O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Secure context-awareness in ubiquitous computing

281 visualizações

Publicada em

A presentation on information security in smart spaces. Presented at a post-graduate seminar course.

Publicada em: Software
  • Entre para ver os comentários

  • Seja a primeira pessoa a gostar disto

Secure context-awareness in ubiquitous computing

  1. 1. Secure context-awareness in ubiquitous computing Ville Seppänen ville.t.seppanen@tut.fi TLT-2656 Special Course on Networking
  2. 2. Contents • Research paper overview – Suomalainen, J., Hyttinen, P., & Tarvainen, P. (2010). Secure information sharing between heterogeneous embedded devices. Proceedings of the Fourth European Conference on Software Architecture Companion Volume - ECSA ’10 • Application design project – Context information from mobile device hardware 20.12.2012TLT-2656 Assignment 2
  3. 3. SMART SPACE SECURITY Research Paper overview: “Secure information sharing between heterogeneous embedded devices” 20.12.2012TLT-2656 Assignment 3
  4. 4. Challenge in smart spaces • One of the key challenges is security • Heterogenous devices use various security measures – How to ensure sufficient security will be maintained when giving away information? – Constrained devices cannot make complex encryption/decryption • Mobile devices move between environments – How to ensure that devices can communicate in different environments? 20.12.2012TLT-2656 Assignment 4
  5. 5. Their proposed solution • Novel security architecture that guarantees secure information sharing between devices without a directly compatible security mechanism – Features controlling and monitoring confidentiality, integrity, authenticity and access control • Security profiles for measuring and mapping security level of connections 20.12.2012TLT-2656 Assignment 5
  6. 6. Smart space security architecture 20.12.2012TLT-2656 Assignment 6 Source:Suomalainen,J.,Hyttinen,P.,&Tarvainen,P.(2010).Secureinformation sharingbetweenheterogeneousembeddeddevices.ProceedingsoftheFourth EuropeanConferenceonSoftwareArchitectureCompanionVolume-ECSA’10
  7. 7. Architecture • The architecture is an extension of Smart-M3 architecture • RDF Information Base Solution (RIBS) is a SIB based on Smart-M3 implementation • Security administrators (and monitors) have been added – KPs authenticate with credentials (given when first joining smart space) to access information – Desired security level stated in policy directive is enforced by the security components 20.12.2012TLT-2656 Assignment 7
  8. 8. Authorization elements 21.12.2012TLT-2656 Assignment 8 Source: Suomalainen, J., Hyttinen, P., & Tarvainen, P. (2010). Secure information sharing between heterogeneous embedded devices. Proceedings of the Fourth European Conference on Software Architecture Companion Volume - ECSA ’10
  9. 9. Access control • Access control is done by restricting access to certain information to a certain security level – Security level does not imply specific technologies • Virtual Smart Spaces can be created for private space containers 21.12.2012TLT-2656 Assignment 9
  10. 10. Key points • Not all devices support all security mechanisms, but in smart spaces, devices should be able to communicate securely – Sufficient security level is more important than the use of specific technologies • Administrator of security configurations is usually non-expert – Security levels must be simple but powerful enough 20.12.2012TLT-2656 Assignment 10
  11. 11. APPLICATION DESIGN Smart-M3 Application Design Project 20.12.2012TLT-2656 Assignment 11
  12. 12. Scenario • Adapting mobile application and device behavior to context – Network optimization based on battery power • Context information can be received from many devices and context information created on the mobile device can be sent to others • Each KP gathers relevant context and makes decisions based on it • Higher-level behavioral context can be reasoned from low-level technical context – User is sleeping vs. low movement and light sensor values… 20.12.2012TLT-2656 Assignment 12
  13. 13. Application layout • Focus on mobile devices (Linux, Android, Qt/Maemo) – Device platform (OS) has its own producer KP, publishing context information – Each application can have their own consumer KP, subscribing to context information and reasoning with it • Users affect the environment of the device which causes applications to adapt to the context • Focus on primary-phone-centric smart space where mostly a single user has only one device most of the time 20.12.2012TLT-2656 Assignment 13
  14. 14. Architecture 21.12.2012TLT-2656 Assignment 14
  15. 15. Ontology 21.12.2012TLT-2656 Assignment 15
  16. 16. Ontology • Ontology enables application and device vendors to share (and understand) information, even to other devices and SIBs • Ontology can be expanded to have more abstract, higher-level properties and classes reasoned from lower-level ones 20.12.2012TLT-2656 Assignment 16
  17. 17. Knowledge Processor design • Mobile device KP – Context information from QtMobility, Linux file system /proc or D-Bus on Nokia N900 – Publishes information to SIB on a Linux PC • Mobile application KP – Retrieves information from SIB – Adapts behavior (e.g. sync rate of information to a cloud service) based on information and simple user- specified rules 20.12.2012TLT-2656 Assignment 17

×