1 1 © 2010-2011-2012 daniel p. siewiorek mobile computing security and privacy dan siewiorek june...

Mobile Computing

Security and PrivacySecurity and Privacy

Dan SiewiorekDan Siewiorek

June 2012June 201211

Mobile Computing

Outline

Overview Privacy Access/Security Trust

Mobile Computing

Security and Privacy

Privacy/Location» Pseudonyms [Beresford]

» Spatial/Temporal Cloaking [Gruteser]

» Rule Based [Myles]

Access/Security» Transient Authentication [Corner]

» RFID [Kriplean]

» Photographic [Pering]

» Monitoring [Bahl]

» Keypad [Geambasu]

Trust» Public Kiosks [Gariss]

» Trust-Sniffer [Surie]

Mobile Computing

Outline

Mobile Computing

Blueroof Model Smart Cottage

Mobile Computing

Cottage Sensor Network

DiscreteStove & oven on/offWasher and dryer on/off

Refrigerator & freezer doorKitchen cabinets & drawersShower, faucet runningCommode fillingToothbrush on/offSofa, chair occupiedBed occupiedTV on/offPhone in useInterior motionFront door, back doorCloset doors

OtherIP camerasMedication drawer

Mobile Computing

Smart Homes and Communities

McKeesport Independence Zone

(McKIZ)Move the paradigm of

an aware and assistive home to an aware and assistive

community

Blueroof Independence Module (BIM)

Mobile Computing

Privacy Attitudes: National Web Survey

Scott R. Beach Kate Seelman

Richard Schulz Bruce Barron

Julie S. Downs Laurel P. Mecca

Judith T. Matthews

Mobile Computing

Overview

National web-based survey

» Online survey panel maintained by Survey Sampling International (SSI, Inc.)

» Non-probability sample, but demographically and geographically diverse

» Targeted middle aged and older adults with and without disability– potential users of QoLT(N=1610)

Reference: Beach et al. (2009). Disability, Age, and Informational Privacy Attitudes in Quality of Life Technology Applications: Results from a National Web Survey. Transactions on Accessible Computing (TACCESS), Special Issue on Aging and Information Technologies.

Mobile Computing

Background

Privacy concerns may affect public acceptance of monitoring technology, depending on

Type of behavior» Vital signs, moving about the home, taking medication,

cognitive ability, driving, toileting

Recipient of the data» You, family, doctor, researchers, insurance company,

government

Method of data collection/recording and sharing» Video with sound, video without sound, sensor

Mobile Computing

Privacy Results: Type by Recipient

Insurance companies and government least acceptable as recipient

Driving information sensitive outside family contexts

Family

Recipient

Move about

Cog Ab

Toilet

Mobile Computing

Privacy Results: Method by Recipient

Video and video with sound less acceptable than sensors

Some types of information (e.g., toileting) may be totally out of bounds for visual access 1

Video withsound

Videowithoutsound

Sensor

Method

Move about

Cog Ab

Toilet

Mobile Computing

Non-disabled IADL only ADL + IADL

Age 45-64

Age 65+

Acceptability of Sharing /Recording Health Information by Disability Level and Age

Controlling for gender, education, race, general technology attitudes, and assistive device use

Mobile Computing

Non-disabled Disabled

Internet user

No internet use

Acceptability of Sharing/Recording Health Information by Disability Level and Internet

Use: Web Survey Replication

Mobile Computing

Summary / Conclusions

Disabled individuals are more accepting of sharing / recording health information than non-disabled (replicated with computer users vs. not)

Dose response effect: ADL > IADL > Non-disabled Found among both boomers (45-64) and older adults

(65+) Suggests trade-offs of privacy for enhanced function

Mobile Computing

Background

Explored trade-offs between: Reduced Privacy vs. Independence Reduced Privacy vs. Functional Benefits System Demands vs. Functional Benefits Loss of Social Interaction vs. Functional Benefits

Mobile Computing

Overview

Mail survey of local gerontology research registry members

Includes primarily older adults with and without disability – potential users of QoLT (N=350)

40% response rate (350/882)

64% female 95% age 60 or older 23% high school or less; 42% college grads 64% internet users; 36% non-users 40% report activity limitations

Mobile Computing

Acceptance of Differing Levels of Home Monitoring and Target Recipients to PREVENT GOING TO A

NURSING HOME

Mobile Computing

Acceptance of Varying LEVELS OF HOME MONITORING with Technology Providing Varying

Types of Assistance

Mobile Computing

Acceptance of REDUCED EFFICIENCY RELATIVE TO HUMAN with Technology Providing Varying Levels of

Assistance

Mobile Computing

Acceptance of Varying TRAINING REQUIREMENTS with Technology Providing Varying Levels of

Assistance

Mobile Computing

Acceptance of Varying DAILY MAINTENANCE REQUIREMENTS with Technology Providing

Varying Levels of Assistance

Mobile Computing

Respondents less accepting of video monitoring – especially when done in the bedroom and bathroom – than sensors; and of sharing information with insurance companies, even if they would prevent loss of independence

Respondents generally rejected technology that limited social interaction and required intense training to learn how to use, regardless of the type of assistance provided by the technology

Mobile Computing

Tipping point for acceptance of time to perform task: twice as long as human attendant (30 % drop in acceptability)

Tipping point for acceptance of time for daily maintenance: 1 hour (40 % drop in acceptability)

Results provide initial evidence for the implicit trade-offs that users make when deciding whether to adopt QoLT, which have important implications for design

Mobile Computing

Privacy

Centralized Service» Policy Based Contracts

» Spatial/Temporal Cloaking - resolution of location information in space/time (k-anonymous)

» Pseudonyms - mixing zone

Distributed Service» Abstractions

Mobile Computing

Location Service Architecture Alternatives

Mobile Computing

“Sometimes Less is More”: Multi-Perspective Exploration of

Disclosure Abstractions in Location-Aware Social Apps

Karen P. Tang

Mobile Computing

Privacy Risks = Adoption Barrier

location is now easier to sense, share & access privacy risks leads to adoption barrier [hong, ‘03]

day-to-day risks extreme risks

within your social network

over-protection, over-monitoring

embarrassment, reputation loss

government

civil liberties

stalkers

well-beingsafety

businesses

spamdata mining

Mobile Computing

Problem: Privacy vs. Utility Tradeoff

Mobile Computing

Problem: Privacy vs. Utility Tradeoff

share nothing & no social

benefits

share precise location (GPS) &

max social benefits

Mobile Computing

Solution: Privacy vs. Utility Scaffolding

share nothing &no social benefits

share precise location (GPS) &

max social benefits

use location abstractions to scaffold privacy

concerns

use location abstractions to scaffold privacy

concerns

Mobile Computing

Types of Location Abstractions

location information abstraction type

(40.444507, -79.948530)(specific) geographic417 S. Craig St, Pittsburgh, PA

Starbucks(specific) semantic

My favorite coffee shop

Coffee shop (general) semantic

Oakland, Pittsburgh, PA

(general) geographicPittsburgh, PA

Pennsylvania

[no information]

Mobile Computing

Why Use Location Abstractions?

Useful properties of abstractions » supports plausible deniability [lederer, ‘03; hong, ‘04]

» provides degrees of privacy [hong, ‘05; solove, ‘08]

» mimics conversational dialogue [weilenmann, ‘03]

Mobile Computing

Spectrum of Location Sharing Applications

push-based sharinguser or event driven

(“I’m here now”)

pull-based sharingrequest-driven

(“where is Alice now?”)

synchronous

asynchronous

sharingcurrent location

sharingpast locations

Mobile Computing

activecampus[griswold ’03]

lemming[hong ’04]

Past Research Examples of LSAs

2003 2004 2005 20082007 2009

esm study[consolvo ’05]

reno[smith ’05]

whereabouts[brown ’07]

watchme[marmasse ’04]

contextcontacts[raento ’05]

connecto[barkhuus ’08]

locaccino[sadeh ’09]

active badge[want,’92]

connexus[tang ’01]

Mobile Computing

lemming[hong, ’04]

2003 2004 2005 20082007 2009

reno[smith ’05]

watchme[marmasse ’04]

contextcontacts[raento, ’05]

connecto[barkhuus, ’08]

1992 2001

connexus[tang ’01]

active badge[want ’92]

Groups of people who regularly wanted to hold meetings could find each other easily with very little notice.Groups of people who regularly wanted to hold meetings could find each other easily with very little notice.“

Mobile Computing

2003 2004 2005 20082007 2009

reno[smith ’05]

watchme[marmasse, ’04]

contextcontacts[raento ’05]

connecto[barkhuus ’08]

connexus[tang, ’01]

Given mobile users’ fragmented attention, the time it takes to make a phone call must remain extremely short…These [context] cues [which include location] should facilitate decisions about whether to call, and if so, which communication channel to use.

Mobile Computing

2003 2004 2005 20082007 2009

reno[smith ’05]

watchme[marmasse, ’04]

contextcontacts[raento, ’05]

connecto[barkhuus, ’08]

connexus[tang, ’01]

Phoebe wonders what she and her husband, Ross, will do for the evening, so she sends a location query to Ross. While he is waiting at the bus stop near his office, Ross sends a location update to Phoebe. Phoebe receives the message at home, eagerly anticipating Ross’ arrival home. When Ross gets off the bus, a location update is sent to Phoebe and she knows that he’s only 10 minutes away. She sets out dinner just in time for her husband’s arrival.

Mobile Computing

Common Themes for Location Sharing

often driven by functional purposes» coordination

» collaboration

» interruptibility

» event planning

Mobile Computing

Industry Trends for Information Sharing

Online social networks (OSNs)

» diverse networks, lots of weak links [wellman ‘01]

» very large networks [donath ‘04]

Sharing is often not because one needs to share, but because one wants to share

Driven by a social reason for sharing

Mobile Computing

Commercial Examples of LSAs

Mostly aimed at social-driven sharing

2005 2006 2009 20102007 2008

Mobile Computing

Commercial Examples of LSAs

Mostly aimed at social-driven sharing

2005 2006 2009 20102007 2008

“I'm just down the street!” Never miss another chance to connect when you happen to be at the same place at the same time. [facebook places]

Find out who’s around, what to do, and where to go. Introducing…the new Loopt so you can always stay connected… [loopt]

Share your location and stay connected with your friends. [plazes]

“I'm just down the street!” Never miss another chance to connect when you happen to be at the same place at the same time. [facebook places]

Find out who’s around, what to do, and where to go. Introducing…the new Loopt so you can always stay connected… [loopt]

Share your location and stay connected with your friends. [plazes]“

““

Mobile Computing

Framework for Location Sharing

Mobile Computing

Pseudonyms [Beresford]

Register for a location specific call back but the application is untrusted

» Anonymity Set – set of all possible subjects who might cause an action

» Application Zone – where user has registered for a call back

» Mix Zone – spatial region where none of the users has registered any application call back

User changes pseudonym in mixing zone» Application seeing user emerge from mixing zone

cannot distinguish from other users in mixing zone

Mobile Computing

Spatial and Temporal Cloaking [Gruteser]

Anonymous use of location based services Adjusts resolution of location information in

space/time to anonymity constraints of location service users within an area

K-anonymous – indistinguishable from at least k-1 others

Adaptive Interval Cloaking » Sub-divide area around subject until number of

subjects in area falls below Kmin

Mobile Computing

Location-Based Applications [Myles]

Machine readable privacy policies and user preferences to automate privacy management

Rule Based» Organization

» Service

» Time

» Location

» Request Type

» Context

Mobile Computing

Policy rule base for a general-purpose validator describing Sally’s

preferences [Myles]

employer employer restaur, fun time taxi fun time find friend

Mobile Computing

Outline

Mobile Computing

» RFID [Kriplean]

» Keypad [Geambasu]

Mobile Computing

Security Attacks

Attack Type Description Defense

Eavesdropping Passively Listen Encryption

Replay Capture and Rebroadcast Detection, Isolation

Denial of Service Overload service with repeated requests

Detection, Isolation

Phishing Lure unsuspecting clients to reveal personal information

Education

Malicious Software Keystroke logger, rogue virtual machine

Rogue Wireless Access Point

Plug unauthorized access point into network

Mobile Computing

Dense Arrays of Inexpensive Radios [Bahl]

Add wireless to desktop machines Look for Rogue Access Points bridging

to wired network Detect variations of Denial of Service

Attacks» Disassociation/Deauthentication messages

» Messages with large duration values in header

Mobile Computing

Dense Arrays of Inexpensive Radios [Bahl]

Passive – listen for beacons Active – probe, wait for responses Tests

» Association – AirMonitor associates, pings, wired network

» Source/Destination address – check if suspect address on corporate network

» Replay frames from suspect, look for duplication

» DHCP Signature format of known models on network

Mobile Computing

Transient Authentication [Corner]

Continuously authenticate user’s presence over short range wireless

» When user departs, user processes suspended and in-memory pages encrypted

» When user returns – pages decrypted and process restarted

RSA Encryption » Public and private keys. Data encrypted with

public key. Only private key can decrypt

» Private key can be used to sign messages – anyone can verify using public key

Mobile Computing

RFID [Kriplean]

RFID Ecosystem collects data and stores on centralized server

Physical Access Control (PAC) protects privacy by constraining the data a user can obtain to those events that occurred when and where they were physically present

Mobile Computing

Photographic Authentication [Pering]

Authentication through untrusted public internet to withstand replay attacks

User identifies their own photos» Works with home server that has user’s

photographs, account information

Mobile Computing

Keypad: Auditing File System [Geambasu]

Encryption plus remote key storage Audit server involved with protected file

access Alert audit server after theft to refuse to

return a particular file’s key Audit server logs so knows which files

attempted to access

Mobile Computing

Outline

Mobile Computing

» RFID [Kriplean]

» Keypad[Geambasu]

Mobile Computing

Public Kiosks [Garriss]

Personal device to establish trust in a public computing Kiosk

Determines identity and integrity of all software on the Kiosk

Mobile Computing

Rapid Trust Establishment [Surie]

Use with ISR Fetches execution environment from a

trusted server over an encrypted channel Only have to verify integrity of small core of

local ISR and Linux software Trust initiator device - examines local disk to

verify safe for a normal boot Trust extender – kernal module Trust alerter – user space notifier application

1 1 © 2010-2011-2012 daniel p. siewiorek mobile computing security and privacy dan siewiorek june...

Documents

lecture 1 welcome topic 1 msc228 2012 t1 2012

1 mobil computing © 2010-2013 daniel p. siewiorek...

automatic speciﬁcation of reliability models for fault...

spring 2012 : 1/25/2012

triumphs & tribulations, january, 2012, page 1 · 2012. 1....

1 aura project © 2001 carnegie mellon university wearable...

2012 library orientation (1 august 2012)

elements & atoms physical science 1/23/2012 – 1/26/2012

confidential and proprietary · 2014-07-03 · 11/1/2012 $...

2012-1 · title: 2012-1.indd created date: 2/28/2012...

authors: david garlan, daniel siewiorek, asim smailagic...

2012 dnc september 1-7, 2012

2012 trends-october-2012 (1)

ewatch: a wearable sensor and notification platform paper...

3557: 1 19 (2012) copyright … 1 19 (2012) copyright ©...

may 2012 may 1-7, 2012

election 2012: thursday, november 1, 2012

context aware computing - carnegie mellon university ·...

startdato slutdato - ringsted...27/05/2012 2 29/02/2012 1...

application design for wearable computing - · pdf...