model

for Service Discovery Protocols,'' IEEE Transactions on Mobile Computing, vol 5, no. 4, April 2006.

F. Zhu, M. W. Mutka and L. Ni, ``The Master Key: A Private Authentication Approach for Pervasive Computing Environments,'' Proceedings of IEEE International Conference on Pervasive Computing and Communications (PerCom2006), March 2006.

F. Zhu, M. W. Mutka and L. Ni, ``Service Discovery in Pervasive Computing Environments,'' IEEE Pervasive Computing. vol. 4, no. 4, pp. 81-90, October-December, 2005.

F. Zhu, M. Mutka and L. Ni, ``Facilitating Secure Ad hoc Service Discovery in Public Environments,'' Journal of Systems and Software, vol. 76, no. 1, pp. 45-54, April 2005.

F. Zhu, W. Zhu, M. Mutka and L. Ni, ``Expose or Not? A Progressive Exposure Approach for Service Discovery in Pervasive Computing Environments,'' Proceedings of IEEE International Conference on Pervasive Computing and Communications (PerCom2005), March 2005.

F. Zhu, M. Mutka and L. Ni, ``PrudentExposure: A Private and User-Centric Service Discovery Protocol,'' Proceedings of IEEE International Conference on Pervasive Computing and Communications (PerCom2004), pp. 329-338, March 2004.

F. Zhu, M. Mutka and L. Ni, ``Facilitating Secure Ad hoc Service Discovery in Public Environments,'' Proceedings of IEEE Computer Software and Applications Conference (COMPSAC 2003), pp. 433-438, November, 2003.

F. Zhu, M. Mutka and L. Ni, ``Splendor: A Secure, Private, and Location-aware Service Discovery Protocol Supporting Mobile Services,'' Proceedings of IEEE International Conference on Pervasive Computing and Communications (PerCom2003), pp. 235-242, March, 2003.