Gaia Context and Location-Aware Encryption for Pervasive Computing Environments Jalal Al-MuhtadiRaquel Hill Roy Campbell Dennis Mickunas University of.

Gaia

Context and Context and Location-Aware Location-Aware Encryption for Encryption for

Pervasive Computing Pervasive Computing EnvironmentsEnvironments

Jalal Al-MuhtadiJalal Al-Muhtadi Raquel HillRaquel Hill

Roy Campbell Roy Campbell Dennis Dennis MickunasMickunas

University of Illinois at University of Illinois at Urbana-Champaign Urbana-Champaign

Gaia Outline Outline Background Motivation Assumptions System Overview

– Gaia Context File System – Gaia Publish/Subscribe Channel

Implementation & Evaluation Conclusion & Future Work

GaiaActive Spaces

Middleware – Gaia

Active Space

home office car campus

Physical space coordinated by a responsive context-based software infrastructure that enhances the ability of mobile users to interact and configure their physical and digital environment seamlessly.

Gaia Introducing GaiaIntroducing Gaia

Gaia OS, a distributed meta-operating Gaia OS, a distributed meta-operating system that runs on top of existing system that runs on top of existing operating systems.operating systems.

Provides infrastructure and core services Provides infrastructure and core services for constructing general-purpose for constructing general-purpose ubiquitous computing environments.ubiquitous computing environments.

home office car campushospital

Gaia Introducing GaiaIntroducing Gaia

Applications

Application Framework

EventsManager

ContextService

Context FileSystem

SpaceRepository

Security

Component Management CoreMid

dle

wa

re

Ke

rne

l LocationService

MS Windows, OS X, Linux, Symbian OS, Mobile Windows, etc.

Gaia MotivationMotivation

Goal: defining an efficient authorization mechanism which leverages contextual information– context information changing frequently context information changing frequently

expensive re-keying expensive re-keying

Gaia MotivationMotivation

Security in pervasive computing is essential Major barrier to real-world deployment New computing paradigm new challenges

– Integration of digital & physical infrastructures – Context & Location Awareness

Context and Location Awareness as an additional parameter to security

Gaia ScenariosScenarios

Active SpaceActive Space– only provide services to devices inside the only provide services to devices inside the

spacespace Classroom Classroom

Hospital ScenarioHospital Scenario– authorized nurses inside specific hospital authorized nurses inside specific hospital

units (intensive care, x-ray room, nursery)units (intensive care, x-ray room, nursery) Military Scenarios Military Scenarios

– reveal next plan only when soldier arrives at reveal next plan only when soldier arrives at destinationdestination

Gaia GaiaGaia

Applications

Application Framework

EventsManager

ContextService

Context FileSystem

SpaceRepository

Security

Component Management CoreMid

dle

wa

re

Ke

rne

l LocationService

MS Windows, OS X, Linux, Symbian OS, Mobile Windows, etc.

* a framework to store & update location info in real-time* aggregates location info from various devices* distributed components

Gaia Assumptions Assumptions

– Existence of a trusted infrastructure Existence of a trusted infrastructure » Active Space consists of a plethora of machines and Active Space consists of a plethora of machines and

services, some are trusted (Kernel services)services, some are trusted (Kernel services)

– Infeasibility to forge location dataInfeasibility to forge location data» Tamper-resistant hardware + certified location dataTamper-resistant hardware + certified location data

– Cryptography has much less overhead than Cryptography has much less overhead than access control access control » Access control requires reference monitors to check all Access control requires reference monitors to check all

accesses accesses expensive for mobile devices! expensive for mobile devices!

– We will focus on Location-based encryption We will focus on Location-based encryption

Gaia System OverviewSystem Overview

Gaia Context File System (CFS)Gaia Context File System (CFS)– Context-Aware file systemContext-Aware file system– Aggregates related material from different Aggregates related material from different

mount pointsmount points– Trigger automatic data conversions on-the-Trigger automatic data conversions on-the-

flyfly– Location and context-based encryption Location and context-based encryption

provides efficient securityprovides efficient security

GaiaLocation-Encryption in Location-Encryption in

CFSCFS

Context FileSystem (CFS)

Location Service(LS)

Request

1Region

Establishment

Dataaggregation

Physical storage(distributed)

2Create

File

4

Decrypt

Data

3

6

Spatialdatabase

Locationsensors

000

LE

Encrypt

LV

5

Admin

User

GaiaLocation-Encryption in Location-Encryption in

CFSCFS

Context FileSystem (CFS)

Location Service(LS)

Request

1Region

Establishment

Dataaggregation

Physical storage(distributed)

2Create

File

4

Decrypt

Data

3

6

Spatialdatabase

Locationsensors

000

LE

Encrypt

LV

5

Admin

User

Step 1: admin creates an Step 1: admin creates an encryption regionencryption region

LS creates a private key LS creates a private key KKRR

LS replies with LS replies with IDIDRR

LSADPKPK

AD

}H(D)

,ID(AD)),LS,R,N

GION,(CREATE_RED

LS:{AD

1

GaiaLocation-Encryption in Location-Encryption in

CFSCFS

Context FileSystem (CFS)

Location Service(LS)

Request

1Region

Establishment

Dataaggregation

Physical storage(distributed)

2Create

File

4

Decrypt

Data

3

6

Spatialdatabase

Locationsensors

000

LE

Encrypt

LV

5

Admin

User

When creating a When creating a location-encrypted location-encrypted file IDfile IDRR is provided is provided (2)(2)

Data is sent to a Data is sent to a Location Encryptor Location Encryptor (LE) (3)(LE) (3)

LE has access to LE has access to KKRR encrypts the data encrypts the data using using KKRR

GaiaLocation-Encryption in Location-Encryption in

CFSCFS

Context FileSystem (CFS)

Location Service(LS)

Request

1Region

Establishment

Dataaggregation

Physical storage(distributed)

2Create

File

4

Decrypt

Data

3

6

Spatialdatabase

Locationsensors

000

LE

Encrypt

LV

5

Admin

User

When requesting When requesting the file the CFS the file the CFS invokes a LV object invokes a LV object (Location Verifier) (Location Verifier) (4, 5)(4, 5)

Iff user is located Iff user is located within region R then within region R then decrypt data (5)decrypt data (5)

Gaia Multi-Layer EncryptionMulti-Layer Encryption

In some cases, context-In some cases, context-based encryption is not based encryption is not enoughenough– e.g. exam scenario e.g. exam scenario

Introduce Multi-layer Introduce Multi-layer encryptionencryption

11stst layer must be peeled layer must be peeled off by LSoff by LS

22ndnd layer must be layer must be peeled off by peeled off by authorized userauthorized user

Data

K R

K g

GaiaGaia Publish/Subscribe Gaia Publish/Subscribe

ChannelsChannels

Gaia Publish/Subscribe ChannelGaia Publish/Subscribe Channel– The underlying communication is facilitated The underlying communication is facilitated

by an by an “event channel”“event channel”– Implemented as publish/subscribe channels Implemented as publish/subscribe channels – Provides an efficient technique for dispersing Provides an efficient technique for dispersing

events to various entities in the system events to various entities in the system – Features asynchronous and decoupled Features asynchronous and decoupled

message transmissionmessage transmission

GaiaGaia Publish/Subscribe Gaia Publish/Subscribe

ChannelsChannels P publishes P publishes

information information EB is responsible for EB is responsible for

creating the channel creating the channel and managing and managing access for it access for it – ex. museums ex. museums

Subscribers try to Subscribers try to peel off both layers peel off both layers

LV

Publisher(P)

Event Broker (EB)

LELocation Service

(LS)

Spatial Database

Subscriber

...

EventChannel

LVLV

SubscriberSubscriber

Gaia Implementation Implementation

Implemented the different components Implemented the different components in a prototype Active Spacein a prototype Active Space– services require physical location in the services require physical location in the

spacespace– light control etc. light control etc.

Use of Bluetooth discovery for Use of Bluetooth discovery for approximate location capturingapproximate location capturing

Use of a 2-layer encryption to access Use of a 2-layer encryption to access location-restricted services location-restricted services

GaiaCrypto Performances on Crypto Performances on

some Gaia Devicessome Gaia DevicesDevice AES 128-bit

performanceAES 256-bit performance

Pentium™ 4 processor @ 1.7 GHz, Windows™ XP PC

61.01 MB/s 48.23 MB/s

HP Pocket PC H5550, Intel® PXA250 400MHz processor

23.61 MB/s 10.84 MB/s

Treo 600, Palm OS, Arm processor @144 MHz

5.76 MB/s 0.452 MB/s

Onhand PC watch, 16-bit processor @ 3.67 MHz

0.362 KB/s [too slow]

GaiaLatency in Location-Aware Latency in Location-Aware Publish/Subscribe ChannelPublish/Subscribe Channel

131.5

132

132.5

133

133.5

134

134.5

135

135.5

0 2 4 6 8 10 12

Numberof subscribers

Late

ncy (

ms)

No. of subscribers

Lat

ency

(m

s)

Gaia Challenges & Future Work Challenges & Future Work

Preventing “Relay Attacks” Preventing “Relay Attacks” – difficult to solve. difficult to solve. – Maybe some “restrictions” can be introduced Maybe some “restrictions” can be introduced

Expanding the mechanism to Expanding the mechanism to accommodate groups accommodate groups – Only when Only when k k of of n n people are under a specific people are under a specific

context context access is granted access is granted – (use of threshold cryptography) (use of threshold cryptography)

Gaia Conclusions Conclusions

The need to accommodate contextual The need to accommodate contextual information into securityinformation into security

We presented an efficient authorization We presented an efficient authorization mechanism that leverages contextual mechanism that leverages contextual informationinformation

Provided a prototype implementation Provided a prototype implementation

Gaia Thank you! Thank you! Any questions?Any questions?