Part IV : Liability Chapter 15: Security for Ubiquitous Computing

1
Part IV LiabilityChapter 15 Security for
Ubiquitous Computing

• Tobias Straub, Andreas Heinemann

2
Introduction Motivation

• UC features (not meant to be complete)
• large number of peers
• spontaneous and autonomous interaction
• a priori unknown communication partners
• no or just limited established security
  infrastructure (e.g., PKI)
• rich diversity of UC settings and applications
• Virgil Gligor, 2005
• From the Internet where processing is free and
  physically protected, but communication is not
• to UC where neither processing nor communication
  is free and physically protected

3
UbiComp changes our world

• today
• tomorrow

Common approaches
Attacker
PC
Printer
Trusted device
known, trusted device
Attacker
new, distributed, attacks
Various/new monitoring Capabilities. Privacy at
risk
?
Drucker1
Printing
Computer
various infrastructures services, unknown
networks, etc.
Layout
PDA
PDA
ME
Billing
Laptop
Virus-Scanner
Handy
virtual printerpart of infrastructure
different levels of trust
4

• FOUR UC SETTINGS

5
UC setting 1 Mobile Computing

• Mobile Computing
• supports mobile users with connectivity and
  access to services and backend systems while
  being on the move (aka nomadic computing)
• relies on a given infrastructure (802.11 WiFi,
  GSM, UMTS, etc.)
• user needs to register with a provider
• access is controlled by provider
• closed group of users
• no user anonymity
• physical threat if device is mobile.
• 4.973 laptops, 5.939 Pocket PCs, and a 63.135
  mobile phones lost or forgotten in taxis in
  London within 6 monthsee http//www.laptopical.co
  m/laptops-lost-in-taxi.html
• danger of device owner impersonation
• private business data lost

6
Mobile Computing Scenario
Scenario The Mobile Salesman While on the road,
a salesman needs to regularly download up-to-date
client reports from his companys databases. His
laptop is equipped with several wireless
communication interfaces which can be used to
connect via different service providers depending
on what kind of service/infrastructure is
available. At the clients office, there is a
WiFi network the salesman can access. There are
also some networked printers available for
guests. However, it is unclear to what extent
the infrastructure can be trusted.

• Challenges
• secure communication to backend via insecure
  communication links
• secure storage of internal data on a mobile
  device
• secure device association
• Is there a way to securely send a confidential
  document over the air to a printer located in
  the office?
• Does it help if the salesman selects a printer
  close to him equipped with a secondary
  communication interface?

7
UC setting 2 Ad Hoc Interaction

• Ad Hoc Interaction
• no given infrastructure
• UC devices build the infrastructure on their own
  by establishing temporary, wireless, and ad hoc
  communication links between them
• On application layer spontaneous interaction
  without any central authority that restricts
  interaction/participation, no managed groups
• user device anonymity
• again physical device exposure

8
Ad Hoc Interaction Scenario
Scenario Passive Collaboration in Opportunistic
Networks In an Opportunistic Network, passers-by
exchange information, for example
digital advertisements (Straub Heinemann,
2004), while being co-located. After an
initial configuration, devices interact
autonomously and without users attention.
Information dissemination is controlled by
profiles stored on the users devices. Such a
profile expresses a users interest in and
knowledge about some pieces of information to
share.

• Challenges
• devices, that are a priori unknown to each other,
  communicate.
• whom to trust? (see Chapter 16 Trust II)
• personal data stored on the device and exchanged
  with strangers
• user privacy is at risk

9
UC setting 3 Smart Spaces

• Smart Spaces
• focus on user friendliness user empowerment
• unobtrusive interaction
• use of contextual information
• optional digital IDs in use
• often based on sensing and tracking capabilities
  integrated into the environment
• location privacy issues?

10
Smart Spaces Scenario
Scenario Patient Monitoring In a hospital, all
records of patients are digitally stored and
maintained in a central database. Records are
updated with the results of physical examinations
or continuous monitoring. Husemann and Nidd
(2005) describe a middleware capable of
integrating a wide range of medical analyzers
that have a common wireless interface. Consider
a battery driven heartbeat monitor which is
attached to the body and sends measurements to
the database. The data can be used as well as for
a patient surveillance system that triggers an
alarm in case of an anomaly.

• Challenges
• for new patients, how to unambiguously associate
  the heartbeat monitor with a record?
• how to secure a communication link?
• how to detach a heartbeat monitor from a
  patient's record, after a patient leaves the
  hospital?

11
UC setting 4 Real-Time Enterprises

• Real-Time Enterprises
• effort to leverage UC technology and methods
  within enterprises
• goal have immediate access to comprehensive and
  up-to-date information about processes and
  procedures within an enterprise
• goal close information/media gap

12
Real-Time Enterprise Scenario
Scenario RFID-based Warehouse Management Radio
frequency identification (RFID) offers a variety
of opportunities in tracking goods (see e.g.
Fleisch Mattern (2005)). Suppose all goods
stocked at a warehouse are equipped tagged with
an RFID transponder. With the corresponding
readers integrated into storage racks, the
process of stocktaking can be completely
automated and inventory information is available
in real-time.

• Challenges
• how to circumvent industrial espionage by
  unauthorized RFID tag readout?
• how to circumvent surveillance and tracking of
  humans by unauthorized RFID tag readout?

13

• A TAXONOMY OF UC SECURITY

14
Basic Terminology and Objectives of IT Security

• ASSETS (data, HW) to protect in the four
  scenarios
• confidential documents (Scenario 1)
• an individuals habits and preferences (Scenario
  2),
• medical information (Scenario 3),
• the stock list at a warehouse (Scenario 4).

• Protection Objectives (CIAA)
• Confidentiality (C) refers to the aim of keeping
  pieces of information secret from unauthorized
  access.
• Integrity (I) is the requirement that data is
  safe from changes, be it either accidentally or
  deliberately.
• Authenticity (A) concerns itself with the
  genuineness of messages or the identity of
  entities in a networked system.
• Availability (A) means the provisioning of a
  systems services to its users in a reliable way.

15
UC Characteristics and Associated Risks
characteristics characteristics risks
communication wireless eavesdropping,
communication ad hoc impersonation
communication multi-hop man-in-the-middle attacks,
pervasive nature physical exposure device/data theft, manipulation
pervasive nature limited power supply sleep deprivation torture
pervasive nature traceability privacy violation
16
UC Limitations and Associated Challenges
Limitations Limitations Challenges
resource, infrastructure limitations lack of centralized authority entity authentication
resource, infrastructure limitations lack of centralized authority policy decision
resource, infrastructure limitations limited CPU power, few/no memory, limited power supply algorithm implementation, protocol design
resource, infrastructure limitations user interface limitations trusted path establishment
17

• OVERVIEW OF CRYPTOGRAPHIC TOOLS

18
Symmetric Cryptosystems

• A plaintext is transformed into a ciphertext in
  order to ensure confidentiality between a sender
  (Alice) and a receiver (Bob)
• Alice and Bob need to agree on a shared key and
  an algorithm (3DES, AES, .)
• Symmetric Alice and Bob use the same key for en-
  and decryption
• Kerckhoff (19th century) A cryptosystems
  strength should not be based on the assumption
  that its algorithm is kept secret, but only on
  the attackers uncertainty regarding the key.
• visit http//www.keylength.com for appropriate
  key lengths
• secure key distribution?

19
Asymmetric Cryptosystems and PKI

• avoids key distribution problem
• makes use of different keys for encryption and
  decryption (public and private key)
• Alice encrypts a message for Bob with Bob's
  public key. Bob uses his corresponding private
  key to decrypt a message
• Examples RSA, ElGammal, Elliptic curves
• new problem public key authentication. How does
  Alice know, that a public key PBob is genuine?
• solution digital certificates managed by PKIs

20
Hash Functions Digital Signatures

• Modification detection code (MDC)
• ensures data integrity
• hash function h a function that compresses
  bitstrings of arbitrary finite length to
  bitstrings of fixed length, common 160 bit
• Examples RIPEMD-160, SHA-1
• has to be 2nd preimage resistant Given an input
  x that hashes to h(x), an attacker must not be
  able to find a value y x such that h(y) h(x).
• Message authentication code (MAC)
• hash function secret key shared between sender
  and receiver
• On receipt, Bob knows Message is integer and was
  send by Alice
• Each MDC h can be extended to a MAC in the
  following way On input x, compute h( (k 7 p1)
  h( (k 7 p2) x) ) where k is the key, p1, p2
  are constant padding strings, 7 is the XOR
  operation, and denotes concatenation.
• Digital Signatures
• used for proof of authorship (different to MAC,
  where both Alice and Bob know a shared key)
• often implemented with public key cryptography,
  see RSA signature scheme.

21
Limitations of Cryptography in UC

• Energy consumption is a serious issue in UC

Experiments with a 206 MHz Compaq iPAQ H3670.
Potlapally, Ravi, Raghunathan, and Jha (2003)

• Pocket PCs battery with a 1500 mAh capacity and
  a 5V voltage would have lost 20 of its charge
  after 5000 executions of a DH protocol or 10000
  RSA signatures
• Lightweight cryptography needed (new designs, but
  also new risk and thread analysis)

22

• SAMPLE SOLUTIONS

23
Privacy-Enhancing Technologies (I)

• Blurring data (location based service)

• Avoid static data on all network layers

Application Layer self generated key pairs (X,X-) serve as aliases
TCP/IP dynamic IP Addresses
802.11 WIFI dynamic MAC Addresses

• Suitable for one-hop communication in
  Opportunistic Networks
• cf. Scenario 2

24
Privacy-Enhancing Technologies (II)

• Design Principles for UC environments.
  Langheinrich (2001)
• Notice
• An announcement mechanism that allows users to
  notice the dta collectoin capabilities in their
  environments.
• Choice and Consent
• The user has the choice of allowing or denying
  any kind of data collection (respected by the
  environment)
• Proximity and Locality
• meta information (locality and proximity) for
  collected data should be used by the enviroment
  to enforce access restriction
• Access and Recourse
• easy user access to collected personal
  information
• reports about usage of personal data
• Implemented in pawS. Langheinrich (2002)

25
pawS Architecture. Langheinrich (2002)
26
Fighting DoS Attacks

• Proof-of-Work techniques (PoW)
• idea treat the computational resources of each
  user of a resource or service as valuable
• in order to prevent arbitrarily high usage of a
  common resource by a single user, each user has
  to prove that she has made some effort, i.e.,
  spent computing resources, before she is allowed
  to use the service
• sender provides answer to a computational
  challenge together with message. if verification
  of answer fails, message is discarded
• costs of creating such a proof must be some order
  of magnitude higher than for system setup and
  proof verification.

27
Bootstrapping Secure Communication

• Secure transient association The resurrecting
  duckling security policy
• device authentication in the absence of a central
  and always available authority
• agreement on a shared key by physical device
  contact. Simple to understand for a user and
  involved devices are non-ambiguous
• Two devices involved. Roles
• a slave (or duckling) obeys a master
• a master (or mother duck) controls a slave
• Two states of a slave

28
Four formal principles of theresurrecting
duckling security policy - (Stajano, 2002)

• Two State principle
• imprintable or imprinted.
• In the imprintable state, anyone can take it
  over. In the imprinted state, it only obeys its
  mother duck.
• Imprinting principle
• The transition from imprintable to imprinted,
  known as imprinting, happens when the mother
  duck, sends an imprinting key to the duckling.
  This must be done using a channel whose
  confidentiality and integrity are adequately
  protected.
• The mother duck must also create an appropriate
  backup of the imprinting key.
• Death principle
• The transition from imprinted to imprintable is
  known as death. It may occur under a very
  specific circumstance (particular variant) of the
  model
• death by order of the mother duck.
• death by old age after a predefined time
  interval.
• death on completion of a specific transaction.
• Assassination principle
• The duckling must be constructed in such a way
  that it will be uneconomical for an attacker to
  assassinate it, i.e., to cause the duckling s
  death artificially in circumstances other than
  the one prescribed by the Death principle of the
  policy.

29
Out-of-Band Channels in UC

• UC environments may feature a rich set of
  out-of-band channels in order to bootstrap
  communication, e.g.
• Infrared light
• Dynamically generated 2D barcodes
• location limited audio channel
• biometric data
• ultrasonic
• LED and a pushbutton
• Example Proximity-Based Authentication for
  Windows Domains (Aitenbichler Heinemann, 2007)

30
RFID Clipped Tag (IBM)

• IBMs Clipped Tag is giving consumers the
  ability to simply opt out and protect their
  privacy by tearing or scratching off the RFID
  antennae, eliminating the tags ability to
  communicate with other devices or systems.

31
Literature

• Virgil Gligor (2005) Cryptolite How Lite Can
  Secure Crypto Get? Information Security Summer
  School.
• Straub Heinemann (2004). An Anonymous Bonus
  Point System For Mobile Commerce Based On
  Word-Of-Mouth Recommendation. In, Applied
  Computing 2004. Proceedings of the 2004 ACM
  Symposium on Applied Computing (pp. 766773). New
  York, ACM Press.
• Husemann and Nidd (2005). Pervasive Patient
  Monitoring Take Two at Bedtime. ERCIM News,
  7071.
• Fleisch Mattern (2005). Das Internet der Dinge
  Ubiquitous Computing und RFID in der Praxis.
  Springer.
• Potlapally, Ravi, Raghunathan, and Jha (2003).
  Analyzing the energy consumption of security
  protocols. In Proc. ISPLED03 (pp. 3035).
• Langheinrich (2001). Privacy by Design
  Principles of Privacy-Aware Ubiquitous Systems.
  In G. D. Abowd, B. Brumitt, S. A. Shafer
  (Eds.), Ubicomp (Vol. 2201, p. 273-291).
  Springer.
• Langheinrich (2002). A Privacy Awareness System
  for Ubiquitous Computing Environments. In G.
  Borriello L. E. Holmquist (Eds.), Ubicomp (Vol.
  2498, pp. 237245). Springer.
• Stajano (2002). Security for Ubiquitous
  Computing. John Wiley Sons.
• Aitenbichler Heinemann, 2007. Proximity-Based
  Authentication for Windows Domains. to be
  published at UbiComp 07. WS on Security for
  Spontaneous Interaction