developing a model for trust management in pervasive devices
DESCRIPTION
DEVELOPING A MODEL FOR TRUST MANAGEMENT IN PERVASIVE DEVICES. Florina Almenárez, Andrés Marín , Daniel Díaz, Juan Sánchez http://www.it.uc3m.es/pervasive. Pervasive Computing and Communication Security (PerSec 2006) March 13th, 2006. Outline. Motivation Related Work - PowerPoint PPT PresentationTRANSCRIPT
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
Florina Almenárez, Andrés Marín, Daniel Díaz, Juan Sánchezhttp://www.it.uc3m.es/pervasive
DEVELOPING A MODEL FOR DEVELOPING A MODEL FOR TRUST MANAGEMENT IN TRUST MANAGEMENT IN
PERVASIVE DEVICESPERVASIVE DEVICES
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
2
Outline
• Motivation
• Related Work
• PTM: Pervasive Trust Management Model
○ Requirements
○ Description
○ Mathematical Trust Evolution Model
○ Probabilistic Trust Evolution Model
• Component-based PTM Implementation
• Conclusions
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
3
Motivation• Pervasive Computing
○ Open and dynamic environments (zoo, airports, shopping mall)
○ Multitude of heterogeneous devices with communication, computing and storage capabilities Pervasive devices
• TRUST role in establishing new relations○ Secure communication protocols (SSL, IPSec, DNSSEC, …)
work well in fixed networks traditional PKI
Problems to work when trust relationships are not preconfigured
○ Some management mechanisms for ad hoc networks
routing
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
4
Related Work• Previous works
○1994: Marsh, Beth
○1997: Abdul-Rahman
○1998: Jøsang
○1999: KeyNote, SPKI/SDSI (Access control infrastructures)
○2001: Poblano
• Recent works○2002 – 2004: SECURE (IST Project) Trinity College Dublin
○2000 – 2010: Terminodes NCCR (ad hoc networks)
○2003 – : SULTAN Imperial College
○2004 – 2006: UBISEC Siemens
– Problems: complexity, distrust modelling, trust evolution
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
5
Pervasive Trust Management ModelRequirements
• Autonomous Independence on central server or previous configuration○ to participate in ad hoc networks and peer-to-peer application
• Dynamic evolution, context adaptation
• Simple minimize human intervention and resource consumption
• Secure protect resources from malicious entities○ to make suitable decisions despite the uncertainty
• Cooperative benefit from common knowledge
• Granularity establish trust values
• Include both trust and distrust concept
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
6
Pervasive Trust Management ModelDescription
• Fuzzy Logic
• Trustworthiness no trust for situation, category, etc.
• Trust properties: reflexive, non-symmetrical, conditionally transitive (explicit), dynamic
Distrust0 10,50,25 0,75 0,9
TrustIgnorance
% o
f m
em
be
rsh
ip
0,7
0,3
Distrust threshold
T(AB)
com
plet
e
very highhighmediumlittlevery littlescarce
none
trustworthiness
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
7
Pervasive Trust Management ModelHow it works?
➊ A (new user) requests access
➋ B searches trust information about A
➌ If A is unknown, B requests recommendations to Cs
➍ If there are trusted recommendations, B uses them (Indirect) PRP
If there are no recommendations, B uses trust rules (direct)
➎ If trust relationship is established, B recalculates trust value on A based on
interactions
A
Recommendations
➊
➋
➌
➍
B
C1
C2 ➎
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
9
Pervasive Trust Management ModelMathematical Trust Evolution
• “Trust comes on foot and goes by horse”
• Current behaviour is measured based on:○ Current interaction
Action weight (fuzzy logic) Security level
○ Past behaviour Positive and negative interactions
Increment factor (i) restriction percentage ()
○ A priori probability
)m(ai iWI
inactpact
nactpact)m(ai NN
NN.WI
i
0
IT
I)T1(T
V i1i
i1i1i
ai
If a=a+ (a+ – a-)>0
else, but no attack
If attack
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
10
Pervasive Trust Management ModelMathematical Trust Evolution (II)
• Trust is recalculated based on:○ Current behaviour○ Previous trust value○ Strictness factor ()
• Summarizing
0
)1(TVT
1ia
ii
If Vai>0
If not
)I1(T
)T1(ITT
i1i
1ii1ii
If Ii>0
If not
1))a –a(()a a())a –a(()a –a(
.WI m2--
m2--)m(
ai i
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
11
Pervasive Trust Management ModelMathematical Trust Evolution (III)
0
0,1
0,2
0,3
0,4
0,5
0,6
0,7
0,8
0,9
1
1 6 11 16 21 26 31 36 41
NUMBER OF INTERACTIONS (NEGATIVE)
TR
US
T V
AL
UE
0
0,1
0,2
0,3
0,4
0,5
0,6
0,7
0,8
0,9
1
1 11 21 31 41 51 61 71 81 91 101 111 121 131 141 151 161 171 181 191 201 211 221 231 241 251 261 271 281 291
NUMBER OF INTERACTIONS (POSITIVE) T
RU
ST
VA
LU
E
0
0,1
0,2
0,3
0,4
0,5
0,6
0,7
0,8
0,9
1
1 6 11 16 21 26 31 36 41
NUMBER OF INTERACTIONS (NEGATIVE)
TR
US
T V
AL
UE
0
0,1
0,2
0,3
0,4
0,5
0,6
0,7
0,8
0,9
1
1 11 21 31 41 51 61 71 81 91 101 111 121 131 141 151 161 171 181 191 201 211 221 231 241 251 261 271 281 291
NUMBER OF INTERACTIONS (POSITIVE) T
RU
ST
VA
LU
E
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
12
0
0,1
0,2
0,3
0,4
0,5
0,6
0,7
0,8
0,9
1
1 4 7 10 13 16 19 22 25 28 31 34 37 40 43 46 49 52 55 58 61 64 67 70 73 76 79 82 85 88 91
NUMBER OF INTERACTIONS (POSITIVE AND NEGATIVE)
TR
US
T V
AL
UE
Pervasive Trust Management ModelMathematical Trust Evolution (IV)
PARAMETERS:Increment percentage: 2%Security level: m=2Disposition Factor: 0.5Positive action: 1Wrong action: 0.5 (PTM)
PARAMETERS:Increment percentage: 2%Security level: m=2Disposition Factor: 0.5Positive action: 1Wrong action: 0.5 (PTM)
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
14
Pervasive Trust Management ModelProbabilistic Trust Evolution
• Bayes’ theorem○ Posteriori probabilities
• Probabilities for binary events: Beta density function○ Assign belief degrees between 0 and 1
• Risk model
)H(P)a(P)a|H(P
)H|a(Pact
iiact
acti
aa
actx )X1(X)!a(!a
)!1aa()H|X(f
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
15
0
0,1
0,2
0,3
0,4
0,5
0,6
0,7
0,8
0,9
1
0 0,05 0,1 0,15 0,2 0,25 0,3 0,35 0,4 0,45 0,5 0,55 0,6 0,65 0,7 0,75 0,8 0,85 0,9 0,95 1
TRUST VALUE
PR
OB
AB
ILIT
Y
a
b
c
d
e
f
Pervasive Trust Management ModelProbabilistic Trust Evolution (II)
P(a+|Hact) P(a-|Hact)
a 1.000 0.000
b 0.800 0.200
c 0.750 0.250
d 0.786 0.214
e 0.579 0.421
f 0.500 0.500
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
16
Component-based PTM Implementation
• Prototype
• J2ME Personal Profile
• OpenSSL cryptographic API
• JNI wrappers
• XACML Sun implementation
• Extended trust, context
• PEP + PDP
• Proofs
• PDA Windows Mobile 2003
• Linux, Windows
• Available at:
http://www.it.uc3m.es/florina/ptm
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
17
Component-based PTM Implementation
Pervasive device
keys, certificates, trust
keys, certificates, trust
Cryptographic ProviderCryptographic Provider
CredentialsManager
CredentialsManager
CommunicationAPI
CommunicationAPI
ApplicationsApplications
AuthenticationManager
AuthenticationManager
TrustManager
TrustManager
RecommendationManager
RecommendationManager
logs, policieslogs, policiesAuthorizationManager
AuthorizationManager Context
ProviderContextProvider
MonitorMonitor
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
18
Conclusions & Future Work• Trust basis to establish relationships in a spontaneous
way
• Pervasive devices can interact with closed devices in a secure way, without depend on central server
• Simple pervasive trust management model○ to enhance the security architecture of pervasive devices
○ to minimize the uncertainty and take appropriate decisions
○ to allow the cooperation among closed trusted devices
• Mathematical and probabilistic model○ According to the intuitive human judgement
○ Simple calculations
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
19
Conclusions & Future Work (II)
• Implementation of a generic prototype
○ to demonstrate its functionality
○ Security services for applications (client/server)
• Future work
○ Integrating our model in the WCE security architecture
Trust providers
○ Analyse the performance and consumption of resources
more information at more information at http://www.it.uc3m.es/pervasivehttp://www.it.uc3m.es/pervasive
Pervasive Computing and Communication Security (PerSec 2006)March 13th, 2006
20