Multilevel Security in Location
Aware Applications
Alexander Ng
Monash University
Masters of Computing (Research)
Supervisor: A/P Arkady Zaslavsky
History of Context-aware Computing
• Unpredictability of mobile computing environment
• Emerging popularity of ad hoc mobile networks
• Need to optimize use of limited resources for
information delivery to a variety of devices and
platforms
• Context sensing, detects environment and situation
• Applications that are adaptive to changing context
• Identify tradeoffs in user experience, computing
power and security – Difficult but possible challenge
Managing the context
•Mobile user
limitations
•Battery power
•Private
network
•Device
•Data type
•Public
network
•Location
•Where am I?
•Is it safe to
transmit?
Location Awareness and Context
Specific Security
• User’s context includes – Location, device
characteristics, environment, activity, QoS,
battery, data type
• Important for applications to adapt
according to location
• Location change = Context change
• Location will affect modes of interaction
between user and application.
Adaptive Security in Location
Aware Applications
• Current focus of research attention is on privacy
issues in location aware applications
• Little is discussed on the relationship between
location and security.
• Security in mobile applications will be adversely
affected by location and situational awareness
• The need to differentiate between location within
safer private networks and ‘weaker’ public networks
Research Issues
• What happens when resource availability
conflicts with security, context and location?
• Location and context related but different
• 2 devices could be in the same location but
differing contexts
• Similarly same context but different locations
Objectives
•Investigate the relationship between context awareness
and security.
•Determine context specific security as security levels
that are influenced by context parameters in a pervasive
environment.
•Emphasis will be on security aspects that are affected
by location
•This research will exploit the use of Trusted and
Untrusted Zones to demonstrate adaptive security in
mobile applications
•Am I safer on a
private network?
Roaming
•Do I feel secure
sending sensitive data
on a public network?
Location Adaptive Security
(LOCAS)
1.
Trusted Zones and Untrusted Zones
2.
What do we do if we’re outside a trusted Zone?
3.
Ensure sufficient security based on location and
context – “Best effort possible scenario”
4.
LOCAS – Investigates Context Specific Security,
with emphasis on location awareness as a prime
factor.
5.
LOCAS simulates a delicate balance of security
and computing power.
•Mobile client must optimize “best effort”
security level according to resources
•Public Network
available.
•Battery
battery
•SSL
•CPU
•QoS
• I’m transmitting
sensitive data
• Client responds to
context and location
• Heightened security
alertness is indicated
by the red layer
(extra line of
defence)
•Location
•Browser
•Security levels raised
•Invoke SSL
•Power levels
•Private Network
•Encryption and decryption
•“Raise shields, Mr Sulu!” – Capt James T Kirk
•Public Network
P
S
R
•Private Network
•Battery
Power too low
•CPU
resource low
•Reduce
security
P – Battery Power
S – Security Level
R – CPU Resource
Resource Management
• The system must decide whether to security
levels are sufficient to the context
• Not imperative to have high security in private
networks
• A delicate balance. Does the prevailing context
and system resources allow heightened
security?
• A reasonable compromise has to be made
• How does location information affect Security?