Application Security and Wireless Applications

Transcription

1 Application Security and Wireless Applications Silvia Giordano DTI - SUPSI University of Applied Science, Manno Switzerland silvia.giordano@supsi.ch SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 1 Outline of this lesson Application Networks Security what is security? cryptography authentication message integrity key distribution and certification Wireless applications SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 2

2 Application Networks Security SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 3 Application Networks Security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure transport layer: Internet commerce, SSL, SET network layer: IP security SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 4

3 Friends and enemies: Alice, Bob, Trudy Figure 7.1 goes here well-known in network security world Bob, Alice (lovers!) want to communicate securely Trudy, the intruder may intercept, delete, add messages SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 5 What is network security? Secrecy: only sender, intended receiver should understand msg contents sender encrypts msg receiver decrypts msg Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 6

4 Internet security threats Packet sniffing: broadcast media promiscuous NIC reads all packets passing by can read all unencrypted data (e.g. passwords) e.g.: C sniffs B s packets A C src:b dest:a payload B SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 7 Internet security threats IP Spoofing: can generate raw IP packets directly from application, putting any value into IP source address field receiver can t tell if source is spoofed e.g.: C pretends to be B A C src:b dest:a payload B SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 8

5 Internet security threats Denial of service (DOS): flood of maliciously generated packets swamp receiver Distributed DOS (DDOS): multiple coordinated sources swamp receiver e.g., C and remote host SYN-attack A A C SYN SYN SYN SYN SYN SYN SYN SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 9 B The language of cryptography plaintext K K Figure A 7.3 goes here B ciphertext plaintext symmetric key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 10

6 Symmetric key cryptography substitution cipher: substituting one thing for another monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq E.g.: Plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 11 Symmetric key crypto: DES DES: Data Encryption Standard 56-bit symmetric key, 64 bit plaintext input How secure is DES? DES Challenge: 56-bit-key-encrypted phrase ( Strong cryptography makes the world a safer place ) decrypted (brute force) in 4 months no known backdoor decryption approach making DES more secure use three keys sequentially (3-DES) on each datum use cipher-block chaining SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 12

7 Public Key Cryptography symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if never met )? public key cryptography radically different approach [Diffie- Hellman76, RSA78] sender, receiver do not share secret key encryption key public (known to all) decryption key private (known only to receiver) SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 13 Public key cryptography Figure 7.7 goes here SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 14

8 Public key encryption algorithms Two inter-related requirements: 1.. B B d need (e (m)) d ( ) = and m e ( ) such that B B 2 need public and private keys.. for d ( ) and e ( ) B B RSA: Rivest, Shamir, Adelson algorithm SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 15 RSA: Choosing keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are relatively prime ). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (n,e). Private key is (n,d). SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 16

9 RSA: Encryption, decryption 0. Given (n,e) and (n,d) as computed above 1. To encrypt bit pattern, m, compute c = m e e mod n (i.e., remainder when m is divided by n) 2. To decrypt received bit pattern, c, compute m = c d mod n (i.e., remainder when c d is divided by n) Magic happens! m = (m e d mod n) mod n SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 17 RSA example: Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z. encrypt: letter m m e c = m e mod n l decrypt: c c d m = c d mod n letter l SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 18

10 RSA: Why: m = (m e d mod n) mod n Number theory result: If p,q prime, n = pq, then y ymod (p-1)(q-1) x mod n = x mod n e (m mod n) d mod n = m ed mod n ed mod (p-1)(q-1) = m mod n (using number theory result above) 1 = m mod n (since we chose ed to be divisible by (p-1)(q-1) with remainder 1 ) = m SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 19 Authentication Goal: Bob wants Alice to prove her identity to him Protocol ap1.0: Alice says I am Alice Failure scenario?? SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 20

11 Authentication Failure Protocol ap1.0: Trudy says I am Alice SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 21 Authentication: another try Protocol ap2.0: Alice says I am Alice and sends her IP address along to prove it. Failure scenario?? SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 22

12 Authentication: another try Failure Protocol ap2.0: Trudy says I am Alice and sends Alice s IP address along to prove it. SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 23 Authentication: another try Protocol ap3.0: Alice says I am Alice and sends her secret password to prove it. Failure scenario? SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 24

13 Authentication: another try Failure Protocol ap3.0: Trudy says I am Alice and sends Alice s secret password to prove it. SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 25 Authentication: yet another try Protocol ap3.1: Alice says I am Alice and sends her encrypted secret password to prove it. I am Alice encrypt password Failure scenario? SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 26

14 Authentication: yet another try Failure Protocol ap3.1: Alice says I am Alice and sends Alice s encrypted secret password to prove it. I am Alice encrypt password I am Alice encrypt password SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 27 Authentication: yet another try Goal: avoid playback attack Nonce: number (R) used onlyonce in a lifetime ap4.0: to prove Alice live, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key Failures, drawbacks? SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 28

15 Authentication: ap5.0 ap4.0 requires shared symmetric key problem: how do Bob, Alice agree on key can we authenticate using public key techniques? ap5.0: use nonce, public key cryptography Figure 7.12 goes here SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 29 ap5.0: security hole Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) Figure 7.14 goes here Need certified public keys SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 30

16 Cryptographic technique analogous to handwritten signatures. Sender (Bob) digitally signs document, establishing he is document owner/creator. Verifiable, nonforgeable: recipient (Alice) can verify that Bob, and no one else, signed document. Digital Signatures Simple digital signature for message m: Bob encrypts m with his public key d B, creating signed message, d B (m). Bob sends m and d B (m) to Alice. SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 31 Digital Signatures (more) Suppose Alice receives msg m, and digital signature d B (m) Alice verifies m signed by Bob by applying Bob s public key e B to d B (m) then checks e B (d B (m) ) = m. If e B (d B (m) ) = m, whoever signed m must have used Bob s private key. Alice thus verifies that: Bob signed m. No one else signed m. Bob signed m and not m. Non-repudiation: Alice can take m, and signature d B (m) to court and prove that Bob signed m. SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 32

17 Message Digests Computationally expensive to public-key-encrypt long messages Goal: fixedlength,easy to compute digital signature, fingerprint apply hash function H to m, get fixed size message digest, H(m). Hash function properties: Many-to-1 Produces fixed-size msg digest (fingerprint) Given message digest x, computationally infeasible to find m such that x = H(m) computationally infeasible to find any two messages m and m such that H(m) = H(m ). SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 33 Digital signature = Signed message digest Bob sends digitally signed message: Alice verifies signature and integrity of digitally signed message: SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 34

18 Internet checksum would make a poor message digest. Too easy to find two messages with same checksum. Hash Function Algorithms MD5 hash function widely used. Computes 128-bit message digest in 4-step process. arbitrary 128-bit string x, appears difficult to construct msg m whose MD5 hash is equal to x. SHA-1 is also used. US standard 160-bit message digest SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 35 Problem: Trusted Intermediaries How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC) acting as intermediary between entities Problem: When Alice obtains Bob s public key (from web site, e- mail, diskette), how does she know it is Bob s public key, not Trudy s? Solution: trusted certification authority (CA) SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 36

19 Key Distribution Center (KDC) Alice,Bob need shared symmetric key. KDC: server shares different secret key with each registered user. Alice, Bob know own symmetric keys, K A-KDC K B-KDC, for communicating with KDC. Alice communicates with KDC, gets session key R1, and K B- KDC (A,R1) Alice sends Bob K B-KDC (A,R1), Bob extracts R1 Alice, Bob now share the symmetric key R1. SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 37 Certification authority (CA) binds public key to particular entity. Entity (person, router, etc.) can register its public key with CA. Entity provides proof of identity to CA. CA creates certificate binding entity to public key. Certificate digitally signed by CA. Certification Authorities When Alice wants Bob s public key: gets Bob s certificate (Bob or elsewhere). Apply CA s public key to Bob s certificate, get Bob s public key SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 38

20 Secure Alice wants to send secret message, m, to Bob. generates random symmetric private key, K S. encrypts message with K S also encrypts K S with Bob s public key. sends both K S (m) and e B (K S ) to Bob. SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 39 Secure (continued) Alice wants to provide sender authentication message integrity. Alice digitally signs message. sends both message (in the clear) and digital signature. SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 40

21 Secure (continued) Alice wants to provide secrecy, sender authentication, message integrity. Note: Alice uses both her private key, Bob s public key. SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 41 Pretty good privacy (PGP) Internet encryption scheme, a de-facto standard. Uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described. Provides secrecy, sender authentication, integrity. Inventor, Phil Zimmerman, was target of 3-year federal investigation. A PGP signed message: ---BEGIN PGP SIGNED MESSAGE--- Hash: SHA1 Bob:My husband is out of town tonight.passionately yours, Alice ---BEGIN PGP SIGNATURE--- Version: PGP 5.0 Charset: noconv yhhjrhhgjghgg/12epj+lo8ge4vb3mqj hfevzp9t6n7g6m5gw2 ---END PGP SIGNATURE--- SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 42

22 Secure sockets layer (SSL) PGP provides security for a specific network app. SSL works at transport layer. Provides security to any TCP-based app using SSL services. SSL: used between WWW browsers, servers for I- commerce (shttp). SSL security services: server authentication data encryption client authentication (optional) Server authentication: SSL-enabled browser includes public keys for trusted CAs. Browser requests server certificate, issued by trusted CA. Browser uses CA s public key to extract server s public key from certificate. Visit your browser s security menu to see its trusted CAs. SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 43 Encrypted SSL session: Browser generates symmetric session key, encrypts it with server s public key, sends encrypted key to server. Using its private key, server decrypts session key. Browser, server agree that future msgs will be encrypted. All data sent into TCP socket (by client or server) i encrypted with session key. SSL (continued) SSL: basis of IETF Transport Layer Security (TLS). SSL can be used for non- Web applications, e.g., IMAP. Client authentication can be done with client certificates. SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 44

23 Secure electronic transactions (SET) designed for payment-card transactions over Internet. provides security services among 3 players: customer merchant merchant s bank All must have certificates. SET specifies legal meanings of certificates. apportionment of liabilities for transactions SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 45 Customer s card number passed to merchant s bank without merchant ever seeing number in plain text. Prevents merchants from stealing, leaking payment card numbers. Three software components: Browser wallet Merchant server Acquirer gateway See text for description of SET transaction. Ipsec: Network Layer Security Network-layer secrecy: sending host encrypts the data in IP datagram TCP and UDP segments; ICMP and SNMP messages. Network-layer authentication destination host can authenticate source IP address Two principle protocols: authentication header (AH) protocol encapsulation security payload (ESP) protocol For both AH and ESP, source, destination handshake: create network-layer logical channel called a service agreement (SA) Each SA unidirectional. Uniquely determined by: security protocol (AH or ESP) source IP address 32-bit connection ID SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 46

24 Provides secrecy, host authentication, data integrity. Data, ESP trailer encrypted. Next header field is in ESP trailer. ESP Protocol ESP authentication field is similar to AH authentication field. Protocol = 50. SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 47 Authentication Header (AH) Protocol Provides source host AH header includes: authentication, data integrity, connection identifier but not secrecy. AH header inserted between IP header and IP data field. Protocol field = 51. Intermediate routers process datagrams as usual. authentication data: signed message digest, calculated over original IP datagram, providing source authentication, data integrity. Next header field: specifies type of data (TCP, UDP, ICMP, etc.) SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 48

25 Application Security (summary) Basic techniques... cryptography (symmetric and public) authentication message integrity. used in many different security scenarios secure secure transport (SSL) IP sec See also: firewalls, in network management SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 49 Wireless Application Networks SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 50

26 laptops, PDAs What is wireless networking? Wireless communications allows novel classes of applications Not simply computer-to-computer Ubiquitous scenarios Interdisciplinary applications In same case, is the communication paradigm that makes the difference (no killer applications) SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 51 Wireless Data Vision Region TAXI City Campus In-Building Seamless Multimedia Networks with Mobility and Freedom from Tethers [R. Katz, "Does Wireless Data Have a Future?", Plenary Talk, INFOCOM '96] SUPSI-DTI Silvia Giordano 8C Cimini-7/98

27 Ubiquitous and Pervasive Computing The environment saturated with computing (ubiquitous) and communications capabilities (pervasive) to make intelligent decisions in automated, context-aware manner Technology transparently weaved into the fabric of our daily lives technology that disappears. (Weiser 1990) Portable devices around users networked with personal area networks e sensors networks Environment that takes care of itself or users (proactive) Examples: Smart home, office, mall, hotel, hospital, park, airport SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 53 Ubiquitous Computing one computer for many one computer for one many computers for one SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 54

28 Examples of Wireless & Mobile Applications Vehicles transmission of news, road condition etc ad-hoc network with near vehicles to prevent accidents Emergencies early transmission of patient data to the hospital ad-hoc network in case of earthquakes, cyclones military... Healthy direct communication with hospitals constant personal monitoring electronic information to doctors SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 55 Design Challenges Wireless Communication brings challenges to mobile computing because of Disconnections Low Bandwidth High Bandwidth Variability Heterogeneous Networks Security Risks High Layers Dependences Mobile Systems and Applications should consider these issues for good operation/functionality performance availability SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 56

29 Disconnections Todays computers depend heavily on network Network File Systems, ftp servers, telnet serves, X- servers, Web servers Network failure will stall the applications and systems Network failure is greater concern for mobile computing Disconnections can be much more frequent SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 57 Disconnections There is trade-off between autonomy and distributed computing The more autonomous the mobile computers, the better they can tolerate to network disconnections However, since mobile computer resources are scarce and limited, it is preferable to use the network and network services as much as possible to off-load computation and storage to network For example using a network file system prevents storing all the files in the local mobile computer SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 58

30 Disconnections Code File System is a good example of handling network disconnections Designed as a file system for mobile computers like laptops Information from user profiles is used to locally cache best selection of files on the mobile computer A whole file is cached (not only some blocks) Optimistic caching scheme is used Users can update the cached copies Studies show that only rarely (1%) are files actually shared and written to in a distributed system When network reconnects, the cache is automatically reconciled with the master copy in the server. SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 59 Disconnections Hoarding: Periodically a good set of files are copied from the master repository at the server to the mobile computer cache. The mobile users make their updates on the files All events are logged into a log file. When network reconnects, the log file is used to merge the updates and to make the caches consistent. SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 60

31 Low bandwidth Mobile computing designs need to be more concerned about network bandwidth consumption and constraints than designs for stationary computing Wireless networks deliver lower bandwidth than wired networks 1 Mbps Infrared communication Mbps wireless local radio communications (shared) 9.6 Kbps for wide-area wireless communication Wired networks Mbps for Ethernet 100 Mbps for FDDI 155 Mbps for ATM 1 Gbps for Gigabit Ethernet SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 61 Low bandwidth To increase the system s effective bandwidth per user 1) Use small areas with many APs OR 2) Use different frequencies with overlapping areas Weiser defined the capacity of wireless network as Bandwidth provided per cubic meter There is a hardware tradeoff between bandwidth and coverage area Transmitters covering a smaller area achieve higher bandwidths SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 62

32 Low bandwidth Some software techniques to cope with low bandwidths Compress data that is to be transmitted Log the data, and use bulk transfers Bulk transfers are more efficient than many individual transfers in terms of bandwidth usage Lazy-write back of local caches of mobile computers may also reduce the network bandwidth demand Pre-fetching allows transferring the data ahead of need and thereby reduces the peek loads at time of many demands Scheduling packets on the wireless channels is also important. Priority should be given to packets that belong time-critical applications SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 63 High bandwidth variability High Bandwidth Variability Mobile computers face much more variability in effective bandwidth than stationary computers Bandwidth can shift 1 to 4 orders of magnitude between wired and wireless communication A mobile application can cope with this bandwidth variability in 3 ways Assuming availability of high bandwidth connections and operating only on wired networks Assuming low bandwidth connections and not taking advantage of wired access and high bandwidths Adapting to the currently available bandwidth: providing the user with a variable level of quality and detail SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 64

33 Heterogeneous Networks Stationary computers access the network over the same link for a long time No change in link characteristics: bandwidth, delay, lossrate Mobile computers encounters heterogeneous network connections Using different base stations Some have better quality and less number of users Using different wireless technologies Indoor: infrared link; Outdoor: wide-area radio link Cities: cellular network; Rural areas: satellite network SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 65 Security Risks It is much easier to connect to a wireless link than to connect to a wired link Two kind of security concerns Access control to wireless network You may not want other un-authorized people to access your wireless local area network at the company Use security protocols such as 802.1x that requires authentication of users to the Wireless LAN before they can transmit packets Prevent others to sniff and read the data packets that are sent over a wireless link Use encryption for data transmitted Shared keys are used (manual or automatic key management) SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 66

34 laptops, PDAs High Layers Dependences In wireless networks most of information could be useful to several layers: e.g. traffic type, channel perturbations, network status There is no more a strict separation among layers cross layering: joint optimization of protocols belonging to different layers Balance between cross-layering and traditional layer separation SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 67 From wireless toward pervasive Region TAXI City Campus In-Building Personal Area Network Body Area Network Sensor Network SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 68

35 From ubiquitous toward pervasive one computer for many one computer for one many computers for one any object communicate for one SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 69 Pervasive Computing The concept of Pervasive Computing is relies on the existences of computer networks that provides immersive communication in the environment Novel classes of networks with the capability of following the mobile users and to perceive the context Body Area Networks Personal Area Networks Sensor Networks SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 70

36 Novel Network technologies SUPSI-DTI Silvia Giordano Body Area Networks (BANs) Network that interconnects devices distributed onto the body of a person connects heterogeneous devices Personal Digital Assistant MP3 display, phones, etc supports different data types supports heterogeneous connections wired, wireless BODY AREA NETWORK SUPSI-DTI Silvia Giordano easy to use and set up protection for users privacy

37 Body Area Networks (BANs) Human body as media for data transmission a small device creates the power through the body the modulation allows the data transmission 100 Kbps Possible applications: data exchange between 2 people with simple handshaking devices for users recognition doctor can recognize a patient and find his clinic files SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 73 Body Area Networks (BANs) MITHRIL Ethernet around user body microphone, video camera, infrared sensor, optical visor and micro-keyboard LEVIS ICD+ First example of commercial BAN. Cellular, MP3, phones e microphone integrated in a jacket and manageable by a single intelligent device wireless network represents the most flexible solutions for interconnection of wearable devices! SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 74

38 Personal Area Networks (PANs) Bluetooth 2.5GHz ISM band 10m range, 1mW transmit power 100m range, requires increase in transmit power 1 Mbps data rate shared between 7 devices FHSS spread spectrum use TDD duplex scheme Polling based multiple access Restricted start topology 1 master connects to 7 slaves SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 75 Personal Area Networks (PANs) wireless network with short range for external connection in ad hoc and reconfigurable fashion heterogeneous devices cellular, notebooks printers, home-devices video cameras, sensors, etc differentiated services dynamic external connection data security PERSONAL AREA NETWORK SUPSI-DTI Silvia Giordano

39 Personal Area Networks (PANs) TECHMOBILE IBM Example of PAN inside a car TSpaces: software system that allows communication, recognition, management and data transfer among car s devices BlueEyes: system for perceiving the user status ViaVoice: system for voice recognition BlueDrekar: system for remote car control SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 77 Sensor Networks Internet, Satellite, etc Task Manager Sink Sink Several thousands of nodes A sensor node is a battery-powered, wireless computer nodes are physically small (a few cubic centimeters) and use extremely low power SUPSI-DTI Silvia Giordano

40 Sensor Networks Applications Military, Environmental, Health, Home, Space Exploration, Chemical Processing, Disaster Relief. SENSOR TYPES: Seismic, Low sampling rate magnetic, Thermal, Visual, Infrared, Acoustic, Radar SENSOR TASKS: Temperature, Humidity, Vehicular Movement, Lightning Condition, Pressure, Soil Makeup, Noise Levels, Presence or Absence of Certain Types of Objects, Mechanical Stress Levels on Attached Objects, Current Characteristics Speed, Direction, Size) of an Object. SUPSI-DTI Silvia Giordano Summary Internet applications are already running on the network There are new aspects relevant for applications: Security Wireless SUPSI-DTI Silvia Giordano 10/06/2004 Security, Network Management and Wireless 80