Davis

companyscourgeAI and Robotics

Oct 19, 2013 (3 years and 9 months ago)

75 views

Frank
Stajano

Presented by

Patrick Davis

1


Ubiquitous Computing


Exact concept inception date is unknown


Basically background computing in life


Pervasive Computing


Invisible / Disappearing Computing


Sentient Computing


Ambient Intelligence


Calm computing


Different things to different people


Security


A virus broke my toaster and now my freezer won’t
work!


2


Security is Risk Management


Defender thinks about


I have gold in my house
-

Asset


Someone can steal my gold
-

Threats


I leave the front door unlocked
-

Vulnerabilities


A thief can walk into the front door
-

Attacks


It costs a lot of money to replace the gold
-
Risks


Get a few dogs


Safeguards


Release the hounds
-

Countermeasure


3


Not a complete list but traditionally…


Confidentiality


Integrity


Availability


To mitigate these risks


Authentication


Identification


Verification


Authorization

4


Mobile Phone


What do you lose if some one steals the device


Cost of the device


Information On the device


Availability of the device


Your Identification (if the phone is used as a credit card)


What if the phone is hacked. (How do you know it isn’t)


Information on the phone is compromised


Components on the phone are compromised


Microphone


Your current location


Your current soundings

5


How important does it seem to be?


How important is it?


Think like the enemy…

6


What happens when you record every aspect
of your life.


What if I wore one?


What kind of things would you be ok with
sharing


How much do you want protect these


From your own memory loss


From hackers


How close are we to this already

7


Phones are sending location back almost 24
hours a day


One of the ways to get maintain privacy is to
make each location marker anonymous


Another way is to have the interested parties
broad cast their services and the users pickup
or disregard those services as needed


The author disregards the situation where the
location of any user (anonymous or not) is a
security risk

8


Basically barcodes that can remotely identify
themselves


Can be powered by the request to read the
tag


Economics of scale should bring down the
price of RFIDs


Can be used as machine vision where as the
vision is basically viewed as positions of the
RFIDs


Are limited in processing ability meaning
cryptology is limited

9


Some Safe Guards are


Killing the Tag


Hash
-
based access control


Randomized Access Control


Silent tree walking


Blocker
-
tag


Anti
-
Counterfeiting using PUFs


Distance bounding protocols


Multi
-
Factor Access Control in e
-
passports


10


In
UbiComp

the server authenticates the
client and if it is allowed does the requested
actions.


A couple principles in authentication


Big Stick


Resurrecting Duckling


Multi Channel Protocols

11


The mother duck is the master and the
duckling is the slave


Based on a set of four principles


Two State principle


Imprinting Principle


Death Principle


Assassination Principle

12


Data Origin Authenticity


DiffieHellman

key exchange


Man in the middle attack


Have two channels


A high capacity Channel for “long” messages


A low capacity Channel for Data
-
Origin
authentication

13


Do you really like entering your password for
every site?


Why do we have single sign on or Identity
Management (Face book sign on)


How do we get around password


Tokens


Biometrics

14


Security is only to prevent dishonest people
from performing bad Actions


This often gets in the way of honest user’s
activities


Tax on the honest

15


We must view though someone else's eyes


The attacker


The user



Quote:


Security cannot depend upon the user’s ability to
read a message from the computer and act in an
informed and sensible manner […] a machine must
be secure out of the factory if given to a user who
cannot read


Meaning the security glove must fit the user
comfortably but still stop the attacker

16


Systems are sold on the basis of features.


Customers really only care about security in
terms of particular scenarios


Security features cost money to implement
clients see security as an extra or just another
feature that they never see.


Again how important is privacy…


Client must have a bad experience with security in
order to see the importance of good security

17

18

QUESTIONS?