Toward Trustworthy Ubiquitous Computing Environments

Weidong Cui, Yitao Duan, Kai Wei

{wdc, duan, kwei}@CS.Berkeley.EDU

CS 261 Class Project, Fall 2002

Proposal

In an Ubiquitous Computing (Ubicomp) environment, sensors are actively collecting data, much of which can be very sensitive.  Protecting these private data is a central concern for the users to have a trust relationship with the environment.  There are a few challenges that make Ubicomp security different from other system protection:

  1. The environment is often unfamiliar to the users.  They will not have a trust relationship with the owners of the environment as they might with their local system administrator appropriate for handling their private information.
  2. Data are often generated dynamically and streaming at high rates (video and audio) and must be processed in real-time.
  3. Users' access rights change dynamically with respect to their relationship with the mechanisms by which data are generated.  For example, a number of users can form an ad hoc group and record their meeting using a camera that is administrated by the environment.  They should only have accesses to the video produced during the meeting period but not others.  The system must be able to associate a piece of information with the correct set of users while it is being produced.
Tackling these issues will be a central challenge for ubicomp.  In this project, we will focus on protecting user data in a ubicomp environment and propose some simple design principles which address several of these issues.  The key principle is "data discretion", which grants access to information only to individuals who would have "real-world" access to the data.  We have devised an initial method to enforce this principle that is based on hybrid secret-key and public-key cryptography.  The basic steps involves encrypting the data using a random session key and encrypting this key using public keys of the file's owners.  To allow emergency viewing of the data, the session keys are also encrypted by a master key which is held by no one but secret-shared by a number of principals (e.g. the system administrators, police, etc).  Threshold decryption will be used to recover the data if it is necessary.  In addition, we will consider protecting users' privacy.

We will implement the above scheme using Crypto++ 5.0 toolkit in the setting of a Smart Room that we are building and evaluate its performance.
 

Resources

We have a number of equipments deployed that can be used to test our scheme. These include 4 web cameras that can produce a stream of images (representing the dynamically generated user data), a Philips I-CODE RFID tag reader that will be used to detect and identify users. Driver code for the I-CODE reader is already developed and is ready to use.


Tentative Timeline

Week 1 - 2: Literature survey. Refining of protocol. Considering attack scenario and defenses.
Week 3 - 4: Coding and debugging.
Week 5 - 6: Deploy testbed and evaluate results.
Week 7 - 8: Paper write-up.
 

References

[1] Crypto++ 4.0 Benchmarks, http://www.eskimo.com/~weidai/benchmarks.html.
[2] Philips I-CODE RFID Tag Reader, http://www.semiconductors.philips.com/markets/identification/products/icode/.