Download File

utterlypanoramicSecurity

Nov 30, 2013 (3 years and 11 months ago)

86 views

UNIT I

PART II

R.S.Ponmagal

Pervasive Architecture


Architecture is an abstraction of the system.


Architecture defines the system elements and
how they interact.


Architecture suppresses the local information
about the elements.


Defines the properties of the components


Provided services, required services, performance
characteristics, fault handling, resource usage

Pervasive Architecture


Software

components

for

pervasive

computing


Device

heterogeneity


Access

control


Software Components


The

pervasive

computing

environment

forces

us

to

face

the

need

for

components

and

their

boundaries

more

clearly
.



Pervasive

services

will

have

to

be

composed

from

individual

“components”

residing

in

the

large

number

of

heterogeneous

computing

elements
.



The

hardware

environment

itself

will

force

a

natural

boundary

between

components
.

This

may

be

the

most

clear
-
cut

definition

of

a

component
.





A

component

will

be

an

independently

deployable

piece

of

software

that

resides

on

one

hardware

element

and

provides

a

service

element
.

Of

course,

there

may

be

more

than

one

component

on

each

hardware

element
.


Example



WEB

SERVICES


Moore's law: Capacity of microchips doubles in 18 months => capacity
grows an order of magnitude (10x) in 5 years

Security


What

data

do

I

wish

to

expose?

To

whom?


Who

can

presently

access

my

data?


How

can

I

retract

data

exposed?


Who

am

I

communicating

with?


How

do

can

the

privacy

of

my

communication

and

communication

patterns?


Who

do

I

trust

as

a

source

of

information?


How

do

I

convince

others

that

I

am

trustworthy?



How

to

make

systems

simultaneously

secure

and

usable?

1.
Establish strong identity


Goal:
Cryptographically strong identity to devices (endpoints)


Means: Host Identity Protocol (HIP)


Identify each communicating device with a
cryptographic public key


Insert the key into the TCP/IP stack

2.
Assign and manage trust and authority


Goal:
Decentralised means for managing authorisation


Means: SPKI and KeyNote2 certificates


Express delegation with signed statements


Eventually integrate to the operating system

3.
Enable build
-
up of trust and reputation based on
experiences


Goal:
Creation of trustworthy behaviour


Means: Micro economic mechanism design


Design the rules for the game


Make unsocial behaviour uneconomical


Device Heterogeneity


The

basic

premise

of

pervasive

computing

everything

connected

guarantees

heterogeneity

at

all

levels
:

infrastructure,

hardware,

software,

and

people
.



All

kinds

of

devices

must

be

supported
.

Perhaps

in

some

specific

application

scenarios

it

is

possible

to

restrict

the

kinds

of

devices

that

are

supported

but,

in

general,

the

environment

must

anticipate

the

existence

of

a

wide

variety

of

devices
.



If

we

consider

devices

used

by

the

user

to

interact

with

the

system,

they

can

range

from

standard

ones

such

as

laptops,

PDAs,

and

phones,

to

emerging

ones

such

as

those

embedded

in

clothing

and

eyeglasses
.




The

variety

of

available

devices

has

several

implications
.

One

is

the

kind

of

input
-
output

devices
:

textual

and

graphic

input
-
output

will

not

be

the

only

forms

of

human
-
machine

interaction
.



Audio,

visual,

and

other

sensory

modes

of

communication

will

be

prevalent
.

Another

implication

is

the

requirement

that

the

environment

must

be

prepared

to

adapt

to

the

device

currently

used

by

the

user
.



For

example,

if

the

user

is

requesting

information

and

he

is

currently

driving,

the

retrieved

data

should

be

relayed

to

him

with

an

audio

message

through

the

car

radio
.

Access Control


The

wide

availability

of

services

and

the

high

mobility

of

users

among

different

environments

require

the

provision

of

security

mechanisms

to

ensure

the

safe

usage

of

services

by

legitimate

users

and

the

protection

of

services

from

unauthorized

uses
.



Because

of

the

wide

range

of

services,

many

diverse

and

flexible

security

models

and

mechanisms

will

be

needed
.

Either

standard

security

mechanisms

will

have

to

be

embedded

in

the

environment

and

used

by

all

applications

or

each

application

will

have

to

build

its

own

security

mechanisms
.

Most

likely,

a

combination

of

the

two

will

be

needed
.



One

of

the

most

important

aspects

of

security

is

access

control,

to

ensure

that

services

are

only

available

to

authorized

users

and

those

authorized

users

are

allowed

appropriate

privileges

.



For

example,

a

guest

at

a

hotel

may

be

allowed

to

print

on

the

hotel’s

printer

available

in

the

lobby

but

not

change

the

contents

of

the

event

display

in

the

same

lobby
.


Single
-
sign

on

policy


Securing Pervasive

Networks Using

Biometrics


Challenges in pervasive computing environments


Computing devices are numerous and ubiquitous


Traditional authentication including login schemes do not work
well with so many devices


Proposed Solution


Use biometrics for authentication


At the same time, ensure security of biometric templates in an
open environment


Contributions


Propose a biometrics based framework for securing pervasive
environment


Implemented a novel scheme for securing biometric data in an
open environment using symmetric hash functions


Aspects of a Pervasive
Environment


User Interaction


User interacts with speech, gestures and movements


The sensors and computing devices are ‘aware’ of the user and
in the ideal case are also aware of his ‘intent’.


Proactivity


The computing devices should interact and query other devices
on Transparency


Technology has to be transparent.



behalf of the user and his intent


Device interaction


Frequent Multiparty interactions


No central authority or third party


Security and Privacy


Consequences of a pervasive network


Devices are numerous, ubiquitous and shared


The network shares the context and preferences of the user


Smart spaces are aware of the location and intent of the user


Security Concerns


Only authorized individuals need to be given access


Authentication should be minimally intrusive


Devices should be trustworthy


Privacy issues


User should be aware of when he is being observed


The user context should be protected within the network


Need to balance accessibility and security


Should be scalable with multiple users operating in the network


Solution: Biometrics?


Definition


Biometrics is the science of verifying and establishing the identity of an individual
through physiological features or behavioral traits
.


Examples


Physical Biometrics



Fingerprint


Hand Geometry


Iris patterns


Behavioral Biometrics



Handwriting


Signature


Speech


Gait


Chemical/Biological Biometrics


Perspiration


Skin composition(spectroscopy)


Why Biometrics?


Advantages of biometrics


Uniqueness


No need to remember passwords or carry tokens


Biometrics cannot be lost, stolen or forgotten


More secure than a long password


Solves repudiation problem


Not susceptible to traditional dictionary attacks


General Biometric System

Database

Biometric

Sensor

Feature Extraction

Biometric

Sensor

Feature Extraction

Matching

ID : 8809

Authentication

Enrollment

Result

Framework for
Authentication/Interaction

Speaker

Recognition

Speech

Recognition

parsing

and

arbitration

S1

S2

SK

SN

Framework for
Authentication/Interaction

Speaker

Recognition

Speech

Recognition

parsing

and

arbitration

Switch on
Channel 9

S1

S2

SK

SN

Framework for
Authentication/Interaction

Speaker

Recognition

Speech

Recognition

parsing

and

arbitration

Who is
speaking?

Annie

David

Cathy

S1

S2

SK

SN

“Authentication”

Framework for
Authentication/Interaction

Speaker

Recognition

Speech

Recognition

parsing

and

arbitration

What is he
saying?




On,Off,TV

Fridge,Door


S1

S2

SK

SN

“Understanding”

Framework for
Authentication/Interaction

Speaker

Recognition

Speech

Recognition

parsing

and

arbitration

What is he
talking
about?

Channel
-
>TV

Dim
-
>Lamp

On
-
>TV,Lamp

S1

S2

SK

SN

“Switch”,”to”,”channel”,”nine”

“Inferring and execution”

Speaker Recognition

Speech Production


Mechanism

Speech production

Model

Impulse

Train

Generator

Glottal Pulse

Model

G(z)

Vocal Tract

Model

V(z)

Radiation


Model

R(z)

Impulse

Train

Generator

Pitch

A
v

A
N

Vocal Tract

Modeling

Framework is Generic

Face

Recognition

Gesture

Recognition

parsing

and

arbitration

S1

S2

SK

SN

“Authentication”

“Understanding”

“Inferring and execution”

Security of Biometric Data


Issues in biometrics


Biometrics is secure but not secret


Permanently associated with user


Used across multiple applications


Can be covertly captured




Types of circumvention



Denial of service attacks(1)


Fake biometrics attack(2)


Replay and Spoof attacks(3,5)


Trojan horse attacks(4,6,7)


Back end attacks(8)


Collusion


Coercion

Fake Biometrics

Threats to a Biometric System


Types of circumvention



Denial of service attacks(1)


Fake biometrics attack(2)


Replay and Spoof attacks(3,5)


Trojan horse attacks(4,6,7)


Back end attacks(8)


Collusion


Coercion

Hashing


Hashing


Instead of storing the original password P, a
hashed values P’=H(P) is stored instead.


The user is authenticated if H(password) = P’.


It is computationally hard to recover P given H(P)


H()


one way hashing function


Problem with biometrics


Biometric data has high uncertainty


Matching is inexact/probabilistic


Therefore, hashing function should be error
tolerant


Biometric Hashing

Hashing Schema

Hashing

Personalized Hashing

Fingerprints




Minutiae: Local anomalies in the ridge flow


Pattern of minutiae are unique to each
individual


Conclusion


Smart spaces and pervasive computing are moving from concepts
to implementations


Security has to be incorporated in the design stage


Traditional authentication and access control paradigms cannot
scale to numerous and ubiquitous devices


Biometrics serves as a reliable alternative for minimally intrusive
authentication


Biometrics solves key management and repudiation problem


Securing biometrics is a major challenge in an open environment


Biometric hashing can be used to create revocable biometric
templates