trust and security issues for pervasive...
TRANSCRIPT
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Trust and Security Issues for Pervasive Adaptation
Giuseppe Persiano
Dipartimento di Informatica ed Appl. ”Renato M. Capocelli”Universita di Salerno
PerAd 2007
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Outline
1 Scenario
2 Dealing with scarce resources
3 Context and Localization
4 Trust
5 RFID
6 Conclusions
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Pervasive Adaptation
myriads of small devices
from low to no computational power
held by the user
PDAs, smart phonesRFID tagssensors
woven into the environment
sensors, actuators
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Pervasive Adaptation
myriads of small devices
from low to no computational power
held by the user
PDAs, smart phonesRFID tagssensors
woven into the environment
sensors, actuators
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Pervasive Adaptation
myriads of small devices
from low to no computational power
held by the user
PDAs, smart phonesRFID tagssensors
woven into the environment
sensors, actuators
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Pervasive Adaptation
myriads of small devices
from low to no computational power
held by the user
PDAs, smart phonesRFID tagssensors
woven into the environment
sensors, actuators
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Pervasive Adaptation
myriads of small devices
from low to no computational power
held by the user
PDAs, smart phonesRFID tagssensors
woven into the environment
sensors, actuators
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Pervasive Adaptation
myriads of small devices
from low to no computational power
held by the user
PDAs, smart phonesRFID tagssensors
woven into the environment
sensors, actuators
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Pervasive Adaptation
Interaction with the Environment on behalf of the User
getting information from the environment
PDA getting directions to the closest restaurant fromenvironment;sensors detecting smoke in a forest;
releasing information about the user to the environment
what type of restaurant I like (pizza, chinese, thai, . . .);where I bought my jacket;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Pervasive Adaptation
Implementing the Environment
managing access to buildings/restricted areas;
advertising availability of services (coffee, newsstand, . . .);
advertising prices of services;
providing services (airplane check-in and seat assignments);
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Pervasive Computing Security vs. Internet Security
Pervasive Computing: tens to hundreds of devices per person;
Internet: a few devices per person: home pc, workstation,laptop, PDA, smart phone;
Pervasive Computing: users (almost) always on-line andsometimes unaware of that;
Internet: users on-line in specific time intervals and alwaysaware of connection;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Pervasive Computing Security vs. Internet Security
Pervasive Computing: tens to hundreds of devices per person;
Internet: a few devices per person: home pc, workstation,laptop, PDA, smart phone;
Pervasive Computing: users (almost) always on-line andsometimes unaware of that;
Internet: users on-line in specific time intervals and alwaysaware of connection;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Pervasive Computing Security vs. Internet Security
Pervasive Computing: used to carry out most every-dayactivities:
taking a bus;entering your office;entering your house;. . . . . . . . .;
Internet: used for financial and leisure activities: homebanking, shopping, video on-demand, on-line videogames,. . . . . . . . .
Pervasive Computing: active physical environment;
Internet: no interaction with physical environment;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Pervasive Computing Security vs. Internet Security
Pervasive Computing: used to carry out most every-dayactivities:
taking a bus;entering your office;entering your house;. . . . . . . . .;
Internet: used for financial and leisure activities: homebanking, shopping, video on-demand, on-line videogames,. . . . . . . . .
Pervasive Computing: active physical environment;
Internet: no interaction with physical environment;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Pervasive Computing Security vs. Internet Security
Security/privacy threats posed by the Internet are at least oneorder of magnitude smaller compared to threats from PervasiveComputing
require new methodologies and protocols
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Pervasive Computing Security vs. Internet Security
Security/privacy threats posed by the Internet are at least oneorder of magnitude smaller compared to threats from PervasiveComputing
require new methodologies and protocols
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
The new challenges
low computational power;
need for a new framework for security protocols;need to re-design security protocols;new crypto primitives;
spatial localization:
location-based security;location privacy;new attacks are possible (physical attacks);
myriads:no centralized control;no a-priori trust structure;mobile device must adapt to environment;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
The new challenges
low computational power;
need for a new framework for security protocols;need to re-design security protocols;new crypto primitives;
spatial localization:
location-based security;location privacy;new attacks are possible (physical attacks);
myriads:no centralized control;no a-priori trust structure;mobile device must adapt to environment;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
The new challenges
low computational power;
need for a new framework for security protocols;need to re-design security protocols;new crypto primitives;
spatial localization:
location-based security;location privacy;new attacks are possible (physical attacks);
myriads:no centralized control;no a-priori trust structure;mobile device must adapt to environment;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Looking ahead...
Methodology
rethinking Security/Cryptography for small scale devices;
physical locality plays a role in security;
adopt concepts from Sociology, Economics, Evolution tomodel emerging trust.
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Low computational power
Devices are not be capable of carrying-out current securityprotocols.
Devices might not be capable of implementing currentcryptographic primitives.
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Low computational power
Devices are not be capable of carrying-out current securityprotocols.
Devices might not be capable of implementing currentcryptographic primitives.
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
New framework for security protocols
Proxy-based Security
computational load for carrying out a protocol can be sharedamong a group of security proxies;
security proxies can be woven into an active environment;
dedicated servers working as security proxies (not very realisticin some cases);
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
New framework for security protocols
Proxy-based Security
computational load for carrying out a protocol can be sharedamong a group of security proxies;
security proxies can be woven into an active environment;
dedicated servers working as security proxies (not very realisticin some cases);
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Proxy-based Security
Requisites
private information must not be leaked from the device to theproxies;
proxies are not trusted;
efficiency;
no infrastructure should be assumed;
What is known
proxy-based implementations of some cryptographyprimitives are known;
RSA, ElGamal encryptions;
proxy-based implementations of secure protocols need are-design of the protocols;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Proxy-based Security
Requisites
private information must not be leaked from the device to theproxies;
proxies are not trusted;
efficiency;
no infrastructure should be assumed;
What is known
proxy-based implementations of some cryptographyprimitives are known;
RSA, ElGamal encryptions;
proxy-based implementations of secure protocols need are-design of the protocols;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Proxy-based Security
Requisites
private information must not be leaked from the device to theproxies;
proxies are not trusted;
efficiency;
no infrastructure should be assumed;
What is known
proxy-based implementations of some cryptographyprimitives are known;
RSA, ElGamal encryptions;
proxy-based implementations of secure protocols need are-design of the protocols;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Collaborative Security
Security protocols can be collaboratively carried out by mutuallytrusting devices.
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Re-Designing Security Protocols for Pervasive Computing
Key Management in Sensor Networks
1 classical problem in Security;
2 solutions did not scale down to sensors;
3 new protocols and methods;
4 probabilistic analysis, percolation theory.
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Scale down Crypto
Pairing-based Crypto
Elliptic Curves
small key size and parameters;
fast crypto operations;
low storage and bandwidth;
Pairings
e : E × E → F;
e(aP, bQ) = e(P,Q)ab, for all P,Q ∈ E ;
e(P,P) 6= 1, for all P ∈ E ;
Examples: Weil and Tate pairings.
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Scale down Crypto
Pairing-based Crypto
Elliptic Curves
small key size and parameters;
fast crypto operations;
low storage and bandwidth;
Pairings
e : E × E → F;
e(aP, bQ) = e(P,Q)ab, for all P,Q ∈ E ;
e(P,P) 6= 1, for all P ∈ E ;
Examples: Weil and Tate pairings.Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Performance Comparison
Elliptic Curves ElGamal AES160 bit 1024 bit 80 bit
256 bit 3072 bit 128 bit384 bit 8192 bit 192 bit
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Performance Comparison
Elliptic Curves ElGamal AES160 bit 1024 bit 80 bit256 bit 3072 bit 128 bit
384 bit 8192 bit 192 bit
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Performance Comparison
Elliptic Curves ElGamal AES160 bit 1024 bit 80 bit256 bit 3072 bit 128 bit384 bit 8192 bit 192 bit
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Performance Comparison
Elliptic Curves ElGamal AES160 bit 1024 bit 80 bit256 bit 3072 bit 128 bit384 bit 8192 bit 192 bit
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Spatial localization
Context
Ability to track people and equipment within the environment andcapture contextual information.
Physical space plays a major role.
Cyberspace
Provides its own notion of space and context that substitutes thephysical notions.
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Spatial localization
Context
Ability to track people and equipment within the environment andcapture contextual information.
Physical space plays a major role.
Cyberspace
Provides its own notion of space and context that substitutes thephysical notions.
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Spatial localization
Context
Ability to track people and equipment within the environment andcapture contextual information.
Physical space plays a major role.
Cyberspace
Provides its own notion of space and context that substitutes thephysical notions.
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Spatial localization
Context-aware security
Contextual changes trigger changes in user’s privileges.
An Example
Slides from a confidential meeting are available only to users in themeeting room (and during the meeting).
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Spatial localization
Context-aware security
Contextual changes trigger changes in user’s privileges.
An Example
Slides from a confidential meeting are available only to users in themeeting room (and during the meeting).
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Spatial localization
Location-Aware Security Protocols/Primitives
location-aware encryption: can decrypt only in specificlocations;
location-aware authorization: authorized only in specificlocations;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Location Privacy
Possible attack
user A uses a hand-held device to authenticate with theenvironment to get some service;
environment knows A has been here;
cannot assume that environments will not share information;
omnipresent adversary with significant computation power;
Approaches
unlikable pseudonyms;
anonymous identification protocols (efficient enough to becarried-out on small devices);
what is a MIX Network in a Pervasive environment?
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Location Privacy
Possible attack
user A uses a hand-held device to authenticate with theenvironment to get some service;
environment knows A has been here;
cannot assume that environments will not share information;
omnipresent adversary with significant computation power;
Approaches
unlikable pseudonyms;
anonymous identification protocols (efficient enough to becarried-out on small devices);
what is a MIX Network in a Pervasive environment?
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Location Privacy
Possible attack
user A uses a hand-held device to authenticate with theenvironment to get some service;
environment knows A has been here;
cannot assume that environments will not share information;
omnipresent adversary with significant computation power;
Approaches
unlikable pseudonyms;
anonymous identification protocols (efficient enough to becarried-out on small devices);
what is a MIX Network in a Pervasive environment?
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Location Privacy
Possible attack
user A uses a hand-held device to authenticate with theenvironment to get some service;
environment knows A has been here;
cannot assume that environments will not share information;
omnipresent adversary with significant computation power;
Approaches
unlikable pseudonyms;
anonymous identification protocols (efficient enough to becarried-out on small devices);
what is a MIX Network in a Pervasive environment?
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Location Privacy
Possible attack
user A uses a hand-held device to authenticate with theenvironment to get some service;
environment knows A has been here;
cannot assume that environments will not share information;
omnipresent adversary with significant computation power;
Approaches
unlikable pseudonyms;
anonymous identification protocols (efficient enough to becarried-out on small devices);
what is a MIX Network in a Pervasive environment?
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Location Privacy
Possible attack
user A uses a hand-held device to authenticate with theenvironment to get some service;
environment knows A has been here;
cannot assume that environments will not share information;
omnipresent adversary with significant computation power;
Approaches
unlikable pseudonyms;
anonymous identification protocols (efficient enough to becarried-out on small devices);
what is a MIX Network in a Pervasive environment?
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Location Privacy
Possible attack
user A uses a hand-held device to authenticate with theenvironment to get some service;
environment knows A has been here;
cannot assume that environments will not share information;
omnipresent adversary with significant computation power;
Approaches
unlikable pseudonyms;
anonymous identification protocols (efficient enough to becarried-out on small devices);
what is a MIX Network in a Pervasive environment?
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Location Privacy
Possible attack
user A uses a hand-held device to authenticate with theenvironment to get some service;
environment knows A has been here;
cannot assume that environments will not share information;
omnipresent adversary with significant computation power;
Approaches
unlikable pseudonyms;
anonymous identification protocols (efficient enough to becarried-out on small devices);
what is a MIX Network in a Pervasive environment?
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Physical Attacks: Node Capture
Scenario
sensors deployed over a large area to monitor temperature;
sensors queried to report temperature;
queries are authenticated;
Node capture
gaining full control over a device through a physical attack:reading its memory and changing its program.
possible even if there is no software bug (buffer overflowattack);
feasible only on a portion of the sensors;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Trust
Ensuring correct functioning of the system
Critical system functionality depend on each device followinginstructions.
Devices are selfish and want to reduce their cost.
No a priori trust relationship exists.
Question: How do we defend from selfishness?
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Trust
Ensuring correct functioning of the system
Critical system functionality depend on each device followinginstructions.
Devices are selfish and want to reduce their cost.
No a priori trust relationship exists.
Question: How do we defend from selfishness?
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Trust
Ensuring correct functioning of the system
Critical system functionality depend on each device followinginstructions.
Devices are selfish and want to reduce their cost.
Sensors belonging to different networks cooperating to routeinformation.Each sensor wants to save battery life;
No a priori trust relationship exists.
Question: How do we defend from selfishness?
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Trust
Ensuring correct functioning of the system
Critical system functionality depend on each device followinginstructions.
Devices are selfish and want to reduce their cost.
No a priori trust relationship exists.
Question: How do we defend from selfishness?
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Trust
Ensuring correct functioning of the system
Critical system functionality depend on each device followinginstructions.
Devices are selfish and want to reduce their cost.
No a priori trust relationship exists.
Question: How do we defend from selfishness?
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Developing Trust from Within
What we cannot assume
1 existence of predefined roles and relations between roles;
2 across-domain interpretation of roles;
3 user sets “user-role” association when required;
4 user always in the same environment;
What we can assume
1 users will remember history;
2 users will maximize utility;
3 users have scarce computational resources;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Spontaneous Collaborative Behavior
Collaborative Routing in Sensor Networks
energy needed for communication grows super-linearly withdistance;
more advantageous to transmit packets in several small hops;
sensors from different domains might collaborate;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Approaches Spontaneous Collaborative Behavior
Promising Approach
Design protocols for reputation propagation that induce Nashequilibria in which collaboration is possible.
Protocol plays Mother Nature and leads the system to evolveinto collaboration.
Scarce resources.
We need concepts from
Sociology (Reputation, Subjective Reputation),
Economics (Nash Equilibria),
Theoretical Biology (Evolutionary Equilibria).
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Approaches Spontaneous Collaborative Behavior
Promising Approach
Design protocols for reputation propagation that induce Nashequilibria in which collaboration is possible.
Protocol plays Mother Nature and leads the system to evolveinto collaboration.
Scarce resources.
We need concepts from
Sociology (Reputation, Subjective Reputation),
Economics (Nash Equilibria),
Theoretical Biology (Evolutionary Equilibria).
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Radio-Frequency Identification (RFID)
a microchip that is capable of transmitting a static identifierfor a short distance;
activated by a query from a nearby reader, which alsotransmits power for the operation of the tag;
about 3 EuroCent per unit and size about .4× .4 mm.
RFID Tags have almost no computation power
RFID Tags can be used in conjunction with a reader
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Radio-Frequency Identification (RFID)
a microchip that is capable of transmitting a static identifierfor a short distance;
activated by a query from a nearby reader, which alsotransmits power for the operation of the tag;
about 3 EuroCent per unit and size about .4× .4 mm.
RFID Tags have almost no computation power
RFID Tags can be used in conjunction with a reader
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Radio-Frequency Identification (RFID)
a microchip that is capable of transmitting a static identifierfor a short distance;
activated by a query from a nearby reader, which alsotransmits power for the operation of the tag;
about 3 EuroCent per unit and size about .4× .4 mm.
RFID Tags have almost no computation power
RFID Tags can be used in conjunction with a reader
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Radio-Frequency Identification (RFID)
a microchip that is capable of transmitting a static identifierfor a short distance;
activated by a query from a nearby reader, which alsotransmits power for the operation of the tag;
about 3 EuroCent per unit and size about .4× .4 mm.
RFID Tags have almost no computation power
RFID Tags can be used in conjunction with a reader
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Radio-Frequency Identification (RFID)
a microchip that is capable of transmitting a static identifierfor a short distance;
activated by a query from a nearby reader, which alsotransmits power for the operation of the tag;
about 3 EuroCent per unit and size about .4× .4 mm.
RFID Tags have almost no computation power
RFID Tags can be used in conjunction with a reader
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Privacy
RFID will broadcast its ID every time it is queried;
the item to which it is attached (and its owner) can be traced;do not want to remove RFID for post-sale management (e.g.,return of unwanted items, warranty)cannot remove if RFID needed to track borrowed items (e.g.,public library)
Insubvertible Encryption
encrypt ID;
can be re-randomized without changing the content andwithout knowing the decryption key;
adversary cannot replace legitimate ciphertext with his own;
Elliptic Curve Cryptosystems could be useful;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Privacy
RFID will broadcast its ID every time it is queried;the item to which it is attached (and its owner) can be traced;
do not want to remove RFID for post-sale management (e.g.,return of unwanted items, warranty)cannot remove if RFID needed to track borrowed items (e.g.,public library)
Insubvertible Encryption
encrypt ID;
can be re-randomized without changing the content andwithout knowing the decryption key;
adversary cannot replace legitimate ciphertext with his own;
Elliptic Curve Cryptosystems could be useful;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Privacy
RFID will broadcast its ID every time it is queried;the item to which it is attached (and its owner) can be traced;do not want to remove RFID for post-sale management (e.g.,return of unwanted items, warranty)
cannot remove if RFID needed to track borrowed items (e.g.,public library)
Insubvertible Encryption
encrypt ID;
can be re-randomized without changing the content andwithout knowing the decryption key;
adversary cannot replace legitimate ciphertext with his own;
Elliptic Curve Cryptosystems could be useful;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Privacy
RFID will broadcast its ID every time it is queried;the item to which it is attached (and its owner) can be traced;do not want to remove RFID for post-sale management (e.g.,return of unwanted items, warranty)cannot remove if RFID needed to track borrowed items (e.g.,public library)
Insubvertible Encryption
encrypt ID;
can be re-randomized without changing the content andwithout knowing the decryption key;
adversary cannot replace legitimate ciphertext with his own;
Elliptic Curve Cryptosystems could be useful;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Privacy
RFID will broadcast its ID every time it is queried;the item to which it is attached (and its owner) can be traced;do not want to remove RFID for post-sale management (e.g.,return of unwanted items, warranty)cannot remove if RFID needed to track borrowed items (e.g.,public library)
Insubvertible Encryption
encrypt ID;
can be re-randomized without changing the content andwithout knowing the decryption key;
adversary cannot replace legitimate ciphertext with his own;
Elliptic Curve Cryptosystems could be useful;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Privacy
RFID will broadcast its ID every time it is queried;the item to which it is attached (and its owner) can be traced;do not want to remove RFID for post-sale management (e.g.,return of unwanted items, warranty)cannot remove if RFID needed to track borrowed items (e.g.,public library)
Insubvertible Encryption
encrypt ID;
can be re-randomized without changing the content andwithout knowing the decryption key;
adversary cannot replace legitimate ciphertext with his own;
Elliptic Curve Cryptosystems could be useful;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Privacy
RFID will broadcast its ID every time it is queried;the item to which it is attached (and its owner) can be traced;do not want to remove RFID for post-sale management (e.g.,return of unwanted items, warranty)cannot remove if RFID needed to track borrowed items (e.g.,public library)
Insubvertible Encryption
encrypt ID;
can be re-randomized without changing the content andwithout knowing the decryption key;
adversary cannot replace legitimate ciphertext with his own;
Elliptic Curve Cryptosystems could be useful;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Privacy
RFID will broadcast its ID every time it is queried;the item to which it is attached (and its owner) can be traced;do not want to remove RFID for post-sale management (e.g.,return of unwanted items, warranty)cannot remove if RFID needed to track borrowed items (e.g.,public library)
Insubvertible Encryption
encrypt ID;
can be re-randomized without changing the content andwithout knowing the decryption key;
adversary cannot replace legitimate ciphertext with his own;
Elliptic Curve Cryptosystems could be useful;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Privacy
RFID will broadcast its ID every time it is queried;the item to which it is attached (and its owner) can be traced;do not want to remove RFID for post-sale management (e.g.,return of unwanted items, warranty)cannot remove if RFID needed to track borrowed items (e.g.,public library)
Insubvertible Encryption
encrypt ID;
can be re-randomized without changing the content andwithout knowing the decryption key;
adversary cannot replace legitimate ciphertext with his own;
Elliptic Curve Cryptosystems could be useful;
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Counterfeiting
Attack
adversary could clone or forge RFID Tags;
need to authenticate RFID Tags;
current authentication protocols are too computationexpensive;
Approach
Use ideas from Human-Based Authentication Protocols
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Counterfeiting
Attack
adversary could clone or forge RFID Tags;
need to authenticate RFID Tags;
current authentication protocols are too computationexpensive;
Approach
Use ideas from Human-Based Authentication Protocols
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Counterfeiting
Attack
adversary could clone or forge RFID Tags;
need to authenticate RFID Tags;
current authentication protocols are too computationexpensive;
Approach
Use ideas from Human-Based Authentication Protocols
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Counterfeiting
Attack
adversary could clone or forge RFID Tags;
need to authenticate RFID Tags;
current authentication protocols are too computationexpensive;
Approach
Use ideas from Human-Based Authentication Protocols
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Counterfeiting
Attack
adversary could clone or forge RFID Tags;
need to authenticate RFID Tags;
current authentication protocols are too computationexpensive;
Approach
Use ideas from Human-Based Authentication Protocols
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Conclusions
Possible Directions
rethinking Security/Cryptography for small scale devices;
active environment working as security-proxy;scale down Cryptography (pairings,...);
physical locality plays a role in security;
(location, context)-based security;location privacy;physical attacks;
trust emerges in a bottom-up manner;
adopt concepts from Sociology, Economics, Evolution to modelemerging trust.
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Conclusions
Possible Directions
rethinking Security/Cryptography for small scale devices;
active environment working as security-proxy;
scale down Cryptography (pairings,...);
physical locality plays a role in security;
(location, context)-based security;location privacy;physical attacks;
trust emerges in a bottom-up manner;
adopt concepts from Sociology, Economics, Evolution to modelemerging trust.
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Conclusions
Possible Directions
rethinking Security/Cryptography for small scale devices;
active environment working as security-proxy;scale down Cryptography (pairings,...);
physical locality plays a role in security;
(location, context)-based security;location privacy;physical attacks;
trust emerges in a bottom-up manner;
adopt concepts from Sociology, Economics, Evolution to modelemerging trust.
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Conclusions
Possible Directions
rethinking Security/Cryptography for small scale devices;
active environment working as security-proxy;scale down Cryptography (pairings,...);
physical locality plays a role in security;
(location, context)-based security;location privacy;physical attacks;
trust emerges in a bottom-up manner;
adopt concepts from Sociology, Economics, Evolution to modelemerging trust.
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Conclusions
Possible Directions
rethinking Security/Cryptography for small scale devices;
active environment working as security-proxy;scale down Cryptography (pairings,...);
physical locality plays a role in security;
(location, context)-based security;
location privacy;physical attacks;
trust emerges in a bottom-up manner;
adopt concepts from Sociology, Economics, Evolution to modelemerging trust.
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Conclusions
Possible Directions
rethinking Security/Cryptography for small scale devices;
active environment working as security-proxy;scale down Cryptography (pairings,...);
physical locality plays a role in security;
(location, context)-based security;location privacy;
physical attacks;
trust emerges in a bottom-up manner;
adopt concepts from Sociology, Economics, Evolution to modelemerging trust.
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Conclusions
Possible Directions
rethinking Security/Cryptography for small scale devices;
active environment working as security-proxy;scale down Cryptography (pairings,...);
physical locality plays a role in security;
(location, context)-based security;location privacy;physical attacks;
trust emerges in a bottom-up manner;
adopt concepts from Sociology, Economics, Evolution to modelemerging trust.
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Conclusions
Possible Directions
rethinking Security/Cryptography for small scale devices;
active environment working as security-proxy;scale down Cryptography (pairings,...);
physical locality plays a role in security;
(location, context)-based security;location privacy;physical attacks;
trust emerges in a bottom-up manner;
adopt concepts from Sociology, Economics, Evolution to modelemerging trust.
Giuseppe Persiano Trust and Security Issues
ScenarioDealing with scarce resources
Context and LocalizationTrustRFID
Conclusions
Conclusions
Possible Directions
rethinking Security/Cryptography for small scale devices;
active environment working as security-proxy;scale down Cryptography (pairings,...);
physical locality plays a role in security;
(location, context)-based security;location privacy;physical attacks;
trust emerges in a bottom-up manner;
adopt concepts from Sociology, Economics, Evolution to modelemerging trust.
Giuseppe Persiano Trust and Security Issues