gaia context and location-aware encryption for pervasive computing environments jalal...
Post on 19-Dec-2015
224 views
TRANSCRIPT
Gaia
Context and Context and Location-Aware Location-Aware Encryption for Encryption for
Pervasive Computing Pervasive Computing EnvironmentsEnvironments
Jalal Al-MuhtadiJalal Al-Muhtadi Raquel HillRaquel Hill
Roy Campbell Roy Campbell Dennis Dennis MickunasMickunas
University of Illinois at University of Illinois at Urbana-Champaign Urbana-Champaign
Gaia Outline Outline Background Motivation Assumptions System Overview
– Gaia Context File System – Gaia Publish/Subscribe Channel
Implementation & Evaluation Conclusion & Future Work
GaiaActive Spaces
Middleware – Gaia
Active Space
home office car campus
Physical space coordinated by a responsive context-based software infrastructure that enhances the ability of mobile users to interact and configure their physical and digital environment seamlessly.
Gaia Introducing GaiaIntroducing Gaia
Gaia OS, a distributed meta-operating Gaia OS, a distributed meta-operating system that runs on top of existing system that runs on top of existing operating systems.operating systems.
Provides infrastructure and core services Provides infrastructure and core services for constructing general-purpose for constructing general-purpose ubiquitous computing environments.ubiquitous computing environments.
home office car campushospital
Gaia Introducing GaiaIntroducing Gaia
Applications
Application Framework
EventsManager
ContextService
Context FileSystem
SpaceRepository
Security
Component Management CoreMid
dle
wa
re
Ke
rne
l LocationService
MS Windows, OS X, Linux, Symbian OS, Mobile Windows, etc.
Gaia MotivationMotivation
Goal: defining an efficient authorization mechanism which leverages contextual information– context information changing frequently context information changing frequently
expensive re-keying expensive re-keying
Gaia MotivationMotivation
Security in pervasive computing is essential Major barrier to real-world deployment New computing paradigm new challenges
– Integration of digital & physical infrastructures – Context & Location Awareness
Context and Location Awareness as an additional parameter to security
Gaia ScenariosScenarios
Active SpaceActive Space– only provide services to devices inside the only provide services to devices inside the
spacespace Classroom Classroom
Hospital ScenarioHospital Scenario– authorized nurses inside specific hospital authorized nurses inside specific hospital
units (intensive care, x-ray room, nursery)units (intensive care, x-ray room, nursery) Military Scenarios Military Scenarios
– reveal next plan only when soldier arrives at reveal next plan only when soldier arrives at destinationdestination
Gaia GaiaGaia
Applications
Application Framework
EventsManager
ContextService
Context FileSystem
SpaceRepository
Security
Component Management CoreMid
dle
wa
re
Ke
rne
l LocationService
MS Windows, OS X, Linux, Symbian OS, Mobile Windows, etc.
* a framework to store & update location info in real-time* aggregates location info from various devices* distributed components
Gaia Assumptions Assumptions
– Existence of a trusted infrastructure Existence of a trusted infrastructure » Active Space consists of a plethora of machines and Active Space consists of a plethora of machines and
services, some are trusted (Kernel services)services, some are trusted (Kernel services)
– Infeasibility to forge location dataInfeasibility to forge location data» Tamper-resistant hardware + certified location dataTamper-resistant hardware + certified location data
– Cryptography has much less overhead than Cryptography has much less overhead than access control access control » Access control requires reference monitors to check all Access control requires reference monitors to check all
accesses accesses expensive for mobile devices! expensive for mobile devices!
– We will focus on Location-based encryption We will focus on Location-based encryption
Gaia System OverviewSystem Overview
Gaia Context File System (CFS)Gaia Context File System (CFS)– Context-Aware file systemContext-Aware file system– Aggregates related material from different Aggregates related material from different
mount pointsmount points– Trigger automatic data conversions on-the-Trigger automatic data conversions on-the-
flyfly– Location and context-based encryption Location and context-based encryption
provides efficient securityprovides efficient security
GaiaLocation-Encryption in Location-Encryption in
CFSCFS
Context FileSystem (CFS)
Location Service(LS)
Request
1Region
Establishment
Dataaggregation
Physical storage(distributed)
2Create
File
4
Decrypt
Data
3
6
Spatialdatabase
Locationsensors
000
LE
Encrypt
LV
5
Admin
User
GaiaLocation-Encryption in Location-Encryption in
CFSCFS
Context FileSystem (CFS)
Location Service(LS)
Request
1Region
Establishment
Dataaggregation
Physical storage(distributed)
2Create
File
4
Decrypt
Data
3
6
Spatialdatabase
Locationsensors
000
LE
Encrypt
LV
5
Admin
User
Step 1: admin creates an Step 1: admin creates an encryption regionencryption region
LS creates a private key LS creates a private key KKRR
LS replies with LS replies with IDIDRR
LSADPKPK
AD
}H(D)
,ID(AD)),LS,R,N
GION,(CREATE_RED
LS:{AD
1
GaiaLocation-Encryption in Location-Encryption in
CFSCFS
Context FileSystem (CFS)
Location Service(LS)
Request
1Region
Establishment
Dataaggregation
Physical storage(distributed)
2Create
File
4
Decrypt
Data
3
6
Spatialdatabase
Locationsensors
000
LE
Encrypt
LV
5
Admin
User
When creating a When creating a location-encrypted location-encrypted file IDfile IDRR is provided is provided (2)(2)
Data is sent to a Data is sent to a Location Encryptor Location Encryptor (LE) (3)(LE) (3)
LE has access to LE has access to KKRR encrypts the data encrypts the data using using KKRR
GaiaLocation-Encryption in Location-Encryption in
CFSCFS
Context FileSystem (CFS)
Location Service(LS)
Request
1Region
Establishment
Dataaggregation
Physical storage(distributed)
2Create
File
4
Decrypt
Data
3
6
Spatialdatabase
Locationsensors
000
LE
Encrypt
LV
5
Admin
User
When requesting When requesting the file the CFS the file the CFS invokes a LV object invokes a LV object (Location Verifier) (Location Verifier) (4, 5)(4, 5)
Iff user is located Iff user is located within region R then within region R then decrypt data (5)decrypt data (5)
Gaia Multi-Layer EncryptionMulti-Layer Encryption
In some cases, context-In some cases, context-based encryption is not based encryption is not enoughenough– e.g. exam scenario e.g. exam scenario
Introduce Multi-layer Introduce Multi-layer encryptionencryption
11stst layer must be peeled layer must be peeled off by LSoff by LS
22ndnd layer must be layer must be peeled off by peeled off by authorized userauthorized user
Data
K R
K g
GaiaGaia Publish/Subscribe Gaia Publish/Subscribe
ChannelsChannels
Gaia Publish/Subscribe ChannelGaia Publish/Subscribe Channel– The underlying communication is facilitated The underlying communication is facilitated
by an by an “event channel”“event channel”– Implemented as publish/subscribe channels Implemented as publish/subscribe channels – Provides an efficient technique for dispersing Provides an efficient technique for dispersing
events to various entities in the system events to various entities in the system – Features asynchronous and decoupled Features asynchronous and decoupled
message transmissionmessage transmission
GaiaGaia Publish/Subscribe Gaia Publish/Subscribe
ChannelsChannels P publishes P publishes
information information EB is responsible for EB is responsible for
creating the channel creating the channel and managing and managing access for it access for it – ex. museums ex. museums
Subscribers try to Subscribers try to peel off both layers peel off both layers
LV
Publisher(P)
Event Broker (EB)
LELocation Service
(LS)
Spatial Database
Subscriber
...
EventChannel
LVLV
SubscriberSubscriber
Gaia Implementation Implementation
Implemented the different components Implemented the different components in a prototype Active Spacein a prototype Active Space– services require physical location in the services require physical location in the
spacespace– light control etc. light control etc.
Use of Bluetooth discovery for Use of Bluetooth discovery for approximate location capturingapproximate location capturing
Use of a 2-layer encryption to access Use of a 2-layer encryption to access location-restricted services location-restricted services
GaiaCrypto Performances on Crypto Performances on
some Gaia Devicessome Gaia DevicesDevice AES 128-bit
performanceAES 256-bit performance
Pentium™ 4 processor @ 1.7 GHz, Windows™ XP PC
61.01 MB/s 48.23 MB/s
HP Pocket PC H5550, Intel® PXA250 400MHz processor
23.61 MB/s 10.84 MB/s
Treo 600, Palm OS, Arm processor @144 MHz
5.76 MB/s 0.452 MB/s
Onhand PC watch, 16-bit processor @ 3.67 MHz
0.362 KB/s [too slow]
GaiaLatency in Location-Aware Latency in Location-Aware Publish/Subscribe ChannelPublish/Subscribe Channel
131.5
132
132.5
133
133.5
134
134.5
135
135.5
0 2 4 6 8 10 12
Numberof subscribers
Late
ncy (
ms)
No. of subscribers
Lat
ency
(m
s)
Gaia Challenges & Future Work Challenges & Future Work
Preventing “Relay Attacks” Preventing “Relay Attacks” – difficult to solve. difficult to solve. – Maybe some “restrictions” can be introduced Maybe some “restrictions” can be introduced
Expanding the mechanism to Expanding the mechanism to accommodate groups accommodate groups – Only when Only when k k of of n n people are under a specific people are under a specific
context context access is granted access is granted – (use of threshold cryptography) (use of threshold cryptography)
Gaia Conclusions Conclusions
The need to accommodate contextual The need to accommodate contextual information into securityinformation into security
We presented an efficient authorization We presented an efficient authorization mechanism that leverages contextual mechanism that leverages contextual informationinformation
Provided a prototype implementation Provided a prototype implementation
Gaia Thank you! Thank you! Any questions?Any questions?