WAWC’08 Security & Privacy in a Ubiquitous Screen Were Oyomno & Pekka Jäppinen 21.08.2008.

WAWC’08

Security & Privacy in a Ubiquitous Screen

Were Oyomno & Pekka Jäppinen

21.08.2008

Oyomno & Jäppinen21.08.2008

Security & Privacy in Ubiquitous Information screen

Outline

1. Background

2. Motivational concerns

3. Vulnerabilties & mitigation

1. Evaluations

1. Conclusion



Background

• Information screens• Billboards, cafeterias, terminals, malls, firms .. • Static, predefined, repeated, rushed, uncustomised

infor• ME, Digital Aura

• Ubicomp• Mark Weiser• Embeded inteligence, Context-Awareness• Proliferation of digital inteligence



Background (2)

PPPP PP

PR

PP



Motivational concerns

• Right, accurate, up-to-date, timely (15 sec) infor

• Proliferation of mobile devices & Bluetooth– Canalys(2008), Gatner(2005)

• Constraint devices

• Personal information handling

• Malicious entities



Vulnerabilties & mitigation (1)




• Cryptographic mitigations– Eavesdropping– Keys establishment & exchange– Rogue AP, MITM & impersonations– Integrity– Elliptic Curves Cryptosystems (ECC)




• Ubicomp perspective– Privacy perceptions– Keys establishment & exchange

• Non crypto mitigations– Tracking, hotlisting & profilling– Anonymity– Access control with ”faces & masks”– Adjustable accuracy




PR



Evaluation

• Performance– N770 PDA 252Mhz - 64MB RAM

– P III Notebook 1133Mhz – 1GB RAM

– AMD Athlon 1700+ CPU – 757.4MB RAM

– Bluetooth radio v1.2 (10m) & v2.0 (100m)



Evaluation (2)

00

3939

3939

3939

3939

3939

390

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

0.0000

5.0000

10.0000

15.0000

20.0000

25.0000

30.0000

35.0000

00

3939

3939

3939

3939

3939

390

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

0.0000

5.0000

10.0000

15.0000

20.0000

25.0000

30.0000

35.0000

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

39

0.0000

0.5000

1.0000

1.5000

2.0000

2.5000

3.0000

3.5000

4.0000

serviceQueryTime

fetchTime

entireRunTime

Insecure screen implemenationNotebook BTv2.0 - D esktop BTv1.2

Message s izes in bytes

Tran

smis

sion

tim

e in

sec

onds



Evaluation (3)

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

3939

0.0000

0.5000

1.0000

1.5000

2.0000

2.5000

3.0000

3.5000

4.0000

4.5000

5.0000

Tran

smis

sion

tim

e in

sec

onds


serviceQueryTime

fetchTime

entireRunTime

Insecure screen implementationD esktop BTv1.2 - N770



Evaluation (4)

208222

223207

205222

223208

207207

222208

208208

207205

222205

205208

207207

208207

222208

222207

207207

205205

222222

223222

222223

207222

223222

205222

223205

207207

223223

207208

223205

207207

0.0000

1.0000

2.0000

3.0000

4.0000

5.0000

6.0000serviceQueryTime

fetchTime

hashComputationTime

hashComparisonTime

decryptionTime

entireRunTime


Tran

smis

sion

tim

e in

sec

onds

Secure screen implementationNotebook BTv2.0 - D esktop BTv1.2



Evaluation (5)

223207

223206

208208

207223

207224

208208

223207

224224

223207

207207

223206

223224

208207

208207

208206

223223

206223

207207

207223

207206

223223

208223

223207

207207

223223

207223

207207

0.0000

5.0000

10.0000

15.0000

20.0000

25.0000

30.0000

Tran

smis

sion

tim

e in

sec

onds


serviceQueryTime

fetchTime

hashComputationTime

hashComparisonTime

decryptionTime

entireRunTime

Secure screen implementationD esktop BTv1.2 - N770



Evaluation (4)

• Crypto evaluation– Part (i)

• PKI

– Part (ii)• Certificate

– Part (ii)• Attacking ECC



Conclusion

• Complex personal infor & handling

• Ploriferation mobile devices & ubiquity

• Robust security

• Way forward– Ontologies, sizes & anonymous BD_ADDR



References

• Ben Wood, Carolina Milanesi, Ann Liang, Hugues De La Vergne, Tuong Huy Nguyen, and Nahoko Mitsuyama. Forecast: Mobile terminals, worldwide, 2000-2009. Technical report, Gatner Research, 2005.

• Adam Greenfield. Everyware, The dawning age of ubiquitous computing, volume 1.New Riders, 1 edition, 2006.

• Mark Weiser. The computer for the 21st century. In Scientific American Journal, pages 94 – 104, New York, NY, USA, 1991. ACM.

• Pekka Jäppinen. Mobile Electronic Personality. PhD thesis, Lappeenranta University Of Technology, 2004.

• Ian F. Blake, Gadiel Seroussi, and Nigel P. Smart. Advances in Elliptic Curve Cryptography, volume 1. Cambridge University Press., 2 edition, 2005

• A. Lugmayr, T. Saarinen, and J.-P. Tournut. The digital aura - ambient mobile computer systems. Parallel, Distributed, and Network-Based Processing, 2006. PDP 2006. 14th Euromicro International Conference on, 1(1):7 pp.–, 2006.

WAWC’08 Security & Privacy in a Ubiquitous Screen Were Oyomno & Pekka Jäppinen 21.08.2008.

Documents

Transcript of WAWC’08 Security & Privacy in a Ubiquitous Screen Were Oyomno & Pekka Jäppinen 21.08.2008.