Context and LocationAware Encryption for Pervasive Computing Environments

1
Context and Location-Aware Encryption for
Pervasive Computing Environments

• Jalal Al-Muhtadi Raquel Hill
• Roy Campbell Dennis Mickunas

University of Illinois at Urbana-Champaign
2
Outline

• Background
• Motivation
• Assumptions
• System Overview
• Gaia Context File System
• Gaia Publish/Subscribe Channel
• Implementation Evaluation
• Conclusion Future Work

3
Active Spaces
Physical space coordinated by a responsive
context-based software infrastructure that
enhances the ability of mobile users to interact
and configure their physical and digital
environment seamlessly.
4
Introducing Gaia

• Gaia OS, a distributed meta-operating system that
  runs on top of existing operating systems.
• Provides infrastructure and core services for
  constructing general-purpose ubiquitous computing
  environments.

hospital
home
office
car
campus
5
Introducing Gaia
MS Windows, OS X, Linux, Symbian OS, Mobile
Windows, etc.
6
Motivation

• Goal defining an efficient authorization
  mechanism which leverages contextual information
• context information changing frequently ?
  expensive re-keying ?

7
Motivation

• Security in pervasive computing is essential
• Major barrier to real-world deployment
• New computing paradigm ? new challenges
• Integration of digital physical infrastructures
  
• Context Location Awareness
• Context and Location Awareness as an additional
  parameter to security

8
Scenarios

• Active Space
• only provide services to devices inside the space
• Classroom
• Hospital Scenario
• authorized nurses inside specific hospital units
  (intensive care, x-ray room, nursery)
• Military Scenarios
• reveal next plan only when soldier arrives at
  destination

9
Gaia
a framework to store update location info in
real-time aggregates location info from various
devices distributed components
MS Windows, OS X, Linux, Symbian OS, Mobile
Windows, etc.
10
Assumptions

• Existence of a trusted infrastructure
• Active Space consists of a plethora of machines
  and services, some are trusted (Kernel services)
• Infeasibility to forge location data
• Tamper-resistant hardware certified location
  data
• Cryptography has much less overhead than access
  control
• Access control requires reference monitors to
  check all accesses ? expensive for mobile
  devices!
• We will focus on Location-based encryption

11
System Overview

• Gaia Context File System (CFS)
• Context-Aware file system
• Aggregates related material from different mount
  points
• Trigger automatic data conversions on-the-fly
• Location and context-based encryption provides
  efficient security

12
Location-Encryption in CFS
13
Location-Encryption in CFS

• Step 1 admin creates an encryption region
• LS creates a private key KR
• LS replies with IDR

14
Location-Encryption in CFS

• When creating a location-encrypted file IDR is
  provided (2)
• Data is sent to a Location Encryptor (LE) (3)
• LE has access to KR ? encrypts the data using KR

15
Location-Encryption in CFS

• When requesting the file the CFS invokes a LV
  object (Location Verifier) (4, 5)
• Iff user is located within region R then decrypt
  data (5)

16
Multi-Layer Encryption

• In some cases, context-based encryption is not
  enough
• e.g. exam scenario
• Introduce Multi-layer encryption
• 1st layer must be peeled off by LS
• 2nd layer must be peeled off by authorized user

17
Gaia Publish/Subscribe Channels

• Gaia Publish/Subscribe Channel
• The underlying communication is facilitated by an
  event channel
• Implemented as publish/subscribe channels
• Provides an efficient technique for dispersing
  events to various entities in the system
• Features asynchronous and decoupled message
  transmission

18
Gaia Publish/Subscribe Channels

• P publishes information
• EB is responsible for creating the channel and
  managing access for it
• ex. museums
• Subscribers try to peel off both layers

19
Implementation

• Implemented the different components in a
  prototype Active Space
• services require physical location in the space
• light control etc.
• Use of Bluetooth discovery for approximate
  location capturing
• Use of a 2-layer encryption to access
  location-restricted services

20
Crypto Performances on some Gaia Devices
21
Latency in Location-Aware Publish/Subscribe
Channel
Latency (ms)
No. of subscribers
22
Challenges Future Work

• Preventing Relay Attacks
• difficult to solve.
• Maybe some restrictions can be introduced
• Expanding the mechanism to accommodate groups
• Only when k of n people are under a specific
  context ? access is granted
• (use of threshold cryptography)

23
Conclusions

• The need to accommodate contextual information
  into security
• We presented an efficient authorization mechanism
  that leverages contextual information
• Provided a prototype implementation

24
Thank you! Any questions?