UNIT I PART II

Pervasive Architecture
Architecture is an abstraction of the system.
Architecture defines the system elements and how they interact. Architecture suppresses the local information about the elements.

Defines the properties of the components

Provided services, required services, performance characteristics, fault handling, resource usage

Pervasive Architecture
Software components computing Device heterogeneity Access control for pervasive

Software Components
The pervasive computing environment forces us to face the need for components and their boundaries more clearly. Pervasive services will have to be composed from individual components residing in the large number of heterogeneous computing elements. The hardware environment itself will force a natural boundary between components. This may be the most clear-cut definition of a component.

A component will be an independently deployable piece of software that resides on one hardware element and provides a service element. Of course, there may be more than one component on each hardware element. Example WEB SERVICES

Moore's law: Capacity of microchips doubles in 18 months => capacity grows an order of magnitude (10x) in 5 years

Security
What data do I wish to expose? To whom? Who can presently access my data? How can I retract data exposed? Who am I communicating with? How do can the privacy of my communication and communication patterns? Who do I trust as a source of information? How do I convince others that I am trustworthy? How to make systems simultaneously secure and usable?

1.

Establish strong identity

Goal: Cryptographically strong identity to devices (endpoints) Means: Host Identity Protocol (HIP) Identify each communicating device with a cryptographic public key Insert the key into the TCP/IP stack

2.

Assign and manage trust and authority

Goal: Decentralised means for managing authorisation Means: SPKI and KeyNote2 certificates Express delegation with signed statements Eventually integrate to the operating system

3.

Enable build-up of trust and reputation based on experiences

Goal: Creation of trustworthy behaviour Means: Micro economic mechanism design Design the rules for the game Make unsocial behaviour uneconomical

Access Control
The wide availability of services and the high mobility of users among different environments require the provision of security mechanisms to ensure the safe usage of services by legitimate users and the protection of services from unauthorized uses. Because of the wide range of services, many diverse and flexible security models and mechanisms will be needed. Either standard security mechanisms will have to be embedded in the environment and used by all applications or each application will have to build its own security mechanisms. Most likely, a combination of the two will be needed.

One of the most important aspects of security is access control, to ensure that services are only available to authorized users and those authorized users are allowed appropriate privileges . For example, a guest at a hotel may be allowed to print on the hotels printer available in the lobby but not change the contents of the event display in the same lobby. Single-sign on policy

Securing Pervasive Networks Using Biometrics

Challenges in pervasive computing environments

Computing devices are numerous and ubiquitous Traditional authentication including login schemes do not work well with so many devices

Proposed Solution
Use biometrics for authentication At the same time, ensure security of biometric templates in an open environment

Contributions
Propose a biometrics based framework for securing pervasive environment Implemented a novel scheme for securing biometric data in an open environment using symmetric hash functions

Aspects of a Pervasive Environment

User Interaction User interacts with speech, gestures and movements The sensors and computing devices are aware of the user and in the ideal case are also aware of his intent. Proactivity The computing devices should interact and query other devices on Transparency Technology has to be transparent. behalf of the user and his intent Device interaction Frequent Multiparty interactions No central authority or third party

Security and Privacy

Consequences of a pervasive network
Devices are numerous, ubiquitous and shared The network shares the context and preferences of the user Smart spaces are aware of the location and intent of the user

Security Concerns
Only authorized individuals need to be given access Authentication should be minimally intrusive Devices should be trustworthy

Privacy issues
User should be aware of when he is being observed The user context should be protected within the network

Need to balance accessibility and security Should be scalable with multiple users operating in the network

Solution: Biometrics?
Definition
Biometrics is the science of verifying and establishing the identity of an individual through physiological features or behavioral traits.

Examples
Physical Biometrics
Fingerprint Hand Geometry Iris patterns

Behavioral Biometrics
Handwriting Signature Speech Gait

Chemical/Biological Biometrics
Perspiration Skin composition(spectroscopy)

Why Biometrics?
Advantages of biometrics
Uniqueness No need to remember passwords or carry tokens Biometrics cannot be lost, stolen or forgotten More secure than a long password Solves repudiation problem Not susceptible to traditional dictionary attacks

General Biometric System

Biometric Sensor Feature Extraction

Enrollment Biometric Sensor Feature Extraction

Database

Matching ID : 8809 Authentication Result

Framework for Authentication/Interaction

S1

Speaker Recognition

Speech Recognition

parsing and arbitration

S2

SK

SN

Framework for Authentication/Interaction

Switch on Channel 9

S1

Speaker Recognition

Speech Recognition

parsing and arbitration

S2

SK

SN

Framework for Authentication/Interaction

Who is speaking?

S1

Speaker Recognition

Speech Recognition

parsing and arbitration

S2

SK

Annie David Cathy

SN

Authentication

Framework for Authentication/Interaction

What is he saying?

S1

Speaker Recognition

Speech Recognition

parsing and arbitration

S2

SK

On,Off,TV Fridge,Door

SN

Understanding

Framework for Authentication/Interaction

What is he talking about?

S1

Speaker Recognition

Speech Recognition

parsing and arbitration

S2

SK Switch,to,channel,nine
Channel->TV Dim->Lamp On->TV,Lamp

SN

Inferring and execution

Speaker Recognition
Pitch

Av
Glottal Pulse Model G(z)

Impulse Train Generator

Vocal Tract Model V(z)

Radiation Model R(z)

Impulse Train Generator

AN

Speech Production Mechanism

Speech production Model

Vocal Tract Modeling

Framework is Generic
S1

Face Recognition

Gesture Recognition

parsing and arbitration

S2

SK

SN

Authentication

Understanding Inferring and execution

Security of Biometric Data

Issues in biometrics
Biometrics is secure but not secret Permanently associated with user Used across multiple applications Can be covertly captured
Fake Biometrics

Types of circumvention
Denial of service attacks(1) Fake biometrics attack(2) Replay and Spoof attacks(3,5) Trojan horse attacks(4,6,7) Back end attacks(8) Collusion Coercion

Threats to a Biometric System

Types of circumvention
Denial of service attacks(1) Fake biometrics attack(2) Replay and Spoof attacks(3,5) Trojan horse attacks(4,6,7) Back end attacks(8) Collusion Coercion

Hashing
Hashing
Instead of storing the original password P, a hashed values P=H(P) is stored instead. The user is authenticated if H(password) = P. It is computationally hard to recover P given H(P) H() one way hashing function

Problem with biometrics

Biometric data has high uncertainty Matching is inexact/probabilistic Therefore, hashing function should be error tolerant

Biometric Hashing

Hashing Schema

Hashing

Personalized Hashing

Fingerprints

Minutiae: Local anomalies in the ridge flow Pattern of minutiae are unique to each individual

Conclusion
Smart spaces and pervasive computing are moving from concepts to implementations Security has to be incorporated in the design stage Traditional authentication and access control paradigms cannot scale to numerous and ubiquitous devices Biometrics serves as a reliable alternative for minimally intrusive authentication Biometrics solves key management and repudiation problem Securing biometrics is a major challenge in an open environment Biometric hashing can be used to create revocable biometric templates