Privacy
in Ubiquitous computing
In
ubiquitous environment the data is shared freely at anytime, anywhere by any
device without any restrictions. In this environment the personal information
regarding the particular user can be revealed and shared without consent of the
owner of that particular data. Privacy is main issue in ubiquitous environment.
The Kerberos model is standard model with in ubiquitous computing environment.
This model has been studied widely applied and implemented to various
applications. The existing models such as Role Based Access Control Model and
Trust Based Approach not solved the privacy problems in the ubiquitous
computing. The paper proposed will explains the concept privacy in ubiquitous
computing and how efficiently the personal information (privacy) is handled in
ubiquitous computing by using the proposed Kerberos model. Privacy protection
plays a vital role in ubiquitous computing environment. User feels
uncomfortable to be in ubiquitous computing if privacy is not implemented.
Kerberos model is integrated with public key cryptography results in stronger
privacy and security to user’s data in ubiquitous computing. By implementing
the Kerberos model with cryptography the user data in ubiquitous environment
can be secured.
Keywords:
privacy, Role Based Access Control Model, Trust Based Approach, Kerberos Model,
Ubiquitous Computing.
Contents
2.
Introduction:
Ubiquitous computing represents the
today’s technology of computing generation characterising the usage of mini
portable devices in form of phones, personal digital assistants which results
each and every person is having and accessing them all at a time simultaneously.
The research was started in early 1990’s. Mark Weiser is the man who derived
the term ubiquitous computing and defined ubiquitous computing as: “The most
profound technologies are those that disappear. They weave themselves into the
fabric if everyday life until they are indistinguishable from it.” Weiser (1991).
Many
different research works are done and still many of them on the process in the
field of ubiquitous computing. And it’s time to mainly concentrate on issues in
ubiquitous computing. Privacy is the most important issue that is to be
discussed in the ubiquitous computing. Why privacy? The privacy and the
technology are closely bonding each other. The capacity to see and capture the
data and manipulate the data which affects the personal life of the particular
user. Now privacy is the major issue in the ubiquitous computing application
system. Extra services must be taken to implement more privacy to users in the
ubiquitous computing.
Aim
of this report mainly concentrates on privacy implementations in ubiquitous
computing. But it is very hard to implement the concept of privacy because
privacy is not a ready-made solution to solve the problems of privacy in
ubiquitous computing. Each and every system in ubiquitous environment must have
its own privacy policy to be implemented according its behaviour where privacy
is a major issue no single solution exist to implement the concept
privacy.
2.1Challenges
The service which is delivered in the
ubiquitous computing is quite different compared to service provide to the
system. In ubiquitous computing the
users will move frequently and it is smart environment. When a people move
around the smart spaces the system must provide the privacy and security to the
data of users. Tinghuai Ma et al (2008)
2.1.1Non-perceivably:
The data of the user collected
non-perceivably by RFID tags. This tag makes the user to give large amount of
information without manual interaction by the scans and captures devices which
gain data of the user when and where the user used the tag. In future it is
very hard to find when we are communicating with the device. The user doesn’t
know where the personal data is stored.
2.1.2Ubiquitously:
There is no privacy among the ubiquitous computing. Each and every
movement of the user is observed by sensing devices and there is a chance of
leakage of the data. Anything which is done by the particular user like
talking, driving a car and going to office is stored and it can be retrieved
any time.
2.1.3 Effectively:
The sensors with high power are integrated in to the ubiquitous system to
observe certain things of environment. At present the sensors can observe
sound, noise etc. as well as human sensitive life such as stress, tension and
fear. These types of devices hold the large amount of data.
3.
Ethical Issues:
The data used in this project is correct and
it not contains the data of other users.
There will not
be any leakage of data and loss of the data during project in process. Project
is done according to the rules and regulations followed by the Staffordshire
university ethical issues. The person who is interested doing the project on
same project must fallow the Staffordshire university rules. The software is
patented and referencing is done in Harvard style.
4.
Risk Assessments:
The risks evolved during the
projects are
ü Unavailability of the data such as the data for the
project may not available.
ü The data may be stolen by others.
ü The system is crashed while project in progress.
ü Loss of USB drive.
ü Project is not submitted with in time.
ü The risk associated for not following the rules and
regulations according to the university.
ü Collapse of the document.
5.
Literature review:
Privacy in ubiquitous computing:
Ubiquitous computing is an environment where
users access the data, at any time, at anywhere through any device without any
limitations. Privacy is one of key issues in ubiquitous computing environment.
5.1RBAC
model:
At
present by implementing the (RBAC) role based access control model in the
ubiquitous computing environment which provides the privacy. Here the RBAC is a
multi-user application on line approach designed in 1970. Here by using the
role concept the RBAC model can manage the users and the permissions of users.
In RBAC the permissions are given to the roles and the users are members of the
roles. As per sandhu et al (1996) this model executes the permissions according
to roles. This model consists of four elements: users, roles and sessions, permissions.
Figure (1) represents the RBAC model where users (u) denote the human activity,
role (R) denotes the job functionality in the organisation having
responsibility (here at present ubiquitous computing environment). Permission
(p) which provides an approval (or) permission to have an access with the
objects.
Figure
(1): Role based access control model (RBAC) (Sandhu et al, 1996) p.p 278-283
In
above figure there exist many-to-many relations among (UA) user assignments and
(PA) permission assignments. Here constraints are the rules followed by the
user assignments and permission assignments. Hierarchical structure of roles is
defined by role hierarchy.
5.2The
Actual Framework implemented for the privacy policy:
Implementing
the concept of RBAC sung et al (2006) came with a new privacy policy solution
in ubiquitous computing environments. In RBAC model system administrator
creates and maintains the roles and permissions. Hence RBAC model had some restrictions on
treating different needs of the users. Due to this problem the core component
of RBAC is separated to user assignment (UA) and permission assignment (PA) for
creating the privacy policy, which represents individual and granting the
permission to control the personal information.
Figure
2: Modified (RBAC) Role based access control model (Sung, et al, 2006) p.p
278-283.
The
figure above represents the modified RBAC and it consists of two components
such as user assignment and permission assignment, where in user assignment
component (UA) which represents many-to-many user-to-roles assignments
relation. In permission assignment component (PA) which represents many-to-many
permission-to-roles assignments relation. Here user component (UA) is operated
by the user as per the rules of the privacy policy and the permission component
(PA) is operated by the security administrator. Here the UA component acts as
trusted third party agent to users and agents, here the agent is an expert in
trusting users in ubiquitous computing. Each and every user follows the privacy
policy that personal information of the particular user is to disclose. The
permission assignment component (PA) is approved to the security administrator
who controls the components as per the organisation rules. Here the UA user
assignment and PA permission assignment having communication regarding the
information between the user and trusted agent and approve exact information to
the user as per the rules of privacy policy requested by users.
6.
Trust Based Approach in privacy control:
Giang
et al (2007) designed a trust based model to provide privacy in ubiquitous
computing because this model deals with trust evaluation of the users system
depending on interactions that are done in past and peer recommendations.
Depending on this evaluation process, how much amount of information is
delivered to user’s system and data protection against the intruders. Solution
for this is defined in two stages such as (a) by calculating trust value of
each requests from users system. (b) By making use of this trust based privacy policy,
decisions are made how much amount of data should be delivered to the
particular users system (guest).
Figure 3: Flow
Chart for Truth Evaluation (Giang et al 2007) p.p 149-152
The
above figure describes how trust evaluation is done
1) If
the request is from the familiar person then the request is forwarded to time
based evaluation else if the request is made from different person then that
request must be acknowledged by peer. The positive request is processed to
trust value calculation directly.
2) The
request from the familiar person which is forwarded to time based evaluation is
followed by trust value calculation, pre-defined privacy policy and finally
gets the response for the request.
This
process allows the users to specify how much information he can provide
depending on the trust value of the particular entity. This model specifies the
level of privacy.
7. Disadvantages of
the above system:
The
designing of RBAC model is quite success, but implementing this model in
ubiquitous computing is complicated such as assigning permissions, roles and
user assignments to users and system. From the organizational point of view
RBAC model is result oriented system and good for simple applications compared
with heavy applications. Privacy in ubiquitous computing system deals manly
with network applications (heavy applications). So RBAC model is not good
system to implement in privacy of ubiquitous system environment.
The
Trust based evaluation system is a trusted model but raises problems like the
trust opinion is by single individual where one user takes it as trustworthy
and another user may think the opinion is not trustworthy. The evaluation of
the truth at this instance may not be correct and the model seems to be an
unrealistic in providing privacy to the system.
8. PROPOSAL:
Ubiquitous
computing deals with the networks, so by implementing privacy in ubiquitous
environment results positive if encryption methods implemented in network. The
different types of encryption techniques are cryptography, public key
cryptography, Deffie-Hellman key exchange, DES, etc. these encryption
techniques are successfully implemented. One of the best application models
that were developed by implementing the encryption technique is Kerberos
application model (Neuman & Ts’o, 1994).
Brief description about the
techniques:
Encryption
Decryption
Creation of hash function
Figure 4 cryptography methods
9. Primary research and investigations:
Primary research mainly concentrates on
privacy in ubiquitous computing. Ubiquitous computing deals with the networks,
so by implementing privacy in ubiquitous environment results positive if
encryption methods implemented in network. The different types of encryption
techniques are cryptography, public key cryptography, Deffie-Hellman key
exchange, DES, etc. these encryption techniques are successfully implemented.
One of the best application models that were developed by implementing the
encryption technique is Kerberos application model (Neuman & Ts’o, 1994).
Now
a day’s modern computer systems can handle the multiple users and services
provided to the users. The systems can identify the requests made by the users
and actions performed by the users. In traditional systems identification is
done by verifying the passwords. Authentication is process which verifies the
user’s identity. The passwords which are sent across the network are
interrupted and they can be used by the intruders by using certain programmes.
In order to provide the authentication and confidentiality to the data, I
propose to use Kerberos which is more secured. Neuman et al (1994)
9.1 Why Kerberos?
Kerberos
comes into play when problems associated with password based authentication,
where the passwords are collected by the intruders. Coming to the security
issues the password based authentication is having some problems like the users
will not enter the passwords each and every time when users access the network services where security
problems arise. Here Kerberos is stronger authentication method based on
cryptography. When authentication method based on cryptography used, intruder cannot
access the information, even though the information is captured, the captured
data will be in different format where intruder can’t understand the data.
9.2How Kerberos work:
Kerberos
is a distributed service which had a three parts such as
Ø Client
software.
Ø Application
server (KDC).
Ø Security
server (or) authentication server.
Figure (3): Kerberos process (Neuman, et al,
1994), PP.33-38.
The
figure explains the entire process of the Kerberos. The client asks the
authentication access by sending the ticket request to the authentication
server. Here authentication server maintains the database of encrypted user
identities and authentication server gives the service ticket to the client.
Next client sends the request to application server by using ticket granted by
authentication server
9.3Kerberos authentication service:
Kerberos is a distributed
authentication service that provides the authentication service to client and
the identity must be verified at server, Client runs for user. The data can’t
be sent between the client and server before the identity is verified. The
Kerberos provides the confidentiality for the data which is processed between
client and server.
9.4Kerberos encryption:
In
Kerberos encryption public key is used for both encryption and decryption.
Client runs for user and client will have the information regarding the public
key that is used for encryption and decryption. User and authentication server
will have the encryption key which is used for encryption.
DES
(Data Encryption Stranded) is an encrypting method which is implemented in the
Kerberos. It defines that if the cipher text is encrypted by using the
encrypting key that is used for the cipher text produces the plan text and
produces the checksum message that matches the data. When the different key is
used for the encryption such as encrypting cipher text to plain text it
produces the checksum message that does not match the data. Both encryption and
checksum gives the integrity and confidentiality to the encrypted messages in
the Kerberos model.
9.5Kerberos Ticket:
Kerberos
ticket is used for distribution of the session key to the server. Client’s
authentication depends on the authentication server. Whenever client makes a
request to server. The authentication
sever generates the encryption key and distributed to the user and the server.
The key is called session key.
Authentication
server generates the certificate known as Kerberos ticket. And Kerberos ticket
is encrypted by server key where Kerberos ticket contains the information
regarding session key used for authentication, session key is issued to
particular user, expiry time key which is expired after certain time
period.
9.6Application Requests and responses:
The
application request exists in two parts such as ticket and authenticator. The
authenticator consists of checksum, encrypted key and current time. The client
sent a request to verifier (server) and waiting for the response. Here the
verifier performs encryption techniques such as encryption and decryption and
verify the checksum and timestamp of the message requested by client. If the
time stamp period of the message is with in specified time (around 5 to 10
mints) then the verifier thinks the request is fresh and sent a response to the
client. In the figure 3 and 4 are request and response by client and server.
Figure
(4) Kerberos Request and Response (Neuman, et al, 1994), PP.33-38.
9.7Cross Realm Authentication:
Kerberos
is having an advantage such as cross-realm authentication. The cross realm
authentication comes into play when the systems cross the boundaries. It is not
enough correct for the user registered in single authentication server instead
the user must be registered in multiple number of authentication servers. Neuman
et al (1994) Realm defines the subset of particular user and the server
registered in authentication server. The
advantage here is the client can prove is identity to verifier (server) registered
in different locations located outside the boundaries. Coming to the versions
of the Kerberos, version 4 does not produce the cross realm authentication
which is not scalable and interconnection is necessary to exchange of n keys
where n is number of different realms. Version 5 produces the Multi Hop Cross
Realm Authentication and interconnections of the keys among the different
realms are possible. The key of each realm is shared by parent and children
such as ISI.EDU are a realm that shares a key with EDU realm and MIT.EDU,
USE.EDU.
9.8Getting and using Kerberos:
One can get the source codes of
version 4 and version 5 from the MIT, But MIT officially will not support the
release of version 4 and version 5. Companies deliver the product of version 4
and version 5 with the reference of MIT.
One can get the information regarding the free releases by sending the messages
to info-kerberos@mit.edu.
9.9Kerberos utilities:
Utilities
play a major part in the Kerberos. In order to use all services provide by the
Kerberos the utility programs must be installed. The services are list of the
credentials (KList), Kerberos credentials (KList), destroy credentials
(Kdestroy), change password (Kpasswd). The user can use all those services and
it will be easy to login when Kerberos login toolkit is combined with login
program. Where user can enter the password only once while login. Which is very
transparent and will not have knowledge that user is using Kerberos.
9.10Improving the security:
When Kerberos is integrated with
public key cryptography it produces more and stronger security.
10. Public key cryptography:
In
public key cryptography encryption and decryption plays a vital role. Two set
of keys are used to perform cryptography operations.one key is public key which
is known by very one and second key is private key which is known by the user
and the server. These keys are used for the communication between the user and
the server. Public key cryptography is good for the store and forward
applications like electronic mails etc. public key cryptography faces few
difficulties while accessing the multiple authentications operations at a time.
And work is under process to add the public key cryptography to the Kerberos.
When public key is added it also may perform the operation performed like
Kerberos. Where authentication may use the service of public key cryptography
by exchanging the keys between the different authentication servers.
11. Conclusion:
Ubiquitous computing is an emerging
research area with great potential. In this
paper we present a Kerberos model of everyday privacy in ubiquitous
computing environments because this model meets the privacy objectives
such as privacy and confidentiality. This model describes how privacy can be
achieved by implementing in ubiquitous computing. The
use of encrypting methods with Kerberos model guarantees the confidentiality of
the data. The existing models such as RBAC (Role Based Access Control model)
and Trust Based Approach Model failed to solve the problems of the privacy. Our
main aim mainly concentrates on ‘privacy enhancing services’ that provide
protection for the users which allows users to use services in ubiquitous
environment. Privacy protection plays a vital role in
ubiquitous computing environment. User feels uncomfortable to be in ubiquitous
computing if privacy is not implemented and mainly concentrates on how
efficiently the personal information (privacy) is handled in ubiquitous
computing by using the proposed Kerberos model. By implementing Kerberos model the
user data in ubiquitous computing can be secured.
12. References:
Giang, Pho Duc; Hung, Le Xuan;
Shaikh, Riaz Ahmed; Zhung, Yonil; Lee, Sungyoung; Lee, Young-Koo; Lee, Heejo; ,
"A Trust-Based Approach to Control Privacy Exposure in Ubiquitous
Computing Environments," Pervasive Services, IEEE International
Conference on , vol., no., pp.149-152, 15-20 July 2007.[online]Available
at:
doi: 10.1109/PERSER.2007.4283905
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4283905&isnumber=4283875 [Accessed ON 22 OCT 2011].
doi: 10.1109/PERSER.2007.4283905
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4283905&isnumber=4283875 [Accessed ON 22 OCT 2011].
Neuman, B.C.; Ts'o, T.; "Kerberos:
an authentication service for computer networks," Communications
Magazine, IEEE, vol.32, no.9, pp.33-38, Sep 1994. [Online]Available
at:
doi: 10.1109/35.312841
U RL: http:// eeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=312841&isnumber=7577 [Accessed ON 08 OCT 2011].
doi: 10.1109/35.312841
U RL: http:// eeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=312841&isnumber=7577 [Accessed ON 08 OCT 2011].
Tinghuai Ma; Shin-Dug Kim; Jun Wang;
Yawei Zhao; , "Privacy Preserving in Ubiquitous Computing: Challenges
& Issues," e-Business Engineering, 2008. ICEBE '08. IEEE
International Conference on , vol., no., pp.297-301, 22-24 Oct. 2008.[online]Available
at:
doi: 10.1109/ICEBE.2008.55
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4690629&isnumber=4690569 [Accessed ON 30 OCT 2011].
doi: 10.1109/ICEBE.2008.55
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4690629&isnumber=4690569 [Accessed ON 30 OCT 2011].
Sung-Ho Hong; Eun-Ae Cho; Chang-Joo
Moon; Doo-Kwon Baik; , "RBAC-Based Access Control Framework for ensuring
Privacy in Ubiquitous Computing," Hybrid Information Technology, 2006.
ICHIT '06. International Conference on , vol.1, no., pp.278-283, 9-11 Nov.
2006.[online]Available at:
doi: 10.1109/ICHIT.2006.253499
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4021102&isnumber=4021047 [Accessed ON 10 Nov 2011].
doi: 10.1109/ICHIT.2006.253499
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4021102&isnumber=4021047 [Accessed ON 10 Nov 2011].
Norbert A.Streitz,”Augmented Reality and
the Disappearing Computer” Intelligent
agents and virtual reality, 2001[online] available from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.3.4304&rep=rep1&type=pdf. [Accessed ON 18 NOV 2011].
Bibliography:
Primeaux, D.; Ames, J.E.;
, "Personal, private, secret, public [ethics of data privacy]," Technology
and Society, 2002. (ISTAS'02). 2002 International Symposium on , vol., no.,
pp. 157- 161, 2002.[online]Available at:
doi: 10.1109/ISTAS.2002.1013811
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1013811&isnumber=21825 [Accessed ON 28 OCT 2011].
doi: 10.1109/ISTAS.2002.1013811
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1013811&isnumber=21825 [Accessed ON 28 OCT 2011].
Yang Cao; Yan Li; Hui Li; Xingfang Wang; , "An
Anonymous Authentication Protocol for Privacy Protection in Location Based
Services," Wireless Communications, Networking and Mobile Computing,
2008. WiCOM '08. 4th International Conference on , vol., no., pp.1-5, 12-14
Oct. 2008.[online]Available at:
doi: 10.1109/WiCom.2008.1136
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4679044&isnumber=4677909 [Accessed ON 16 NOV 2011].
doi: 10.1109/WiCom.2008.1136
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4679044&isnumber=4677909 [Accessed ON 16 NOV 2011].
Karger, P. A.; Kc, G. S.; Toll, D. C.; ,
"Privacy is essential for secure mobile devices," IBM Journal of
Research and Development , vol.53, no.2, pp.5:1-5:17, March 2009.[online]Available
at:
doi: 10.1147/JRD.2009.5429047
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5429047&isnumber=5429042 [Accessed ON 02 NOV 2011].
doi: 10.1147/JRD.2009.5429047
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5429047&isnumber=5429042 [Accessed ON 02 NOV 2011].
Adam, J.A.; , "Data
security-cryptography=privacy?," Spectrum, IEEE , vol.29, no.8,
pp.29-35, Aug 1992.[online]Available at:
doi: 10.1109/6.144533
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=144533&isnumber=3867 [Accessed ON 08 OCT 2011].
doi: 10.1109/6.144533
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=144533&isnumber=3867 [Accessed ON 08 OCT 2011].
