Upload
cleopatra-cox
View
217
Download
1
Tags:
Embed Size (px)
Citation preview
1
Chapter 11
Security, Privacy, & TrustIssues in Smart Environments
2
Consider, A Smart Home knows… What time you go to bed, get up What time you leave for, come from work That you have a brand new $5,000 plasma TV Your password to your computer The combination to your safe All your important numbers
SSN, bank account, security code
? How secure do you want your system to be ?
3
Introduction Smart environment (space) - extensively
equipped sensors, actuators, computing Exploit combinations of small distributed
sensing & computational nodes to identify & deliver personalized service
User interacts & exchanges information with environment
* Must be secure, private, trustworthy *
4
Trust vs. Risk Vast amount of personal information What about safety? These issues may delay or stop
acceptance of smart environments Cost + less privacy
5
How Ubicomp Differs- 4 Key Issues -
1. Ubiquity: everywhere
2. Invisibility: users won't know when they are "using" a computer
3. Sensing: inputs everything you do & say
4. Memory Amplification: all can be stored, queried, replayed
* Sounds like a "bad" sci-fi movie! *
6
The Fundamental Change … Today, can often see boundaries RE: security, privacy, trust - can identify end
points; i.e. who get information Smart Environment
Don't know what's collected Don't know where it goes End points not visible
7
Technology Categories1. Fixed Sensors: no computation
Window open or closed
2. Mobile Sensors: on the move; maybe GPS Sensed information vs. supplied
3. Fixed Computing Elements: computation & storage e.g. computer, air conditioner
4. Mobile Computing Elements: movement e.g. PDA, laptops, robots, intelligent wheelchair
No single component has full knowledge or control
8
Security Need same as other computer systems,
network Ensure information is not stolen, modified,
access denied Respect privacy Trustworthy interactions Can "system" become an unwitting spy? What about visitors?
9
TerminologySecurity: confidentiality, integrity, availability
Confidentiality: protecting information/service from unauthorized access
Integrity: protecting information/service from unauthorized changes (errors)
Availability: ensure information/service remains accessible
10
Security - Smart Environments Encryption, Decryption - the main issue Authentication also important Complex
Decentralized Dynamic Transient
Proposed, but not suitable, solution Pretty Good Privacy (PGP) Decentralized Web of trust
11
More on Security Devices have limited processing - storage
Less than suitable encryption Focus on transmission - eavesdropping
Still Hard to locate malicious mobile users Invisible - hard to secure network, can't see Denial-of-service attacks
12
Device Security Device arrives from unknown domain Has device been altered? Theft - not just device Can malicious user masquerade as sensor? Limited battery life - intentionally run down
13
Privacy Personalization of environment contributes to
privacy problems Lot of information collected; subject to
misuse 1984 - George Orwell - Big Brother
14
TerminologyPrivacy: individuals* ability to determine when,
how & what information is communicated to others Protecting private information * Includes organizations
Privacy Control: includes management Set & enforce rules How managed is adaptively based on changes in
disclosure & location (mobility)
15
Principle of Fair Information Practices
1. Openness/transparency - no secret records
2. Individual participation - can see records
3. Collection limits - appropriate collection
4. Data quality - accurate & relevant
16
Principles #25. Use limits - only for specified purpose &
authorized users
6. Appropriate security - reasonable efforts
7. Accountability - record keepers Not a one-way responsibility (system to user) in
smart environments User must be aware
17
P3P - Platform for Privacy Preferences From W3C - consortium Aims to define open standards for web sites to
enhance user control User can describe own privacy preferences Aimed at e-commerce So far, not adapted to smart environments
Due to bi-direction nature Conclusion: cannot achieve total privacy;
should base on openness
18
Privacy Guidelines Based on principles & accidental invasion of
privacy1. Notice: make user aware, awareness infrastructure2. Choice & consent:
Get explicit consent Once notified, allow user to choose to participate Invisible vs. less invisible Natural vs. less natural
3. Anonymity & pseudonymity 1. hide user identity Contrary to "personalization"
19
Privacy Guidelines #24. Proximity & locality
Related to filtering & multicasting Information only distributed to those in guidelines
5. Adequate security Encryption vs. small devices Use encryption wisely
6. Access & recourse Good practice in collection & distribution of data
20
Trust Not well defined How can you trust a mobile entity when you may not
even know them? Cryptography protects data, privacy but who do you
communicate with? Consider in your smart home …
Your kids’ friends A repairperson The date of your friend who comes to a party
* Can you "trust" them? *
21
TrustTraditional security doesn't really cover the
smart environment Identification & Authentication
Unsuitable, inflexible Mobility
22
TerminologyTrust: difficult to define Subjective: depends on context Linked to risk, benefits Intransitive
a trusts b trusts c a doesn't necessarily trust c
Based on benevolence, honesty, competence, predictability
23
Trust AspectsSystem Trust: system measures in place to
encourage successful interactions
Dispositional Trust: expectations of the trustworthiness of others
Situational Decision to Trust: situation specific nature of trust & formation of trust to an entity
Trust is emotional; emotion modeling not well understood
24
Trust Management for Smart Environments
A unified approach to specifying & interpreting security policies, credentials, & relationships that follow direct authorization of security-critical actions (Blaze) Viewed as assignment of privileges e.g. PolicyMaker, KeyNote e.g. (extension) REFEREE Trust
Management System Credential-based -- not for smart environments
Inflexible, credential problems
25
New Approaches to Trust Lots of research; want humanly intuitive Marsh
Based on utility, risk, importance Formulas for trust values [-1, 1) Very limited; not fully inclusive
Abdul-Rahman Decentralized trust management Incorporates trust levels & dynamics Based on reputation, recommendations, & experience
(of truster)
26
New Approaches #2 Josang
Based on subjective logic & subjective beliefs Involves propositional logic, probability,
consensus Jonker & Treur
Dynamics of trust in light of personal experience Trust-negative & trust-positive evidence
27
New Approaches #3 Grandison & Stoman
Trust management must be evaluated/analyzed SULTAN - Simple Universal Logic-oriented Trust
Analysis Notation Includes trust establishment, analysis, risk, specification
SECURE Project General trust model Allows for application specific domains Based on historical behavior
28
Security - Privacy - Trust Issues are different
Mobile Smart
Wireless Other issues
Legal Biometric Sociotechnical Access control Others
* Very Important Challenge! *