Embed Size (px)
Citation preview
Smart Home Technologies
Security and Privacy
Data Security and Privacy in Intelligent Environments Intelligent environments gather
significant amounts of data about their inhabitants Behavior patterns
Work hours Room occupancies
Personal preferences TV viewing Shopping habits
Inhabitant data Address books Medical data
Security and Privacy Threats Electronic threats
Electronic identity theft Intellectual property theft Unsolicited marketing Publication of private information
Physical threats Illegal entering / robberies Electronic theft of property information
Credit card and banking information
Security and Privacy Risks in Intelligent Environments Wireless communications
Wireless communications are easy to intercept
Remote access facilities Intelligent environments can frequently be
accessed remotely over the network Large databases
Large amounts of private information represent a target for intruders
Computer-enabled access to the home Intruders can falsify access authentications
Legal Situation US Constitution
Fourth Amendment (abridged) The right of the people to be secure in their persons,
houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.
Fifth Amendment (abridged) No person shall be compelled in any criminal case to
be a witness against himself. Laws grant law enforcement access to
private communications and data if there is reasonable cause
No specific “right to privacy”
Security and Privacy Measures Data Processing
Processing data on-line and only storing information relevant to decision making
E.g. no stored video / audio data Encryption
Encryption of data reduces risk of information theft
Encryption of communications Encryption of stored data
Authentication Authentication makes if more difficult for
intruders to enter the system Electronic authentication for data connections Physical authentication when entering the
environment
Avoidance of Data Storage Avoiding the storage of unnecessary
data can be an efficient means of facilitating privacy Necessary information should be extracted
immediately Location information rather than raw video Store models rather than large data sets Hide identities in data sets if they are not
necessary
There is a tradeoff between storing of data and the decision making capabilities of the intelligent environment
Encryption of Data and Communications Encryption reduces the risk of an intruder
being able to access information Encryption of communications to prevent
eavesdropping How to set up encrypted communications ? How to keep decryption secret ?
Encryption of stored data and information to prevent intruders from accessing and using it
How to permit the home applications decrypt data without revealing the decryption code ?
Private Key Encryption Private key encryption uses a secret key to
encrypt and decrypt a message (symmetric encryption) Decryption algorithm is public
Algorithm used for message is known Encryption key is private
One key is used for all encryption/decryption Strength of encryption depends on number of
possible keys Problems:
How to securely distribute the private key ? How to ensure authenticity of messages ?
Example: Data Encryption Standard (DES) DES was developed at IBM in 1977 Uses 56-bit private-key encryption
56-bit key results in 256 = 72 x 1015 keys Each message is encrypted with a
randomly chosen key Key exchange is a major concern
Applies 56-bit key to each 64-bit block of data
Can be made stronger using multiple passes Triple DES (3DES) still in use (256+56+56 keys)
Still used in some telecom networks
Public Key Encryption Public key encryption uses a pair of
private and public keys to encrypt and decrypt messages (asymmetric encryption) Private key is held securely by the user Public key is published openly
Messages encrypted with one of the keys can be decrypted using the other private(public(M)) = M public(private(M)) = M
Addresses problems of key exchange
Uses of Public Key Encryption Authentication of sender (digital signature)
Sender encrypts with his/her private key Recipient decrypts with sender’s public key
Encryption of content fro privacy Sender encrypts with recipient’s public key Recipient decrypts with his/her private key
Authentication and privacy Sender encrypts message first with his/her private
key and then with the recipient’s public key Recipient decrypts and authenticates by applying
his/her private key and then the sender’s public key
publicS(privateR(publicR(privateS(M))) = M
Example: RSA Algorithm Patented by RSA Security Inc. Key generation:
Public key = (e,n) Private key = (d,n) encryptA(M) = Me modulo n decryptA(M) = Md modulo n n = p*q, where p and q are large random primes
e and d chosen based on p and q Security is based on the fact that finding the
prime factors of a number is NP-complete Breaking of encryption takes a long time
Legal Issues Laws require that individual communications
can be wiretapped by law enforcement Communications Assistance for Law Enforcement
Act (CALEA) mandates that communications systems equipment be designed to allow practical wiretapping by law enforcement
Any encrypted message must be decryptable by law enforcement with proper authorization
Currently: Encrypter must provide means to decrypt message
Encryption Policy Position of US Government
Public-key encryption too difficult to wiretap Limit export of encryption Use government-designed, tap-able encryption
schemes
Industry’s position Use widely-accepted, strong encryption standard Freely export standard
Escrowed Encryption Standard EES developed by U.S. government in 1993
Private key encryption/decryption algorithms are implemented on chips
Each chip has an 80-bit unit key, which is escrowed in two parts to two different agencies
Chip also includes a 30-bit serial number and an 80-bit family key common to all chips
Law-Enforcement Access Field (LEAF) appended to message and encrypted with family key includes
Session key encrypted with unit key Serial number of sender
Law enforcement can obtain decryption keys form escrow agencies
Encryption Encryption provides protection for data and
communications Makes stolen data less useful
Time required to break encryption is relatively long Permits reliable authentication of sender of
messages Problems
Conflict between privacy and law enforcement mandates
Encryption can be broken with sufficient computing power
Data is only secure for a limited amount of time
Electronic Intruder Defense Firewalls
Filter packets not meeting specified constraints Access limitations to particular users
IP number constraints Port constraints
Access limitations to particular services Connection-type constraints
Encrypted computer access channels Secure Shell (www.ssh.com)
Intrusion detection Identify unusual access and/or traffic patterns Restrict users who make illegal access attempts
Physical Authentication Electronic keys
RFID keys IR keys
Keys can be stolen and used by unauthorized persons
Biometrics Recognize a user/inhabitant using distinguishing
traits Face recognition Voice recognition Fingerprint recognition, hand and finger geometry Iris, retinal scans Vein patterns Handwriting recognition
Face Recognition Recognition in front of a controlled background
Skin color and facial features Shape of head Spatial relations between
eyes, nose, mouth, etc. Eigenfaces
Characterize faces using a set of “prototypical” faces
Motion patterns (e.g., blinks) Unconstrained scenes
Neural networks Problems:
Complex technology with relatively high error rates Difficult to secure against manipulations
Voice Recognition Voice recognition attempts to identify a user
from the voice pattern Identify and match pitch,
frequency patterns, etc. Hidden Markov Models are
one of the most used mechanisms to model voice
Problems: Relatively unreliable so far
Voice changes when sick High risk of falsification
Tape recording Synthesized patterns
Fingerprint Recognition Fingerprints can be used as unique
identifiers for a person Identification by matching a number of
features in the fingerprint Requires image processing and
pattern recognition techniques Fingerprint readers can be
purchased relatively cheaply Problems:
Can not be read from a distance
Iris and Retinal Scans Identify an individual from the pattern
formed by the blood vessels on the retina or by the patterns on the iris Retinal and iris patterns are unique Encode wavelet patterns Can be evaluated rapidly
100,000 comparisons per second on 300MHz machine
Problems: Difficult to read from a distance Iris pattern has to be read at a
particular light intensity
Other Biometric Measures:Hand Vein IDs The pattern of blood vessels is a unique identifier for humans
Identification of pattern using image processing Matching of picture against vein map Commercial products are available (www.veinid.com)
Problems: Can not be read from a distance Diseases or accidents can change vein patterns
Physical Authentication Biometrics provide a means of reliably
identifying individuals Reduces the risk of illegal access Eliminates the need for keys or access IDs Unique identification (in particular if multiple
techniques are used) Problems
Techniques have to be reliable even in cases of injury
Personal data has to be stored for authentication High reliance on computer technology
Software Safety Software in intelligent environments can
operate physical devices Safety and reliability of software is important
Software should not fail Decision makers should not issue unsafe decisions
Risk analysis for software is a difficult task that has a subjective component
Models of the system are never complete Models and programs are very difficult to validate
No widely accepted standards for developing safety-critical software exist
Resources: The Risks Digest http://catless.ncl.ac.uk/Risks/
Conclusions Intelligent environments pose many security
and privacy issues Inhabitant privacy has to be protected Access has to be restricted to authorized
individuals Communication links have to be secure Software has to be reliable
A number of mechanisms have been developed that address individual aspects Encryption Biometric authentication Software risk analysis and verification
No absolute security or privacy Conflict between law enforcement and privacy Encryption can be broken, biometrics can be
fooled
