多媒體網路安全實驗室

Routing Through the Mist:Privacy Preserving Communication

in Ubiquitous Computing Environments

Routing Through the Mist:Privacy Preserving Communication

in Ubiquitous Computing Environments

Date:2011/05/05報告人：向峻霈

出處 : Jalal Al-Muhtadi , Roy Campbell , Apu Kapadia , M. Dennis Mickunas Seung Yi : Distributed Computing Systems,

pp. 74-83 ,2002

多媒體網路安全實驗室

Outline

Introduction1

Problem statement2

The Mist Hierarchy33

Implementation44

Conclusion35

2

多媒體網路安全實驗室

Distributed systems and mobile computing have converged to enhance global interconnectivity

Users can access services Run programs Utilize resources Harvest computing power anytime and anywhere

Introduction

3

多媒體網路安全實驗室

Physical spaces augmented with sensors and actuators that can locate users

Problem statement

4

收集網絡地址物理位置

竊聽者User

隱藏加密的溝通渠道

多媒體網路安全實驗室

We aim to design and implement a privacy protocol User能在任意環境自由交流並保留隱私 防止內部人員的隱私協議

Sensors that can detect the presence of users in a room 但沒有能力積極辨識 user

Mist Routers Preserve privacy Hide information

Problem statement

5

多媒體網路安全實驗室

Our goal is to achieve the following Location privacy Anonymous connections Confidentiality

We assume Public Key Infrastructure (PKI) exists Ubiquitous computing environment Mist Routers Third party that can’t be trusted

Problem statement

6

多媒體網路安全實驗室

The Mist Hierarchy

7

多媒體網路安全實驗室

Portals are viewed as the gateways that bridge the virtual world to the physical one Workstation A sensor An access point for wireless devices RF transceiver

The Mist Hierarchy

8

多媒體網路安全實驗室

The Mist Hierarchy

“Smart” rooms Detect the physical presence of one or more users The users are anonymous and not authenticated

as of yet Location and discovery services that are available

in Gaia OS 不包含

• 監控攝像機• 語音識別裝置

9

多媒體網路安全實驗室

Registering in the system

10

多媒體網路安全實驗室

Mist Circuits employ hop-to-hop handle-based routing to send data packets

back and forth between the source and destination through the mist

Combining this routing with limited public- key encryption

Mist Circuits

11

多媒體網路安全實驗室

General format for Mist packets

12

多媒體網路安全實驗室

Mist Circuit setup

13

多媒體網路安全實驗室

Mist Circuits

14

多媒體網路安全實驗室

Mist Circuits

Alice: Alice’s unique ID in the active information space TS: A timestamp to prevent replay attacks Ksession: A random session key to encrypt further communication

between the user and her or his Lighthouse TKN: A token to be presented to the user’s lookup service Ek : Means encrypt using the key ‘k’

PP: A predetermined “fixed” phrase

15

多媒體網路安全實驗室

Locating Users

16

Once the Mist Circuit-Setup has been completed LDAP Servers Web Servers Security issues

多媒體網路安全實驗室

LDAP Servers

Lightweight Directory Access Protocol (LDAP) users can register attributes with LDAP servers unique LDAP Distinguished Name(DN)

17

多媒體網路安全實驗室

Web Servers

Users to maintain their own webpages These webpages can be updated by a CGI

script

18

多媒體網路安全實驗室

Security issues

We would like to prevent malicious Lighthouses or attackers Constructs a special token (TKN) signed by

the user’s private key TKN

• Timestamp• Unique ID of the chosen Lighthouse

19

TKN contents do not need to be encrypted

多媒體網路安全實驗室

Mist Communication Setup

20

多媒體網路安全實驗室

Mist Communication Setup

21

多媒體網路安全實驗室

Conclusion

There is a fair possibility of creating a ubiquitous ‘surveillance’ system instead

We would like to “short circuit” their communication to take the shortest path possible

22

多媒體網路安全實驗室