多媒體網路安全實驗室 Routing Through the Mist: Privacy Preserving Communication in...
-
Upload
meagan-mccormick -
Category
Documents
-
view
219 -
download
0
Transcript of 多媒體網路安全實驗室 Routing Through the Mist: Privacy Preserving Communication in...
多媒體網路安全實驗室
Routing Through the Mist:Privacy Preserving Communication
in Ubiquitous Computing Environments
Routing Through the Mist:Privacy Preserving Communication
in Ubiquitous Computing Environments
Date:2011/05/05報告人:向峻霈
出處 : Jalal Al-Muhtadi , Roy Campbell , Apu Kapadia , M. Dennis Mickunas Seung Yi : Distributed Computing Systems,
pp. 74-83 ,2002
多媒體網路安全實驗室
Outline
Introduction1
Problem statement2
The Mist Hierarchy33
Implementation44
Conclusion35
2
多媒體網路安全實驗室
Distributed systems and mobile computing have converged to enhance global interconnectivity
Users can access services Run programs Utilize resources Harvest computing power anytime and anywhere
Introduction
3
多媒體網路安全實驗室
Physical spaces augmented with sensors and actuators that can locate users
Problem statement
4
收集網絡地址物理位置
竊聽者User
隱藏加密的溝通渠道
多媒體網路安全實驗室
We aim to design and implement a privacy protocol User能在任意環境自由交流並保留隱私 防止內部人員的隱私協議
Sensors that can detect the presence of users in a room 但沒有能力積極辨識 user
Mist Routers Preserve privacy Hide information
Problem statement
5
多媒體網路安全實驗室
Our goal is to achieve the following Location privacy Anonymous connections Confidentiality
We assume Public Key Infrastructure (PKI) exists Ubiquitous computing environment Mist Routers Third party that can’t be trusted
Problem statement
6
多媒體網路安全實驗室
The Mist Hierarchy
7
多媒體網路安全實驗室
Portals are viewed as the gateways that bridge the virtual world to the physical one Workstation A sensor An access point for wireless devices RF transceiver
The Mist Hierarchy
8
多媒體網路安全實驗室
The Mist Hierarchy
“Smart” rooms Detect the physical presence of one or more users The users are anonymous and not authenticated
as of yet Location and discovery services that are available
in Gaia OS 不包含
• 監控攝像機• 語音識別裝置
9
多媒體網路安全實驗室
Registering in the system
10
多媒體網路安全實驗室
Mist Circuits employ hop-to-hop handle-based routing to send data packets
back and forth between the source and destination through the mist
Combining this routing with limited public- key encryption
Mist Circuits
11
多媒體網路安全實驗室
General format for Mist packets
12
多媒體網路安全實驗室
Mist Circuit setup
13
多媒體網路安全實驗室
Mist Circuits
14
多媒體網路安全實驗室
Mist Circuits
Alice: Alice’s unique ID in the active information space TS: A timestamp to prevent replay attacks Ksession: A random session key to encrypt further communication
between the user and her or his Lighthouse TKN: A token to be presented to the user’s lookup service Ek : Means encrypt using the key ‘k’
PP: A predetermined “fixed” phrase
15
多媒體網路安全實驗室
Locating Users
16
Once the Mist Circuit-Setup has been completed LDAP Servers Web Servers Security issues
多媒體網路安全實驗室
LDAP Servers
Lightweight Directory Access Protocol (LDAP) users can register attributes with LDAP servers unique LDAP Distinguished Name(DN)
17
多媒體網路安全實驗室
Web Servers
Users to maintain their own webpages These webpages can be updated by a CGI
script
18
多媒體網路安全實驗室
Security issues
We would like to prevent malicious Lighthouses or attackers Constructs a special token (TKN) signed by
the user’s private key TKN
• Timestamp• Unique ID of the chosen Lighthouse
19
TKN contents do not need to be encrypted
多媒體網路安全實驗室
Mist Communication Setup
20
多媒體網路安全實驗室
Mist Communication Setup
21
多媒體網路安全實驗室
Conclusion
There is a fair possibility of creating a ubiquitous ‘surveillance’ system instead
We would like to “short circuit” their communication to take the shortest path possible
22
多媒體網路安全實驗室