Академический Документы
Профессиональный Документы
Культура Документы
R.S.Ponmagal
Pervasive Architecture
Architecture defines the system elements and how they interact. Architecture suppresses the local information about the elements. Provided services, required services, performance characteristics, fault handling, resource usage
Pervasive Architecture
for
pervasive
Software Components
The pervasive computing environment forces us to face the need for components and their boundaries more clearly. Pervasive services will have to be composed from individual components residing in the large number of heterogeneous computing elements. The hardware environment itself will force a natural boundary between components. This may be the most clear-cut definition of a component.
A component will be an independently deployable piece of software that resides on one hardware element and provides a service element. Of course, there may be more than one component on each hardware element. Example WEB SERVICES
Moore's law: Capacity of microchips doubles in 18 months => capacity grows an order of magnitude (10x) in 5 years
Security
What data do I wish to expose? To whom? Who can presently access my data? How can I retract data exposed? Who am I communicating with? How do can the privacy of my communication and communication patterns? Who do I trust as a source of information? How do I convince others that I am trustworthy? How to make systems simultaneously secure and usable?
1.
2.
3.
Goal: Creation of trustworthy behaviour Means: Micro economic mechanism design Design the rules for the game Make unsocial behaviour uneconomical
Device Heterogeneity
The basic premise of pervasive computingeverything connectedguarantees heterogeneity at all levels: infrastructure, hardware, software, and people. All kinds of devices must be supported. Perhaps in some specific application scenarios it is possible to restrict the kinds of devices that are supported but, in general, the environment must anticipate the existence of a wide variety of devices. If we consider devices used by the user to interact with the system, they can range from standard ones such as laptops, PDAs, and phones, to emerging ones such as those embedded in clothing and eyeglasses.
The variety of available devices has several implications. One is the kind of input-output devices: textual and graphic input-output will not be the only forms of human-machine interaction. Audio, visual, and other sensory modes of communication will be prevalent. Another implication is the requirement that the environment must be prepared to adapt to the device currently used by the user. For example, if the user is requesting information and he is currently driving, the retrieved data should be relayed to him with an audio message through the car radio.
Access Control
The wide availability of services and the high mobility of users among different environments require the provision of security mechanisms to ensure the safe usage of services by legitimate users and the protection of services from unauthorized uses. Because of the wide range of services, many diverse and flexible security models and mechanisms will be needed. Either standard security mechanisms will have to be embedded in the environment and used by all applications or each application will have to build its own security mechanisms. Most likely, a combination of the two will be needed.
One of the most important aspects of security is access control, to ensure that services are only available to authorized users and those authorized users are allowed appropriate privileges . For example, a guest at a hotel may be allowed to print on the hotels printer available in the lobby but not change the contents of the event display in the same lobby. Single-sign on policy
Computing devices are numerous and ubiquitous Traditional authentication including login schemes do not work well with so many devices Use biometrics for authentication At the same time, ensure security of biometric templates in an open environment Propose a biometrics based framework for securing pervasive environment Implemented a novel scheme for securing biometric data in an open environment using symmetric hash functions
Proposed Solution
Contributions
User Interaction User interacts with speech, gestures and movements The sensors and computing devices are aware of the user and in the ideal case are also aware of his intent. Proactivity The computing devices should interact and query other devices on Transparency Technology has to be transparent. behalf of the user and his intent Device interaction Frequent Multiparty interactions No central authority or third party
Devices are numerous, ubiquitous and shared The network shares the context and preferences of the user Smart spaces are aware of the location and intent of the user Only authorized individuals need to be given access Authentication should be minimally intrusive Devices should be trustworthy User should be aware of when he is being observed The user context should be protected within the network
Security Concerns
Privacy issues
Need to balance accessibility and security Should be scalable with multiple users operating in the network
Solution: Biometrics?
Definition
Biometrics is the science of verifying and establishing the identity of an individual through physiological features or behavioral traits .
Examples
Physical Biometrics
Behavioral Biometrics
Chemical/Biological Biometrics
Why Biometrics?
Advantages of biometrics
Uniqueness No need to remember passwords or carry tokens Biometrics cannot be lost, stolen or forgotten More secure than a long password Solves repudiation problem Not susceptible to traditional dictionary attacks
Database
Matching
ID : 8809
Authentication Result
Speaker Recognition
Speech Recognition
S2
SK
SN
S1
Speaker Recognition
Speech Recognition
S2
SK
SN
S1
Speaker Recognition
Speech Recognition
S2
SK
SN
Authentication
S1
Speaker Recognition
Speech Recognition
S2
SK
On,Off,TV Fridge,Door
SN
Understanding
S1
Speaker Recognition
Speech Recognition
S2
SK Switch,to,channel,nine
Channel->TV Dim->Lamp On->TV,Lamp
SN
Speaker Recognition
Pitch
Av
Glottal Pulse Model G(z)
AN
Speech production
Model
Vocal Tract
Modeling
Framework is Generic
S1
Face Recognition
Gesture Recognition
S2
SK
SN
Authentication
Issues in biometrics
Biometrics is secure but not secret Permanently associated with user Used across multiple applications Can be covertly captured
Fake Biometrics
Types of circumvention
Denial of service attacks(1) Fake biometrics attack(2) Replay and Spoof attacks(3,5) Trojan horse attacks(4,6,7) Back end attacks(8) Collusion Coercion
Types
of circumvention
of service attacks(1)
Denial Fake
end attacks(8)
Collusion Coercion
Hashing
Hashing
Instead of storing the original password P, a hashed values P=H(P) is stored instead. The user is authenticated if H(password) = P. It is computationally hard to recover P given H(P) H() one way hashing function Biometric data has high uncertainty Matching is inexact/probabilistic Therefore, hashing function should be error tolerant
Biometric Hashing
Hashing Schema
Hashing
Personalized Hashing
Fingerprints
Minutiae: Local anomalies in the ridge flow Pattern of minutiae are unique to each individual
Conclusion
Smart spaces and pervasive computing are moving from concepts to implementations Security has to be incorporated in the design stage Traditional authentication and access control paradigms cannot scale to numerous and ubiquitous devices Biometrics serves as a reliable alternative for minimally intrusive authentication Biometrics solves key management and repudiation problem Securing biometrics is a major challenge in an open environment Biometric hashing can be used to create revocable biometric templates