A few challenges in security & privacy in the context of

advertisement
A few challenges in security &
privacy in the context of
ubiquitous computing
Gene Tsudik
SCONCE: Secure Computing and
Networking Center
UC Irvine
http://sconce.ics.uci.edu/
06/13/2005
1
Some Challenges
• Location privacy, network unobservability
and location verification
• Distributed decision-making in MANETs
• Privacy-preserving authentication and
authorization
• Secure data and tag aggregation
• Device pairing with varying degrees of
human intervention
2
Secure Membership Control in MANETs
Membership control is the
foundation of all security
features/services in a MANET
Why is Membership Control Hard?
Objective:
Technical Approach:
A set of practical, robust and secure techniques
for distributed decision-making in multi-hop
MANETs. Employ (and design) state-of-the-art
(threshold and proactive) cryptographic methods
to construct protocols for distributed admission
and eviction of nodes in a MANET. Implement in
a general-purpose toolkit & integrate with
sample applications; experiment with limited
deployment scenarios.
 No omni-present centralized/trusted authority
 Dynamic topology
 Sporadic connectivity
 Frequent outages/failures
 New nodes can “appear” at any time, esp. in a
battlefield setting
 Trust in nodes is ephemeral, e.g., captured
nodes/units must be evicted from network
•Architecture: consider security needs of various
applications.
•Short-lived versus long-lived MANETs/groups
•Interaction with outside: closed vs open groups
•Is non-repudiation needed?
•Is communication pair-wise or group-wise?
• RSA doesn’t work
• DSA, Schnorr, ID-based techniques for long-lived
groups
• Bivariate polynomial secret sharing for short-lived
groups
http://sconce.ics.uci.edu/gac
3
Some Recent Results:
An Attack on the Proactive RSA Signature Scheme in the
URSA Ad Hoc Network Access Control Protocol,
Stanislaw Jarecki, Nitesh Saxena and Jeong H. Yi,
ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN),
October 2004.
Identity-based Access Control for Ad Hoc Groups,
Nitesh Saxena, Gene Tsudik and Jeong H. Yi,
International Conference on Information Security and Cryptology (ICISC),
December 2004.
Futher Simplifications in Proactive RSA Signature Schemes,
Stanislaw Jarecki and Nitesh Saxena,
Theory of Cryptography Conference (TCC),
February 2005.
Efficient Node Admission for Short-Lived MANETs
Nitesh Saxena, Gene Tsudik and Jeong H. Yi,
in submission.
4
Privacy-preserving Authentication
and Authorization
A few basic concepts:
• Oblivious Envelopes
– Alice is an informant, has secret info for police
– Bob claims to be a cop, doesn’t want to show his credentials
– See, e.g., Li, et al. PODC’03
• Secret Handshakes
–
–
–
–
–
Alice wants to talk to Bob iff Bob is a CIA agent
Bob wants to talk to Alice iff Alice is a CIA agent
Must be unobservable to others, anonymous, unlinkable
Generalizable to groups?
See, e.g., Balfanz, et al. S&P’03, Castelluccia, et al. AC’04
• Privacy-Preserving Trust Negotiation (Hidden Credentials)
– Alice wants to access one of Bob’s resources
– Bob doesn’t want to divulge his access control policies
– More generally, Alice has many credentials; doesn’t want Bob to know
them; as long as at least one satisfies one of Bob’s policies
– See, e.g., Bradshaw et al. CCS’04
5
Secure Data and Tag Aggregation
• Data Aggregation: how to reduce bw if only interested
in statistical values?
– E.g., in sensor nets and MANETs
• Tag Aggregation: how to reduce bw consumed by
multiple MACs, signatures, etc?
– E.g., in reliable multicast, sensor nets, MANET routing, etc.
• Aggregated MACs are easy, but…
• Aggregated signatures by same signer are cheap (e.g.,
RSA)
• Aggregated signatures by different signers are viable
but expensive (e.g., BLS ID/pairing-based)
• Some require partial interaction, e.g., Schnorr-based
ASM
6
Some Recent Results:
Securing Route Discovery in DSR.
Jihye Kim and Gene Tsudik
IEEE Mobiquitous,
July 2005.
Secure and Robust Acknowledgement Aggregation
Claude Castelluccia, Stas Jarecki and Gene Tsudik
Security in Computer Networks (SCN).
September 2004.
Aggregation of Encrypted Data in WSNs
Claude Castelluccia, Einar Mykletun and Gene Tsudik
IEEE Mobiquitous
July 2005.
Authentication and Integrity for Outsourced Data
Maithili Narasimha, Einar Mykletun and Gene Tsudik
Network and Distributed System Security (NDSS)
February 2004.
7
Secure Device Pairing
•
•
•
•
•
Two devices must be securely paired on-the-fly
No prior association
No specialized connection
No common PKI  authentication irrelevant
Involving human as an aid
– E.g., “Seeing-is-believing” (S&P’05) or “Shake-them-up”
(Mobihoc’05)
• What if we want to pair more than 2 devices?
8
The end…
9
Download