This report distills the deliberations of the mobile and wireless security ex- perts who participated in the 2006 Workshop on Security and Privacy in Wireless and Mobile Networks (WSPWN), held in Miami, Florida in March 2006. The goal of that workshop was to offer expert guidance to the National Science Foundation on priorities in research directions in the fields of privacy and security for today and tomorrow’s wireless mobile environments. The recommendations contained here come from the papers published at the workshop, the open discussions on this subject held during the workshop, and extensive discussions among workshop participants subsequent to the event.
The previous section contains many detailed technical recommendations on the areas of research we feel are likely to be most critical for the near future. In addition to these specific recommendations, the authors of this report feel compelled to point out that these areas of research are under- funded. We see regular reports of crimes and hazards related to unad- dressed privacy and security vulnerabilities in today’s wireless and mobile networks, and can easily foresee that the situation will only get worse as these technologies are used by more people in more situations for more purposes. Without an increase in funding in research in these areas, critical problems will remain unaddressed until they reach crisis proportions, and possibly only after a real disaster has occurred. In many of the recent sto- ries concerning security incidents in wireless and mobile situations, there was potential for immense damage. This potential was not averted because of wonderful security technologies we have in place, but by mere chance. As it happens, it appears that the data on military flash drives sold in Af- ghan bazaars did not lead to US soldiers being killed in ambushes. As it happens, most thefts of laptops containing vital personal data have not lead to massive identity theft. As it happens, the worms that have already spread through wireless networks and mobility are mostly pranks or toys, not serious attempts to cause damage. But we must be aware that the pos- sibility of true disaster was present in each of these cases. If we had done better security research in the past, we would not have had to rely on blind luck to avoid such disasters.
Part of the solution to the current vulnerabilities and dangers in the mobile and wireless world is wise choices of the research that individual researchers perform and agencies fund. However, if funding levels for this kind of re- search remain low, we risk having to make choices which are no more than educated guesses on where we will do research to protect ourselves and where we will leave vulnerabilities and dangers unexamined.
2 Pervasive Systems: Enhancing Trust
Negotiation with Privacy Support
Jan Porekar
1, Kajetan Dolinar
1, Aleksej Jerman-Blažič
1and Tomaž Klobučar
21 SETCCE (Security Technology Competence Centre), Jamova 39, Ljubljana,
Slovenia
2 Jožef Stefan Institute, Jamova 39, Ljubljana, Slovenia
2.1
Introduction
Pervasive or ubiquitous systems have been the subject of intense concep- tual research in recent years [1,2] In favour of the sceptics, who believe that a physical world around us is complicated enough and that humankind has more important things to do than to build its digital counterpart, one can easily observe that such pervasive systems are still pure science fiction in terms of technical implementation today.
The number of electronic devices connected to the network is expected to rise exponentially and will eventually outnumber humans living on the planet. Mobile devices such as laptops, personal digital assistants and cel- lular phones will steadily increase in number. Standard household appli- ances and machines will be connected to the network and new intelligent appliances and biosensors will emerge.
The vision of pervasive systems is to integrate all those different devices in a world where computer technology will slowly disappear from every- day lives and eventually become invisible - A world in which computer systems will seamlessly adapt to user context and will help a user perform tasks by inferring his intent. A world in which a digital representation of the user, the user’s data and the user’s digital workplace will constantly be copied across various network nodes in order to follow the user in his real world geographical movements. Many of these devices will have a certain degree of passive and active intelligence built in and will act as sensors or reality aware processing nodes. Aside from these peripheral devices, a vast
24 Porekar et al.
network of intelligent middleware will have to be provided in order to achieve the synchronous intelligent behaviour of the whole pervasive network.
In order for this to be achieved, a large amount of private user data, preferences, behavioural habits and other information about the user will need to be processed and exchanged among various network nodes and subsystems. With the data inferred, related conclusions will again be ex- changed all over the system. In such a system, it is of paramount impor- tance to assure privacy and maintain control of turbulent private informa- tion flow, whilst preventing leakages of sensitive private information.
Another aspect which further blurs privacy issues is diminishing of conventional role of thin, not-trusted-user-client and large-corporate- service. Pervasive systems are service oriented platforms where every- thing can potentially act as a service, including the user. The opposite is also true: every service will potentially be able to take on the role of a user. In pervasive systems, a user and service are simply roles that can be swapped or interchanged. These two roles merely describe the nature of the communication, since the user is the party that initiates the communi- cation and the service is the party that replies and grants access to the user. To avoid confusion, we will use terms supplicant for the user and supplier for the service. Distributed systems are traditionally seen as en- vironments where the user is normally not a trusted party and services are more or less trusted. In pervasive systems such as the DAIDALOS pervasive platform [9], this relation between a small user and fat service disappears or can even be intertwined.
The concepts of privacy protection are supported by three distinguish- able mechanisms which conduct the process of privacy terms agreement, data access control and anonymization of the subjects involved in the process. These concepts are also known as privacy or trust negotiation, vir- tual identities and (access control) credentials. The first step towards pro- tecting a user’s private data is a multiparty understanding of the terms, conditions and content of private data collected and used. When a bilateral (or multilateral) agreement is reached, a selection of virtual identities is generated and activated, interpreting subjects and their context behind dif- ferent levels of anonymous identifiers. The final step in the process is to relate selected identities with the user context to be used by the service and to unveil private data access control rules enforcing credentials.
The initial and principal step of privacy mechanisms is the negotiation process which defines the framework for private data protection. We there- fore investigate the current state of trust or/and access control negotiation and highlight the need for it to be extended with assertions about privacy in order to satisfy the privacy constraints of the pervasive environment.
Pervasive Systems: Enhancing Trust Negotiation with Privacy Support 25 The result of such a negotiation would be: the granting of access to ser- vices and a privacy agreement that could be used by privacy enforcement systems. In the paper we also describe privacy risks of the state-of-the-art trust negotiation methods.