1 / 11

Chapter 3: Trust assumptions and adversary models

Chapter 3: Trust assumptions and adversary models. Trust. the trust model of current wireless networks is rather simple subscriber – service provider model subscribers trust the service provider for providing the service, charging correctly, and not misusing transactional data

stash
Télécharger la présentation

Chapter 3: Trust assumptions and adversary models

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 3: Trust assumptions and adversary models

  2. Trust • the trust model of current wireless networks is rather simple • subscriber – service provider model • subscribers trust the service provider for providing the service, charging correctly, and not misusing transactional data • service providers usually do not trust subscribers, and use security measures to prevent or detect fraud • in the upcoming wireless networks the trust model will be much more complex • entities play multiple roles (users can become service providers) • number of service providers will dramatically increase • user – service provider relationships will become transient • how to build up trust in such a volatile and dynamic environment? • yet, trust is absolutely fundamental for the future of wireless networks • pervasiveness of these technologies means that all of us must rely on them in our everyday life!

  3. } Will lose relevance ? Scalability challenge Can be misleading Reasons to trust organizations and individuals • Moral values • Culture + education, fear of bad reputation • Experience about a given party • Based on previous interactions • Rule enforcement organization • Police or spectrum regulator • Usual behavior • Based on statistical observation • Rule enforcement mechanisms • Prevent malicious behavior (by appropriate security mechanisms) and encourage cooperative behavior

  4. Trust vs. security and cooperation • trust preexists security • all security mechanisms require some level of trust in various components of the system • security mechanisms can help to transfer trust in one component to trust in another component, but they cannot create trust by themselves • cooperation reinforces trust • trust is about the ability to predict the behavior of another party • cooperation (i.e., adherence to certain rules for the benefit of the entire system) makes predictions more reliable

  5. Malice and selfishness • malice • willingness to do harm no matter what • selfishness • overuse of common resources (network, radio spectrum, etc.) for one’s own benefit • traditionally, security is concerned only with malice • but in the future, malice and selfishness must be considered jointly if we want to seriously protect wireless networks

  6. Who is malicious? Who is selfish? Harm everyone: viruses,… Big brother Spammer Selective harm: DoS,… Greedy operator Cyber-gangster: phishing attacks, trojan horses,… Selfish mobile station There is no watertight boundary between malice and selfishness  Both security and game theory approaches can be useful

  7. From discrete to continuous Warfare-inspired Manichaeism: 0 1 Good guys (we) System (or country) to be defended Bad guys (they) Attacker The more subtle case of commercial applications: 0 1 Desirablebehavior Undesirablebehavior • Security often needs incentives • Incentives usually must be secured

  8. Definitions • A misbehavior consists in deliberately departing from the prescribed behavior in order to reach a specific goal • A misbehavior is selfish (or greedy, or strategic) if it aims at obtaining an advantage that can be quantitatively expressed in the units (bitrate, joules, or coverage) or in a related incentive system (e.g., micropayments); any other misbehavior is considered to be malicious.

  9. Grand Research Challenge Prevent ubiquitous computing from becoming a pervasive nightmare

  10. Book structure (1/2) Security and cooperation mechanisms Securing neighbor discovery Upcoming wireless networks Naming and addressing Enforcing PKT FWing Security associations Discouraginggreedy op. Enforcing fair MAC Behaviorenforc. Secure routing Privacy Small operators, community networks Cellular operators in shared spectrum Mesh networks Hybrid ad hoc networks Self-organized ad hoc networks Vehicular networks Sensor networks RFID networks Part II Part III Part I

  11. Book structure (2/2) Security Cooperation 12. Behavior enforcement 8. Privacy protection 11. Operators in shared spectrum 7. Secure routing 10. Selfishness in PKT FWing 6. Secure neighbor discovery 9. Selfishness at MAC layer 5. Security associations 4. Naming and addressing 3. Trust Appendix A: Security and crypto Appendix B:Game theory 2. Upcoming networks 1. Existing networks

More Related