WAWC’08 Security & Privacy in a Ubiquitous Screen Were Oyomno & Pekka Jäppinen 21.08.2008.
-
date post
20-Dec-2015 -
Category
Documents
-
view
213 -
download
0
Transcript of WAWC’08 Security & Privacy in a Ubiquitous Screen Were Oyomno & Pekka Jäppinen 21.08.2008.
Oyomno & Jäppinen21.08.2008
Security & Privacy in Ubiquitous Information screen
Outline
1. Background
2. Motivational concerns
3. Vulnerabilties & mitigation
1. Evaluations
1. Conclusion
Oyomno & Jäppinen21.08.2008
Security & Privacy in Ubiquitous Information screen
Background
• Information screens• Billboards, cafeterias, terminals, malls, firms .. • Static, predefined, repeated, rushed, uncustomised
infor• ME, Digital Aura
• Ubicomp• Mark Weiser• Embeded inteligence, Context-Awareness• Proliferation of digital inteligence
Oyomno & Jäppinen21.08.2008
Security & Privacy in Ubiquitous Information screen
Background (2)
PPPP PP
PR
PP
Oyomno & Jäppinen21.08.2008
Security & Privacy in Ubiquitous Information screen
Motivational concerns
• Right, accurate, up-to-date, timely (15 sec) infor
• Proliferation of mobile devices & Bluetooth– Canalys(2008), Gatner(2005)
• Constraint devices
• Personal information handling
• Malicious entities
Oyomno & Jäppinen21.08.2008
Security & Privacy in Ubiquitous Information screen
Vulnerabilties & mitigation (1)
Oyomno & Jäppinen21.08.2008
Security & Privacy in Ubiquitous Information screen
Vulnerabilties & mitigation (2)
• Cryptographic mitigations– Eavesdropping– Keys establishment & exchange– Rogue AP, MITM & impersonations– Integrity– Elliptic Curves Cryptosystems (ECC)
Oyomno & Jäppinen21.08.2008
Security & Privacy in Ubiquitous Information screen
Vulnerabilties & mitigation (3)
• Ubicomp perspective– Privacy perceptions– Keys establishment & exchange
• Non crypto mitigations– Tracking, hotlisting & profilling– Anonymity– Access control with ”faces & masks”– Adjustable accuracy
Oyomno & Jäppinen21.08.2008
Security & Privacy in Ubiquitous Information screen
Vulnerabilties & mitigation (5)
PR
Oyomno & Jäppinen21.08.2008
Security & Privacy in Ubiquitous Information screen
Vulnerabilties & mitigation (6)
Oyomno & Jäppinen21.08.2008
Security & Privacy in Ubiquitous Information screen
Evaluation
• Performance– N770 PDA 252Mhz - 64MB RAM
– P III Notebook 1133Mhz – 1GB RAM
– AMD Athlon 1700+ CPU – 757.4MB RAM
– Bluetooth radio v1.2 (10m) & v2.0 (100m)
Oyomno & Jäppinen21.08.2008
Security & Privacy in Ubiquitous Information screen
Evaluation (2)
00
3939
3939
3939
3939
3939
390
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
0.0000
5.0000
10.0000
15.0000
20.0000
25.0000
30.0000
35.0000
00
3939
3939
3939
3939
3939
390
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
0.0000
5.0000
10.0000
15.0000
20.0000
25.0000
30.0000
35.0000
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
39
0.0000
0.5000
1.0000
1.5000
2.0000
2.5000
3.0000
3.5000
4.0000
serviceQueryTime
fetchTime
entireRunTime
Insecure screen implemenationNotebook BTv2.0 - D esktop BTv1.2
Message s izes in bytes
Tran
smis
sion
tim
e in
sec
onds
Oyomno & Jäppinen21.08.2008
Security & Privacy in Ubiquitous Information screen
Evaluation (3)
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
3939
0.0000
0.5000
1.0000
1.5000
2.0000
2.5000
3.0000
3.5000
4.0000
4.5000
5.0000
Tran
smis
sion
tim
e in
sec
onds
Message s izes in bytes
serviceQueryTime
fetchTime
entireRunTime
Insecure screen implementationD esktop BTv1.2 - N770
Oyomno & Jäppinen21.08.2008
Security & Privacy in Ubiquitous Information screen
Evaluation (4)
208222
223207
205222
223208
207207
222208
208208
207205
222205
205208
207207
208207
222208
222207
207207
205205
222222
223222
222223
207222
223222
205222
223205
207207
223223
207208
223205
207207
0.0000
1.0000
2.0000
3.0000
4.0000
5.0000
6.0000serviceQueryTime
fetchTime
hashComputationTime
hashComparisonTime
decryptionTime
entireRunTime
Message s izes in bytes
Tran
smis
sion
tim
e in
sec
onds
Secure screen implementationNotebook BTv2.0 - D esktop BTv1.2
Oyomno & Jäppinen21.08.2008
Security & Privacy in Ubiquitous Information screen
Evaluation (5)
223207
223206
208208
207223
207224
208208
223207
224224
223207
207207
223206
223224
208207
208207
208206
223223
206223
207207
207223
207206
223223
208223
223207
207207
223223
207223
207207
0.0000
5.0000
10.0000
15.0000
20.0000
25.0000
30.0000
Tran
smis
sion
tim
e in
sec
onds
Message s izes in bytes
serviceQueryTime
fetchTime
hashComputationTime
hashComparisonTime
decryptionTime
entireRunTime
Secure screen implementationD esktop BTv1.2 - N770
Oyomno & Jäppinen21.08.2008
Security & Privacy in Ubiquitous Information screen
Evaluation (4)
• Crypto evaluation– Part (i)
• PKI
– Part (ii)• Certificate
– Part (ii)• Attacking ECC
Oyomno & Jäppinen21.08.2008
Security & Privacy in Ubiquitous Information screen
Conclusion
• Complex personal infor & handling
• Ploriferation mobile devices & ubiquity
• Robust security
• Way forward– Ontologies, sizes & anonymous BD_ADDR
Oyomno & Jäppinen21.08.2008
Security & Privacy in Ubiquitous Information screen
References
• Ben Wood, Carolina Milanesi, Ann Liang, Hugues De La Vergne, Tuong Huy Nguyen, and Nahoko Mitsuyama. Forecast: Mobile terminals, worldwide, 2000-2009. Technical report, Gatner Research, 2005.
• Adam Greenfield. Everyware, The dawning age of ubiquitous computing, volume 1.New Riders, 1 edition, 2006.
• Mark Weiser. The computer for the 21st century. In Scientific American Journal, pages 94 – 104, New York, NY, USA, 1991. ACM.
• Pekka Jäppinen. Mobile Electronic Personality. PhD thesis, Lappeenranta University Of Technology, 2004.
• Ian F. Blake, Gadiel Seroussi, and Nigel P. Smart. Advances in Elliptic Curve Cryptography, volume 1. Cambridge University Press., 2 edition, 2005
• A. Lugmayr, T. Saarinen, and J.-P. Tournut. The digital aura - ambient mobile computer systems. Parallel, Distributed, and Network-Based Processing, 2006. PDP 2006. 14th Euromicro International Conference on, 1(1):7 pp.–, 2006.