Security Infrastructure for

Context-Aware Middleware

By L.X.Hungu-Security Group

2005.09.16

2

Agenda Security Group introduction Fundamental Challenges Proposed Security model Working Plan

3

uSecurity Group Introduction

Le Xuan Hung, PhD Zhung Yonil, PhD Yuan Weiwei, PhD

Hassan Jameel, MS Pho Duc Giang, MS Nguyen Ngoc Diep, MS Tran Van Phuong, MS

Prof. M. Kaykobad,Advisor

Prof. S.Y.Lee,Advisor

Riaz Ahmed Shaikh, PhD

4

Fundamental challenges to secure pervasive computing The need to integrate the socio-technical

perspective: Related to usability, confidence (trust) in security techs Related to the broader sociological, cognitive, economic

and legal aspects of our lives Recognize the different personas and roles (e.g. prof,

student, …) Breakdown of classical perimeter security

and the need to support trust relationships Firewall to enforce security, pre-registered

authentication are not suitable User community is anonymous and constantly changing

5

Fundamental challenges to secure pervasive computing (2) Balancing non-intrusive and security strength

needed to shift away from classical and intrusive security scheme (e.g. explicit user input such as password) to securely and automatically sense and exchange seamlessly.

Enable single-step authentication to multiplications and stove-piped systems

Context awareness protocols and infrastructure required to sense, gather, and

organize contextual information in secure manner. Mobility, adaptability, and dynamism

a user may be mobile, interact with multiple devices and access multiple applications.

the user may also be disconnected from home network.

6

Fundamental challenges to secure pervasive computing (3) Resource constrained operation

CPU power, energy, memory, etc. Limit cryptography operations, security protocol and

security mechanism. Balancing security and others tradeoffs

Ubicomp is composed of diverse applications, usage scenarios, and data handling demands.

Thus the central challenge is to diverse security models along with supporting architectures, protocols that can provide tunable tradeoff.

7

Interactions in Context-Aware Middleware

•Users and Mobile Devices

•Administrating•Resource access

•Services•Service lookup & delivery

•Applications •Contextual information, services request / response•Resource access

•Sensing Devices•Providing context, sensing data

8

Securing Ubiquitous Environment with SiCAMOur Solution: SiCAMSecurity infrastructure for Context-Aware Middleware

•Light-weight Cryptography

•Light-weight Cryptography•IDS Agents

•Light-weight Cryptography•IDS Agents•Others -Secure Sensing, Routing, Aggregation -Key Management -etc.

9

Proposed Security Infrastructure

1

1

1

2

56

7

4

HassanRiazWeiweiHungGiangDiepPhuong

1234567

4

1

10

Proposed Security Infrastructure (2) Access Control

Core technology to enforce security and policies

Context-based Access Control Provide both MAC and DAC (Mandatory and

Discretion Access Control) Can be broken down into 3 process

Identification: users recognition (wearable devices, voice/face recognition, badgeID, etc)

Authentication: verify identification Authorization: ‘yes/no’ decision whether user can

access resources and services

11

Proposed Security Infrastructure (3) Inference Engine

Intelligent part of SiCAM Compute and provide level of confidence to

authentication Consulting authorization: evaluate queries from

applications whether a certain entity is allow to access a certain resource

Composed of Privacy: sensitive, personal data that is explicitly

exchanged, that is ‘automatically sensed’ Trust management: provide trust level of uncertainty

entities Intrusion detection: detecting intruder, malfunction

entities…

12

Proposed Security Infrastructure (4) Inference Engine

Can access all authentication policy, access control policies

Can get context from difference provider of Context-aware middleware

Queries various context provider Can access to context provider lookup service

to look up various context providers Authentication of various people

13

Ongoing work General Tutorial Presentation (weekly)

In progress (60%) Security Infrastructure design

Proposed general architecture Verifying and revising

Working on paper: Trust Model for Ubiquitous Environment, to submit to AINA’06

14

Paper work Hung Le Xuan, Sungyoung Lee and Young-Koo Lee, "A Key-

Exchanging Scheme for Sensor Networks", The 2005 IFIP International Conference on Intelligence in Communication Systems (INTELLCOMM'05), Canada. October 17-19, 2005

Hassan Jameel, Sungyoung Lee and Young-Koo Lee “A Secret Sharing Scheme for Preventing the Cheaters from Acquiring the Secret” submitted to SKLOIS Conference on Information Security and Cryptology

Hassan Jameel, Sungyoung Lee and Young-Koo Lee “Secure Information Exchange in a Mobile-to-Grid Middleware Environment” submitted to 3rd International IEEE Security in Storage Workshop

Hassan Jameel, Hung Le Xuan, Sungyoung Lee and Young-Koo Lee “A Vector Space Based Trust Evaluation Model for Ubiquitous Systems”3rd International IEEE Security in Storage Workshop

15

Future Plan End of this year

Complete infrastructure design and API Publish technical report

Middle 2006 Implementation Prototype and testbed

Ultimate Goals Commercialize source code. 15 SCI papers 3 SCI Journals