Yonil Zhung

Enforcing Access Control Using Risk Assessment

Context-based access control is an emerging approach for modeling adaptive solution, making access control management more flexible and powerful. But in the ubiquitous environment, this approach is not enough for many emerging security vulnerabilities. Thus, improving current access control mechanisms is still necessary. Risk is an effective tool used for decision-making in economics. In this paper, we design a new model for risk assessment in ubiquitous environment and use risk as a key component in decision-making process in our access control model. This solution makes access control management more dynamic and precise

A distributed middleware solution for context awareness in ubiquitous systems

Context aware middleware infrastructures have traditionally been implemented with a modular approach to allow different components to work cooperatively and supply context synthesis and provision services. In this paper, we discuss the important requirements that arise when such a middleware is deployed in a distributed environment and present the design and implementation of context aware middleware for ubiquitous systems (CAMUS) with which the authors have attempted to meet those requirements. Issues related to distributed coordination within the middleware in terms of component discovery and management and multiple context domains are also discussed.

Securing Distributed Wireless Sensor Networks: Issues and Guidelines

With the emergence of ubiquitous computing the role of sensor network is becoming more important which demands highest level security and energy efficiency. In this paper we have investigated the current available solutions and found that none of the solutions are completely meeting the basic security requirements such as authentication, access control, and non-repudiation, etc. Therefore we have proposed hypothetical framework called Tetra security framework for the distributed wireless sensor networks in order to achieve highest level security and overall energy efficiency

A Trust-Based Approach to Control Privacy Exposure in Ubiquitous Computing Environments

In ubiquitous computing environments, service servers play a central role of actively providing information about a person to help people determine whether he is available for contact or not. A tradeoff exists in these systems: the more sources of data and the higher fidelity in those sources which can improve peoples decision, the more privacy reduction. Alternatively, there is generally no a priori trust relationship among entities interacting in pervasive computing environments which makes it essential to establish trust from scratch. This task becomes extremely challenging when it is simultaneously necessary to protect the privacy of the users involved. In this paper, we first show how trust evaluation process of the users system can be based on previous interactions and peer recommendations. A solution then relied on trust to control privacy disclosure is proposed that depends on pre-defined privacy policy. Several tuning parameters and options are suggested so that end-users can customize to meet the security and privacy requirement of a ubiquitous system.

A trust-based security architecture for ubiquitous computing systems

Ubiquitous Computing (ubicomp) is a revolution of computing paradigm that promises to have a profound affect on the way we interact with computers, devices, physical spaces and other people. Traditional authentication and access control which has been applied to stand-alone computers and small networks are not adequate to ubicomp technology. Instead, we need a new security model that is based on notion of trust to support cross-domain interactions and collaborations. This means that ubicomp environments involves the interaction, coordination, and cooperation of numerous, casually accessible, and often invisible computing devices. Authenticating the identity certificate of a previous unknown user does not provide any access control information. Simple authentication and access control are only effective if the system knows in advance which users are going to access the system and what their access rights are. Security information in different domains is subject to inconsistent interpretations in such open, distributed environment. In order to fulfill these security requirements of ubicomp, in this paper we present USEC, A Trust-based Security Infrastructure, for securing ubicomp systems. USEC is being developed for CAMUS. It is composed of seven major components: hybrid access control, entity recognition, trust/risk management, intrusion detection, privacy control, andhome firewall. Our objective is to provide a lightweight infrastructure with sufficient security services that tackles most security problems in ubicomp systems.

Scenario Based Fault Detection in Context-Aware Ubiquitous Systems using Bayesian Networks

We define the use of Bayesian networks for fault detection in the perception mechanism of context-aware ubiquitous systems. This paper describes the complete working of such a fault detection module. context-aware ubiquitous systems use a large number of sensors and actuators for their interaction with the environment. The data collected from the environment describes the behavior of the system under different scenarios. If in any way this data or the source of the data gets corrupted then the context formed from such data would be erroneous and result in over-all system misbehavior. Therefore such data needs to be filtered and possible sources of error should be detected in the systems perception mechanism

Activity-based Security Scheme for Ubiquitous Environments

Bardram introduced a new concept of activity-based computing as a way of thinking about supporting human activities in ubiquitous environments. In such environments where users are using a multitude of heterogeneous computing devices, the need for supporting users at the activity level becomes essential. However, without considering basic security issues, it could be rife with vulnerabilities. Security services, like authentication and access control, have to not only guarantee security, privacy, and confidentiality for ubiquitous computing resources, but also support user activities equipped with various devices. In this paper, we present an activity-based security scheme. The proposed scheme aims to enhance security services on mobile devices and facilitate user activities. We also integrate off-the-shell security services like MD5, TEA, Diffie-Hellman key agreement protocol so that it makes the scheme more robust and practically usable. The implementation and sample scenario have shown the requirement satisfactory of the scheme.

Security for Ubiquitous Computing: Problems and Proposed Solutionl

Traditional authentication and access control are no longer suitable for ubiquitous computing paradigm. They are only effective if the system knows in advance which users are going to access and what their access rights are. Therefore, it calls for a novel security model. In this paper, we outline major security problems in ubiquitous computing and propose a new architecture, TBSI (trust-based security infrastructure). In TBSI, trust and risk management plays a key role to support authentication and authorization to unknown users. Meanwhile, intrusion detection and home firewall are also integrated to make TBSI more robust. This paper is an extension of our previous work to give more detailed description and enhancement of the architecture. TBSI is on-going research project to support our context-aware middleware CAMUS

A flexible and scalable access control for ubiquitous computing environments

The ubiquity and invisibility characteristics of ubiquitous computing (ubicomp) arise many security problems, especially in the field of access control. Some important issues that are needed to be addressed in access control design are: (1) Ubicomp environment is composed of huge amount of entities. Therefore, determination of access rights must be based on role or group of role, instead of individuals. (2) The context (e.g. user’s location, user’s need, etc) changes dynamically over time. Hence authorization of user’s accessibility is required to be based on such contextual information for proper enforce-ment of the required policies. (3) Users may not know what credentials are to be provided to access a specific service. In that case, the delivery service must support some interaction mechanism to explicitly acquire necessary credentials from users. (4) Numerous entities, roaming across different domains in ubiquitous network, are usually unknown to the local system. Access control should be based on the notion of trust to grant privileges in such circumstances. Lots of works have been done in the area of access control. Most of them have followed any of the four main approaches: Role-based Access Control (RBAC), Policy-based Access Control (PBAC), Context-based Access Control (CBAC), and Trust-based Access Control (TBAC). However, each of these approaches itself can not fulfill such security requirements of ubicomp. Hence we propose a Hybrid Access Control (HAC) model to tackle the problems of these approaches while taking their major advantages. HAC is hybrid of RBAC, PBAC, CBAC, and TBAC.

Design and Implementation of Double-Key based Light Weight Security Protocol in Ubiquitous Sensor Network

Ubiquitous computing supports environment to freely connect to network without restrictions of place and time. This environment enables easy access and sharing of information, but because of easy unauthorized accesses, specified security policy is needed. Especially, ubiquitous sensor network devices use limited power and are small in size, so, many restrictions on policies are bound to happen. This paper proposes double-key based light weight security protocol, independent to specific sensor OS, platform and routing protocol in ubiquitous sensor network. The proposed protocol supports safe symmetric key distribution, and allows security manager to change and manage security levels and keys. This had a strong merit by which small process can make large security measures. In the performance evaluation, the proposed light weight security protocol using double-key in ubiquitous sensor network allows relatively efficient low power security policy. It will be efficient to ubiquitous sensor network, such as smart of ace and smart home.