UNIT I PART II

R.S.Ponmagal

Pervasive Architecture

Architecture is an abstraction of the system.

Architecture defines the system elements and how they interact. Architecture suppresses the local information about the elements. Provided services, required services, performance characteristics, fault handling, resource usage

Defines the properties of the components

Pervasive Architecture

Software components computing Device heterogeneity Access control

for

pervasive

Software Components

The pervasive computing environment forces us to face the need for components and their boundaries more clearly. Pervasive services will have to be composed from individual components residing in the large number of heterogeneous computing elements. The hardware environment itself will force a natural boundary between components. This may be the most clear-cut definition of a component.

A component will be an independently deployable piece of software that resides on one hardware element and provides a service element. Of course, there may be more than one component on each hardware element. Example WEB SERVICES

Moore's law: Capacity of microchips doubles in 18 months => capacity grows an order of magnitude (10x) in 5 years

Security

What data do I wish to expose? To whom? Who can presently access my data? How can I retract data exposed? Who am I communicating with? How do can the privacy of my communication and communication patterns? Who do I trust as a source of information? How do I convince others that I am trustworthy? How to make systems simultaneously secure and usable?

1.

Establish strong identity

Goal: Cryptographically strong identity to devices (endpoints) Means: Host Identity Protocol (HIP) Identify each communicating device with a cryptographic public key Insert the key into the TCP/IP stack

2.

Assign and manage trust and authority

Goal: Decentralised means for managing authorisation Means: SPKI and KeyNote2 certificates Express delegation with signed statements Eventually integrate to the operating system

3.

Enable build-up of trust and reputation based on experiences

Goal: Creation of trustworthy behaviour Means: Micro economic mechanism design Design the rules for the game Make unsocial behaviour uneconomical

Device Heterogeneity

The basic premise of pervasive computingeverything connectedguarantees heterogeneity at all levels: infrastructure, hardware, software, and people. All kinds of devices must be supported. Perhaps in some specific application scenarios it is possible to restrict the kinds of devices that are supported but, in general, the environment must anticipate the existence of a wide variety of devices. If we consider devices used by the user to interact with the system, they can range from standard ones such as laptops, PDAs, and phones, to emerging ones such as those embedded in clothing and eyeglasses.

The variety of available devices has several implications. One is the kind of input-output devices: textual and graphic input-output will not be the only forms of human-machine interaction. Audio, visual, and other sensory modes of communication will be prevalent. Another implication is the requirement that the environment must be prepared to adapt to the device currently used by the user. For example, if the user is requesting information and he is currently driving, the retrieved data should be relayed to him with an audio message through the car radio.

Access Control

The wide availability of services and the high mobility of users among different environments require the provision of security mechanisms to ensure the safe usage of services by legitimate users and the protection of services from unauthorized uses. Because of the wide range of services, many diverse and flexible security models and mechanisms will be needed. Either standard security mechanisms will have to be embedded in the environment and used by all applications or each application will have to build its own security mechanisms. Most likely, a combination of the two will be needed.

One of the most important aspects of security is access control, to ensure that services are only available to authorized users and those authorized users are allowed appropriate privileges . For example, a guest at a hotel may be allowed to print on the hotels printer available in the lobby but not change the contents of the event display in the same lobby. Single-sign on policy

Securing Pervasive Networks Using Biometrics

Challenges in pervasive computing environments

Computing devices are numerous and ubiquitous Traditional authentication including login schemes do not work well with so many devices Use biometrics for authentication At the same time, ensure security of biometric templates in an open environment Propose a biometrics based framework for securing pervasive environment Implemented a novel scheme for securing biometric data in an open environment using symmetric hash functions

Proposed Solution

Contributions

Aspects of a Pervasive Environment

User Interaction User interacts with speech, gestures and movements The sensors and computing devices are aware of the user and in the ideal case are also aware of his intent. Proactivity The computing devices should interact and query other devices on Transparency Technology has to be transparent. behalf of the user and his intent Device interaction Frequent Multiparty interactions No central authority or third party

Security and Privacy

Consequences of a pervasive network

Devices are numerous, ubiquitous and shared The network shares the context and preferences of the user Smart spaces are aware of the location and intent of the user Only authorized individuals need to be given access Authentication should be minimally intrusive Devices should be trustworthy User should be aware of when he is being observed The user context should be protected within the network

Security Concerns

Privacy issues

Need to balance accessibility and security Should be scalable with multiple users operating in the network

Solution: Biometrics?

Definition

Biometrics is the science of verifying and establishing the identity of an individual through physiological features or behavioral traits .

Examples

Physical Biometrics

Fingerprint Hand Geometry Iris patterns

Handwriting Signature Speech Gait

Behavioral Biometrics

Chemical/Biological Biometrics

Perspiration Skin composition(spectroscopy)

Why Biometrics?

Advantages of biometrics

Uniqueness No need to remember passwords or carry tokens Biometrics cannot be lost, stolen or forgotten More secure than a long password Solves repudiation problem Not susceptible to traditional dictionary attacks

General Biometric System

Biometric Sensor Feature Extraction

Enrollment Biometric Sensor Feature Extraction

Database

Matching

ID : 8809
Authentication Result

Framework for Authentication/Interaction

S1

Speaker Recognition

Speech Recognition

parsing and arbitration

S2

SK

SN

Framework for Authentication/Interaction

Switch on Channel 9

S1

Speaker Recognition

Speech Recognition

parsing and arbitration

S2

SK

SN

Framework for Authentication/Interaction

Who is speaking?

S1

Speaker Recognition

Speech Recognition

parsing and arbitration

S2

SK

Annie David Cathy

SN

Authentication

Framework for Authentication/Interaction

What is he saying?

S1

Speaker Recognition

Speech Recognition

parsing and arbitration

S2

SK

On,Off,TV Fridge,Door

SN

Understanding

Framework for Authentication/Interaction

What is he talking about?

S1

Speaker Recognition

Speech Recognition

parsing and arbitration

S2

SK Switch,to,channel,nine
Channel->TV Dim->Lamp On->TV,Lamp

SN

Inferring and execution

Speaker Recognition
Pitch

Av
Glottal Pulse Model G(z)

Impulse Train Generator

Vocal Tract Model V(z)

Radiation Model R(z)

Impulse Train Generator

AN

Speech Production Mechanism

Speech production
Model

Vocal Tract
Modeling

Framework is Generic
S1

Face Recognition

Gesture Recognition

parsing and arbitration

S2

SK

SN

Authentication

Understanding Inferring and execution

Security of Biometric Data

Issues in biometrics

Biometrics is secure but not secret Permanently associated with user Used across multiple applications Can be covertly captured
Fake Biometrics

Types of circumvention

Denial of service attacks(1) Fake biometrics attack(2) Replay and Spoof attacks(3,5) Trojan horse attacks(4,6,7) Back end attacks(8) Collusion Coercion

Threats to a Biometric System

Types

of circumvention
of service attacks(1)

Denial Fake

biometrics attack(2) and Spoof attacks(3,5) horse attacks(4,6,7)

Replay Trojan Back

end attacks(8)

Collusion Coercion

Hashing

Hashing

Instead of storing the original password P, a hashed values P=H(P) is stored instead. The user is authenticated if H(password) = P. It is computationally hard to recover P given H(P) H() one way hashing function Biometric data has high uncertainty Matching is inexact/probabilistic Therefore, hashing function should be error tolerant

Problem with biometrics

Biometric Hashing

Hashing Schema

Hashing

Personalized Hashing

Fingerprints

Minutiae: Local anomalies in the ridge flow Pattern of minutiae are unique to each individual

Conclusion

Smart spaces and pervasive computing are moving from concepts to implementations Security has to be incorporated in the design stage Traditional authentication and access control paradigms cannot scale to numerous and ubiquitous devices Biometrics serves as a reliable alternative for minimally intrusive authentication Biometrics solves key management and repudiation problem Securing biometrics is a major challenge in an open environment Biometric hashing can be used to create revocable biometric templates