Chapter 11

Security, Privacy, & Trust Issues in Smart Environments

1

Consider, A Smart Home knows

What time you go to bed, get up What time you leave for, come from work That you have a brand new $5,000 plasma TV Your password to your computer The combination to your safe All your important numbers

SSN, bank account, security code

2

? How secure do you want your system to be ?

Introduction

Smart environment (space) - extensively equipped sensors, actuators, computing Exploit combinations of small distributed sensing & computational nodes to identify & deliver personalized service User interacts & exchanges information with environment * Must be secure, private, trustworthy *
3

Trust vs. Risk

Vast amount of personal information What about safety? These issues may delay or stop acceptance of smart environments Cost + less privacy

How Ubicomp Differs - 4 Key Issues 1.

2.

3.
4.

Ubiquity: everywhere Invisibility: users won't know when they are "using" a computer Sensing: inputs everything you do & say Memory Amplification: all can be stored, queried, replayed * Sounds like a "bad" sci-fi movie! *
5

The Fundamental Change

Today, can often see boundaries RE: security, privacy, trust - can identify end points; i.e. who get information Smart Environment

Don't know what's collected Don't know where it goes End points not visible
6

Technology Categories
1.

Fixed Sensors: no computation

Window open or closed Sensed information vs. supplied e.g. computer, air conditioner

2.

Mobile Sensors: on the move; maybe GPS

3.

Fixed Computing Elements: computation & storage

4.

Mobile Computing Elements: movement

e.g. PDA, laptops, robots, intelligent wheelchair

No single component has full knowledge or control

7

Security

Need same as other computer systems, network Ensure information is not stolen, modified, access denied Respect privacy Trustworthy interactions Can "system" become an unwitting spy? What about visitors?
8

Terminology
Security: confidentiality, integrity, availability Confidentiality: protecting information/service from unauthorized access Integrity: protecting information/service from unauthorized changes (errors) Availability: ensure information/service remains accessible
9

Security - Smart Environments

Encryption, Decryption - the main issue Authentication also important Complex

Decentralized Dynamic Transient

Pretty Good Privacy (PGP) Decentralized Web of trust

Proposed, but not suitable, solution

10

More on Security

Devices have limited processing - storage

Less than suitable encryption

Focus on transmission - eavesdropping

Still

Hard to locate malicious mobile users Invisible - hard to secure network, can't see Denial-of-service attacks
11

Device Security

Device arrives from unknown domain Has device been altered? Theft - not just device Can malicious user masquerade as sensor? Limited battery life - intentionally run down

12

Privacy

Personalization of environment contributes to privacy problems Lot of information collected; subject to misuse 1984 - George Orwell - Big Brother

13

Terminology
Privacy: individuals* ability to determine when, how & what information is communicated to others

Protecting private information * Includes organizations Set & enforce rules How managed is adaptively based on changes in disclosure & location (mobility)

Privacy Control: includes management

14

Principle of Fair Information Practices

1.
2. 3.

4.

Openness/transparency - no secret records Individual participation - can see records Collection limits - appropriate collection Data quality - accurate & relevant

15

Principles #2
5.

6.

7.

Use limits - only for specified purpose & authorized users Appropriate security - reasonable efforts Accountability - record keepers
Not a one-way responsibility (system to user) in smart environments User must be aware
16

P3P - Platform for Privacy Preferences

From W3C - consortium Aims to define open standards for web sites to enhance user control User can describe own privacy preferences Aimed at e-commerce So far, not adapted to smart environments

Due to bi-direction nature

should base on openness
17

Conclusion: cannot achieve total privacy;

Privacy Guidelines
1. 2.

Based on principles & accidental invasion of privacy Notice: make user aware, awareness infrastructure Choice & consent:

Get explicit consent Once notified, allow user to choose to participate Invisible vs. less invisible Natural vs. less natural
hide user identity Contrary to "personalization"

3.

Anonymity & pseudonymity

1.
18

Privacy Guidelines #2
4.

Proximity & locality

Related to filtering & multicasting Information only distributed to those in guidelines Encryption vs. small devices Use encryption wisely Good practice in collection & distribution of data
19

5.

Adequate security

6.

Access & recourse

Trust

Not well defined How can you trust a mobile entity when you may not even know them? Cryptography protects data, privacy but who do you communicate with? Consider in your smart home

Your kids friends A repairperson The date of your friend who comes to a party

* Can you "trust" them? *

20

Trust
Traditional security doesn't really cover the smart environment Identification & Authentication

Unsuitable, inflexible Mobility

21

Terminology
Trust: difficult to define Subjective: depends on context Linked to risk, benefits Intransitive

a trusts b trusts c a doesn't necessarily trust c

Based on benevolence, honesty, competence, predictability

22

Trust Aspects
System Trust: system measures in place to encourage successful interactions Dispositional Trust: expectations of the trustworthiness of others Situational Decision to Trust: situation specific nature of trust & formation of trust to an entity Trust is emotional; emotion modeling not well understood
23

Trust Management for Smart Environments

A unified approach to specifying & interpreting security policies, credentials, & relationships that follow direct authorization of security-critical actions (Blaze)

Viewed as assignment of privileges e.g. PolicyMaker, KeyNote e.g. (extension) REFEREE Trust Management System
Inflexible, credential problems
24

Credential-based -- not for smart environments

New Approaches to Trust

Lots of research; want humanly intuitive Marsh

Based on utility, risk, importance Formulas for trust values [-1, 1) Very limited; not fully inclusive

Abdul-Rahman

Decentralized trust management Incorporates trust levels & dynamics Based on reputation, recommendations, & experience (of truster)

25

New Approaches #2

Josang

Based on subjective logic & subjective beliefs Involves propositional logic, probability, consensus Dynamics of trust in light of personal experience Trust-negative & trust-positive evidence

Jonker & Treur

26

New Approaches #3

Grandison & Stoman

Trust management must be evaluated/analyzed SULTAN - Simple Universal Logic-oriented Trust Analysis Notation Includes trust establishment, analysis, risk, specification General trust model Allows for application specific domains Based on historical behavior
27

SECURE Project

Security - Privacy - Trust

Issues are different

Mobile Smart Wireless Legal Biometric Sociotechnical Access control Others

Other issues

* Very Important Challenge! *

28