pervasive computing unit i introduction
TRANSCRIPT
Pervasive Computing
UNIT I
Introduction
Our life in the future should be very carefree with little to no hassle.
Less searching, more fast and accurate access to information, when needed.
Time and location boundaries will eventually be eliminated, resulting in a true information age style of
civilisation.
Future devices will become more and more intelligent , they will start to talk among themselves to serve
as better.
Introduction
Ubiquitous - Present Everywhere
Bringing mobile, wireless and sensor networking technologies together towards a new computing
paradigm
Everywhere, anywhere, always on, anytime
Introduction
Pervasive computing is the third wave of computing technologies to emerge since computers first
appeared:
• First Wave - Mainframe computing era: one computer shared by many people, via workstations.
• Second Wave - Personal computing era: one computer used by one person, requiring a conscious
interaction. Users largely bound to desktop.
• Third Wave – Pervasive (initially called ubiquitous) computing era: one person, many computers. Millions
of computers embedded in the environment, allowing technology to recede into the background
The Third Wave of Computing
Dramatic calm
Obtrusive inconspicuous
Overpowering empowering
Distracting facilitating
Difficult easy
Extraordinary everyday
Complex simple
Desktop embedded interface
Introduction
The aim of ubiquitous computing is to design computing infrastructures in such a manner that they
integrate seamlessly with the environment and become almost invisible.
Ubiquitous computing vision
Introduction
Unobtrusiveness and Spread through
From all the directions
Degree of Penetration
Our physical world is Pervasive, because it surrounds us all the time.
This is a collection of nature and things.
Principles of Pervasive Computing
“The most profound technologies are those that dissappear. They weave themselves into the fabric of
everyday life until they are indistinguishable from it.”
Creation of environments saturated with computing and communication capability, yet gracefully
integrated with human users.
Scientific American,
Vol. 265 N.9, pp. 66-75, 1991
Principles of Pervasive Computing
During one of his talks, Weiser outlined a set of principles describing pervasive computing (also called
ubiquitous computing):
The purpose of a computer is to help you do something else.
The best computer is a quiet, invisible servant.
The more you can do by intuition the smarter you are; the computer should extend your unconscious.
Technology should create calm.
Calm technology
“A technology that which informs but doesn't demand our focus or attention”.
(Designing Calm Technology, Weiser and John Seeley Brown)
Yesterday's Computers Filled Rooms …
… So Will Tomorrow’s
Principles of Pervasive Computing
Pervasive computing integrates computation into the environment, rather than having computers which
are distinct objects.
Other terms for pervasive computing:
Ubiquitous computing
Calm technology
Things that think
Everyware
Pervasive internet
Ambient intelligence
Proactive computing
Augmented reality
Ubiquitous computing
Ubiquitous computing (ubicomp) integrates computation into the environment, rather than having
computers which are distinct objects. Promoters of this idea hope that embedding computation into the
environment and everyday objects would enable people to interact with information-processing devices
more naturally and casually than they currently do, and in ways that suit whatever location or context
they find themselves in.
Ubiquitous computing encompasses wide range of research topics, including distributed computing,
mobile computing, sensor networks, human-computer interaction, and artificial intelligence.
Sentient computing
Sentient computing is a form of ubiquitous computing which uses sensors to perceive its environment
and react accordingly. A common use of the sensors is to construct a world model which allows
location-aware or context-aware applications to be constructed.
One famous research prototype of a sentient computing system was the work at AT&T Laboratories,
Cambridge (now defunct). It consisted of an ultrasonic indoor location system called the “Active Bats”
which provided a location accuracy of about 3 cm. The world model was managed via the SPIRIT
database, using CORBA to access information and spatial indexing to deliver high-level events such as
“Alice has entered the kitchen” to listening context-aware applications. The research continues at the
Digital Technology Group at the University of Cambridge.
Some example applications of the system include:
A “follow-me phone” which would cause the telephone nearest the recipient to ring.
Teleporting desktops via VNC just by clicking their Active Bat near the computer.
Spatial buttons which were activated by clicking the Active Bat at a particular spot (such as a poster).
Measuring and surveying buildings.
Locative games
Context adaptative computing
Context adaptative computing
A context adaptive system typically enables the user to maintain a certain application (in different forms)
while roaming between different wireless access technologies, locations, devices and even
simultaneously executing everyday tasks like meetings, driving a car etc.
For example a context adaptive and hence ubiquitous navigation system would offer navigation support
in the situations at home, indoor, outdoor, and in car.
This involves making the navigation functionality available for different availability of output devices,
input devices and location sensors as well as adapting the user interaction operability to the current
speed, noise or operator handicaps while keeping in mind the overall applicability depending on the user
preferences, his knowledge, current task etc.
Wearable computers
Wearable computers are computers that are worn on the body. They have been applied to areas such as
behavioral modeling, health monitoring systems, information technologies and media development.
Government organizations, military, and health professionals have all incorporated wearable computers
into their daily operations. Wearable computers are especially useful for applications that require
computational support while the user’s hands, voice, eyes or attention are actively engaged with the
physical environment.
One of the main features of a wearable computer is consistency. There is a constant interaction between
the computer and user, ie. There is no need to turn the device on or off. Another feature is the ability to
multi-task. It is not necessary to stop what you are doing to use the device; it is augmented into all other
actions. These devices can be incorporated by the user to act like a prosthetic. It can therefore be an
extension of the user’s mind and/or body.
Examples for wearable computers: calculator watch ,EyeTap,Head-mounted display ,
Head-up display,Laptop,Personal digital assistant,Tablet PC,Virtual retinal display
Context-aware pervasive systems
Context-aware pervasive systems (or aware systems, for short) refer to systems that can be aware of
their physical (and virtual) environment or situation, and respond intelligently based on such awareness.
It is among the most exciting trends in computing today, fueled by developments in pervasive computing,
including new computers worn by users, embedded devices, sensors, and wireless networking technology
Ambient Intelligence
The concept of ambient intelligence or AmI is a vision where humans are surrounded by computing
and networking technology unobtrusively embedded in their surroundings. See also ubiquitous
computing.
The concept of ambient intelligence (AmI) was developed by the ISTAG advisory group to the European
Commission’s DG Information Society and the Media. AmI puts the emphasis on user-friendliness,
efficient and distributed services support, user empowerment, and support for human interactions. This
vision assumes a shift away from PCs to a variety of devices which are unobtrusively embedded in our
environment and which are accessed via intelligent interfaces.
In order for AmI to become a reality a number of key technologies are required:
Unobtrusive hardware (miniaturisation, nano-technology, smart devices, sensors etc.)
A seamless mobile/fixed web-based communication infrastructure (interoperability, wired and wireless
networks etc.)
Dynamic and massively distributed device networks
Natural feeling human interfaces (intelligent agents, multi-modal interfaces, models of context awareness
etc.)
Dependability and security (self-testing and self repairing software, privacy ensuring technology etc)
Urban computing
urban computing: the integration of computing, sensing, and actuation technologies into our everyday
urban settings and lifestyles. Successful integration requires taking several facets of the urban
environment into account at once.
Urban settings frame social behaviors; they encompass architectural forms and features that may or may
not be harmonious with given technologies; and they are increasingly but variably permeated by wireless
networks and fixed and mobile devices.
A key challenge is the great diversity and density of people, devices, and built artifacts found in urban
places.
Urban computing ranges from city-wide transportation-sensing infrastructure, to services embedded in a
cafe, to the bluetooth “aura” of an individual’s mobile phone as he or she walks down a street.
Principles of Pervasive Computing
Central aim of pervasive computing: invisibility
One does not need to continually rationalize one's use of a pervasive computing system.
Having learnt about its use sufficiently well, one ceases to be aware of it.
It is "literally visible, effectively invisible" in the same way that a skilled carpenter engaged in his
work might use a hammer without consciously planning each swing.
Similarly, when you look at a street sign, you absorb its information without consciously performing
the act of reading.
Pervasive
The essence of that vision was the creation of environments saturated with computing and
communication capability, yet gracefully integrated with human users.
Pervasive – all around us
Should be there where we need them
Not go and get them
Human Centered
Computers should adapt to the humans
Computations enter our world
Must be unobtrusive and minimize user distraction
Computers as we know it will disappear
Better ways of Computer-Human interaction
The computers need to be aware of humans – Context
Pervasive Environment
The most important characteristics of pervasive environments are:
Heterogeneity: Computing will be carried out on a wide spectrum of client devices, each with different
configurations and functionalities.
Prevalence of "Small" Devices: Many devices will be small, not only in size but also in computing
power, memory size, etc.
Limited Network Capabilities: Most of the devices would have some form of connection. However,
even with the new networking standards such as GPRS, Bluetooth, 802.11x, etc., the bandwidth is still
relatively limited compared to wired network technologies. Besides, the connections are usually unstable.
High Mobility: Users can carry devices from one place to another without stopping the services.
User-Oriented: Services would be related to the user rather than a specific device, or specific location.
Highly Dynamic Environment: An environment in which users and devices keep moving in and out of
a volatile network.
Future of Pervasive Computing
Evolution
Distributed Computing
intersection of personal computers and local area networks.
Mobile Computing
The appearance of full-function laptop computers and wireless LANs in the early 1990s led
researchers to confront the problems that arise in building a distributed system with mobile clients.
The field of mobile computing was thus born.
Distributed Computing
Remote communication, including protocol layering, remote procedure call, the use of timeouts, and the
use of end to- end arguments in placement of functionality
Fault tolerance, including atomic transactions, distributed and nested transactions, and two-phase
commit
High availability, including optimistic and pessimistic replica control, mirrored execution, and optimistic
recovery
Remote information access, including caching, function shipping, distributed file systems, and distributed
databases
Security, including encryption-based mutual authentication and privacy
Mobile Computing – Key Constraints
unpredictable variation in network quality,
lowered trust and robustness of mobile elements,
limitations on local resources imposed by weight and size constraints, and concern for battery power
consumption
Mobile Computing
Mobile networking, including Mobile IP, ad hoc protocols, and techniques for improving TCP
performance in wireless networks
Mobile information access, including disconnected operation, bandwidth-adaptive file access, and
selective control of data consistency
Support for adaptative applications, including transcoding by proxies and adaptive resource management
System-level energy saving techniques, such as energy-aware adaptation, variable-speed processor
scheduling, and energy-sensitive memory management
Location sensitivity, including location sensing and location-aware system behavior
Effective Use of Smart Spaces
The first research thrust is the effective use of smart spaces. A space may be an enclosed area such as a
meeting room or corridor, or a well-defined open area such as a courtyard or quadrangle.
By embedding computing infrastructure in building infrastructure, a smart space brings together two
worlds that have been disjoint until now. The fusion of these worlds enables sensing and control of one
world by the other.
Invisibility
The second thrust is invisibility. The ideal expressed by Weiser is complete disappearance of pervasive
computing technology from a user’s consciousness. In practice, a reasonable approximation to this ideal
is minimal user distraction.
If a pervasive computing environment continuously meets user expectations and rarely presents him with
surprises, it allows him to interact almost at a subconscious level
Localized Scalability
The third research thrust is localized scalability. As smart spaces grow in sophistication, the intensity of
interactions between a user’s personal computing space and his/her surroundings increases. This has
severe bandwidth, energy, and distraction implications for a wireless mobile user.
The presence of multiple users will further complicate this problem. Scalability, in the broadest sense, is
thus a critical problem in pervasive computing.
Previous work on scalability has typically ignored physical distance — a Web server or file server should
handle as many clients as possible, regardless of whether they are located next door or across the country.
The situation is very different in pervasive computing.
Here, the density of interactions has to fall off as one moves away; otherwise, both the user and his
computing system will be overwhelmed by distant interactions that are of little relevance.
Masking Uneven Conditioning
The fourth thrust is the development of techniques for masking uneven conditioning of environments.
The rate of penetration of pervasive computing technology into the infrastructure will vary considerably
depending on many nontechnical factors such as organizational structure, economics, and business
models. Uniform penetration, if it is ever achieved, is many years or decades away.
In the interim, there will persist huge differences in the “smartness” of different environments — what is
available in a well-equipped conference room, office, or classroom may be more sophisticated than in
other locations. This large dynamic range of “smartness” can be jarring to a user, detracting from the goal
of making pervasive computing technology invisible.
Evolution & Related Fields
Other related fields:
Sensor Networks
A sensor network consist of a large number of tiny autonomous computing devices, each equipped
with sensors, a wireless radio, a processor, and a power source.
Sensor networks are envisioned to be deployed unobtrusively in the physical environment in order
to monitor a wide range of environmental phenomena (e.g., environmental pollutions, seismic
activity, wildlife) with unprecedented quality and scale.
Evolution & Related Fields
Other related fields:
Human Computer Interaction
HCI is the study of interaction between people (users) and computers.
A basic goal of HCI is to improve the interaction between users and computers by making
computers more user-friendly and receptive to the user's needs.
A long term goal of HCI is to design systems that minimize the barrier between the human's
cognitive model of what they want to accomplish and the computer's understanding of the user's
task.
Evolution & Related Fields
Other related fields:
Artificial Intelligence
AI can be defined as intelligence exhibited by an artificial (non-natural, manufactured) entity.
AI is studied in overlapping fields of computer science, psychology and engineering, dealing with
intelligent behavior, learning and adaptation in machines, generally assumed to be computers.
Research in AI is concerned with producing machines to automate tasks requiring intelligent
behavior.
Problem Space
Design and implementation problems in pervasive comp.
User intent
Cyber foraging
Adaptation strategy
High-level energy management
Client thickness
Context awareness
Balancing proactivity and transparency
Impact on layering
Privacy and trust
Problem Space
User intent
For proactivity to be effective, it is crucial that a pervasive computing system track user intent.
Otherwise, it will be almost impossible to determine which system actions will help rather than hinder
the user.
For example, suppose a user is viewing video over a network connection whose bandwidth suddenly
drops. Should the system:
Reduce the fidelity of the video?
Pause briefly to find another higher-bandwidth connection?
Advise the user that the task can no longer be accomplished?
The correct choice will depend on what the user is trying to accomplish.
Problem Space
Cyber foraging (also called “living off the land”)
The idea is to dynamically augment the computing resources of a wireless mobile computer by
exploiting wired hardware infrastructure.
As computing becomes cheaper and more plentiful, it makes economic sense to “waste” computing
resources to improve user experience.
In the forseeable future, public spaces such as airport lounges and coffee shops will be equipped with
compute servers or data staging servers for the benefit of customers, much as table lamps are today.
(Today, many shopping centers and cafeterias offer their customers free wireless internet access.)
Problem Space
Adaptation strategy
Adaptation is necessary when there is a significant mismatch between the supply and demand of a
resource (e.g. wireless network bandwidth, energy, computing cycles or memory).
There are three alternative strategies for adaptation in pervasive computing:
A client can guide applications in changing their behavior so that they use less of a scarce resource.
This change usually reduces the user-perceived quality, or fidelity, of an application.
A client can ask the environment to guarantee a certain level of a resource (reservation-based QoS
systems). From the viewpoint of the client, this effectively increases the supply of a scarce resource
to meet the client’s demand.
A client can suggest a corrective action to the user. If the user acts on this suggestion, it is likely
(but not certain) that resource supply will become adequate to meet demand.
Problem Space
High-level energy management
Sophisticated capabilities such as proactivity and self-tuning increase the energy demand of software
on a mobile computer in one’s personal computing space.
Making such computers lighter and more compact places severe restrictions on battery capacity, so
the higher levels of the system must be involved in memory management.
One example is energy-aware memory management, where the operating system dynamically controls
the amount of physical memory that has to be refreshed.
Another example is energy-aware adaptation, where individual applications switch to modes of
operation with lower fidelity and energy demand under operating system control.
Problem Space
Client thickness (hardware capabilities of the client)
For a given application, the minimum acceptable thickness of a client is determined by the worst-case
environmental conditions under which the application must run satisfactorily.
A very thin client suffices if one can always count on high-bandwidth low-latency wireless
communication to nearby computing infrastructure, and batteries can be recharged or replaced easily.
If there exists even a single location visited by a user where these assumptions do not hold, the client
will have to be thick enough to compensate at that location.
This is especially true for interactive applications where crisp response is important.
Problem Space
Context awareness
A pervasive computing system must be cognizant of its user’s state and surroundings, and must
modify its behavior based on this information.
A user’s context can be quite rich, consisting of attributes such as physical location, physiological
state (e.g., body temperature and heart rate), emotional state (e.g., angry, distraught, or calm), personal
history, daily behavioral patterns, and so on.
If a human assistant were given such context, he or she would make decisions in a proactive fashion,
anticipating user needs.
In making these decisions, the assistant would typically not disturb the user at inopportune moments
except in an emergency.
A pervasive computing system should emulate such a human assistant.
Problem Space
Balancing proactivity and transparency
Unless carefully designed, a proactive system can annoy a user and thus defeat the goal of invisibility.
A mobile user’s need and tolerance for proactivity are likely to be closely related to his/her level of
expertise on a task and familiarity with his/her environment.
A system that can infer these factors by observing user behavior and context is better positioned to
strike the right balance.
For transparency, a user patience model can be implemented to predict whether the user will respond
positively to a fetch request. So the user interaction is suppressed and the fetch is handled
transparently.
Problem Space
Impact on layering
Proactivity and adaptation based on corrective actions seem to imply exposure of much more
information across layers than is typical in systems today.
Layering cleanly separates abstraction from implementation and is thus consistent with sound software
engineering.
Layering is also conducive to standardization since it encourages the creation of modular software
components.
Problem Space
Privacy and trust
As a user becomes more dependent on a pervasive computing system, it becomes more knowledgeable
about that user’s movements, behavior patterns and habits.
Exploiting this information is critical to successful proactivity and self-tuning (invisibility), but also
may cause serious loss of privacy.
User must trust the infrastructure to a considerable extent and the infrastructure needs to be confident
of the user’s identity and authorization level before responding to his/her requests.
It is a difficult challenge to establish this mutual trust in a manner that is minimally intrusive and thus
preserves invisibility.
Example Projects
Pervasive computing projects have emerged at major universities and in industry:
Project Aura (Carnegie Mellon University)
Oxygen (Massachusetts Institute of Technology)
Portalano (University of Washington)
Endeavour (University of California at Berkeley)
Place Lab (Intel Research Laboratory at Seattle)
Example Projects : Project Aura (4)
The Airport Scenario
Jane wants to send e-mail from the airport before her flight leaves.
She has several large enclosures
She is using a wireless interface
She has many options.
Simply send the e-mail
Is there enough bandwidth?
Compress the data first
Will that help enough?
Pay extra to get reserved bandwidth
Are reservations available?
Send the “diff” relative to older file
Are the old versions around?
Walk to a gate with more bandwidth
Where is there enough bandwidth?
How do we choose automatically?
Example Projects : Project Aura (5)
The Mobile Task Scenario
Aura saves Scott’s task.
Scott enters office and gets strong authentication and secure access.
Aura restores Scott’s task on desktop machine and uses a large display.
Scott controls application by voice.
Bradley enters room.
Bradley gets weak authentication, Scott’s access changes to insecure.
Aura denies voice access to sensitive email application.
Scott has multi-modal control of PowerPoint application.
Aura logs Scott out when he leaves the room.
Example Projects : Oxygen
Oxygen (MIT)
Pervasive human-centered computing.
Goal of Oxygen is bringing abundant computation and communication, as pervasive and free as air,
naturally into people's lives.
Example Projects : Oxygen (2)
To support highly dynamic and varied human activities, the Oxygen system must be
pervasive— it must be everywhere, with every portal reaching into the same information base;
embedded— it must live in our world, sensing and affecting it;
nomadic— it must allow users and computations to move around freely, according to their needs;
adaptable— it must provide flexibility and spontaneity, in response to changes in user requirements
and operating conditions;
powerful, yet efficient— it must free itself from constraints imposed by bounded hardware resources,
addressing instead system constraints imposed by user demands and available power or
communication bandwidth;
intentional— it must enable people to name services and software objects by intent, for example, "the
nearest printer," as opposed to by address;
eternal— it must never shut down or reboot; components may come and go in response to demand,
errors, and upgrades, but Oxygen as a whole must be available all the time.
Related Projects: Portalano
Portolano (University of Washington)
An expedition into invisible computing.
Expedition goals:
Connecting the physical world to the world-wide information fabric
Instrument the environment: sensors, locators, actuators
Universal plug-and-play at all levels: devices to services
Optimize for power: computation partitioning, comm. opt.
Intermittent communication: new networking strategies
Get computers out of the way
Don’t interfere with user’s tasks
Diverse task-specific devices with optimized form-factors
Wide range of input/output modalities
Robust, trustworthy services
High-productivity software development
Self-organizing, active middleware, maintenance, monitoring
Higher-level, meaningful services
Related Projects: Portalano (2)
Scenario
Alice begins the day with a cup of coffee and her personalized newspaper.
When her carpool arrives, she switches to reading the news on her handheld display, where she notices
an advertisement for a new 3-D digital camera.
It looks like something that would interest her shutterbug-friend Bob, so Alice asks her address book
to place the call.
Related Projects: Portalano (3)
Scenario (2)
Bob's home entertainment system softens the volume of his custom music file as his phone rings.
Alice begins telling Bob about the camera, and forwards him a copy of the advertisement which pops
up on his home display.
Bob is sold on the product, and after hanging up with her, he asks his electronic shopping agent to
check his favorite photography stores for the lowest price and make the purchase.
Related Projects: Portalano (4)
Scenario (3)
When the camera arrives, Bob snaps some photos of his neighbor's collection of antique Portuguese
navigation instruments.
After reviewing the photo album generated automatically by a web-based service, Bob directs a copy
of his favorite image to the art display in his foyer.
He also sends a pointer to the photo album to Alice and instructs his scheduling agent to set up a lunch
date so that he can thank her for the suggestion.
Other Scenarios
Buy drinks by Friday (1)
Take out the last can of soda
Swipe the can’s UPC label, which adds soda to your shopping list
Make a note that you need soda for the guests you are having over this weekend
Other Scenarios
Buy drinks by Friday (2)
Approach a local supermarket
AutoPC informs you that you are near a supermarket
Opportunistic reminder: “If it is convenient, stop by to buy drinks.”
Other Scenarios
Buy drinks by Friday (3)
- Friday rolls around and you have not bought drinks
- Deadline-based reminder sent to your pager
Other Scenarios
Screen Fridge
Provides:
Video messages
Web surfing
Food management
TV
Radio
Virtual keyboard
Digital cook book
Surveillance camera
Other Scenarios
The Active Badge
This harbinger of inch-scale computers contains a small microprocessor and an infrared transmitter.
The badge broadcasts the identity of its wearer and so can trigger automatic doors, automatic
telephone forwarding and computer displays customized to each person reading them.
The active badge and other networked tiny computers are called tabs.
Other Scenarios
The Active Badge
Other Scenarios
Edible computers: The pill-cam
Miniature camera
Diagnostic device
It is swallowed
Try this with an ENIAC computer!
Other Scenarios
Artificial Retina
Direct interface with nervous system
Whole new computational paradigm (who’s the computer?)
Other Scenarios
Smart Dust
Nano computers that couple:
Sensors
Computing
Communication
Grids of motes (“nano computers”)
PART II
Requirements of computational infrastructure:
failure management.
Security.
Performance.
dependability.
This is an architecture for pervasive computing applications that support multiple devices, such as PCs,
WAP phones, PDA and voice-only phones enabled to access Web servers through voice gate-ways.
The architecture addresses the special problems associated with pervasive computing, including diversity
of devices, markup language and authentication methods.
shows how pervasive computing applications based on this architecture can be secured.
Users have many different devices that look and behave in very different ways.
Examples of several kinds of pervasive computing devices includes WAP phones, PDAs, and voice-
recognition devices.
These devices proving different user interfaces, use different markup languages, use differer.-
communication protocols, and have different ways of authenticating themselves to servers.
Ideally, Web applications that support pervasive computing should adapt to whatever device their users
are using.
Applications must provide content in a form that is appropriate for the user's particular device - WML for
WAP phones, VoiceXML for voice interaction via a voice browser, HTML for PCs, and so on.
If device capabilities differ significantly, the entire interaction between the user and the Web application
has to be tailored : the device's capabilities to provide a good user experience.
A good example for this is access to a Web application from a PC versus access to the same Web
application from a WAP phone.
As the PC has a large screen, it is appropriate to present a substantial amount of information per screen
and it is possible to have many entry fields in a single form with extensive selections
A typical dialog between the PC user and the Web application consists of just a few screens.
When the user accesses the same applica-tion from a WAP phone, only a small amount of information
can be displayed on a single screen, and only a handful of entry fields may be contained in a form;
both input and output have to be reduced to an absolute minimum. Wherever possible, applications
should employ per-sonalization to avoid unnecessary data input or at least provide good suggestions,
A typical dialog between a WAP user and the Web application consists of more screens than the
equivalent dialog with a PC user; at the same time, the amount of data that has to be entered by the user
has to be minimized.
Architectures for pervasive computing applications must not only allow for filtering of unnecessary
information, and for output targeted to different devices, but must also be flexible enough to
accommodate different flows of interaction depending on the user's device.
Given the ever-growing number of pervasive computing devices, scalability of pervasive computing
applications is a very important issue.
Large telecommunication companies expect millions of users to subscribe for some applications, for
example.
Availability is of particular importance in the pervasive computing environment.
Unlike PC users, most users of pervasive computing devices and applications will neither understand nor
accept comments like 'server currently down for maintenance' - if a service is not available when they
need it, they will assume that it does not work, and will stop using the application or switch to another
service provider.
Both issues can be resolved by system topologies that employ parallelism and redundancy to guarantee
scalability and availability. An example of such a topology is shown in Figure.
Scalability and availability can be achieved by running multiple instances of every component that might
become a bottleneck.
Typically the gateways perform tasks that require significant computing power.
WAP gateways, for example, may have to execute the WTLS protocol in the direction of the clients, and
the SSL protocol in the direction of the servers.
for many parallel sessions, requiring computation-intensive decryption and encryption of data. Voice
gateways use voice recognition engines and thus require even more computing power.
A scalable system will use a cluster of gateways for each device type, to which additions, machines can
be added as required.
From the various gateways, a potentially large number of requests flow to the servers that host pervasive
computing Web applications.
Typically the network dispatcher is used to route incoming requests to the appropriate servers, balancing
the load between them.
To support efficient handling of HTTPS, the dispatchers support a mode in which requests originate from
a particular client are always sent to the same server to avoid repeating SSL handshakes.
To assure high availability, pairs of network dispatchers can be used, in which one is active and a back-
up monitors heartbeat of the active dispatcher to take over if a failure occurs.
To allow for central authentication, authorization, and enforcement of access policies, authentication
proxies are used, located in the demilita-rized zone between two firewalls, so that all incoming requests
can flow to application servers only via the authentication proxies.
They check each incoming request to see whether the client from which it originates is already known,
and whether it is allowed to access the desired target function of the Web application according to a
centrally defined policy.
To do so, it needs access to the credentials required for authentication and to the policies for
authorization.
If a request from a new client arrives, the authentication proxy performs client authentication before
letting any request pass through to the application servers.
An authentication proxy may consume significant computing power, e.g. when SSL server authentication
has to be performed for a large number of sessions.
Thus, a cluster of authentication proxies is required for larger systems.
Requests initiated by authenticated clients flow from the authentication proxies to the application servers
behind the inner firewall.
The application code and the presentation functions that make up the Web application front end is
running on these servers.
Here, the requests coming from the clients are received and processed.
To implement a scalable Web application, a cluster of application servers is usually used to which
additional machines can be added when the load increases.
Typically, the front end of a Web application interacts with a back end that hosts persistent data and/or
legacy systems.
Development of pervasive computing Web applications
To implement Web applications, four major kinds of role are typically required in a development team:
business logic designers, user interface designers, application programmers, and experts for existing
legacy data-base and transaction systems.
Business logic designers define the functions to be performed and the application flow.
User interface designers are responsible for application design, defining the look and feel of the Web
application, designing user interaction, and guaranteeing good usability.
Web designers work with technologies such as HTML and JSPs, mostly using high-level visual tools.
Application developers are responsible for implementing the application logic and connectivity to
database and transaction systems in the back end.
Java developers work with technologies such as servlets, EJBs, LDAP, JDBC, etc.
In teams developing pervasive computing applications, an additional role is usually needed - the
pervasive computing specialist, who knows about the capabilities of devices and the infrastructure
required to support pervasive computing applications, such as WAP gateways, voice gateways and
gateways for PDAs.
These people are the experts in tech-nologies such as WML and VoiceXML, which normally cannot be
handled well by traditional Web designers.
Pervasive application architecture
The model-view-controller (MVC) pattern is a good choice when implementing Web applications.
standard mapping of the pattern to servlets, JSPs, and EJBs, where controller is implemented as a
servlet, the model implemented as a secure EJBs, and the views as JSPs.
Pervasive computing applications, however, add an additional level of complexity.
As devices are very different from each other, we can assume that one controller will fit all device
classes. In the MVC pattern the controller encapsulates the dialog flow of an application.
This flow will be different for different classes of devices, such as WAP phone, voice-only phones, PCs,
or PDAs.
Thus, we need different controller for different classes of devices.
To support multiple controllers, we replace the servlet's role to that of a simple dispatcher that invokes
the appropriate controller depending on the type of device being used
MVC Pattern applied to Pervasive Computing Applications
Securing pervasive computing applications
Like traditional Web applications, Web applications supporting pervasive devices have to be secured by
appropriate encryption, authentication, using authorization mechanisms.
The secure pervasive access architecture presented here is designed to process client requests on the
application server in a secure and efficient way.
It addresses user identification, authentication, and authorization of invocation of application depending
on configurable security policies.
Figure shows an example in which the a user accesses a function of a particular Web application from a
WAP phone.
Secure Pervasive Access Architecture
All incoming requests originate from the device connectivity infrastructure.
This infrastructure may include different kinds of gateways that convert device-specific requests to a
canonical form, i.e. HTTP request that may carry information about the device type, the desired language
and the desired reply content type, e.g. HTML,WML,or VoiceXML.
Examples of gateways in the device connectivity layer are voice gateways with remote VoiceXML-
browsers, WAP gateways, and gateways for con-necting PDAs.
An important function that the device connectivity layer must provide is support of session cookies to
allow the application server to associate a session with the device.
The secure access component is the only system component allowed to invoke application functions.
It checks all incoming requests and calls application functions according to security policies stored in a
database or directory.
A particular security state - part of the session state - is reached by authentication of the client using
user-ID and password, public-key client authentication, or authentication with a smart card, for example.
If the requirements for permissions defined in the security policy are met by the current security state of a
request's session, then the secure access layer invokes the requested application function, e.g. a function
that accesses a database and returns a bean.
Otherwise, the secure access component can redirect the user to the appropriate authentication page.
Typically, the secure access component will be implemented as an authentication proxy within a
demilitarized zone as shown earlier.
Finally, the output generated by the application logic is delivered back to the user in a form appropriate
for the device he or she is using. In the
In the Figure , the information to be displayed is prepared by the application logic and passed to the
content-delivery module encapsulated in beans.
The content-delivery module then extracts the relevant part of the information from the bean and renders
it into content that depends on the device type and desired reply content type, for example by calling
appropriate JSPs.
The content-delivery module delivers the content generated in the previous step via the device
connectivity infrastructure that converts canonical responses (HTTP responses) to device-specific
responses, using-appropriate gateways.
For example, if a user accesses the system via a telephone, the voice gateway receives the HTTP
response with VoiceXML content and leads an appropriate 'conversation' with the user, finally resulting
in a new request being sent to the server.
Context Awareness
Context Awareness - State + Surroundings
Context
Who – identity
What – Perceiving the activity
Where - Location – Physical environment, Computational environment
When - Time
Why - Behavior - linked to emotions
Time
Current context – snapshot, Historical context – context across time
Application - Proactive approach
Here is what you did last time
Here is what your friend did last time
Here is what an expert did last time
Key Research issues
Finding context
Representing context
UNIT I
PART II
Pervasive Architecture
Architecture is an abstraction of the system.
Architecture defines the system elements and how they interact.
Architecture suppresses the local information about the elements.
Defines the properties of the components
Provided services, required services, performance characteristics, fault handling, resource usage
Pervasive Architecture
Software components for pervasive computing
Device heterogeneity
Access control
Software Components
The pervasive computing environment forces us to face the need for components and their boundaries
more clearly.
Pervasive services will have to be composed from individual “components” residing in the large number
of heterogeneous computing elements.
The hardware environment itself will force a natural boundary between components. This may be the
most clear-cut definition of a component.
A component will be an independently deployable piece of software that resides on one hardware
element and provides a service element. Of course, there may be more than one component on each
hardware element.
Example – WEB SERVICES
Security
What data do I wish to expose? To whom?
Who can presently access my data?
How can I retract data exposed?
Who am I communicating with?
How do can the privacy of my communication and communication patterns?
Who do I trust as a source of information?
How do I convince others that I am trustworthy?
How to make systems simultaneously secure and usable?
• Establish strong identity
Goal: Cryptographically strong identity to devices (endpoints)
Means: Host Identity Protocol (HIP)
– Identify each communicating device with a cryptographic public key
– Insert the key into the TCP/IP stack
– Assign and manage trust and authority
Goal: Decentralised means for managing authorisation
Means: SPKI and KeyNote2 certificates
Express delegation with signed statements
Eventually integrate to the operating system
– Enable build-up of trust and reputation based on experiences
Goal: Creation of trustworthy behaviour
Means: Micro economic mechanism design
Design the rules for the game
Make unsocial behaviour uneconomical
Device Heterogeneity
The basic premise of pervasive computing—everything connected—guarantees heterogeneity at all
levels: infrastructure, hardware, software, and people.
All kinds of devices must be supported. Perhaps in some specific application scenarios it is possible to
restrict the kinds of devices that are supported but, in general, the environment must anticipate the
existence of a wide variety of devices.
If we consider devices used by the user to interact with the system, they can range from standard ones
such as laptops, PDAs, and phones, to emerging ones such as those embedded in clothing and eyeglasses.
The variety of available devices has several implications. One is the kind of input-output devices: textual
and graphic input-output will not be the only forms of human-machine interaction.
Audio, visual, and other sensory modes of communication will be prevalent. Another implication is the
requirement that the environment must be prepared to adapt to the device currently used by the user.
For example, if the user is requesting information and he is currently driving, the retrieved data should
be relayed to him with an audio message through the car radio.
Access Control
The wide availability of services and the high mobility of users among different environments require the
provision of security mechanisms to ensure the safe usage of services by legitimate users and the
protection of services from unauthorized uses.
Because of the wide range of services, many diverse and flexible security models and mechanisms will
be needed. Either standard security mechanisms will have to be embedded in the environment and used
by all applications or each application will have to build its own security mechanisms. Most likely, a
combination of the two will be needed.
One of the most important aspects of security is access control, to ensure that services are only available
to authorized users and those authorized users are allowed appropriate privileges .
For example, a guest at a hotel may be allowed to print on the hotel’s printer available in the lobby but
not change the contents of the event display in the same lobby.
Single-sign on policy
Securing Pervasive Networks Using Biometrics
Challenges in pervasive computing environments
Computing devices are numerous and ubiquitous
Traditional authentication including login schemes do not work well with so many devices
Proposed Solution
Use biometrics for authentication
At the same time, ensure security of biometric templates in an open environment
Contributions
Propose a biometrics based framework for securing pervasive environment
Implemented a novel scheme for securing biometric data in an open environment using symmetric
hash functions
Aspects of a Pervasive Environment
User Interaction
User interacts with speech, gestures and movements
The sensors and computing devices are ‘aware’ of the user and in the ideal case are also aware of his
‘intent’.
Proactivity
The computing devices should interact and query other devices on Transparency
Technology has to be transparent.
behalf of the user and his intent
Device interaction
Frequent Multiparty interactions
No central authority or third party
Security and Privacy
Consequences of a pervasive network
Devices are numerous, ubiquitous and shared
The network shares the context and preferences of the user
Smart spaces are aware of the location and intent of the user
Security Concerns
Only authorized individuals need to be given access
Authentication should be minimally intrusive
Devices should be trustworthy
Privacy issues
User should be aware of when he is being observed
The user context should be protected within the network
Need to balance accessibility and security
Should be scalable with multiple users operating in the network
Solution: Biometrics?
Definition
Biometrics is the science of verifying and establishing the identity of an individual through
physiological features or behavioral traits.
Examples
Physical Biometrics
Fingerprint
Hand Geometry
Iris patterns
Behavioral Biometrics
Handwriting
Signature
Speech
Gait
Chemical/Biological Biometrics
Perspiration
Skin composition(spectroscopy)
Why Biometrics?
Advantages of biometrics
Uniqueness
No need to remember passwords or carry tokens
Biometrics cannot be lost, stolen or forgotten
More secure than a long password
Solves repudiation problem
Not susceptible to traditional dictionary attacks
General Biometric System
Framework for Authentication/Interaction
Framework for Authentication/Interaction
Framework for Authentication/Interaction
Framework for Authentication/Interaction
Framework for Authentication/Interaction
Speaker Recognition
Framework is Generic
Security of Biometric Data
Issues in biometrics
Biometrics is secure but not secret
Permanently associated with user
Used across multiple applications
Can be covertly captured
Types of circumvention
Denial of service attacks(1)
Fake biometrics attack(2)
Replay and Spoof attacks(3,5)
Trojan horse attacks(4,6,7)
Back end attacks(8)
Collusion
Coercion
Hashing
Hashing
Instead of storing the original password P, a hashed values P’=H(P) is stored instead.
The user is authenticated if H(password) = P’.
It is computationally hard to recover P given H(P)
H() – one way hashing function
Problem with biometrics
Biometric data has high uncertainty
Matching is inexact/probabilistic
Therefore, hashing function should be error tolerant
Biometric Hashing
Fingerprints
Conclusion
Smart spaces and pervasive computing are moving from concepts to implementations
Security has to be incorporated in the design stage
Traditional authentication and access control paradigms cannot scale to numerous and ubiquitous devices
Biometrics serves as a reliable alternative for minimally intrusive authentication
Biometrics solves key management and repudiation problem
Securing biometrics is a major challenge in an open environment
Biometric hashing can be used to create revocable biometric templates
Biometrics
• Access to systems providing significant monetary value, confidential information, or critical applications
must be secured against unautho-rized use.
• User authentication is therefore a key function in any such system. Classical authentication relies on
what you own, what you are, and what you know.
• Typically, Internet applications rely on user identifier (UID) and a password.
• The UID may be in the public knowledge, whereas the pass-word is a secret (what you know) shared by
the user and the system administration.
• Thus, the system can check whether the user is author-ized to use the system.
• However, any person who knows the password can perform user functions.
• The password can be stolen by watching the user enter their personal identification number (PIN), by
capturing data during password transmission, or via access to system administration data.
• A stolen password is hard to detect because nothing is removed from any system.
• GSM mobile phones are protected against unauthorized use through the SIM, a smart card that is issued
by the mobile service provider (what you have) and a PIN chosen by the customer (what you know).
• The PIN is stored and checked in the secure system environment of the SIM and is not transmitted via
unreliable media.
• Intruders must steal the SIM and the PIN in order to act like the authorized user and perform user
func-tions.
• However, many users prefer not to use a PIN because it is inconvenient, and complicated procedures are
required to recover a for gotten PIN and assign a new one
• Biometrics authentication methods rely on what you are.
• A large number of personal characteristics, such as fingerprint, signature, ham geometry, face
recognition, voice recognition, and iris scan, have been proposed.
• Only methods that work with small sensors, e.g. microphone fingerprint sensor, or pen entry panels,
promise near-term applicability of the pervasive computing space.
• Therefore, only authentication using fingerprint, speaker verification, or signature verification is
discussed in the following section.
• Biometrics authentication systems capture the user's characteristic with a sensor, derive characteristic
values, and compare this with known reference.
• The result of the comparison is either 0, if authentication was not successfully performed, or 1, if
authentication was successful.
• In fingerprint verification, the image system extracts the end and the bifurcation points of finger lines,
and uses location and direction as characteristic values for comparison with one or more stored references
.
• Generation of reference values and actual values is subject to distortion.
• The comparison of the data sets is rather complete and introduces additional errors.
• Therefore, there is always the probability that biometrics authentication will fail, causing major
inconvenience to the user.
• The false accept rate (FAR) is the probability that the system will accept the wrong user. The false reject
rate (FRR) is the probability; that the system will reject the correct user.
PART II
Pervasive web Application Architecture
Requirements of computational infrastructure:
• failure management.
• Security.
• Performance.
• dependability.
• This is an architecture for pervasive computing applications that support multiple devices, such as PCs,
WAP phones, PDA and voice-only phones enabled to access Web servers through voice gate-ways.
• The architecture addresses the special problems associated with pervasive computing, including diversity
of devices, markup language and authentication methods.
• shows how pervasive computing applications based on this architecture can be secured.
• Users have many different devices that look and behave in very different ways.
• Examples of several kinds of pervasive computing devices includes WAP phones, PDAs, and voice-
recognition devices.
• These devices proving different user interfaces, use different markup languages, use differrent
communication protocols, and have different ways of authenticating themselves to servers.
• Ideally, Web applications that support pervasive computing should adapt to whatever device their users
are using.
• Applications must provide content in a form that is appropriate for the user's particular device - WML for
WAP phones, Voice XML for voice interaction via a voice browser, HTML for PCs, and so on.
• If device capabilities differ significantly, the entire interaction between the user and the Web application
has to be tailored : the device's capabilities to provide a good user experience.
• A good example for this is access to a Web application from a PC versus access to the same Web
application from a WAP phone.
• As the PC has a large screen, it is appropriate to present a substantial amount of information per screen
and it is possible to have many entry fields in a single form with extensive selections
• Architectures for pervasive computing applications must not only allow for filtering of unnecessary
information, and for output targeted to different devices, but must also be flexible enough to
accommodate different flows of interaction depending on the user's device.
Scalability and availability
• Given the ever-growing number of pervasive computing devices, scalability of pervasive computing
applications is a very important issue.
• Large telecommunication companies expect millions of users to subscribe for some applications, for
example.
• Availability is of particular importance in the pervasive computing environment.
• Unlike PC users, most users of pervasive computing devices and applications will neither understand nor
accept comments like 'server currently down for maintenance' - if a service is not available when they
need it, they will assume that it does not work, and will stop using the application or switch to another
service provider.
• Both issues can be resolved by system topologies that employ parallelism and redundancy to guarantee
scalability and availability. An example of such a topology is shown in Figure.
• Scalability and availability can be achieved by running multiple instances of every component that might
become a bottleneck.
• Typically the gateways perform tasks that require significant computing power.
• WAP gateways, for example, may have to execute the WTLS protocol in the direction of the clients, and
the SSL protocol in the direction of the servers for many parallel sessions, requiring computation-
intensive decryption and encryption of data.
• Voice gateways use voice recognition engines and thus require even more computing power.
• A scalable system will use a cluster of gateways for each device type, to which additions, machines can
be added as required.
• From the various gateways, a potentially large number of requests flow to the servers that host pervasive
computing Web applications.
• Typically the network dispatcher is used to route incoming requests to the appropriate servers, balancing
the load between them.
• To support efficient handling of HTTPS, the dispatchers support a mode in which requests originate from
a particular client are always sent to the same server to avoid repeating SSL handshakes.
• To assure high availability, pairs of network dispatchers can be used, in which one is active and a back-
up monitors heartbeat of the active dispatcher to take over if a failure occurs.
• To allow for central authentication, authorization, and enforcement of access policies, authentication
proxies are used, located in the demilita-rized zone between two firewalls, so that all incoming requests
can flow to application servers only via the authentication proxies.
• They check each incoming request to see whether the client from which it originates is already known,
and whether it is allowed to access the desired target function of the Web application according to a
centrally defined policy.
• To do so, it needs access to the credentials required for authentication and to the policies for
authorization.
• If a request from a new client arrives, the authentication proxy performs client authentication before
letting any request pass through to the application servers.
• An authentication proxy may consume significant computing power, e.g. when SSL server authentication
has to be performed for a large number of sessions.
• Thus, a cluster of authentication proxies is required for larger systems.
• Requests initiated by authenticated clients flow from the authentication proxies to the application servers
behind the inner firewall.
• The application code and the presentation functions that make up the Web application front end is
running on these servers.
• Here, the requests coming from the clients are received and processed.
• To implement a scalable Web application, a cluster of application servers is usually used to which
additional machines can be added when the load increases.
• Typically, the front end of a Web application interacts with a back end that hosts persistent data and/or
legacy systems.
Development of pervasive computing Web applications
• To implement Web applications, four major kinds of role are typically required in a development team:
business logic designers, user interface designers, application programmers, and experts for existing
legacy data-base and transaction systems.
• Business logic designers define the functions to be performed and the application flow.
• User interface designers are responsible for application design, defining the look and feel of the Web
application, designing user interaction, and guaranteeing good usability.
• Web designers work with technologies such as HTML and JSPs, mostly using high-level visual tools.
• Application developers are responsible for implementing the application logic and connectivity to
database and transaction systems in the back end.
• Java developers work with technologies such as servlets, EJBs, LDAP, JDBC, etc.
• In teams developing pervasive computing applications, an additional role is usually needed - the
pervasive computing specialist, who knows about the capabilities of devices and the infrastructure
required to support pervasive computing applications, such as WAP gateways, voice gateways and
gateways for PDAs.
• These people are the experts in tech-nologies such as WML and VoiceXML, which normally cannot be
handled well by traditional Web designers.
Pervasive application architecture
• The model-view-controller (MVC) pattern is a good choice when implementing Web applications.
• standard mapping of the pattern to servlets, JSPs, and EJBs, where controller is implemented as a
servlet, the model implemented as a secure EJBs, and the views as JSPs.
• Pervasive computing applications, however, add an additional level of complexity.
• As devices are very different from each other, we can assume that one controller will fit all device
classes. In the MVC pattern the controller encapsulates the dialog flow of an application.
• This flow will be different for different classes of devices, such as WAP phone, voice-only phones, PCs,
or PDAs.
• Thus, we need different controller for different classes of devices.
• To support multiple controllers, we replace the servlet's role to that of a simple dispatcher that invokes
the appropriate controller depending on the type of device being used
MVC Pattern applied to Pervasive Computing Applications
Securing pervasive computing applications
• Like traditional Web applications, Web applications supporting pervasive devices have to be secured by
appropriate encryption, authentication, using authorization mechanisms.
• The secure pervasive access architecture presented here is designed to process client requests on the
application server in a secure and efficient way.
• It addresses user identification, authentication, and authorization of invocation of application depending
on configurable security policies.
• Figure shows an example in which the a user accesses a function of a particular Web application from a
WAP phone.
Secure Pervasive Access Architecture
• All incoming requests originate from the device connectivity infrastructure.
• This infrastructure may include different kinds of gateways that convert device-specific requests to a
canonical form, i.e. HTTP request that may carry information about the device type, the desired language
and the desired reply content type, e.g. HTML,WML,or VoiceXML.
• Examples of gateways in the device connectivity layer are voice gateways with remote VoiceXML-
browsers, WAP gateways, and gateways for con-necting PDAs.
• An important function that the device connectivity layer must provide is support of session cookies to
allow the application server to associate a session with the device.
• The secure access component is the only system component allowed to invoke application functions.
• It checks all incoming requests and calls application functions according to security policies stored in a
database or directory.
• A particular security state - part of the session state - is reached by authentication of the client using
user-ID and password, public-key client authentication, or authentication with a smart card, for example.
• If the requirements for permissions defined in the security policy are met by the current security state of a
request's session, then the secure access layer invokes the requested application function, e.g. a function
that accesses a database and returns a bean.
• Otherwise, the secure access component can redirect the user to the appropriate authentication page.
• Typically, the secure access component will be implemented as an authentication proxy within a
demilitarized zone as shown earlier.
• Finally, the output generated by the application logic is delivered back to the user in a form appropriate
for the device he or she is using. In the