Security Infrastructure for Context-Aware Middleware

1
Security Infrastructure for Context-Aware
Middleware

• By L.X.Hung
• u-Security Group
• 2005.09.16

2
Agenda

• Security Group introduction
• Fundamental Challenges
• Proposed Security model
• Working Plan

3
uSecurity Group Introduction
Prof. M. Kaykobad, Advisor
Prof. S.Y.Lee, Advisor
Le Xuan Hung, PhD
Zhung Yonil, PhD
Yuan Weiwei, PhD
Riaz Ahmed Shaikh, PhD
Hassan Jameel, MS
Pho Duc Giang, MS
Nguyen Ngoc Diep, MS
Tran Van Phuong, MS
4
Fundamental challenges to secure pervasive
computing

• The need to integrate the socio-technical
  perspective
• Related to usability, confidence (trust) in
  security techs
• Related to the broader sociological, cognitive,
  economic and legal aspects of our lives
• Recognize the different personas and roles (e.g.
  prof, student, )
• Breakdown of classical perimeter security and the
  need to support trust relationships
• Firewall to enforce security, pre-registered
  authentication are not suitable
• User community is anonymous and constantly
  changing

5
Fundamental challenges to secure pervasive
computing (2)

• Balancing non-intrusive and security strength
• needed to shift away from classical and intrusive
  security scheme (e.g. explicit user input such as
  password) to securely and automatically sense and
  exchange seamlessly.
• Enable single-step authentication to
  multiplications and stove-piped systems
• Context awareness
• protocols and infrastructure required to sense,
  gather, and organize contextual information in
  secure manner.
• Mobility, adaptability, and dynamism
• a user may be mobile, interact with multiple
  devices and access multiple applications.
• the user may also be disconnected from home
  network.

6
Fundamental challenges to secure pervasive
computing (3)

• Resource constrained operation
• CPU power, energy, memory, etc.
• Limit cryptography operations, security protocol
  and security mechanism.
• Balancing security and others tradeoffs
• Ubicomp is composed of diverse applications,
  usage scenarios, and data handling demands.
• Thus the central challenge is to diverse security
  models along with supporting architectures,
  protocols that can provide tunable tradeoff.

7
Interactions in Context-Aware Middleware

• Users and Mobile Devices
• Administrating
• Resource access
• Services
• Service lookup delivery
• Applications
• Contextual information, services request /
  response
• Resource access
• Sensing Devices
• Providing context, sensing data

8
Securing Ubiquitous Environment with SiCAM

• Our Solution SiCAM
• Security infrastructure for Context-Aware
  Middleware

• Light-weight Cryptography
• IDS Agents

• Light-weight Cryptography
• IDS Agents
• Others
• -Secure Sensing, Routing, Aggregation
• -Key Management
• -etc.

• Light-weight Cryptography

9
Proposed Security Infrastructure
1
1
2
4
1
6
1
5
7
4
10
Proposed Security Infrastructure (2)

• Access Control
• Core technology to enforce security and policies
• Context-based Access Control
• Provide both MAC and DAC (Mandatory and
  Discretion Access Control)
• Can be broken down into 3 process
• Identification users recognition (wearable
  devices, voice/face recognition, badgeID, etc)
• Authentication verify identification
• Authorization yes/no decision whether user can
  access resources and services

11
Proposed Security Infrastructure (3)

• Inference Engine
• Intelligent part of SiCAM
• Compute and provide level of confidence to
  authentication
• Consulting authorization evaluate queries from
  applications whether a certain entity is allow to
  access a certain resource
• Composed of
• Privacy sensitive, personal data that is
  explicitly exchanged, that is automatically
  sensed
• Trust management provide trust level of
  uncertainty entities
• Intrusion detection detecting intruder,
  malfunction entities

12
Proposed Security Infrastructure (4)

• Inference Engine
• Can access all authentication policy, access
  control policies
• Can get context from difference provider of
  Context-aware middleware
• Queries various context provider
• Can access to context provider lookup service to
  look up various context providers
• Authentication of various people

13
Ongoing work

• General Tutorial Presentation (weekly)
• In progress (60)
• Security Infrastructure design
• Proposed general architecture
• Verifying and revising
• Working on paper Trust Model for Ubiquitous
  Environment, to submit to AINA06

14
Paper work

• Hung Le Xuan, Sungyoung Lee and Young-Koo Lee, "A
  Key-Exchanging Scheme for Sensor Networks", The
  2005 IFIP International Conference on
  Intelligence in Communication Systems
  (INTELLCOMM'05), Canada. October 17-19, 2005
• Hassan Jameel, Sungyoung Lee and Young-Koo Lee A
  Secret Sharing Scheme for Preventing the Cheaters
  from Acquiring the Secret submitted to SKLOIS
  Conference on Information Security and Cryptology
  
• Hassan Jameel, Sungyoung Lee and Young-Koo Lee
  Secure Information Exchange in a Mobile-to-Grid
  Middleware Environment submitted to 3rd
  International IEEE Security in Storage Workshop
• Hassan Jameel, Hung Le Xuan, Sungyoung Lee and
  Young-Koo Lee A Vector Space Based Trust
  Evaluation Model for Ubiquitous Systems3rd
  International IEEE Security in Storage Workshop

15
Future Plan

• End of this year
• Complete infrastructure design and API
• Publish technical report
• Middle 2006
• Implementation
• Prototype and testbed
• Ultimate Goals
• Commercialize source code.
• 15 SCI papers
• 3 SCI Journals