Computer Science and Engineering 1 Mobile Computing and Security.
-
Upload
leonard-ryan -
Category
Documents
-
view
219 -
download
0
description
Transcript of Computer Science and Engineering 1 Mobile Computing and Security.
Computer Science and Engineering 1
Mobile Computing and Security
Mobile DevicesMobile Devices
• Traditional computing and networking vs. mobile devices (smart phones, internet tables, etc.)
• Widely accepted consumerization: individuals and organizations
• Huge amount of sensitive data (personal and corporate) • Security and privacy threats
Computer Science and Engineering 2
Trust Management for Trust Management for Mobile Ad-Hoc NetworksMobile Ad-Hoc Networks
• Mobile Ad-hoc networks:– Increased connectivity– Improved information sharing– Collaboration, distributed decision making
• Issues: – Temporary network– Resource constraints: bandwidth, battery life, memory, etc.– Openness, rapid changes, hostile environment– Trust in the components
Computer Science and Engineering 3
What is Trust?What is Trust?
• Degree of subjective belief about the behaviors of a particular entity
• Trust Management: approach for specifying and interpreting security policies, credentials, and relationships
• MANET trust issues: establish a network with an acceptable level of trust relationships among the nodes– Trust information gathering– Trust evidence gathering
Computer Science and Engineering 4
• Uncertainty• Incomplete evidence
Computer Science and Engineering 5
Types of TrustTypes of Trust
• Trust in sociology• Trust in economics• Trust in philosophy• Trust in psychology• Trust in organizational management• Trust in autonomic computing• Trust in communications and networking
Computer Science and Engineering 6
Trust CharacteristicsTrust Characteristics
• Trust should be established based on potential risks• Trust should be context-dependent• Trust should be based on each party’s own interest• Trust is learned• Trust may represent system reliability
Computer Science and Engineering 7
Trust, Trustworthiness, Trust, Trustworthiness, and Riskand Risk
Computer Science and Engineering 8
Trustworthiness
Trust
0.5
0.5
1
1
Trust = Trustworthiness
Misplaced Trust
Misplaced mistrust
From: Cho et al., A Survey on Trust Management for Mobile Ad Hoc Networks
Risk and TrustRisk and Trust
Computer Science and Engineering 9
Trust
Stake
0.5
0.5
1
1
Low risk
High risk
Medium risk
From: Cho et al., A Survey on Trust Management for Mobile Ad Hoc Networks
Risk value: determined based on stake
Opportunity and positiveconsequences
Trust in MANETTrust in MANET
• Dynamic • Subjective • Not necessarily transitive • Context-dependent
Computer Science and Engineering 10
Trust vs. ReputationTrust vs. Reputation
• Trust: a node’s belief in the trust qualities of a peer– Emphasizes risk and incentives
• Reputation: the perception that peers form about a node– Past actions that influence perception
• Recommendation: an attempt at communicating a party’s reputation from one context to another context
Computer Science and Engineering 11
Trust Management Trust Management ApproachesApproaches
• Policy-based trust management– Based on strong and objective security schemes– Verifiable properties– Binary decision – E.g., Charles C. Zhang, Marianne Winslett: Distributed
Authorization by Multiparty Trust Negotiation• Reputation-based trust management
– Trust is calculated by collecting, aggregating, and disseminating reputation among the entities
– E.g., vendor evaluation for online shopping
Computer Science and Engineering 12
Trust Management Trust Management ApproachesApproaches
• Evidence-based trust management– Considers anything that proves trust relationships
among nodes (e.g., keys, identity, address), or – any evidence that any node can generate (e.g., a
challenge and response process)• Monitoring-based trust management
– Rates the trust level of each participating node based on direct information (e.g., observing the behavior)
Computer Science and Engineering 13
Trust Management Trust Management ApproachesApproaches
• Certificate-based vs. behavior-based framework– pre-deployment knowledge of trust vs. continuous
monitoring (reactive)• Hierarchical vs. distributed framework
– Hierarchy based on capabilities or level of trust (e.g., certificate authorities, trusted third parties)
Computer Science and Engineering 14
Attacks on Trust Attacks on Trust ManagementManagement
• Routing based: routing loop attacks, wormhole attacks, blackhole attacks, grayhole attacks
• Availability: DoS attacks• Integrity: false information or false recommendation,
incomplete information, packet modification/insertion • Authenticity: newcomer attacks, Sybil attacks, replay
attacks• Other: seective misbehaving attacks, on-off attacks,
conflicting behavior attack
Computer Science and Engineering 15
MANET Trust MANET Trust Management Management
• Secure routing• Authentication• Access control• Key management• Trust evaluation• Trust computation• General trust level identification
Computer Science and Engineering 16
Next ClassNext Class
• Web Application Security– The software
Computer Science and Engineering 17