![Page 1: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/1.jpg)
1
Chapter 11
Security, Privacy, & TrustIssues in Smart Environments
![Page 2: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/2.jpg)
2
Consider, A Smart Home knows… What time you go to bed, get up What time you leave for, come from work That you have a brand new $5,000 plasma TV Your password to your computer The combination to your safe All your important numbers
SSN, bank account, security code
? How secure do you want your system to be ?
![Page 3: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/3.jpg)
3
Introduction Smart environment (space) - extensively
equipped sensors, actuators, computing Exploit combinations of small distributed
sensing & computational nodes to identify & deliver personalized service
User interacts & exchanges information with environment
* Must be secure, private, trustworthy *
![Page 4: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/4.jpg)
4
Trust vs. Risk Vast amount of personal information What about safety? These issues may delay or stop
acceptance of smart environments Cost + less privacy
![Page 5: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/5.jpg)
5
How Ubicomp Differs- 4 Key Issues -
1. Ubiquity: everywhere
2. Invisibility: users won't know when they are "using" a computer
3. Sensing: inputs everything you do & say
4. Memory Amplification: all can be stored, queried, replayed
* Sounds like a "bad" sci-fi movie! *
![Page 6: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/6.jpg)
6
The Fundamental Change … Today, can often see boundaries RE: security, privacy, trust - can identify end
points; i.e. who get information Smart Environment
Don't know what's collected Don't know where it goes End points not visible
![Page 7: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/7.jpg)
7
Technology Categories1. Fixed Sensors: no computation
Window open or closed
2. Mobile Sensors: on the move; maybe GPS Sensed information vs. supplied
3. Fixed Computing Elements: computation & storage e.g. computer, air conditioner
4. Mobile Computing Elements: movement e.g. PDA, laptops, robots, intelligent wheelchair
No single component has full knowledge or control
![Page 8: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/8.jpg)
8
Security Need same as other computer systems,
network Ensure information is not stolen, modified,
access denied Respect privacy Trustworthy interactions Can "system" become an unwitting spy? What about visitors?
![Page 9: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/9.jpg)
9
TerminologySecurity: confidentiality, integrity, availability
Confidentiality: protecting information/service from unauthorized access
Integrity: protecting information/service from unauthorized changes (errors)
Availability: ensure information/service remains accessible
![Page 10: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/10.jpg)
10
Security - Smart Environments Encryption, Decryption - the main issue Authentication also important Complex
Decentralized Dynamic Transient
Proposed, but not suitable, solution Pretty Good Privacy (PGP) Decentralized Web of trust
![Page 11: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/11.jpg)
11
More on Security Devices have limited processing - storage
Less than suitable encryption Focus on transmission - eavesdropping
Still Hard to locate malicious mobile users Invisible - hard to secure network, can't see Denial-of-service attacks
![Page 12: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/12.jpg)
12
Device Security Device arrives from unknown domain Has device been altered? Theft - not just device Can malicious user masquerade as sensor? Limited battery life - intentionally run down
![Page 13: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/13.jpg)
13
Privacy Personalization of environment contributes to
privacy problems Lot of information collected; subject to
misuse 1984 - George Orwell - Big Brother
![Page 14: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/14.jpg)
14
TerminologyPrivacy: individuals* ability to determine when,
how & what information is communicated to others Protecting private information * Includes organizations
Privacy Control: includes management Set & enforce rules How managed is adaptively based on changes in
disclosure & location (mobility)
![Page 15: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/15.jpg)
15
Principle of Fair Information Practices
1. Openness/transparency - no secret records
2. Individual participation - can see records
3. Collection limits - appropriate collection
4. Data quality - accurate & relevant
![Page 16: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/16.jpg)
16
Principles #25. Use limits - only for specified purpose &
authorized users
6. Appropriate security - reasonable efforts
7. Accountability - record keepers Not a one-way responsibility (system to user) in
smart environments User must be aware
![Page 17: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/17.jpg)
17
P3P - Platform for Privacy Preferences From W3C - consortium Aims to define open standards for web sites to
enhance user control User can describe own privacy preferences Aimed at e-commerce So far, not adapted to smart environments
Due to bi-direction nature Conclusion: cannot achieve total privacy;
should base on openness
![Page 18: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/18.jpg)
18
Privacy Guidelines Based on principles & accidental invasion of
privacy1. Notice: make user aware, awareness infrastructure2. Choice & consent:
Get explicit consent Once notified, allow user to choose to participate Invisible vs. less invisible Natural vs. less natural
3. Anonymity & pseudonymity 1. hide user identity Contrary to "personalization"
![Page 19: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/19.jpg)
19
Privacy Guidelines #24. Proximity & locality
Related to filtering & multicasting Information only distributed to those in guidelines
5. Adequate security Encryption vs. small devices Use encryption wisely
6. Access & recourse Good practice in collection & distribution of data
![Page 20: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/20.jpg)
20
Trust Not well defined How can you trust a mobile entity when you may not
even know them? Cryptography protects data, privacy but who do you
communicate with? Consider in your smart home …
Your kids’ friends A repairperson The date of your friend who comes to a party
* Can you "trust" them? *
![Page 21: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/21.jpg)
21
TrustTraditional security doesn't really cover the
smart environment Identification & Authentication
Unsuitable, inflexible Mobility
![Page 22: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/22.jpg)
22
TerminologyTrust: difficult to define Subjective: depends on context Linked to risk, benefits Intransitive
a trusts b trusts c a doesn't necessarily trust c
Based on benevolence, honesty, competence, predictability
![Page 23: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/23.jpg)
23
Trust AspectsSystem Trust: system measures in place to
encourage successful interactions
Dispositional Trust: expectations of the trustworthiness of others
Situational Decision to Trust: situation specific nature of trust & formation of trust to an entity
Trust is emotional; emotion modeling not well understood
![Page 24: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/24.jpg)
24
Trust Management for Smart Environments
A unified approach to specifying & interpreting security policies, credentials, & relationships that follow direct authorization of security-critical actions (Blaze) Viewed as assignment of privileges e.g. PolicyMaker, KeyNote e.g. (extension) REFEREE Trust
Management System Credential-based -- not for smart environments
Inflexible, credential problems
![Page 25: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/25.jpg)
25
New Approaches to Trust Lots of research; want humanly intuitive Marsh
Based on utility, risk, importance Formulas for trust values [-1, 1) Very limited; not fully inclusive
Abdul-Rahman Decentralized trust management Incorporates trust levels & dynamics Based on reputation, recommendations, & experience
(of truster)
![Page 26: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/26.jpg)
26
New Approaches #2 Josang
Based on subjective logic & subjective beliefs Involves propositional logic, probability,
consensus Jonker & Treur
Dynamics of trust in light of personal experience Trust-negative & trust-positive evidence
![Page 27: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/27.jpg)
27
New Approaches #3 Grandison & Stoman
Trust management must be evaluated/analyzed SULTAN - Simple Universal Logic-oriented Trust
Analysis Notation Includes trust establishment, analysis, risk, specification
SECURE Project General trust model Allows for application specific domains Based on historical behavior
![Page 28: 1 Chapter 11 Security, Privacy, & Trust Issues in Smart Environments](https://reader035.vdocuments.mx/reader035/viewer/2022062714/56649d145503460f949e83b2/html5/thumbnails/28.jpg)
28
Security - Privacy - Trust Issues are different
Mobile Smart
Wireless Other issues
Legal Biometric Sociotechnical Access control Others
* Very Important Challenge! *