trust in pervasive computing
TRANSCRIPT
-
8/11/2019 Trust in Pervasive Computing
1/49
Agent approaches to Security, Trust
and Privacy in Pervasive Computing
Anupam Joshi
http://www.cs.umbc.edu/~joshi/
-
8/11/2019 Trust in Pervasive Computing
2/49
The Vision
Pervasive Computing: a natural extension of thepresent human computing life style
Using computing technologies will be as natural as using
other non-computing technologies (e.g., pen, paper, and
cups)
Computing services will be available anytime and
anywhere.
-
8/11/2019 Trust in Pervasive Computing
3/49
Pervasive Computing
The most profound technologies are those thatdisappear. They weave themselves into the
fabric of everyday life until they are
indistinguishable from it Mark Weiser
Think:writing, central heating, electric
lighting,
Not:taking your laptop to the beach, orimmersing yourself into a virtual reality
-
8/11/2019 Trust in Pervasive Computing
4/49
Today: Life is Good.
-
8/11/2019 Trust in Pervasive Computing
5/49
Tomorrow: We Got Problems!
-
8/11/2019 Trust in Pervasive Computing
6/49
The Brave New World
Devices increasingly more{powerful ^ smaller ^ cheaper}
People interact daily with hundreds of computingdevices (many of them mobile): Cars
Desktops/Laptops
Cell phones
PDAs
MP3 players
Transportation passes
Computing is becoming pervasive
-
8/11/2019 Trust in Pervasive Computing
7/49
Securing Data & Services
Security is critical because in many pervasive
applications, we interact with agents that are not in
our home or office environment.
Much of the work in security for distributed systems
is not directly applicable to pervasive environments Need to build analogs to trust and reputation
relationships in human societies
Need to worry about privacy!
-
8/11/2019 Trust in Pervasive Computing
8/49
An early policy for agents
1A robot may not injure a human being, or,
through inaction, allow a human being to
come to harm.
2A robot must obey the orders given it by human beings except
where such orders would conflict with the First Law.
3A robot must protect its own existence as long as such
protection does not conflict with the First or Second Law.-- Handbook of Robotics, 56th Edition, 2058 A.D.
-
8/11/2019 Trust in Pervasive Computing
9/49
On policies, rules and laws
The interesting thing about Asimovs laws were that robots did not
always strictly follow them.
This is a point of departure from more traditional hard coded rules
like DB access control, and OS file permissions
For autonomous agents, we need policies that describe norms of
behavior that they should follow to be good citizens.
So, its natural to worry about issues like
When an agent is governed by multiple policies, how does it
resolve conflicts among them?
How can we define penalties when agents dont fulfill their
obligations? How can we relate notions of trust and reputation to policies?
-
8/11/2019 Trust in Pervasive Computing
10/49
The Role of Ontologies
We will require shared ontologies to support thisframework
A common ontology to represent basic concepts:agents, actions, permissions, obligations,prohibitions, delegations, credentials, etc.
Appropriate shared ontologies to describe classes,properties and roles of people and agents, e.g., any device owned by TimFinin
any request from a faculty member at ETZ Ontologies to encode policy rules
-
8/11/2019 Trust in Pervasive Computing
11/49
ad-hoc networking technologies
Ad-hoc networking technologies (e.g. Bluetooth)
Main characteristics: Short range
Spontaneous connectivity
Free, at least for now
Mobile devices
Aware of their neighborhood
Can discover others in their vicinity
Interact with peers in their neighborhood inter-operate and cooperate as needed and as desired
Both information consumers and providers
Ad-hoc mobile technology challenges the traditional client/server
information access model
-
8/11/2019 Trust in Pervasive Computing
12/49
pervasive environment paradigm
Pervasive Computing Environment
1.Ad-Hoc mobile connectivity Spontaneous interaction
2. Peers Service/Information consumers and providers
Autonomous, adaptive, and proactive
3. Data intensive deeply networked environment Everyone can exchange information
Data-centric model
Some sources generate streams of data, e.g. sensors
Pervasive Computing Environments
-
8/11/2019 Trust in Pervasive Computing
13/49
motivationconference scenario
Smart-room infrastructure and personal devices can assist an ongoing meeting: data exchange,
schedulers, etc.
-
8/11/2019 Trust in Pervasive Computing
14/49
imperfect world
In aperfectworld
everything available and done automatically
In therealworld
Limited resources
Battery, memory, computation, connection, bandwidth
Must live with less than perfect results
Dumb devicesMust explicitly be told What, When, and How
Foreign entities and unknown peers
So, we really want
Smart, autonomous, dynamic, adaptive, and
proactive methods to handle data and services
-
8/11/2019 Trust in Pervasive Computing
15/49
Securing Ad-Hoc Networks
MANETs underlie much of pervasive computing
They bring to fore interesting problems related to
Open
Dynamic
Distributed Systems
Each node is an independent, autonomous router
Has to interact with other nodes, some never seen
before. How do you detect bad guys ?
-
8/11/2019 Trust in Pervasive Computing
16/49
Network Level : Good Neighbor
Ad hoc network
Node A sends packet
destined for E, through B.
B and C make snoop entry
(A,E,Ck,B,D,E).
B and C check for snoop
entry.
Perform Misroute
A
B
C
D
E
-
8/11/2019 Trust in Pervasive Computing
17/49
Good Neighbor
No Broadcast
Hidden terminal
Exposed terminal
DSR vs. AODV
GLOMOSIM
A
B
C
D
E
-
8/11/2019 Trust in Pervasive Computing
18/49
Intrusion Detection
Behaviors
Selfish
Malicious
Detection vs. Reactions
Shunning bad nodes
Cluster Voting
Incentives (Game Theoretic)
Colluding nodes
Forgiveness
-
8/11/2019 Trust in Pervasive Computing
19/49
Simulation in GlomoSim
Passive Intrusion Detection
Individual determination
No results forwarding
Active Intrusion Detection
Cluster Scheme Voting
Result flooding
-
8/11/2019 Trust in Pervasive Computing
20/49
GlomoSim Setup
16 nodes communication
4 nodes sources for 2 CBR streams
2 nodes pair CBR streams
Mobility 020 meters/sec
Pause time 015s
No bad nodes
-
8/11/2019 Trust in Pervasive Computing
21/49
Simulation Results
-
8/11/2019 Trust in Pervasive Computing
22/49
Preliminary Results
Passive
False alarm rate > 50%
Throughput rate decrease < 3% additional
Active
False alarm rate < 30%
Throughput rate decrease ~ 25% additional
-
8/11/2019 Trust in Pervasive Computing
23/49
challengesis that all? (1)
1. Spatio-temporal variation of data and data sources
All devices in the neighborhood are potential informationproviders
Nothing is fixed
No global catalog
No global routing table
No centralized control
However, each entity can interact with its neighbors By advertising / registering its service
By collecting / registering services of others
-
8/11/2019 Trust in Pervasive Computing
24/49
challengesis that all? (2)
2. Query may be explicit or implicit, but is often known
up-front
Users sometimes ask explicitly
e.g. tell me the nearest restaurant that has vegetarian menuitems
The system can guess likely queries based on
declarative information or past behavior
e.g. the user always wants to know the price of IBM stock
-
8/11/2019 Trust in Pervasive Computing
25/49
challengesis that all? (3)
3. Since information sources are not known a priori, schema
translations cannot be done beforehand
Resource limited devices
so hope for common, domain specific ontologies
Different modes:
Device could interact with only such providers whose schemas itunderstands
Device could interact with anyone, and cache the information in hopes ofa translation in the future.
Device could always try to translate itself Prior work in Schema Translation, Ongoing work in Ontology Mapping.
-
8/11/2019 Trust in Pervasive Computing
26/49
challengesis that all? (4)
4. Cooperation amongst information sources cannot be
guaranteed
Device has reliable information,but makes it inaccessible
Devices provides information,which is unreliable
Once device shares information, it needsthe capability to protect future propagation
and changes tothat information
-
8/11/2019 Trust in Pervasive Computing
27/49
challengesis that all? (5)
Need to avoid humans in the loop
Devices must dynamically "predict" data importance and utility based on thecurrent context
The key insight: declarative (or inferred) descriptions help
Information needs
Information capability
Constraints
Resources
Data
Answer fidelity
Expressive Profiles can capture such descriptions
-
8/11/2019 Trust in Pervasive Computing
28/49
4. our data management architecture
MoGATU
Design and implementation consists of
Data
Metadata
Profiles
Entities
Communication interfaces
Information Providers
Information Consumers
Information Managers
-
8/11/2019 Trust in Pervasive Computing
29/49
MoGATUmetadata
Metadata representation
To provide information about Information providers and consumers,
Data objects, and
Queries and answers
To describe relationships
To describe restrictions To reason over the information
Semantic language
DAML+OIL / DAML-S
http://mogatu.umbc.edu/ont/
-
8/11/2019 Trust in Pervasive Computing
30/49
MoGATUprofile
Profile
Userpreferences, schedule, requirements Deviceconstraints, providers, consumers
Dataownership, restriction, requirements, process model
Profiles based on BDI models
Beliefs are facts about user or environment/context
Desires and Intentions
higher level expressions of beliefs and goals
Devices reason over the BDI profiles
Generate domains of interest and utility functions
Change domains and utility functions based on context
-
8/11/2019 Trust in Pervasive Computing
31/49
MoGATUinformation manager (8)
Problems
Not all sources and data are correct/accurate/reliable No common sense
Person can evaluate a web site based on how it looks, a computer cannot
No centralized party that could verify peer reliability or reliability of itsdata
Device is reliable, malicious, ignorant or uncooperative
Distributed Belief Need to depend on other peers
Evaluate integrity of peers and data based on peer distributed belief Detect which peer and what data is accurate
Detect malicious peers
Incentive model: if A is malicious, it will be excluded from the network
-
8/11/2019 Trust in Pervasive Computing
32/49
MoGATUinformation manager (9)
Distributed Belief Model
Device sends a query to multiple peers
Ask its vicinity for reputation of untrusted peers that responded to the
query
Trust a device only if trusted before or if enough of trusted peers trust it
Use answers from (recommended to be) trusted peers to determine
answer
Update reputation/trust level for all devices that responded
A trust level increases for devices that responded according to final
answer
A trust level decreases for devices that responded in a conflicting way
Each devices builds a ring of trust
-
8/11/2019 Trust in Pervasive Computing
33/49
A: D, where is Bob?A: C, where is Bob?A: B, where is Bob?
-
8/11/2019 Trust in Pervasive Computing
34/49
C:
A, Bob is at work.
D:
A, Bob is home.
B: A, Bob is home.
-
8/11/2019 Trust in Pervasive Computing
35/49
A:
B: Bob at home,
C: Bob at work,D: Bob at home
A: I have enough
trust in D. What
about B and C?
-
8/11/2019 Trust in Pervasive Computing
36/49
A: Do you trust C?
C: I always do.
D: I dont.
B: I am not sure.
E: I dont.
F: I do.
A:
I dont care what C says.
I dont know enough about B,
but I trust D, E, and F. Together,
they dont trust C, so wont I.
-
8/11/2019 Trust in Pervasive Computing
37/49
A: Do you trust B?
C: I never do.
D: I am not sure.
B: I do.
E: I do.
F: I am not sure.
A:
I dont care what B says.
I dont trust C,
but I trust D, E, and F. Together,
they trust B a little, so will I.
-
8/11/2019 Trust in Pervasive Computing
38/49
A: I trust B and D,
both say Bob ishome
A:
Increase trust in D.A:
Decrease trust in C.
A:
Increase trust in B.
A:
Bob is home!
-
8/11/2019 Trust in Pervasive Computing
39/49
MoGATUinformation manager (10)
Distributed Belief Model
Initial Trust Function
Positive, negative, undecided
Trust Learning Function Blindly +, Blindly -, F+/S-, S+/F-, F+/F-, S+/S-, Exp
Trust Weighting Function
Multiplication, cosine
Accuracy Merging Function
Max, min, average
-
8/11/2019 Trust in Pervasive Computing
40/49
experiments
Primary goal of distributed belief
Improve query processing accuracy by using trusted sources and trusted data
Problems
Not all sources and data are correct/accurate/reliable
No centralized party that could verify peer reliability or reliability of its data
Need to depend on other peers
No common sense
Person can evaluate a web site based on how it looks, a computer cannot
Solution
Evaluate integrity of peers and data based on peer distributed belief
Detect which peer and what data is accurate
Detect malicious peers
Incentive model: if A is malicious, it will be excluded from the network
-
8/11/2019 Trust in Pervasive Computing
41/49
experiments
Devices
Reliable (Share reliable data only) Malicious (Try to share unreliable data as reliable)
Ignorant (Have unreliable data but believe they are reliable)
Uncooperative (Have reliable data, will not share)
Model Device sends a query to multiple peers
Ask its vicinity for reputation of untrusted peers that responded to the query
Trust a device only if trusted before or if enough of trusted peers trust it
Use answers from (recommended to be) trusted peers to determine answer
Update reputation/trust level for all devices that responded A trust level increases for devices that responded according to final answer
A trust level decreases for devices that responded in a conflicting way
-
8/11/2019 Trust in Pervasive Computing
42/49
experimental environment
HOW:
Mogatu and GloMoSim
Spatio-temporal environment:
150 x 150 m2field
50 nodes Random way-point mobility
AODV
Cache to hold 50% of global knowledge
Trust-based LRU
50 minute eachsimulation run 800 questions-tuples
Each device 100 random unique questions
Each device 100 random unique answers not matching its questions
Each device initially trusts 3-5 other devices
-
8/11/2019 Trust in Pervasive Computing
43/49
experimental environment (2)
Level of Dishonesty
0100% Dishonest device
Never provides an honest answer
Honest device
Best effort
Initial Trust Function
Positive, negative, undecided
Trust Learning Function
Blindly +, Blindly -, F+/S-, S+/F-, F+/F-, S+/S-, Exp
Trust Weighting Function
Multiplication, cosine
Accuracy Merging Function
Max, min, avg Trust and Distrust Convergence
How soon are dishonest devices detected
-
8/11/2019 Trust in Pervasive Computing
44/49
results
Answer Accuracy vs. Trust Learning Functions
Answer Accuracy vs. Accuracy Merging Functions
Distrust Convergence vs. Dishonesty Level
-
8/11/2019 Trust in Pervasive Computing
45/49
Answer Accuracy vs. Trust Learning Functions
The effects of trust learning functions with an initial optimistictrust for
environments with varying level of dishonesty. The results are shown for ++, --, s, f, f+, f-, and explearning
functions.
-
8/11/2019 Trust in Pervasive Computing
46/49
Answer Accuracy vs. Trust Learning Functions (2)
The effects of trust learning functions with an initial pessimistictrust for
environments with varying level of dishonesty. The results are shown for ++, --, s, f, f+, f-, and explearning
functions.
-
8/11/2019 Trust in Pervasive Computing
47/49
Answer Accuracy vs. Accuracy Merging Functions
The effects of accuracy merging functions for environments with varying
level of dishonesty. The results are shown for (a) MIN using only-one(OO) final answer approach
(b) MIN using {\it highest-one} (HO) final answer approach
(c) MAX + OO, (d) MAX + HO, (e) AVG + OO, and (f) AVG + HO.
-
8/11/2019 Trust in Pervasive Computing
48/49
Distrust Convergence vs. Dishonesty Level
Average distrust convergence period in seconds for environments with
varying level of dishonesty. The results are shown for ++, --, s, and ftrust learning functions with
an initial optimal trust strategy and for the same functions using an
undecided initial trust strategy for results (e-h), respectively.
htt // bi it b d /
-
8/11/2019 Trust in Pervasive Computing
49/49
http://ebiquity.umbc.edu/