1 / 17

A Flexible, Privacy-Preserving Authentication Framework for Ubiquitous Environments

A Flexible, Privacy-Preserving Authentication Framework for Ubiquitous Environments. PART : Security II Byung C. Lee Dept of Software Engineering Korea University. Index. Introduction Brief Explain of Gaia Project and Mist Basic Knowledge Authentication Devices, Confidence Value

shea
Télécharger la présentation

A Flexible, Privacy-Preserving Authentication Framework for Ubiquitous Environments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Flexible, Privacy-Preserving Authentication Framework for Ubiquitous Environments PART : Security II Byung C. Lee Dept of Software Engineering Korea University

  2. Index • Introduction • Brief Explain of Gaia Project and Mist • Basic Knowledge • Authentication Devices, Confidence Value • What is Kerberos • Mist Communication Protocol • Proposed Authentication Protocol • Summery & Future Development • Problem • Gaia Sample (Session Control)

  3. Introduction • Object of this paper is that new security enhanced Authentication frame work for Active Information Space • Two ideas proposed • 1. Multiple Confidence Value • 2. New Authentication protocol • (Security enhanced Kerberos + Mist) • Secured Authentication Framework is also part of Gaia Project.

  4. Gaia & Mist • Gaia Project • Component based Middleware System for Pervasive Computing Environments • Gaia > Mist Communication Protocol Gaia MiddleWare

  5. Gaia & Mist • Mist • Privacy Protocol that allow user to freely communicate while preserving their privacy • Privacy Protocol that can not detect user’s physical location • Conditions • PKI (Public Key infrastructure) • Improved solution than “Cricket : location support System”

  6. Basic Knowledge (1) • Authentication Devices • Active Badges • Smart Jewelry • Smart Watches • PDA • Password • Biometrics ibutton fingerprint Active Badges AT&T Research, UK PDA Smart Watches

  7. Basic Knowledge (2) • Multiple Levels of Authentication with “Confidence” values • Net Confidence Value • Highly-Secure Service require high confidence value from user • Entering Room = Smart Badge • Computer in Room = Smart Badge + Fingerprint

  8. Kerberos (1) Kerberos • What is Kerberos • Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography • Developed by MIT in early 1990 • Example of Use • Active Domain (Windows 2000 ~ ) • Supported single sign-on within Active Domain

  9. Kerberos (2) Kerberos

  10. Kerberos (3) Kerberos • Problems to use Kerberos in Active Space Environment • Authentication method for distributed systems • Limitation for using Ubiquitous Computing Environments • Based on Password • User only access from designated workstation • No user privacy considered

  11. Mist Communication Protocol (1) • Portals • Gateway and bridge between physical devices and active information spaces • Sensor, wireless devices, RF transceiver • Detect user’s physical presence of active information spaces • Mist Routers (light house) • Identify and authenticate user • No information about physical location of user • Mist Circuits • Hop-to-hop, handle based routing to send data packets back and forth between source and destination • Conceal the identify and location information

  12. Mist Communication Protocol (2) • How it works 1. Alice enter Active Space 3 2. She detected by one of portal in Active Space 3 - Portal only detect her Badge ID - Provided information is insufficient to notify Alice 3. secure channel is established between her device and her light house in CS building - Secure Channels (Node1 – Node 2 – Node 3 ) - Hop by Hop (can not trace back her location and destination )

  13. Proposed Authentication Protocol • Extend ideas of Kerberos with security enhanced • No limitations and scales to physical spaces • Condition • Need SAP (Space Authentication Portals) for entrance of active space • Active Security Server exist every Active Domain • AS (Authentication Server) • TGS (Ticket Granting Server) • DB (DataBase) • TGT (ticket Granting ticket issued by TGS)

  14. Proposed Authentication Protocol • How it works • 1. Alice enter space active room • -> her active badge authenticate with active space • 2. She use SAP for authenticate using other Devices. • -> (Badge + I button) = net confidence value • 3. SAP connect Active Space Security Server using SAP’s light house • 4. ASSS issues a TGT (ticket granting ticket) for User • -> (TGT stored Alice’s lighthouse) • -> (TGT calculate Confidence level based on Net Confidence Value from user) • 5.She can access service • If she access secure service then her light-house contacted by service • -> (service can not know her location)

  15. Summery & Future Development • Two ideas proposed from this paper • 1. Multiple Confidence Value • 2. New Authentication protocol • (Security enhanced Kerberos + Mist) • Not implemented yet. • This Secure framework will be developed for part of Gaia research project. [Improved Security]

  16. Problems ? • Q1 How can improved Authentication Speed ? • If Bob choose his lighthouse for root of Mist hierarchy and then he accessed most down level leaf as his Portal, Authentication Speed is very slow; however Security is much improved. • Q2 Is there any algorithm for that control proper lighthouse for him ?

  17. Gaia Sample Gaia Session control

More Related