Thinking about Privacy and Security MIT Community David P. Reed

advertisement
Thinking about Privacy and Security
in a Mobile Virtual Internet for the
MIT Community
David P. Reed
MIT CFP
Draft
May 2007
A Mobile Architecture for MIT
Community

Make networks that support mobile community
members interoperable at the right functional
level

Multiconnected

User centered

Application spans heterogeneous technology
Attributes of Network

Mobility: devices move (frequently, not rapidly)

Awareness: devices can sense, and adapt


Accomodating: environment accomodates new
devices
Transport independent: minimize dependency
on specialized transport networks
Concerns to ensure

Heterogeneous in function

Heterogeneous in implementation

Evolvable/futureproof

Composable devices/functions/...

Safe and respectful (rather than security)

Sharing is controlled
Enhancing WLANs



No “association delay”
Standardized position sensing and presence
sensing
Beyond “service discovery”
Enhancing “cellular data networks”



Build on MVNO concept
Home Location Registry and AAA/AN services
provided by MIT in concert with a cellular
provider
New protocol layers that support awareness,
multiconnected devices, transport
independence, event distribution
Enhanced Identity and Authorization


Put user in control of negotiated authorization to
access network resources
Support multiple identities, temporary identities,
agency relationships
Enhanced coordination protocols



Many events are of interest to a variety of
devices, based on context
Network exists to distribute event notifications
Internetworked publish subscribe protocols:
event = {producer, topic, consumer, timestamp,
message} [where producer, topic, consumer are
unique Ids or names]
Privacy and Security

Personal privacy in a network of shared
sensors, shared events and shared context

Protection from harassment, stalking

Protection of underlay infrastructure

Protection from “leakage”

Non-discretionary agency
Value of traditional COMSEC

Document focused – but what are the
documents?

Resource focused – but applications span
resources routinely

Topology based – but we share a common
world
Need to invent a new framework

Need rich agency infrastructure (beyond
Federated Identity)

Use context and sensor information as part of
decisions

Safety is a larger term than security

Negotiation
Download