Security in Pervasive Computing

Given the continuing technical progress in computing and communication, it seems that we are heading towards an all-encompassing use of networks and computing power, a new era commonly termed ”Pervasive Computing”. Its vision is grounded in the firm belief amongst the scientific community that Moore’s Law (i.e. the observation that the computer power available on a chip approximately doubles every eighteen months) will hold true for at least another 10 years. This means that in the next few years, microprocessors will become so small and inexpensive that they can be embedded in almost everything – not only electrical devices, cars, household appliances, toys, and tools, but also such mundane things as pencils (e.g. to digitize everything we draw) and clothes. All these devices will be interwoven and connected together by wireless networks. In fact, technology is expected to make further dramatic improvements, which means that eventually billions of tiny and mobile processors will occupy the environment and be incorporated into many objects of the physical world.

Together with powerful and cheap sensors (and thus the ability to sense the environment), this progress in processor and communication technology will render everyday objects ”smart” – they know where they are, and they may adapt to the environment and provide useful services in addition to their original purpose. These smart objects may form spontaneous networks, giving rise to a world-wide distributed system several orders of magnitude larger than today’s Internet.

It is clear that we are moving only gradually towards the ultimate vision of Pervasive Computing. Much progress in computer science, communication engineering, and material science is necessary to render the vision economically feasible and to overcome current technological hurdles. However, the prospects of a world of things that virtually talk to each other are fascinating: many new services would then be possible that transform the huge amount of information gathered by the smart devices into value for the human user, and an entire industry may be set up to establish and run the underlying infrastructure for the smart and networked objects.

Clearly, there are also many issues on the political, legal, and social level to consider. Privacy is certainly a primary concern when devices or smart everyday objects can be localized and traced, and when various objects we use daily report their state and sensor information to other objects. The repercussions of such an extensive integration of computer technology into our everyday lives as Pervasive Computing advocates it, are difficult to predict and only time will tell whether this technology does contribute to a better and more enjoyable world or, on the contrary, promote a more totalitarian regime.

The Goal of the Cyber Assist Project is realization of a ubiquitous, or pervasive, information society in which all can benefit from assistance of information processing technology (IT hereafter) in all situations of daily life.

Traditional IT is accessible only through computers sitting on a desktop. Its accessibility is broadening recently with the spread of mobile devices including mobile phones with i-mode. Nevertheless, such technology is used only by a small portion of people in rather limited scenarios of their everyday lives. IT should be able to support human in every aspect of everyday life with information processing units embedded in the environment which communicate with portable or wearable personal devices. Keywords are ”here, now and me”. IT will be able to help human daily life by automatically booking a seat in a train according to an individual schedule, by guiding a user through a shopping mall while providing necessary information about goods, or automatically calling a taxi or requesting bus service when needed. Through this technology, we believe that IT can boost the quality of life in economy, politics, culture, and education.

The audience of SPC 2003 needs no introduction to the Mark Weiser vision of ubiquitous computing: the etymological meaning of ”computing present or found everywhere” is not to be taken in the narrow sense of ”a computer on every desk” but rather in that of embedding computing and communication capabilities into all the everyday objects that surround us.

Various embodiments of this vision have been proposed over the past fifteen years by researchers from all over the world, covering the whole spectrum of implementation maturity from thought experiments to well-engineered commercial solutions. From self-contained information appliances such as Norman’s hypothetical ”home medical advisor” to the microscopic embedded RF-ID tags proposed by the Auto-ID Center that allow the washing machine to refuse to wash your precious white shirts until you remove the red sock that got in there by mistake, the idea of computing devices pervading our environment is now much closer to reality than to science fiction.

Authentication is an area in which the advent of pervasive computing will require new ideas and new strategies. We have relied for a long time on passwords as the primary mechanism for authenticating a user to a computer; this solution was never particularly user-friendly (”invent a password, including funny characters and numbers, that you won’t forget or write down, but that nobody could possibly guess”), but it is obvious that it will never scale to the scenario of hundreds of computers per person.

A central new problem in the pervasive computing scenario is therefore that of ”Secure Transient Association”: pairing up a master and a slave device so that the slave will obey the master, will stay faithful to that master even when under physical control of hostile principals, but also will switch allegiance to a new master if the original master tells it to do so.

The solution is the ”Resurrecting Duckling” security policy model. The slave device behaves like a newborn duckling that is permanently imprinted to whatever it first sees at birth. The ”mother duck” master device is the only entity that can fully determine the behaviour of the duckling; this total control even allows the mother duck to order the duckling to ”commit suicide” and be born again, at which point the duckling may get imprinted to a new mother duck. One crucial aspect of this policy model is its explicit reliance on a tamper resistance element in the duckling, to prevent the ”assassination” case in which someone other than the mother duck attempts to cause the duckling’s death so as to re-imprint it to itself. The Duckling policy fruitfully applies to a very wide range of practical applications—from universal remote control of home appliances to wireless car keys and from biomedical devices to thermonuclear warheads.

Pervasive computing brings convenience but also risk. Many things happen automatically, which is a relief, but their side effects are not always fully anticipated. Location-based services allow applications to customize their service to you based on where you are; but are you happy for the application provider to know your whereabouts on an ongoing basis, every few minutes, at city-block resolution? What about every few seconds and at sub-metre resolution? Protecting location privacy will be a challenge. We have designed a scheme based on frequently-changed pseudonyms, so that applications could provide their location-based service to customers protected by anonymity; and then we have tried to break it, simulating a malicious application that aimed to find out the identities that the users were attempting to protect. There is still much useful work to be done in this area.

Since the deployment of pervasive computing will have such a wide-ranging impact on society, we security professionals have to examine the proposed scenarios with critical eyes, imagining all the ways in which things could go wrong, and bearing in mind all the parties for whom things could go wrong.

Having previously mentioned authorization, for example, the security question that should be asked more often is: authorized by whom?. The obvious answer used to be by the owner of the machine; but this is no longer necessarily true in the new world of ”Digital Restrictions Management”. I bought a Sony Minidisc to record my lectures in digital format, only to discover that I can’t take a backup of these discs. I am the owner of both the recorder and the copyright of the recording, and yet I can’t get at my own bits...Who is the bad guy being kept out?

As architects of this new digitally endowed world of pervasive computing, we technical people have an ethical duty to pay attention to the fair requirements of all the parties involved—especially those without the money, lobbying power or technical astuteness to speak up for themselves.

This invited contribution was just a high level overview as opposed to a research paper. Readers interested in the details of my actual work on this topic may choose to follow the selected references provided below.

This talk will focus on the benefits that high assurance security (EAL6 or higher) can provide to pervasive computing devices. High assurance security is essential to defeating the attacks of sophisticated penetrators, and must be combined with countermeasures to defeat a variety of physical attacks, including threats such as power analysis, RF leakage, and fault insertion. The argument will be supported with examples from IBM’s work on development of a high-assurance smart card operating system, but will also discuss issues for such devices as cell phones and PDAs. Difficulties encountered in the Common Criteria evaluation process are also presented.

Mobile computing enables users to compute and communicate almost regardless of their current location. However, as a side effect this technology considerably increased surveillance potential for user movements. Current research addresses location privacy rather patchwork-like than comprehensively. Thus, this paper presents a methodology for identifying, assessing, and comparing location privacy risks in mobile computing technologies. In a case study, we apply the approach to IEEE 802.11b wireless LAN networks and location-based services, where it reveals significant location privacy concerns through link- and application-layer information. From a technological perspective, we argue that these are best addressed through novel anonymity-based mechanisms.

Ubiquitous computing provides new types of information for which access needs to be controlled. For instance, a person’s current location is a sensitive piece of information, and only authorized entities should be able to learn it. We present several challenges that arise for the specification and implementation of policies controlling access to location information. For example, there can be multiple sources of location information, policies need to be flexible, conflicts between policies might occur, and privacy issues need to be taken into account. Different environments handle these challenges in a different way. We discuss the challenges in the context of a hospital and a university environment. We show how our design of an access control mechanism for a system providing people location information addresses the challenges. Our mechanism can be deployed in different environments. We demonstrate feasibility of our design with an example implementation based on digital certificates.

In this paper, security requirements for software agents and smart devices are derived by working from typical requirements for existing systems, exploring the changes that are envisaged as systems become more highly distributed, then identifying what these imply for a device or service in a pervasive environment. A similar treatment is given to threats, which give rise to both security requirements and design issues. This approach provides insights into security requirements that will be significantly different from today’s distributed system policies: they demonstrate that pervasive computing requires a qualitative change in security policy and practice. The paper also explores trade-offs between security complexity and device functionality, and argues that the degree of policy management required in a device will be an important factor in this balance.

This paper proposes that the healthcare domain can serve as an archetypical field of research in pervasive computing. We present this area from a technological perspective, arguing that it provides a wide range of possible applications of pervasive computing technology. We further recognize that pervasive computing technology is likely to create concerns about the security of healthcare systems, due to increased data aggregation, ubiquitous access, and increasing dependency on technical solutions. But we also justify why the same technology can help building more robust, more dependable systems that increase the quality of healthcare. We identify building blocks that are necessary to achieve this goal: a pervasive middleware, appropriate handling of exceptional situations, and dependability assertions for small devices.

This paper addresses the problem of protecting security policies and other security-related information in security mechanisms, such as the detection policy of an Intrusion Detection System or the filtering policy of a firewall. Unauthorized disclosure of such information can reveal the fundamental principles and methods for the protection of the whole network, especially in ubiquitous environments where a large number of nodes store knowledge about the security policy of their domain. To avoid this risk we suggest a scheme for protecting stateless security policies using one-way functions. A stateless policy is one that only takes into consideration, the current event, and not the preceding chain of events, when decisions are made. The scheme has a simple and basic design but can still be used for practical implementations, as illustrated in two examples in real-life enviroments. Further research aims to extend the scheme to stateful policies.

Security is a key issue for distributed systems/applications with code mobility, like, e.g., e-commerce and on-line bank transactions. In a scenario with code mobility, traditional solutions based on cryptography cannot deal with all security issues and additional mechanisms are necessary. In this paper, we present a flexible and expressive type system for security for a calculus of distributed and mobile processes. The type system has been designed to supply real systems security features, like the assignment of different privileges to users over different data/resources. Type soundness is guaranteed by using a combination of static and dynamic checks, thus enforcing specific security policies on the use of resources. The usefulness of our approach is shown by modeling the simplified behaviour of a bank account management system.

We show how security requirements, in particular confidentiality requirements, for a whole multiagent system can formally be decomposed into confidentiality requirements for the agents. The decomposition assumes that there is some control over, or trust in, a subset of the agents and that the platform is trusted to satisfy certain reasonable assumptions. It is generic over the internal execution model of the agents. The decomposition is carried out in full detail for one specific class of confidentiality requirements, yielding a theorem that can be directly applied to derive confidentiality requirements for single agents from the overall requirement. Similar decompositions for other global requirements or under slightly different assumptions about the platform can be carried out along the same lines.

For expressing security requirements we use an existing framework for possibilistic information flow control, profitting from, e.g., the framework’s available composition results. The decomposition, because it is carried out formally and rests on a well-studied framework, is fully rigorous and the resulting property of the overall system is well-understood.

Key management is fundamental to communications security, and for security in pervasive computing sound key management is particularly difficult. However, sound key management itself depends critically on sound authentication. In this paper we review current notions of entity authentication and discuss why we believe these notions are unsuitable for the pervasive domain. We then present our views on how notions of authentication should be revised to address the challenges of the pervasive domain, and some of the new research problems that will arise. We end with some brief thoughts on how our revised notions may be implemented and some of the problems that may be encountered.

Pervasive computing requires some level of trust to be established between entities. In this paper we argue for an entity recognition based approach to building this trust which differs from starting from more traditional authentication methods. We also argue for the concept of a ”pluggable” recognition module which allows different recognition schemes to be used in different circumstances. Finally, we propose that the trust in the underlying infrastructure has to be taken into account when considering end-to-end trust.

Although much research was conducted on devising intuitive interaction paradigms with pervasive computing devices, it has not been realized that authentication, an important need in this context, has a strong impact on the ease of use. More specifically, distance-bounding protocols are necessary in some of the most interesting scenarios in pervasive computing. This article describes a drag-and-drop interaction paradigm that enables strong authentication by embedding such a protocol within personal authentication tokens. This article also discusses how this paradigm can be used as the basis for performing user-friendly pervasive multi-party secure interactions.

The issue we have focused on in the broad area of security for Pervasive Computing is maintaining trust in an interactive environment. Our solution is based on the premise that computers and implicit interaction mechanisms must function in accordance with the explicit parameters of physical human-human interaction. Otherwise, this results in imbalances between the physical and virtual worlds, which leads to ”windows of vulnerability”. Our solution presented requires an infrastructure of pervasive and context sensing technology, to provide entity mapping, policy and trust management services. We also investigate generating cryptographic keys using the context available The underlying technology is based on the Smart-Its context sensing, computation and communications platform.

Large amount of digital content would be stored safely in peer-to-peer network, with encrypted format. Being requested, a cipher text is downloaded from certain peer and decrypted by a delegated decryptor to obtain the clear text. Observing the need for this new kind of delegation decryption service, we propose a novel time constraint delegation scheme for decrypting p2p data in this paper. The new features of the delegation scheme are that: it uses a flexible secure mobile agent solution without designated delegation server; the time constraint conditional parameter is clearly bound with the protocols; and the computation complexity is greatly reduced by replacing public key computation with hash function. We elaborate the protocol design as well as its security, extensions and properties. Potential applications in content delivery network and pervasive computing scenarios are depicted.

Two most important goals of server assisted signature schemes are to aid small and mobile devices in computing digital signatures and to provide immediate revocation of signing capabilities. In this paper, we introduce an efficient scheme named server assisted one-time signature (SAOTS) alternative to server assisted signature scheme introduced by Asokan et al. Extended the Lamport’s one-time signatures by utilizing hash chains, this new scheme’s advantages are two-folds; first of all, it is communication-efficient running in fewer rounds, two instead of three, secondly, verification of server’s signature can also be performed off-line resulting in real-time efficiency in computation as well as flexibility in the public-key signature scheme to be used. The experiments we have conducted showed that at least 40% gain in performance is obtained if SAOTS is preferred.

Like many technologies, low-cost Radio Frequency Identification (RFID) systems will become pervasive in our daily lives when affixed to everyday consumer items as ”smart labels”. While yielding great productivity gains, RFID systems may create new threats to the security and privacy of individuals or organizations. This paper presents a brief description of RFID systems and their operation. We describe privacy and security risks and how they apply to the unique setting of low-cost RFID devices. We propose several security mechanisms and suggest areas for future research.

This paper describes a case study in refining an abstract security protocol description down to a concrete implementation on a Java Card smart card. The aim is to consider the decisions that have to be made in the development of such an implementation in a systematic way, and to investigate the possibilities of formal specification and verification in the design process and for the final implementation.

This paper proposes two new multipliers based on cellular automata over finite field. Finite fields arithmetic operations have been widely used in the areas of data communication and network security applications. First, a multiplier with generalized irreducible polynomial is implemented with MSB-first fashion. Then, new algorithm and architecture are proposed to reduce the size of the first multiplier. The algorithm and architecture uses the property of irreducible all one polynomial as a modulus. Since the proposed architectures have regularity, modularity and concurrency, they are suitable for VLSI implementation and could be used in IC cards because they have particularly simple architecture. They can be used as a basic architecture for the public-key cryptosystems.

Software vulnerabilities that enable the injection and execution of malicious code in pervasive Internet-connected computing devices pose serious threats to cyber security. In a common type of attack, a hostile party induces a software buffer overflow in a susceptible computing device in order to corrupt a procedure return address and transfer control to malicious code. These buffer overflow attacks are often employed to recruit oblivious hosts into distributed denial of service (DDoS) attack networks, which ultimately launch devastating DDoS attacks against victim networks or machines. In spite of existing software countermeasures that seek to prevent buffer overflow exploits, many systems remain vulnerable.

Public-key cryptosystems normally spend most of their execution time in a small fraction of the program code, typically in an inner loop. The performance of these critical code sections can be significantly improved by customizing the processor’s instruction set and microarchitecture, respectively. This paper shows the advantages of instruction set extensions to accelerate the processing of cryptographic workloads such as long integer modular arithmetic. We define two custom instructions for performing multiply-and-add operations on unsigned integers (single-precision words). Both instructions can be efficiently executed by a (32 × 32 + 32 + 32)-bitmultiply/accumulate (MAC) unit. Thus, the proposed extensions are simple to integrate into standard 32-bitRISC cores like the MIPS32 4Km. We present an optimized Assembly routine for fast multiple-precision multiplication with ”finely” integrated Montgomery reduction (FIOS method). Simulation results demonstrate that the custom instructions double the processor’s arithmetic performance compared to a standard MIPS32 core.

In this paper we describe a low-tech and user friendly solution for secure two-way communication between two parties over a network of untrusted devices. We present a solution in which displays play a central role. Our approach guarantees privacy and allows to check the authenticity of information presented on displays. Furthermore, we provide the user with a secure return channel. To this end we propose to provide every user with a small decryption display which is, for example, integrated in a credit card and requires very limited computing power. The authentication and security are based on visual cryptography which was first introduced by Naor and Shamir in 1994. We solve some practical shortcomings of traditional visual cryptography and develop protocols for two-way authentication and privacy in untrusted environments.

This paper summarizes the ideas and results of three working groups that convened during the 1st International Conference on Security in Pervasive Computing. The scope of the workshop was to identify and discuss security and privacy issues specific to pervasive computing and how to address these issues with appropriate means.