You are on page 1of 52

Security Issues & Paradigms in Mobile Computing Science & Networking

Michel Riguidel Tel : +33 1 45 81 73 02 riguidel@enst.fr

Les exigences de QoS, mobilité et de configurabilité

Information Technology evolution
Before 80 : Middle Age, Computing Sc. belongs to fiefs (IBM, …), no network
All proprietary, no flow : All is parchment or proprietary spreadsheet

80s : All is transparent for a computer scientist
All is file : UNIX (/dev/null, /dev/lpr, ...) a file is a set of characters which can be manipulated by C language

85s : All is readable on a desk (or a PC) for anybody
All is document (no more interoperability & transparency)

95s: All is an available object on the network for communication
All is document, readable everywhere (HTML page) or executable everywhere (Java) Privilege to information access : kiosk, server

00s : All is a digital, fluid & live stream distributed over networks
Nomadic user, virtual presence (user or sw/content move), Virtual Machine & JavaBeans Ubiquitous IT (networked planet grid) & Mobile computing infrastructure (Xeo satellites)

05s : All is program, alive on ad hoc networks
An entity on the network is a Java Program (Jini Concept) Intentional architecture
Feb-02 3

The new Paradigm of IT
Towards a Convergence Telecom - Multimedia - IT For a seamless IT with mobility, configurability in zero-administration within an heterogeneous world
Hardware
Distributed Multimedia Data

Software

Content

«Middleware Infrastructure» of dynamically configurable distributed IT

Individuals

end-user Profile, smart card software object, Agent Application, Service Telephone, Set Top Box, PDA PC, Server, Printer Trusted Third Party Router, Switch Home Network, Local Network Virtual Private Network for Businesses, Internet

Communicating, autonomous, configurable, mobile, automatically plugged ENTITIES onto an interoperable secured, Plug & Play, scaleable dynamically INFRASTRUCTURE, All being distributedly managed by various Actors, according several point of view
Feb-02 4

Infrastructure of a IS: Urbanization of an Information System
Infrastructure with QoS, mobility & security
New Services
Intelligent Routers & Switchers Configurability Active & Ad hocNetworks

Multimedia Hyperdocument

Mobile/fix, wired/wireless

Extra/Inter/Intranet
Mobile Terminals Network Computers
Interface : XML Protocol: IP
New Services & Usage
biometric Authentication Adaptive & multi-modal Human Interface Speech recognition Adaptability & customization of applications according terminal configuration & end-user’s Feb-02 services

Distributed Multimedia Data

Java Applet

New Services
Indexation by content Protection of digital Objects Navigation, Search engine information filtering

5

real time negotiation System Architecture information & documents applications: configurable. XML. P2P Middleware. Corba & mobile Code communication convergence IP & ATM Multimedia Cross media. downloadable distribution & services: M2M. mobile code. hyperdocument performance QoS interoperability security mobility heterogeneity distribution dependability maintainability transmission: wired & wireless Content Feb-02 Communication Properties 6 . cooperation: teleworking. videoconference.Software Intensive System: Architecture is a key issue Broadcast & Access New OSI Layers Usage. image. video.

QoS. Value Added Services Bluetooth Ad hoc IEEE802.11 Access / Intermediation IPv6 Core Network UMTS Feb-02 7 . Global roaming.Urbanization : Versatility in Access Networks Heterogeneity.

agents. Multimedia. Management . Upgradeability . Resource management. JavaRMI. J2EE. Adaptability . … Global Roaming 8  Feb-02 . … do not fit M2M (middleware to middleware) Selectivity. Stability. Configurability . Security. Plug & play . Costs Private Enterprise Cooperation Telecom Operators & Internet Mobiles  More Heterogeneity  Interoperability through different networks   No Esperanto : W-Corba.Global Interconnection : « seamless » Heterogeneity. privacy . Quality of Service . safety . macroMobility Common challenges to be solved: .

context. locations. resource Global Handover 9 Feb-02 . … Opportunities.Dynamic Links : heterogeneity & mobility WAP GSM Telecom Operators & Internet  More Dynamicity  Changes depending upon   Policy. Traffic.

New Services. Agent Platform. critical flows. Middleware. watermarking. etc Achilles Barbara Personal Area Network  More Content : Rich Content & Cross-Content   VoIP. Network Service Providers Client-server => intermediation architecture Content Provider Multimedia Content-based Search Engine. audio-video streaming Content processing (searching. "QoS" real time. …) Feb-02 « QoS » 10 . Contents.

Cache Architecture 11 Satellite. Data Grid. anywhere. roaming Internet. Mobility. anyhow concept of datagrid (metacomputing) Externalization of General resources Mips Storage Trust content (secret keys available everywhere) Communicating Objects & Subjects Objects are dynamically connected Devices are permanently connected (IP v6) Subjects have representations over the network (avatars) Customization of its own Virtual Private Network & Community Feb-02 Key technology Cellular Mobile Telecommunications.The digital World: Architecture & Urbanization Ubiquity of computing & storing resources communication anytime. Broadcast .

anywhere. Storage. Security) Nature of content Negotiated resources Feb-02 12 . « pluget » Quality of communication (QoS. anyhow Versatile medium access Layer 7 : Bottom of Application Layer Ubiquity of computing & storing resources concept of datagrid (metacomputing) Externalization of General resources Mips. Trust content (secret keys available everywhere) Semantic socket.The digital World: Architecture & Urbanization Customization of its own Virtual Private Network & Community Subjects have representations over the network (avatars) Devices are permanently connected (IP v6) Layer 2 : Data link Communicating Objects & Subjects Objects are dynamically connected Communication anytime.

…) Feb-02 13 . UWB.The past & emergence of new context Information on Years 80s & 90s Simple and it works … Not enough mips … Proprietary Dedicated entities with specific intelligence & engine Assumptions which are no more verified for Years 00s Catalogues of fix Applications Bill Gates' concept is obsolete Dedicated Infrastructure Need of Global Interoperability & Roaming For "Beyond 3G networks". Routes do not exist any more The OSI model is no more "the" reference Herzian spectrum : static allocation by ranges Spectrum must be shared differently (new rules.

The Future : Open. QoS. Smart & Configurable Networks Non Functional Properties are essential Policy aware networks Mobility. proactive & reactive mgt Potential solution Virtualization Openness Hw Trivial (not simple !) & Sw Virtual More Intelligence in the network Pros & Cons Performance Business models Technological issues Complexity reduction Software engineering does not follow Feb-02 14 . interoperability. security Configurability : changes versus time & space Management issues.

"Software Network" : Ad hoc & Active Networks New Architectures : P2P. M2M. … Feb-02 15 . software Terminal.Long Term Vision Vision Hw & Sw separation and independence Smart intelligence within the open network Radio block (General Management of the Radio Resource) Lower layers (UMTS MAC layer) Upper Layers & Downloadable Applications Relationship between the layers Articulation between the architecture styles Implementation of these architectures are different Management subsidiarity Orientation Open Network (Next seism in Computing & networking) Software radio.

…) Managing & securing Chain Value Feb-02 16 . cryptography. pervasive computing ubiquity of access communicating objects and devices remote work (medicine. Configurability Depending of the context Ambient Networks Embedded Internet.Convergence : Virtualization & Externalization Wireless Mobility & autonomy Adaptation. astrophysics. surgery) Augmented reality Data Grid & MetaComputing Global computation (Genomes. Desegregating terminals Disappearing computing.

Feb-02 17 . WLan (802. UMTS.xx).Conclusions Convergence / Divergence dialectic Merging wired & wireless high date rate core networks diversity of access to the network New Content: multimedia. art creation exploration of the content cosmos Different Scales & heterogeneity Bluetooth. Internet Decentralization Not a revolution but smooth & permanent changes migration of standards IPv4 versus IPv6 de facto: Windows towards Linux (open software) GSM to GPRS Etc.

Computing &/or Networking Computer Management of Time/Space & I/O Semantic : Turing Machine Network Management of Space & I/O Semantic : Store & Forward Bandwidth PC & Server Mips & Gigabytes Router & Switch Erlang Data rate QoS Bottleneck : I/O Bottleneck : the last Mile. centimeter Space : not x.z but structured addresses Feb-02 18 .y. ….

Gilder’s versus Moore’s law 2x/3-6 months 1M 1000 x 10. Sun Microsystems Feb-02 19 .000 100 2x/18 months 97 99 01 03 05 07 Greg Papadopoulos.

equipment. infrastructure (satellite constellation) Downloading applications. agent framework. content (caches). … Personalization Mobility Localization Feb-02 “Ambience” Contextualization : communication infrastructure. environment 20 . liquid software.Mobile Context & Digital World More Mobility Nomadic people (with terminals) Mobile services. VHE.

Transport & Switch Network Feb-02 Clients From Ericsson 21 .Evolution of mobile networks : from vertical to horizontal segmentation Today Specific Network with unique service Tomorrow Multi-service/client-server Network Old : Binding services with communication technology Services Content New: SP competition over open Infrastructure Portal Servers Content Data/IP Networks PSTN/ISDN Mobile Internet CATV High rate Internet backbone network by packets PLMN Mobile Access by packets Circuit Access 2G/RTC/ISDN High rate Packets Access Access Network.

Dynamic Provision of Services to Users End user Private Value Added Service Provider Directory Services Calling Services Voice Services Value Added Services Information Shopping Banking Telecom Operator & ISP Culture Entertainment Automation Feb-02 Devices Communication Providers Services 22 .

Quality of Service QoS defined by UIT-T E.800 norm Ease of use Accessibility Degree of satisfaction of the service user Audrey Continuity Service Logistics Security Integrity Feb-02 23 .

Information Flows. INFORMATION DOCUMENTS More Knowledge and reactivity in the Loop STREAMS MANAGEMENT TRANSMISSIONS TRANSMISSIONS STREAMS More Intelligence at the periphery of IS EXECUTION More irrigation in IS by differentiated Information Flows Analysis Simulation Decision Data Sensors Actuators Synthesis <= Data Fusion Broadcast => Sensors& Actuators Feb-02 24 . . Streams & Caches efficiency of the whole Loop : Content Delivery Networks...

The ecology of networks Social networks who knows who => Virtual Private Communities Knowledge networks who knows what => Knowledge Management Information networks who informs what => “à la Internet” Work networks who works where => GroupWare Competency networks what is where => Knowledge with time and space Inter-organizational network organizational linkages => Semantic Interoperability Feb-02 25 .

Mobility & Infospheres PAN-Bluetooth-WLan-UMTS-Internet Evolution of Spaces : regular & intelligent From K. M. Infospheres : circles interaction : bold lines knowledge network : dashed line Feb-02 26 . changes occur in the and in which people are embedded. Carley CMU permanent links through IPv6 As spaces become intelligent individual's infospheres grow.

No fix Routes Turbocode Wireless & Optics 27 Session Transport Network Link Physics Feb-02 .The Seven OSI Layers Application Dynamic Presentation Multimode Browser & Players Between TCP & UDP. there are thousands of upper transport protocols Active Networks : computation within Nodes Ad hoc Networks : moving nodes.

visibility. flexibility Feb-02 B: server 28 .Communication Infrastructure : Client-server is dead =>Policy Aware Networks Horizontal unbalance of the semantic distribution in networks: network entities are efficient “lifts” for the OSI layered model extremities (client & server) bearing the whole intelligence Connection between A and B secure interoperable protocols Pab & Pba with adaptive QoS A: client Towards Active & Ad hoc Networks Network infrastructure More intelligence: memory.

Active Network Model APIs Application Program Interfaces Execution Environment  EE 1 Java (Capsule) EE 2 (IPv4) EE 3 (IPv6) EE 4 Asm Intel  Execution Machine Interfaces to program the network NodeOS Open Operating system (Node OS) Resource management  Open APIs towards EEs  Infrastructure for Security Functions  Trivial Hw (Physical Resource) Router Feb-02 29 .

et opérateurs Définir une interface (API) de programmation des réseaux Un réseau programmable est un réseau de transmission de paquets ouvert et extensible disposant d'une infrastructure dédiée à l'intégration et à la mise en œuvre rapide de nouveaux services Réseau extensible qui offre des facilités pour changer dynamiquement son comportement (tel qu’il est perçu par l’usager) Ouvrir le réseau Virtualiser les composants Configurer dynamiquement Le Réseau devient une machine virtuelle programmable Feb-02 30 . applications.Réseaux actifs : défis Ouvrir le réseau aux (fournisseurs de) services Modification dynamique du comportement du réseau par les utilisateurs.

Active Networks To keep the Network proprietary ! over an Open Infrastructure To distribute intelligence within the Network DiffServ is a straightforward Active Network ! The Java Packet program is a constant (flow header) Application Presentation Session Transport MPLS is an elegant simple Active Network ! The program is a stack of constant (shim header) which is run over the entry and exit nodes to create Tunnels Network Application Link More to come Filtering. … Feb-02 Physics 31 .

ad-hoc Wireless : no route Access control ? Net etymology : mesh.Spontaneous Device Networking : self-organizing. graph How to find his own way ? Some Issues Service discovery Spectrum coexistence Management Security Feb-02 32 .

Ad hoc Networks Each node can be a router and/or a terminal Astrid cannot talk to Charlotte (hidden nodes) Basil : potential collisions C can reach the cell A via B A B C D Radio range Feb-02 33 .

Ad hoc Networks No more Routes No more Topology Blind search Search with Reminiscence Application Presentation Session Extension to Self organizing Network Transport Network Link Physics Feb-02 34 .

no time and space Homology to win interoperability Vertical software engineering To shred any content into packets.Zimmermann’s open interconnection model End-to-end Application Presentation Top-down Session Transport Network Link Physics Application Presentation Session Transport Network Link Physics From top to bottom and from A to B Seven layers model: isotropic. and finally bits We ignore content semantics Feb-02 35 . datagrams. frames.

int reception Feb-02 30 36 .Theory of communication Shannon & Weaver model (1949) Linear & unidirectional model Neither the relationship between the actors nor the situation are taken into consideration Eliminate semantics J Lacan (seminar II. bit/s The capacity to transmit error-free information is proportional to B. Hz Channel Capacity. Notes • Special coding required that may not work with interactive communications • Shannon says nothing about the code • Isolated system assumed Property of Ryszard. logos. R Barthes (ethos. pathos) message emission Shannon Formula (1948) C = B log2(1 + q) Received signal-to-noise power ratio Bandwidth.itu. for q = const.Struzak@ties. 1954).

Les exigences de sécurité dans un univers mobile .

Security issues in a mobile world Specification of policies compatible with the Content and the Container Set up of a context-oriented. configurable policy Design of new encryption protocols Placing cryptology and steganography in perspective Introducing security in an open world Feb-02 38 . plural.

Challenges Years 2001 Distorting reality prism with Internet (asynchronous messages & meshes of routers) and GSM (voice content & cellular architecture with Base stations) Security & mobility Use of infrastructures Need of geographical references Need of protecting the spatial structure Fix infrastructure : articulation of mobile part and fix part via a cryptographic protocol Mobile part (ad hoc networks) : search for invariant structures Use of history of movements Traceability of moving objects and subjects Building alibis Ontologies are moving in these virtual spaces Identification and then confirming their existence in a defined location using alibis Feb-02 39 .

accountability (identification & authentication) Feb-02 40 .New situation : no more deterrence Before 11th September (QQ33N) Symbolic attack : no more undetectable or discrete attack balance between investment protection cost & risk to lose assets After 11th September (QQ33N) The whole communities can lose confidence Security against on cyberwar at a greater scale for large infrastructure Main threat Denial of service for a long time with multiple accidental coincidences Basic security Audit.

Firewalls Security classical cryptography model Audrey & Basil share a secret can be used to scramble the message (cryptography) can be used to insert a subliminal mark in order to leave a trace (steganography) Point to point Cryptography Trusted third party Feb-02 41 . Certificates (X509). SSL. IPSec.Classical Security solutions PKIs.

Security Solutions IT today : 2 focal key points PGP P3P S/MIME Security with proxy FIPA security Content Security WAP security SSL/TLS/LIPKEY Articulation : distributed security Infrastructure IPsec IKE/ISAKMP BitStream Ciphering A lot of “standard” solutions Utilization often complex One protocol does not eliminate all the threats Feb-02 XML Network Boundary IP Route Security 42 .

Digital era : vulnerability & customized security 01000011 011000101100 00101100 01001010101000011 110010100101000011 order 01010101000011 Buyer 1100101001010101000011 Seller 0101100 1100101001010 vulnerable only clones 1011000011101001 payment Bank Intelligent : can be adjusted and personalized Feb-02 43 .

S & O E.g. : the individual is going to sign with the station base that he/she was present in this cell Feb-02 44 . depends upon the « ambience » S wants to trust the object O S and O are going to create alibis depending upon time and space Alibis are trusted relationships between the infrastructure.Mobility within a Convergence world Open or closed ? Both : Möbius ribbon Historical world : footprint & witness We must authenticate the scene. the situation We must trust a witness located at t = t0 and at x = x0 Audrey & Basil know each other Local confidence Mobility introduces new threats a subject S is going to travel : trajectory x(t) S is not alone S leaves traces.

Security policy depending upon space & time User point of view he/she defines his/her own security policy for comfort Service access if the user in inside a perimeter One restricts on his own our mobile phone usage inside a given zone for a certain period of time One asks for a control from the telecom operator Secret shared with the operator Service Provider point of view Creation of a cryptographic protocol to sign the user ID with the location ID (here the base station name) Buyer may be anonymous but one knows that he was here at t = t0 It is no more a virtual world Feb-02 45 .

etc) The whole system has a memory Audit function (.Object traceability Trust model Content security (end-to-end) Container security (depending upon operator.log files to record events) Historical signature Digital signature of the content : integrity Digital signature of the traces Labeling. Internet. watermarking Ephemeral watermarking Feb-02 46 .

Security functions in a mobile universe Identification Biometry. trusted entity Anonymous need to find a witness for the situation capture a secret depending upon the situation Authentication Of the scene: to exchange a secret with someone that we will see again Audit History of the objects /subjects trajectory Ephemeral watermarking Data Protection Both Cryptography & steganography Feb-02 47 . smart card.

interoperability) must be incarnate and instantiate through The network architecture The protocol specification The applications Some expressions will be through markers In a clear world Feb-02 48 .Architecture : Projection of constraints Architecture Expression of constraints Design : Projection of the specification onto an implementation The expression of the constraints (QoS. mobility. Security.

Reconstruction of space. WPAN Master-slave WLAN Hierarchical Cellular networks Semantics of protocols Oligarchic PKIs Architectures of Applications Client server architecture model Audrey & Basil are living in an isotropic world Producer & consumer of content Administration « management » : very often a bureaucracy Others Feb-02 49 . WLAN. time and trust Network models Anarchical model Internet.

intentions.11. P2P). rules.15. predicates Metacomputation: « grid » Swarm of computers (10 6) running one single application Issue : the semantical socket at the bottom of the application layer Access ubiquity (layer 2 – MAC) Vertical software engineering High data rate Internet (digital divide) Urbanization Construction of an Harlequin mantle (802.The new paradigms : the focal point is not IP Computation ubiquity (bottom of layer 7) Horizontal software engineering (M2M. 802. …) Dialectic of usages Feb-02 50 . UMTS. Agents XML metalanguage To find an Esperanto (interoperability) Allows to describe policies.

Storage Area Networks Flood the network with machines able to compute secrets Secret Content Networks : huge repository of keys Feb-02 51 .Remedies to mobility vulnerabilities Distribution Trusted hierarchy by subsidiarity One can distribute secrets which are longer Intelligence everywhere Inside the network Network have a better throughput Capillarity larger & larger Security hopping (security evasion) Classical cryptography : immutable world To zap one billions of security policy implementations 1 single security policy but 10 9 implementations Each solution is fallible but the whole is highly secure Secret contents Delivery Content Network (DCNs).

Architecture. configurabilité. mobilité. les protocoles. Informatique. Urbanisme Les nouvelles exigences dans les futurs réseaux QoS. manufacturiers. les extrémités et la subsidiarité (management réparti) Le rythme des ruptures et des évolutions dans le cadre de la convergence et des réajustements de la tectonique des 3 plaques Télécoms. l’architecture. Audiovisuel Feb-02 52 .Conclusion L’urbanisation des systèmes de communication Ubiquité. sécurité Le seuil de la complexité des architectures Performance versus intelligence Les points de vue opérateurs. fournisseurs de services et utilisateurs La complexité projetée dans l’urbanisme. universalité Complexité : Structure.