Introduction to ubiquitous security

Kevin Wang

Scenario

Take photos

Ask position

Position

voiceTime

More information

Essential terminology

• Oxford English Dictionary– Ubiquitous:

• present or appearing everywhere; omnipresent

• Like: light switches, door locks, fridges and shoes

– Ad hoc networking:• Devoted, appointed, etc., to or for some particular

purpose.

Common mistake

• Security = cryptology?• What fails in real life is rarely the crypto.

– Record voice to photo, the phone is in hand.– Need to crypto?

Example of Resident Security

Assessment

• Threat– Your money getting stolen

• Vulnerability– Thin wood and glass, your front

door or windows.• Attack

– Thief breaks and in your house.• Safeguard

– A priori vaccines• Countermeasure

– A posteriori remedies• RFID…

Problem

• Confidentiality– Disclosed to unauthorized principals

• Integrity– Altered in an unauthorized way

• Availability– Honors any legitimate requests by authorized principals– As attacks succeed in denying service to legitimate users, typically using up all the

available resources• Authorize

• Authentication

• Anonymity– Traffic analysis– Intrusive dossiers, credit cards…can make data fusion.

Notation

• E(m)

• EK(m)

( )AESKE m

:A B m

:R A B

A Secure Technology for Determining Client Computer User

and Location Authentication

Braun martin

Chief Technology Officer

Kevin Wang

Introduction

• Scenario?

• Technology background

• Possible inherent problem

• Conclusion

Scenario

Nevada 內華達州

Nevada

• Casino

• Gamble

• Drinking

• 51 area

• Reno city

• And so on

Casino• In room, we can make sure who is adult,

who is boy.

• But in internet, how can I know who are you?– A dog?– A cat?– Or dinosaur?

Solution

• User authentication

• Location authentication

User authentication

• Information the user knows– Password, personal identification number

• An object (access token) the user possesses– Physical keys, mag stripe cards and smart cards

• A personal (biometric) characteristic – Hand geometry, fingerprints, voiceprint, retinal

scans and DNA profiles

Location authentication

• Telephone– Prefix region

• Internet protocol mapping– IP is address

• Cellular digital packet data– Precise location of the transmitting dervice

• Global positioning system– Satellite

Possible inherent pronlems

• In user authentication – Passwords and PINs

• Share or hacking

– Access token• Be duplicated easily

– Biometric characteristics• False positive• False negative• duplication

• In location authentication – Caller ID

• Some area doesn’t permit gambling

– IP addressing• Real ip can map area, but, visual ip?

– Cellular digital packet data• Low reliability or nonexistent in many areas.

– Global position system• Steel buildings

Conclusions

• Combine user and location authentication

• Integrate biometric scanner with smart card in a secure networked computers.