Ubiquitous Computing

Transcription

1 Ubiquitous Computing Issues & Challenges Jaydip Sen Senior Scientist Wireless Research Group, Innovation Lab Tata Consultancy Services, Kolkata, INDIA

2 Outline of the Talk The Vision of UbiComp -- According to Mark Weiser The Enablers Major Challenges Security and Privacy Issues Simulation Results TCS Home Gateway Initiative Security Challenges and Solutions 2

3 The Trends in Computing Technology 1970s 1990s Late 1990s Now and Tomorrow?

4 Pervasive Computing Era

5 Computing Evolution

6 Ubiquitous Computing Mark Weiser, Xerox PARC 1988 Ubiquitous computing enhances computer use by making many computers available throughout the physical environment, but making them effectively invisible to the user 6

7 Invisible Technologies The most powerful technologies are invisible: they get out of the way to let human be effective Electricity Electric motors hidden everywhere (20-30 per car) Electric sockets in every wall and portably available through batteries Integrated, invisible infrastructure Literary technology Continuously surrounding us at many scales: books, newspapers, street signs, candy wrappers Used trivially and profoundly Literally visible, effectively invisible 7

8 A Good Technology Is Invisible Invisible stays out of the way of itself Like a good pencil stays out of the way of the writing Like a good car stays out of the way of the driving Bad technology draws attention to itself, not task Like a broken, or skipping, or dull pencil Like a car that needs a tune-up Computers are mostly not invisible They dominate interaction with them Ubiquitous computing is about invisible computers 8

9 Ubiquitous and Pervasive Computing Ubiquitous: Existing or being everywhere, or in all places at the same time; omnipresent. Pervasive: Tending to pervade, or having power to spread throughout; of a pervading quality. Pervasive is a stepping stone to ubiquity. A pervasive technology becomes ubiquitous when it is taken for granted. 9

10 Outline The Vision -- According to Mark Weiser The Enablers Major Challenges Security and Privacy Issues Conclusion 10

11 Pervasive Computing Enablers Moore s Law of IC Technologies Communication Technologies Material Technologies Sensors/Actuators

12 1st Enabler Moore s Law Processing speed and storage capacity double every 18 months cheaper, smaller, faster Exponential increase will probably go on for the next 10 years at same rate 12

13 Generalized Moore s Law Most important technology parameters double every 1 3 years: computation cycles (clock speed) memory, magnetic disks bandwidth Consequence: scaling down Problems: increasing cost energy 13

14 2nd Enabler Communication Bandwidth of single fibre: ~10 Gb/s 2007: ~20 Tb/s with wavelength multiplex (often at no cost for laying new cable!) Powerline coffee maker automatically connected to the Internet Wireless mobile phone: GSM, GPRS, 3G, 4G wireless LAN (> 10 Mb/s) Bluetooth WiMAX, LTE Personal Area Networks (PAN) - Zigbee Body Area Networks (BAN) Home Area Networks (HAN) 14

15 3rd Enabler New Materials Important : whole eras named after materials e.g., Stone age, Iron age, Pottery age etc. More recently: semiconductors, fibres information and communication technologies Organic semiconductors change the external appearance of computers Plastic laser... Opto-electronics, flexible displays, 15

16 4th Enabler Sensors & Actuators Miniaturized cameras, microphones,... Fingerprint sensor Radio sensors RFID Infrared Location sensors... e.g., GPS 16

17 Putting Them Altogether Progress in computing speed communication bandwidth material sciences sensor techniques computer science concepts miniaturization energy and battery display technologies... Enables new applications Post-PC era business opportunities Challenges for computer scientists, e.g., infrastructure design, algorithm development... 17

18 Evolution of Computing Paradigms Remote communication protocol layering, RPC, end-to-end args.. Fault tolerance ACID, two-phase commit, nested transactions... High availability replication, rollback recovery,... Remote information access dist. file systems, dist. databases, caching,. Distributed Systems Mobile Computing Pervasive Computing Ubiquitous Computing Distributed security encryption, mutual authentication,... Mobile networking Mobile IP, ad hoc networks, wireless TCP fixes,... Mobile information access disconnected operation, weak consistency,... Adaptive applications proxies, transcoding, agility,... Energy-aware systems goal-directed adaptation, disk spin-down,... Location sensitivity GPS, WaveLan triangulation, contextawareness,... Context Awareness Localized scalability Invisibility Privacy Adaptability 18

19 Outline The Vision -- According to Mark Weiser The Enablers Major Challenges Security and Privacy Issues Conclusion 19

20 Ubiquitous Computing Challenges Technology Invisibility Security and Privacy Adaptability

21 Security and Trust Interactions cross multiple organisational boundaries Lessons from history: everything worth hacking gets hacked Need for secure out of the box set up Context aware adaptive security Identify friend or foe level of trust Small communicators, with confidential data, are easily lost or stolen biometric authentication? Trust based on experience + recommendations Credential validation with intermittent network connectivity

22 You are now predictable Privacy System can co-relate location, context and behaviour patterns Do you want employer, colleagues or insurance company to know you carry a medical monitor? Tension between authentication and anonymity business wants to authenticate you for financial transactions and to provide personalized service Users should be aware of being monitored User control should be there on information generated or access to stored information

23 Security and Privacy Challenges 1. Spatio-temporal variation of data and data sources All devices in the neighborhood are potential information providers Nothing is fixed No global catalog No global routing table No centralized control However, each entity can interact with its neighbors By advertising / registering its service By collecting / subscribing to services provided by others

24 Security & Privacy Challenges (contd ) 2. Query may be explicit or implicit Users sometimes ask explicitly e.g. tell me the nearest restaurant that has vegetarian menu items The system can guess likely queries based on declarative information or past behavior e.g. the user always wants to know the price of IBM stock

25 Security & Privacy Challenges (contd ) 3. Information sources are not known a priori. Schema translations cannot be done beforehand Resource limited devices Need for common, domain specific ontologies Different possibilities: Device could interact with only such providers whose schemas it understands Device could interact with anyone, and cache the information with a hope for a translation in the future Device could always try to translate itself Schema translation, Ontology mapping.

26 Security & Privacy Challenges (contd ) 4. Cooperation amongst information sources cannot be guaranteed Device has reliable information, but makes it inaccessible Device provides information that is unreliable Once a device shares information, it must have the capability to protect future unauthorized propagation and changes to that information

27 Security & Privacy Challenges (contd ) Need to avoid humans in the loop Devices must dynamically "predict" data importance and utility based on the current context The key insight: declarative (or inferred) descriptions help Information needs Information capability Constraints Resources Data Answer fidelity Expressive Profiles can capture such descriptions

28 A Data Management Architecture Design and implementation consists of Data Metadata Profiles Entities Communication interfaces Information Providers Information Consumers Information Managers

29 Metadata Metadata representation To provide information about Information providers and consumers, Data objects, and Queries and answers To describe relationships To describe restrictions To reason over the information Semantic language DAML+OIL / DAML-S (DARPA Agent Markup Language)/ (Ontology Inference Layer)

30 Profile Profile User preferences, schedule, requirements Device constraints, providers, consumers Data ownership, restriction, requirements, process model Profiles based on BDI models Beliefs are facts about user or environment/context Desires and Intentions higher level expressions of beliefs and goals Devices reason over the BDI profiles Generate domains of interest and utility functions Change domains and utility functions based on context

31 Information Manager Problems Not all sources and data are correct/accurate/reliable No common sense Person can evaluate a web site based on how it looks, a computer cannot No centralized party that could verify peer reliability or reliability of its data Device is reliable, malicious, ignorant or uncooperative Distributed Belief Need to depend on other peers Evaluate integrity of peers and data based on peer distributed belief Detect which peer and what data is accurate Detect malicious peers Incentive model: if A is malicious, it will be excluded from the network

32 Information Manager (contd...) Distributed Belief Model Device sends a query to multiple peers Ask its vicinity for reputation of untrusted peers that responded to the query Trust a device only if trusted before or if enough of trusted peers trust it Use answers from (recommended to be) trusted peers to determine answer Update reputation/trust level for all devices that responded Trust level increases for devices that responded according to final answer Trust level decreases for devices that responded in a conflicting way Each devices builds a ring of trust

33 Distributed Belief Model A: B, where is Bob? A: C, where is Bob? A: D, where is Bob?

34 Distributed Belief Model (contd ) B: A, Bob is in home. C: A, Bob is at work. D: A, Bob is in home.

35 Distributed Belief Model (contd ) A: I have enough trust in D. What about B and C? A: B: Bob in home, C: Bob at work, D: Bob in home

36 Distributed Belief Model (contd ) B: I am not sure. C: I always do. E: I don t. F: I do. D: I don t. A: Do you trust C? A: I don t care what C says. I don t know enough about B, but I trust D, E, and F. Together, they don t trust C, so won t I.

37 Distributed Belief Model (contd ) E: I do. B: I do. C: I never do. F: I am not sure. D: I am not sure. A: Do you trust B? A: I don t care what B says. I don t trust C, but I trust D, E, and F. Together, they trust B a little, so will I.

38 Distributed Belief Model (contd ) A: I trust B and D, both say Bob is home A: Bob is home! A: Increase trust in B. A: Decrease trust in C. A: Increase trust in D.

39 Distributed Belief Model Information Manager Initial Trust Function a device performs this function whenever it encounters another device for the first time Pessimistic (-1), Optimistic (+1), Undecided (0) Trust Learning Function based on the current and past trust values Blindly +, Blindly -, Fast+, Fast-, Balanced+, Balanced Slow, Exponential Trust Weighting Function weight assigned to the information provided by a device based on its current trust value Multiplication (x*y), Cosine [ y 0 0, y > 0 x (1 cos(y*π/2)) ] Accuracy Merging Function used by a device to combine weighted accuracy degrees for same answers from multiple peers Max (highest suggested accuracy), Min (lowest suggested accuracy), Average

40 Experimental Parameters

41 Experiments Devices Reliable : share reliable data only Malicious : try to share unreliable data as reliable Ignorant : have unreliable data but believe they are reliable Uncooperative : have reliable data but will not share Model Device sends a query to multiple peers Asks its vicinity for reputation of untrusted peers that responded to the query Trust a device only if trusted before or if enough of trusted peers trust it Use answers from (recommended to be) trusted peers to determine answer Update reputation/trust level for all devices that responded A trust level increases for devices that responded according to final answer A trust level decreases for devices that responded in a conflicting way

42 Experimental Environment Parameter Value Spatial dimension 150 m * 150 m Simulation period 50 min Simulation KB 800 data answers, 800 questions No. of mobile devices 50 Mobility pattern Random way-point, 5 s pause time, speed 1-5 m/s Routing protocol AODV Flooding range 2 hops Tx range 25 m Tx throughput 2 Mbps Device s cache size 250 KB (50% of simulation KB) Device s initial KB 100 question, 100 answers not matching initial questions Device s initial trust 3 to 5 nodes

43 Results Answer Accuracy vs. Trust Learning Functions Answer Accuracy vs. Accuracy Merging Functions Distrust Convergence vs. Dishonesty Level

44 Answer Accuracy vs. Trust Learning Functions The effects of trust learning functions with an initial optimistic trust for environments with varying level of dishonesty. The results are shown for ++, --, s, f, f+, f-, and exp learning functions. Dishonesty levels increased from 0% to 100% Higher initial trust more answers accepted more wrong answers accurate answers incorrect 80 answers Number of Answers (%) s f f+ f e 0% 0 + s f f+ f e 25% 0 + s f f+ f e 50% 0 + s f f+ f e 75% 0 + s f f+ f e 100%

45 Ans Accuracy vs. Trust Learning Func (contd ) The effects of trust learning functions with an initial pessimistic trust for environments with varying level of dishonesty. The results are shown for ++, --, s, f, f+, f-, and exp learning functions accurate answers incorrect 80answers Number of Answers (%) s f f+ f e 0% 0 + s f f+ f e 25% 0 + s f f+ f e 50% 0 + s f f+ f e 75% 0 + s f f+ f e 100%

46 Answer Accuracy vs. Accuracy Merging Function The effects of accuracy merging functions for environments with varying level of dishonesty. The results are shown for (a) MIN using only-one (OO) final answer approach (b) MIN using { highest-one} (HO) final answer approach (c) MAX + OO, (d) MAX + HO, (e) AVG + OO, and (f) AVG + HO accurate answers incorrect 80 answers Number of Answers (%) a b c d e f 0% 0 a b c d e f 25% 0 a b c d e f 50% 0 a b c d e f 75% 0 a b c d e f 100%

47 Distrust Convergence vs. Dishonesty Level Average distrust convergence period in seconds for environments with varying level of dishonesty (25%, 50% and 100% dishonest nodes). Convergence period time from the start till all honest devices are able to detect all unreliable nodes. The results are shown for [ (a) ++, (b) --, (c) s, (d) f with α +. (e)- (h) for same functions with α 0. Average Distrust Degree for Dishonest Device es % % a b 0.4 c d 0.6 e f 0.8 g h %

48 Distrust Convergence vs. Dishonesty Level Convergence is much slower for higher proportion of dishonest nodes in the network Blindly negative trust learning function always produced the least trust level among the nodes in all possible combinations in the simulation. For undecided initial trust function, the final trust values for most of the dishonest nodes were found to be -1. The convergence was quick where the number of dishonest nodes was not high. In situations where there are many dishonest nodes, an undecided initial trust function produced undecided trust degree for most of the nodes. The less evidence a device could obtain (for or against a peer node) the less is the probability that the device will make a decision about the peer s dishonesty.

49 TCS Home Gateway Initiative

50 Drivers for Home Networking WiFi enablement of the home More than one PC in use Music and Video going on line Future two way multimedia services Sales (millions) Global sales of Wifi-enabled laptops What s 20.0 the role for the Telco?

51 Drivers for Home Networking Lots of companies producing WiFi gateways Growing market worldwide Prices falling rapidly Technology changing rapidly Consumer electronics companies WiFi enabling devices

52 It s about Services Entertainment Security Home Gateway PC Internet This is complex to manage! Gaming Voice and video services Personal content

53 Issues for the Home Gateway The Home network will become increasingly complex to manage Customers will require: a range of services. delivered to a range of devices. with end to end quality assurance across the network Home gateway manufacturers, telecommunications operators and consumer electronics companies must work together to develop common standards to enable this Key areas that require standards to be agreed include: Service management Service performance Security Seamless integration of many different devices and the ability to deliver managed services to these will be key to the future customer take-up of broadband services

54 What will HGI Enable Entertainment Security Security QoS control Services Internet Service integration Home Gateway Home Network PC Device Ma anagement End to end service delivery Voice services Personal content Gaming

55 TCS Home Gateway Initiative TCS has come up with a home infotainment platform (HIP) an embedded platform for Internet access on TV from home. TCS has plans to extend this device into a ubiquitous home gateway. Like all embedded systems, such gateway device is required to store, access, or communicate date which are sensitive in nature. This makes security a serious concern.

56 Security Challenges in Embedded Systems Tamper-proofing the device: Physical and side-channel attacks integrates all attacks that interact with the embedded systems hardware and exploit the physical side of system implementation flaws and properties. Invasive attacks micro-probing techniques gain access to the chip level components in order to interfere and manipulate with system internals. Non-invasive attacks do not require the device to be opened. Fault-induction attacks observe the targeted systems behavior after generating errors or failures on it, through manipulation of its operating conditions like supply of voltage, temperature, radiation, light etc. Software attacks exploit the systems capability to download, upgrade, and execute application codes. Interception-based attacks try to passively eavesdrop on sensitive data in order to compromise the privacy or confidentiality of the user. Interruption-based attacks make the device usable through an energy exhaustion attack on the device. Modification-based attacks compromise software integrity by exploiting detected vulnerabilities. Example: use of buffer overflow to overwrite the stack memory, and transferring control to a malicious program whose execution may have undesirable effects.

57 Security Challenges in Embedded Systems Networking threats prevention: Access from the Internet the users will be able to connect to the gateway from the Internet and access information from small embedded devices at their homes. Given the constraints of the platform of the home gateway, maintaining adequate security in such scenarios is a real challenge. Home network threats the broadcast nature of the wireless radio signal makes the network vulnerable to several threats. Strong countermeasures are needed to overcome these problems. Confidentiality and privacy of user data access protocols and the system need to be designed to ensure that the confidentiality and/or privacy of sensitive user data are maintained by use of appropriate encryption and privacy-preserving mechanisms.

58 Security Challenges in Embedded Systems Networking threats prevention: Access from the Internet the users will be able to connect to the gateway from the Internet and access information from small embedded devices at their homes. Given the constraints of the platform of the home gateway, maintaining adequate security in such scenarios is a real challenge. Home network threats the broadcast nature of the wireless radio signal makes the network vulnerable to several threats. Strong countermeasures are needed to overcome these problems. Confidentiality and privacy of user data access protocols and the system need to be designed to ensure that the confidentiality and/or privacy of sensitive user data are maintained by use of appropriate encryption and privacy-preserving mechanisms.

59 Security Solutions Specific security solutions for handling the vulnerabilities: Security bootstrapping providing an acceptable guarantee about the security of the operating systems starting point is of paramount importance. Software authentication and validation every application should undergo a validation step before its execution. This can be done through computing a hash of the application code and comparing it to a pre-computed value. Operating system and application enhancement Trusted Computing Group (TCG) and Next Generation Secure Computing Base (NGSCB) initiatives rely on different OS modifications which protect sensitive code or data.

60 Trusted Computing Idea: It shall be impossible to install and execute software that is not certified and authorised Current paradigm: Software-open systems Trusted computing paradigm: Software closed systems Controlled by hardware 1999: Trusted Computing Group (TCG) Trusted Platform Module (TPM) specification 2001: Production of TPM chip 2002: Microsoft announces Palladium TPM chip 2005: Next Generation Secure Computing Base (NGSCB) 2006: Limited trusted computing in Vista Disk encryption based on TPM (Trusted Platform Module) 2009: TPM in almost all PCs, not yet in mobiles

61 Trusted Computing Module (TPM)

62 Trusted Computing Base: TCB A full combination of security mechanisms (hardware and software) within a system Security evaluation gives security assurance US TCSEC (Trusted Computer Security Evaluation Criteria, aka. Orange Book) European ITSEC (Information Technology Security Evaluation Criteria) ISO Common Criteria Represents a public measure of security Additional factors can override security assurance at any time, e.g. security flaws

63 Conclusion Challenging research problems exist in the field of pervasive and ubiquitous computing. Integration of technologies is the greatest challenge. HCI, Software agents, AI and other domains of computer science will play a major role in the evolutions and growth of ubiquitous computing. A lot has been achieved but much more remains to be achieved.

64 Thank You! 64