Chapter 11 Security, Privacy,

1
Chapter 11
Security, Privacy, TrustIssues in Smart
Environments
2
Consider, A Smart Home knows

• What time you go to bed, get up
• What time you leave for, come from work
• That you have a brand new 5,000 plasma TV
• Your password to your computer
• The combination to your safe
• All your important numbers
• SSN, bank account, security code
• ? How secure do you want your system to be ?

3
Introduction

• Smart environment (space) - extensively equipped
  sensors, actuators, computing
• Exploit combinations of small distributed sensing
  computational nodes to identify deliver
  personalized service
• User interacts exchanges information with
  environment
• Must be secure, private, trustworthy

4
Trust vs. Risk

• Vast amount of personal information
• What about safety?
• These issues may delay or stop acceptance of
  smart environments
• Cost less privacy

5
How Ubicomp Differs- 4 Key Issues -

• Ubiquity everywhere
• Invisibility users won't know when they are
  "using" a computer
• Sensing inputs everything you do say
• Memory Amplification all can be stored, queried,
  replayed
• Sounds like a "bad" sci-fi movie!

6
The Fundamental Change

• Today, can often see boundaries
• RE security, privacy, trust - can identify end
  points i.e. who get information
• Smart Environment
• Don't know what's collected
• Don't know where it goes
• End points not visible

7
Technology Categories

• Fixed Sensors no computation
• Window open or closed
• Mobile Sensors on the move maybe GPS
• Sensed information vs. supplied
• Fixed Computing Elements computation storage
• e.g. computer, air conditioner
• Mobile Computing Elements movement
• e.g. PDA, laptops, robots, intelligent wheelchair
• No single component has full knowledge or control

8
Security

• Need same as other computer systems, network
• Ensure information is not stolen, modified,
  access denied
• Respect privacy
• Trustworthy interactions
• Can "system" become an unwitting spy?
• What about visitors?

9
Terminology

• Security confidentiality, integrity,
  availability
• Confidentiality protecting information/service
  from unauthorized access
• Integrity protecting information/service from
  unauthorized changes (errors)
• Availability ensure information/service remains
  accessible

10
Security - Smart Environments

• Encryption, Decryption - the main issue
• Authentication also important
• Complex
• Decentralized
• Dynamic
• Transient
• Proposed, but not suitable, solution
• Pretty Good Privacy (PGP)
• Decentralized Web of trust

11
More on Security

• Devices have limited processing - storage
• Less than suitable encryption
• Focus on transmission - eavesdropping
• Still
• Hard to locate malicious mobile users
• Invisible - hard to secure network, can't see
• Denial-of-service attacks

12
Device Security

• Device arrives from unknown domain
• Has device been altered?
• Theft - not just device
• Can malicious user masquerade as sensor?
• Limited battery life - intentionally run down

13
Privacy

• Personalization of environment contributes to
  privacy problems
• Lot of information collected subject to misuse
• 1984 - George Orwell - Big Brother

14
Terminology

• Privacy individuals ability to determine when,
  how what information is communicated to others
• Protecting private information
• Includes organizations
• Privacy Control includes management
• Set enforce rules
• How managed is adaptively based on changes in
  disclosure location (mobility)

15
Principle of Fair Information Practices

• Openness/transparency - no secret records
• Individual participation - can see records
• Collection limits - appropriate collection
• Data quality - accurate relevant

16
Principles 2

• 5. Use limits - only for specified purpose
  authorized users
• 6. Appropriate security - reasonable efforts
• 7. Accountability - record keepers
• Not a one-way responsibility (system to user) in
  smart environments
• User must be aware

17
P3P - Platform for Privacy Preferences

• From W3C - consortium
• Aims to define open standards for web sites to
  enhance user control
• User can describe own privacy preferences
• Aimed at e-commerce
• So far, not adapted to smart environments
• Due to bi-direction nature
• Conclusion cannot achieve total privacy
• should base on openness

18
Privacy Guidelines

• Based on principles accidental invasion of
  privacy
• Notice make user aware, awareness infrastructure
• Choice consent
• Get explicit consent
• Once notified, allow user to choose to
  participate
• Invisible vs. less invisible
• Natural vs. less natural
• Anonymity pseudonymity
• hide user identity
• Contrary to "personalization"

19
Privacy Guidelines 2

• 4. Proximity locality
• Related to filtering multicasting
• Information only distributed to those in
  guidelines
• 5. Adequate security
• Encryption vs. small devices
• Use encryption wisely
• 6. Access recourse
• Good practice in collection distribution of data

20
Trust

• Not well defined
• How can you trust a mobile entity when you may
  not even know them?
• Cryptography protects data, privacy but who do
  you communicate with?
• Consider in your smart home
• Your kids friends
• A repairperson
• The date of your friend who comes to a party
• Can you "trust" them?

21
Trust

• Traditional security doesn't really cover the
  smart environment
• Identification Authentication
• Unsuitable, inflexible
• Mobility

22
Terminology

• Trust difficult to define
• Subjective depends on context
• Linked to risk, benefits
• Intransitive
• a trusts b trusts c
• a doesn't necessarily trust c
• Based on benevolence, honesty, competence,
  predictability

23
Trust Aspects

• System Trust system measures in place to
  encourage successful interactions
• Dispositional Trust expectations of the
  trustworthiness of others
• Situational Decision to Trust situation specific
  nature of trust formation of trust to an entity
• Trust is emotional emotion modeling not well
  understood

24
Trust Management for Smart Environments

• A unified approach to specifying interpreting
  security policies, credentials, relationships
  that follow direct authorization of
  security-critical actions (Blaze)
• Viewed as assignment of privileges
• e.g. PolicyMaker, KeyNote
• e.g. (extension) REFEREE Trust
  Management System
• Credential-based -- not for smart environments
• Inflexible, credential problems

25
New Approaches to Trust

• Lots of research want humanly intuitive
• Marsh
• Based on utility, risk, importance
• Formulas for trust values -1, 1)
• Very limited not fully inclusive
• Abdul-Rahman
• Decentralized trust management
• Incorporates trust levels dynamics
• Based on reputation, recommendations,
  experience (of truster)

26
New Approaches 2

• Josang
• Based on subjective logic subjective beliefs
• Involves propositional logic, probability,
  consensus
• Jonker Treur
• Dynamics of trust in light of personal experience
• Trust-negative trust-positive evidence

27
New Approaches 3

• Grandison Stoman
• Trust management must be evaluated/analyzed
• SULTAN - Simple Universal Logic-oriented Trust
  Analysis Notation
• Includes trust establishment, analysis, risk,
  specification
• SECURE Project
• General trust model
• Allows for application specific domains
• Based on historical behavior

28
Security - Privacy - Trust

• Issues are different
• Mobile
• Smart
• Wireless
• Other issues
• Legal
• Biometric
• Sociotechnical
• Access control
• Others
• Very Important Challenge!