Secure context-awareness in ubiquitous computing

Secure context-awarenessin ubiquitous computing

Ville Seppä[email protected]

TLT-2656 Special Course on Networking

Contents

• Research paper overview– Suomalainen, J., Hyttinen, P., & Tarvainen, P. (2010).

Secure information sharing between heterogeneousembedded devices. Proceedings of the FourthEuropean Conference on Software ArchitectureCompanion Volume - ECSA ’10

• Application design project– Context information from mobile device hardware

20.12.2012TLT-2656 Assignment 2

SMART SPACE SECURITY

Research Paper overview: “Secure information sharingbetween heterogeneous embedded devices”


Challenge in smart spaces

• One of the key challenges is security• Heterogenous devices use various security

measures– How to ensure sufficient security will be maintained

when giving away information?– Constrained devices cannot make complex

encryption/decryption• Mobile devices move between environments

– How to ensure that devices can communicate indifferent environments?


Their proposed solution

• Novel security architecture that guaranteessecure information sharing between deviceswithout a directly compatible securitymechanism– Features controlling and monitoring confidentiality,

integrity, authenticity and access control• Security profiles for measuring and mapping

security level of connections


Smart space securityarchitecture


Sour

ce:S

uom

alai

nen,

J.,H

yttin

en,P

.,&

Tarv

aine

n,P.

(201

0).S

ecur

ein

form

atio

nsh

arin

gbe

twee

nhe

tero

gene

ous

embe

dded

devi

ces.

Pro

ceed

ings

ofth

eFo

urth

Eur

opea

nC

onfe

renc

eon

Sof

twar

eA

rchi

tect

ure

Com

pani

onV

olum

e-E

CS

A’1

0

Architecture

• The architecture is an extension of Smart-M3architecture

• RDF Information Base Solution (RIBS) is aSIB based on Smart-M3 implementation

• Security administrators (and monitors) havebeen added– KPs authenticate with credentials (given when first

joining smart space) to access information– Desired security level stated in policy directive is

enforced by the security components20.12.2012TLT-2656 Assignment 7

Authorization elements


Source: Suomalainen, J., Hyttinen, P., & Tarvainen, P. (2010). Secure information sharing between heterogeneous embedded devices.Proceedings of the Fourth European Conference on Software Architecture Companion Volume - ECSA ’10

Access control

• Access control is done by restricting access tocertain information to a certain security level– Security level does not imply specific technologies

• Virtual Smart Spaces can be created forprivate space containers


Key points

• Not all devices support all security mechanisms,but in smart spaces, devices should be able tocommunicate securely– Sufficient security level is more important than

the use of specific technologies• Administrator of security configurations is

usually non-expert– Security levels must be simple but powerful

enough


APPLICATION DESIGNSmart-M3 Application Design Project


Scenario

• Adapting mobile application and device behavior tocontext– Network optimization based on battery power

• Context information can be received from manydevices and context information created on the mobiledevice can be sent to others

• Each KP gathers relevant context and makesdecisions based on it

• Higher-level behavioral context can be reasoned fromlow-level technical context– User is sleeping vs. low movement and light sensor values…


Application layout

• Focus on mobile devices (Linux, Android, Qt/Maemo)– Device platform (OS) has its own producer KP,

publishing context information– Each application can have their own consumer KP,

subscribing to context information and reasoning with it• Users affect the environment of the device which

causes applications to adapt to the context• Focus on primary-phone-centric smart space where

mostly a single user has only one device most of thetime


Architecture


Ontology


Ontology

• Ontology enables application and devicevendors to share (and understand)information, even to other devices and SIBs

• Ontology can be expanded to have moreabstract, higher-level properties and classesreasoned from lower-level ones


Knowledge Processor design

• Mobile device KP– Context information from QtMobility, Linux file system

/proc or D-Bus on Nokia N900– Publishes information to SIB on a Linux PC

• Mobile application KP– Retrieves information from SIB– Adapts behavior (e.g. sync rate of information to a

cloud service) based on information and simple user-specified rules


Secure context-awareness in ubiquitous computing

Software

Transcript of Secure context-awareness in ubiquitous computing