多媒體網路安全實驗室
Routing Through the Mist:
Privacy Preserving Communication
in Ubiquitous Computing
Environments
Date:2011/05/05
報告人：向峻霈
出處: Jalal Al-Muhtadi , Roy Campbell , Apu Kapadia , M. Dennis Mickunas
Seung Yi : Distributed Computing Systems,
pp. 74-83 ,2002
多媒體網路安全實驗室
Outline
1
Introduction
2
Problem statement
3
The Mist Hierarchy
4
Implementation
5
3
Conclusion
2
多媒體網路安全實驗室
Introduction
Distributed systems and mobile computing
have converged to enhance global
interconnectivity
Users can access services
 Run programs
 Utilize resources
 Harvest computing power anytime and anywhere
3
多媒體網路安全實驗室
Problem statement
Physical spaces augmented with sensors
and actuators that can locate users
收集網絡地址
物理位置
竊聽者
User
4
多媒體網路安全實驗室
Problem statement
We aim to design and implement a privacy
protocol
 User能在任意環境自由交流並保留隱私
 防止內部人員的隱私協議
Sensors that can detect the presence of
users in a room
 但沒有能力積極辨識user
Mist Routers
 Preserve privacy
 Hide information
5
多媒體網路安全實驗室
Problem statement
Our goal is to achieve the following
 Location privacy
 Anonymous connections
 Confidentiality
We assume




Public Key Infrastructure (PKI) exists
Ubiquitous computing environment
Mist Routers
Third party that can’t be trusted
6
多媒體網路安全實驗室
The Mist Hierarchy
7
多媒體網路安全實驗室
The Mist Hierarchy
Portals are viewed as the gateways that
bridge the virtual world to the physical one




Workstation
A sensor
An access point for wireless devices
RF transceiver
8
多媒體網路安全實驗室
The Mist Hierarchy
 “Smart” rooms
 Detect the physical presence of one or more users
 The users are anonymous and not authenticated
as of yet
 Location and discovery services that are available
in Gaia OS
 不包含
• 監控攝像機
• 語音識別裝置
9
多媒體網路安全實驗室
Registering in the system
10
多媒體網路安全實驗室
Mist Circuits
Mist Circuits employ hop-to-hop
 handle-based routing to send data packets
back and forth between the source and
destination through the mist
 Combining this routing with limited publickey encryption
11
多媒體網路安全實驗室
General format for Mist packets
12
多媒體網路安全實驗室
Mist Circuit setup
13
多媒體網路安全實驗室
Mist Circuits
14
多媒體網路安全實驗室
Mist Circuits
 Alice: Alice’s unique ID in the active information space
 TS: A timestamp to prevent replay attacks
 Ksession: A random session key to encrypt further communication
between the user and her or his Lighthouse
 TKN: A token to be presented to the user’s lookup service
 Ek : Means encrypt using the key ‘k’
 PP: A predetermined “fixed” phrase
15
多媒體網路安全實驗室
Locating Users
Once the Mist Circuit-Setup has been
completed
 LDAP Servers
 Web Servers
 Security issues
16
多媒體網路安全實驗室
LDAP Servers
Lightweight Directory Access Protocol
(LDAP)
 users can register attributes with LDAP servers
 unique LDAP Distinguished Name(DN)
17
多媒體網路安全實驗室
Web Servers
Users to maintain their own webpages
 These webpages can be updated by a CGI
script
18
多媒體網路安全實驗室
Security issues
We would like to prevent malicious
Lighthouses or attackers
 Constructs a special token (TKN) signed by
the user’s private key
 TKN
• Timestamp
• Unique ID of the chosen Lighthouse
TKN contents do not need to be encrypted
19
多媒體網路安全實驗室
Mist Communication Setup
20
多媒體網路安全實驗室
Mist Communication Setup
21
多媒體網路安全實驗室
Conclusion
There is a fair possibility of creating a
ubiquitous ‘surveillance’ system instead
We would like to “short circuit” their
communication to take the shortest path
possible
22
多媒體網路安全實驗室