1

Chapter 11

Security, Privacy, & TrustIssues in Smart Environments

2

Consider, A Smart Home knows… What time you go to bed, get up What time you leave for, come from work That you have a brand new $5,000 plasma TV Your password to your computer The combination to your safe All your important numbers

SSN, bank account, security code

? How secure do you want your system to be ?

3

Introduction Smart environment (space) - extensively

equipped sensors, actuators, computing Exploit combinations of small distributed

sensing & computational nodes to identify & deliver personalized service

User interacts & exchanges information with environment

* Must be secure, private, trustworthy *

4

Trust vs. Risk Vast amount of personal information What about safety? These issues may delay or stop

acceptance of smart environments Cost + less privacy

5

How Ubicomp Differs- 4 Key Issues -

1. Ubiquity: everywhere

2. Invisibility: users won't know when they are "using" a computer

3. Sensing: inputs everything you do & say

4. Memory Amplification: all can be stored, queried, replayed

* Sounds like a "bad" sci-fi movie! *

6

The Fundamental Change … Today, can often see boundaries RE: security, privacy, trust - can identify end

points; i.e. who get information Smart Environment

Don't know what's collected Don't know where it goes End points not visible

7

Technology Categories1. Fixed Sensors: no computation

Window open or closed

2. Mobile Sensors: on the move; maybe GPS Sensed information vs. supplied

3. Fixed Computing Elements: computation & storage e.g. computer, air conditioner

4. Mobile Computing Elements: movement e.g. PDA, laptops, robots, intelligent wheelchair

No single component has full knowledge or control

8

Security Need same as other computer systems,

network Ensure information is not stolen, modified,

access denied Respect privacy Trustworthy interactions Can "system" become an unwitting spy? What about visitors?

9

TerminologySecurity: confidentiality, integrity, availability

Confidentiality: protecting information/service from unauthorized access

Integrity: protecting information/service from unauthorized changes (errors)

Availability: ensure information/service remains accessible

10

Security - Smart Environments Encryption, Decryption - the main issue Authentication also important Complex

Decentralized Dynamic Transient

Proposed, but not suitable, solution Pretty Good Privacy (PGP) Decentralized Web of trust

11

More on Security Devices have limited processing - storage

Less than suitable encryption Focus on transmission - eavesdropping

Still Hard to locate malicious mobile users Invisible - hard to secure network, can't see Denial-of-service attacks

12

Device Security Device arrives from unknown domain Has device been altered? Theft - not just device Can malicious user masquerade as sensor? Limited battery life - intentionally run down

13

Privacy Personalization of environment contributes to

privacy problems Lot of information collected; subject to

misuse 1984 - George Orwell - Big Brother

14

TerminologyPrivacy: individuals* ability to determine when,

how & what information is communicated to others Protecting private information * Includes organizations

Privacy Control: includes management Set & enforce rules How managed is adaptively based on changes in

disclosure & location (mobility)

15

Principle of Fair Information Practices

1. Openness/transparency - no secret records

2. Individual participation - can see records

3. Collection limits - appropriate collection

4. Data quality - accurate & relevant

16

Principles #25. Use limits - only for specified purpose &

authorized users

6. Appropriate security - reasonable efforts

7. Accountability - record keepers Not a one-way responsibility (system to user) in

smart environments User must be aware

17

P3P - Platform for Privacy Preferences From W3C - consortium Aims to define open standards for web sites to

enhance user control User can describe own privacy preferences Aimed at e-commerce So far, not adapted to smart environments

Due to bi-direction nature Conclusion: cannot achieve total privacy;

should base on openness

18

Privacy Guidelines Based on principles & accidental invasion of

privacy1. Notice: make user aware, awareness infrastructure2. Choice & consent:

Get explicit consent Once notified, allow user to choose to participate Invisible vs. less invisible Natural vs. less natural

3. Anonymity & pseudonymity 1. hide user identity Contrary to "personalization"

19

Privacy Guidelines #24. Proximity & locality

Related to filtering & multicasting Information only distributed to those in guidelines

5. Adequate security Encryption vs. small devices Use encryption wisely

6. Access & recourse Good practice in collection & distribution of data

20

Trust Not well defined How can you trust a mobile entity when you may not

even know them? Cryptography protects data, privacy but who do you

communicate with? Consider in your smart home …

Your kids’ friends A repairperson The date of your friend who comes to a party

* Can you "trust" them? *

21

TrustTraditional security doesn't really cover the

smart environment Identification & Authentication

Unsuitable, inflexible Mobility

22

TerminologyTrust: difficult to define Subjective: depends on context Linked to risk, benefits Intransitive

a trusts b trusts c a doesn't necessarily trust c

Based on benevolence, honesty, competence, predictability

23

Trust AspectsSystem Trust: system measures in place to

encourage successful interactions

Dispositional Trust: expectations of the trustworthiness of others

Situational Decision to Trust: situation specific nature of trust & formation of trust to an entity

Trust is emotional; emotion modeling not well understood

24

Trust Management for Smart Environments

A unified approach to specifying & interpreting security policies, credentials, & relationships that follow direct authorization of security-critical actions (Blaze) Viewed as assignment of privileges e.g. PolicyMaker, KeyNote e.g. (extension) REFEREE Trust

Management System Credential-based -- not for smart environments

Inflexible, credential problems

25

New Approaches to Trust Lots of research; want humanly intuitive Marsh

Based on utility, risk, importance Formulas for trust values [-1, 1) Very limited; not fully inclusive

Abdul-Rahman Decentralized trust management Incorporates trust levels & dynamics Based on reputation, recommendations, & experience

(of truster)

26

New Approaches #2 Josang

Based on subjective logic & subjective beliefs Involves propositional logic, probability,

consensus Jonker & Treur

Dynamics of trust in light of personal experience Trust-negative & trust-positive evidence

27

New Approaches #3 Grandison & Stoman

Trust management must be evaluated/analyzed SULTAN - Simple Universal Logic-oriented Trust

Analysis Notation Includes trust establishment, analysis, risk, specification

SECURE Project General trust model Allows for application specific domains Based on historical behavior

28

Security - Privacy - Trust Issues are different

Mobile Smart

Wireless Other issues

Legal Biometric Sociotechnical Access control Others

* Very Important Challenge! *