Security Issues & Paradigms in Mobile Computing Science & Networking

Michel Riguidel Tel : +33 1 45 81 73 02 riguidel@enst.fr

Les exigences de QoS, mobilit et de configurabilit

Information Technology evolution

Before 80 : Middle Age, Computing Sc. belongs to fiefs (IBM, ), no network
All proprietary, no flow : All is parchment or proprietary spreadsheet

80s : All is transparent for a computer scientist

All is file : UNIX (/dev/null, /dev/lpr, ...) a file is a set of characters which can be manipulated by C language

85s : All is readable on a desk (or a PC) for anybody

All is document (no more interoperability & transparency)

95s: All is an available object on the network for communication

All is document, readable everywhere (HTML page) or executable everywhere (Java) Privilege to information access : kiosk, server

00s : All is a digital, fluid & live stream distributed over networks
Nomadic user, virtual presence (user or sw/content move), Virtual Machine & JavaBeans Ubiquitous IT (networked planet grid) & Mobile computing infrastructure (Xeo satellites)

05s : All is program, alive on ad hoc networks

An entity on the network is a Java Program (Jini Concept) Intentional architecture
Feb-02 3

The new Paradigm of IT

Towards a Convergence Telecom - Multimedia - IT For a seamless IT with mobility, configurability in zero-administration within an heterogeneous world
Hardware
Distributed Multimedia Data

Software

Content

Middleware Infrastructure of dynamically configurable distributed IT

Individuals

end-user Profile, smart card software object, Agent Application, Service Telephone, Set Top Box, PDA PC, Server, Printer Trusted Third Party Router, Switch Home Network, Local Network Virtual Private Network for Businesses, Internet

Communicating, autonomous, configurable, mobile, automatically plugged ENTITIES onto an interoperable secured, Plug & Play, scaleable dynamically INFRASTRUCTURE, All being distributedly managed by various Actors, according several point of view
Feb-02 4

Infrastructure of a IS: Urbanization of an Information System

Infrastructure with QoS, mobility & security
New Services
Intelligent Routers & Switchers Configurability Active & Ad hocNetworks

Multimedia Hyperdocument

Mobile/fix, wired/wireless

Extra/Inter/Intranet
Mobile Terminals Network Computers
Interface : XML Protocol: IP
New Services & Usage
biometric Authentication Adaptive & multi-modal Human Interface Speech recognition Adaptability & customization of applications according terminal configuration & end-users Feb-02 services

Distributed Multimedia Data

Java Applet

New Services
Indexation by content Protection of digital Objects Navigation, Search engine information filtering

Software Intensive System:

Architecture is a key issue

Broadcast & Access

New OSI Layers

Usage, cooperation: teleworking, videoconference, real time negotiation

System Architecture

information & documents

applications: configurable, downloadable

distribution & services: M2M, P2P Middleware, XML, Corba & mobile Code

communication convergence IP & ATM

Multimedia Cross media, video, image, mobile code, hyperdocument

performance QoS interoperability security mobility heterogeneity distribution dependability maintainability

transmission: wired & wireless

Content
Feb-02

Communication

Properties
6

Urbanization : Versatility in Access Networks

Heterogeneity, Global roaming, QoS, Value Added Services

Bluetooth

Ad hoc

IEEE802.11
Access / Intermediation

IPv6

Core Network

UMTS

Feb-02

Global Interconnection : seamless

Heterogeneity, Multimedia, macroMobility

Common challenges to be solved: . Plug & play . Configurability . Management . Quality of Service . Upgradeability . Adaptability . Security, privacy . Stability, safety . Costs

Private Enterprise Cooperation Telecom Operators & Internet

Mobiles
More Heterogeneity

Interoperability through different networks

No Esperanto : W-Corba, JavaRMI, J2EE, agents, do not fit M2M (middleware to middleware) Selectivity, Resource management,

Global Roaming
8

Feb-02

Dynamic Links :
heterogeneity & mobility

WAP

GSM

Telecom Operators & Internet

More Dynamicity

Changes depending upon

Policy, Traffic,
Opportunities, locations, context, resource

Global Handover
9

Feb-02

New Services, Contents, Middleware, Network Service Providers

Client-server => intermediation architecture
Content Provider

Multimedia Content-based Search Engine, Agent Platform, etc

Achilles

Barbara

Personal Area Network More Content : Rich Content & Cross-Content

VoIP, "QoS" real time, critical flows, audio-video streaming Content processing (searching, watermarking, )
Feb-02

QoS
10

The digital World: Architecture & Urbanization

Ubiquity of computing & storing resources
communication anytime, anywhere, anyhow concept of datagrid (metacomputing)

Externalization of General resources

Mips Storage Trust content (secret keys available everywhere)

Communicating Objects & Subjects

Objects are dynamically connected Devices are permanently connected (IP v6) Subjects have representations over the network (avatars)

Customization of its own Virtual Private Network & Community

Feb-02

Key technology Cellular Mobile Telecommunications, Mobility, roaming Internet, Data Grid, Cache Architecture 11 Satellite, Broadcast

The digital World:

Architecture & Urbanization
Customization
of its own Virtual Private Network & Community
Subjects have representations over the network (avatars) Devices are permanently connected (IP v6)

Layer 2 : Data link

Communicating Objects & Subjects
Objects are dynamically connected Communication anytime, anywhere, anyhow

Versatile medium access

Layer 7 : Bottom of Application Layer

Ubiquity of computing & storing resources
concept of datagrid (metacomputing)

Externalization of General resources

Mips, Storage, Trust content (secret keys available everywhere)

Semantic socket, pluget

Quality of communication (QoS, Security) Nature of content Negotiated resources
Feb-02 12

The past & emergence of new context

Information on Years 80s & 90s
Simple and it works Not enough mips Proprietary
Dedicated entities with specific intelligence & engine

Assumptions which are no more verified for Years 00s

Catalogues of fix Applications
Bill Gates' concept is obsolete

Dedicated Infrastructure
Need of Global Interoperability & Roaming For "Beyond 3G networks", Routes do not exist any more The OSI model is no more "the" reference

Herzian spectrum : static allocation by ranges

Spectrum must be shared differently (new rules, UWB, )

Feb-02

13

The Future : Open, Smart & Configurable Networks

Non Functional Properties are essential
Policy aware networks Mobility, QoS, interoperability, security Configurability : changes versus time & space
Management issues, proactive & reactive mgt

Potential solution
Virtualization
Openness Hw Trivial (not simple !) & Sw Virtual

More Intelligence in the network Pros & Cons

Performance Business models

Technological issues
Complexity reduction Software engineering does not follow
Feb-02 14

Long Term Vision

Vision
Hw & Sw separation and independence
Smart intelligence within the open network Radio block (General Management of the Radio Resource) Lower layers (UMTS MAC layer) Upper Layers & Downloadable Applications

Relationship between the layers

Articulation between the architecture styles Implementation of these architectures are different

Management
subsidiarity

Orientation
Open Network (Next seism in Computing & networking) Software radio, software Terminal, "Software Network" : Ad hoc & Active Networks New Architectures : P2P, M2M,

Feb-02

15

Convergence :
Virtualization & Externalization

Wireless
Mobility & autonomy Adaptation, Configurability
Depending of the context

Ambient Networks
Embedded Internet, Desegregating terminals Disappearing computing, pervasive computing
ubiquity of access communicating objects and devices remote work (medicine, surgery)

Augmented reality

Data Grid & MetaComputing

Global computation (Genomes, cryptography, astrophysics, )

Managing & securing Chain Value

Feb-02 16

Conclusions
Convergence / Divergence dialectic
Merging wired & wireless
high date rate core networks diversity of access to the network

New Content: multimedia, art creation

exploration of the content cosmos

Different Scales & heterogeneity

Bluetooth, WLan (802.xx), UMTS, Internet

Decentralization

Not a revolution but smooth & permanent changes

migration of standards
IPv4 versus IPv6 de facto: Windows towards Linux (open software) GSM to GPRS Etc.
Feb-02 17

Computing &/or Networking

Computer
Management of Time/Space & I/O Semantic : Turing Machine

Network
Management of Space & I/O Semantic : Store & Forward

Bandwidth

PC & Server
Mips & Gigabytes

Router & Switch

Erlang Data rate QoS

Bottleneck : I/O

Bottleneck : the last Mile, , centimeter

Space : not x,y,z but structured addresses

Feb-02 18

Gilders versus Moores law

2x/3-6 months 1M

1000 x
10,000

100

2x/18 months

97

99

01

03

05

07

Greg Papadopoulos, Sun Microsystems

Feb-02

19

Mobile Context & Digital World

More Mobility
Nomadic people (with terminals)

Mobile services, content (caches), infrastructure (satellite constellation)

Downloading applications, agent framework, liquid software, VHE,

Personalization

Mobility Localization
Feb-02

Ambience Contextualization :
communication infrastructure, equipment, environment
20

Evolution of mobile networks :

from vertical to horizontal segmentation Today
Specific Network with unique service

Tomorrow
Multi-service/client-server Network

Old : Binding services with communication technology

Services
Content

New: SP competition over open Infrastructure

Portal Servers

Content

Data/IP Networks

PSTN/ISDN

Mobile Internet
CATV

High rate Internet

backbone network by packets

PLMN

Mobile Access by packets

Circuit Access 2G/RTC/ISDN

High rate Packets Access

Access Network, Transport & Switch Network

Feb-02

Clients
From Ericsson 21

Dynamic Provision of Services to Users

End user Private
Value Added Service Provider

Directory Services Calling Services Voice Services

Value Added Services

Information Shopping Banking

Telecom Operator & ISP

Culture Entertainment Automation

Feb-02 Devices

Communication Providers

Services

22

Quality of Service
QoS defined by UIT-T E.800 norm
Ease of use

Accessibility

Degree of satisfaction of the service user

Audrey Continuity Service Logistics

Security Integrity

Feb-02

23

Information Flows, Streams & Caches

efficiency of the whole Loop : Content Delivery Networks, ...

INFORMATION DOCUMENTS

More Knowledge and reactivity in the Loop

STREAMS MANAGEMENT TRANSMISSIONS TRANSMISSIONS STREAMS

More Intelligence at the periphery of IS

EXECUTION

More irrigation in IS by differentiated Information Flows

Analysis Simulation Decision Data

Sensors Actuators

Synthesis

<= Data Fusion Broadcast =>

Sensors& Actuators

Feb-02

24

The ecology of networks

Social networks
who knows who => Virtual Private Communities

Knowledge networks
who knows what => Knowledge Management

Information networks
who informs what => la Internet

Work networks
who works where => GroupWare

Competency networks
what is where => Knowledge with time and space

Inter-organizational network
organizational linkages => Semantic Interoperability

Feb-02

25

Mobility & Infospheres

PAN-Bluetooth-WLan-UMTS-Internet

Evolution of Spaces : regular & intelligent

From K. M. Carley CMU

permanent links through IPv6 As spaces become intelligent individual's infospheres grow, changes occur in the and in which people are embedded. Infospheres : circles interaction : bold lines knowledge network : dashed line
Feb-02 26

The Seven OSI Layers

Application

Dynamic

Presentation

Multimode Browser & Players Between TCP & UDP, there are thousands of upper transport protocols
Active Networks : computation within Nodes Ad hoc Networks : moving nodes, No fix Routes Turbocode Wireless & Optics
27

Session

Transport

Network

Link

Physics

Feb-02

Communication Infrastructure :
Client-server is dead =>Policy Aware Networks

Horizontal unbalance of the semantic distribution in networks:

network entities are efficient lifts for the OSI layered model extremities (client & server) bearing the whole intelligence Connection between A and B secure interoperable protocols Pab & Pba with adaptive QoS

A: client

Towards Active & Ad hoc Networks

Network infrastructure More intelligence: memory, visibility, flexibility

Feb-02

B: server
28

Active Network Model

APIs
Application Program Interfaces

Execution Environment

EE 1 Java
(Capsule)

EE 2
(IPv4)

EE 3
(IPv6)

EE 4 Asm
Intel

Execution Machine Interfaces to program the network

NodeOS

Open Operating system (Node OS)

Resource management Open APIs towards EEs Infrastructure for Security Functions

Trivial Hw (Physical Resource)

Router

Feb-02

29

Rseaux actifs : dfis

Ouvrir le rseau aux (fournisseurs de) services Modification dynamique du comportement du rseau
par les utilisateurs, applications, et oprateurs

Dfinir une interface (API) de programmation des rseaux Un rseau programmable est un rseau de transmission de paquets ouvert et extensible disposant d'une infrastructure ddie l'intgration et la mise en uvre rapide de nouveaux services Rseau extensible qui offre des facilits pour changer dynamiquement son comportement (tel quil est peru par lusager)

Ouvrir le rseau Virtualiser les composants Configurer dynamiquement Le Rseau devient une machine virtuelle programmable
Feb-02 30

Active Networks
To keep the Network proprietary ! over an Open Infrastructure To distribute intelligence within the Network DiffServ is a straightforward Active Network !
The Java Packet program is a constant (flow header)
Application

Presentation

Session

Transport

MPLS is an elegant simple Active Network !

The program is a stack of constant (shim header) which is run over the entry and exit nodes to create Tunnels

Network

Application

Link

More to come
Filtering,
Feb-02 Physics

31

Spontaneous Device Networking :

self-organizing, ad-hoc
Wireless : no route
Access control ? Net etymology : mesh, graph How to find his own way ?

Some Issues
Service discovery Spectrum coexistence Management Security

Feb-02

32

Ad hoc Networks
Each node can be a router and/or a terminal
Astrid cannot talk to Charlotte (hidden nodes) Basil : potential collisions

C can reach the cell A via B

A B C D

Radio range

Feb-02

33

Ad hoc Networks
No more Routes No more Topology Blind search Search with Reminiscence
Application

Presentation

Session

Extension to Self organizing Network

Transport

Network

Link

Physics

Feb-02

34

Zimmermanns open interconnection model

End-to-end Application Presentation Top-down Session Transport Network Link Physics Application Presentation Session Transport Network Link Physics

From top to bottom and from A to B Seven layers model: isotropic, no time and space Homology to win interoperability Vertical software engineering To shred any content into packets, datagrams, frames, and finally bits We ignore content semantics
Feb-02 35

Theory of communication Shannon & Weaver model (1949)

Linear & unidirectional model Neither the relationship between the actors nor the situation are taken into consideration Eliminate semantics
J Lacan (seminar II, 1954), R Barthes (ethos, logos, pathos)

message

emission
Shannon Formula (1948)
C = B log2(1 + q)
Received signal-to-noise power ratio Bandwidth, Hz Channel Capacity, bit/s
The capacity to transmit error-free information is proportional to B, for q = const. Notes Special coding required that may not work with interactive communications Shannon says nothing about the code Isolated system assumed
Property of Ryszard.Struzak@ties.itu.int

reception

Feb-02

30

36

Les exigences de scurit dans un univers mobile

Security issues in a mobile world

Specification of policies compatible with the Content and the Container Set up of a context-oriented, plural, configurable policy Design of new encryption protocols Placing cryptology and steganography in perspective Introducing security in an open world

Feb-02

38

Challenges
Years 2001
Distorting reality prism with
Internet (asynchronous messages & meshes of routers) and GSM (voice content & cellular architecture with Base stations)

Security & mobility

Use of infrastructures
Need of geographical references Need of protecting the spatial structure Fix infrastructure : articulation of mobile part and fix part via a cryptographic protocol Mobile part (ad hoc networks) : search for invariant structures

Use of history of movements

Traceability of moving objects and subjects

Building alibis
Ontologies are moving in these virtual spaces Identification and then confirming their existence in a defined location using alibis
Feb-02 39

New situation : no more deterrence

Before 11th September (QQ33N)
Symbolic attack : no more
undetectable or discrete attack balance between investment protection cost & risk to lose assets

After 11th September (QQ33N)

The whole communities can lose confidence Security against on cyberwar
at a greater scale for large infrastructure

Main threat
Denial of service for a long time with multiple accidental coincidences

Basic security
Audit, accountability (identification & authentication)
Feb-02 40

Classical Security solutions

PKIs, Certificates (X509), SSL, IPSec, Firewalls Security classical cryptography model
Audrey & Basil share a secret can be used to scramble the message (cryptography) can be used to insert a subliminal mark in order to leave a trace (steganography)

Point to point Cryptography Trusted third party

Feb-02 41

Security Solutions IT today : 2 focal key points

PGP
P3P S/MIME Security with proxy FIPA security Content Security

WAP security

SSL/TLS/LIPKEY
Articulation : distributed security Infrastructure IPsec IKE/ISAKMP BitStream Ciphering A lot of standard solutions Utilization often complex One protocol does not eliminate all the threats
Feb-02

XML

Network Boundary IP

Route Security

42

Digital era : vulnerability & customized security

01000011 011000101100 00101100 01001010101000011 110010100101000011 order 01010101000011

Buyer
1100101001010101000011

Seller

0101100 1100101001010

vulnerable only clones

1011000011101001

payment

Bank
Intelligent : can be adjusted and personalized
Feb-02

43

Mobility within a Convergence world

Open or closed ?
Both : Mbius ribbon

Historical world : footprint & witness

We must authenticate the scene, the situation We must trust a witness located at t = t0 and at x = x0 Audrey & Basil know each other Local confidence

Mobility introduces new threats

a subject S is going to travel : trajectory x(t)
S is not alone S leaves traces, depends upon the ambience

S wants to trust the object O

S and O are going to create alibis depending upon time and space

Alibis
are trusted relationships between the infrastructure, S & O E.g. : the individual is going to sign with the station base that he/she was present in this cell
Feb-02 44

Security policy depending upon space & time

User point of view
he/she defines his/her own security policy for comfort
Service access if the user in inside a perimeter One restricts on his own our mobile phone usage inside a given zone for a certain period of time One asks for a control from the telecom operator Secret shared with the operator

Service Provider point of view

Creation of a cryptographic protocol to sign the user ID with the location ID (here the base station name) Buyer may be anonymous but one knows that he was here at t = t0

It is no more a virtual world

Feb-02

45

Object traceability
Trust model
Content security (end-to-end) Container security (depending upon operator, Internet, etc)

The whole system has a memory

Audit function (.log files to record events)

Historical signature
Digital signature of the content : integrity Digital signature of the traces
Labeling, watermarking Ephemeral watermarking

Feb-02

46

Security functions in a mobile universe

Identification
Biometry, smart card, trusted entity Anonymous
need to find a witness for the situation capture a secret depending upon the situation

Authentication
Of the scene:
to exchange a secret with someone that we will see again

Audit
History of the objects /subjects trajectory Ephemeral watermarking

Data Protection
Both Cryptography & steganography
Feb-02 47

Architecture : Projection of constraints

Architecture
Expression of constraints Design : Projection of the specification onto an implementation

The expression of the constraints (QoS, Security, mobility, interoperability) must be incarnate and instantiate through
The network architecture The protocol specification The applications Some expressions will be through markers
In a clear world

Feb-02

48

Reconstruction of space, time and trust

Network models
Anarchical model
Internet, WLAN, WPAN

Master-slave
WLAN

Hierarchical
Cellular networks

Semantics of protocols
Oligarchic
PKIs

Architectures of Applications
Client server architecture model
Audrey & Basil are living in an isotropic world Producer & consumer of content

Administration
management : very often a bureaucracy

Others
Feb-02 49

The new paradigms :

the focal point is not IP

Computation ubiquity (bottom of layer 7)

Horizontal software engineering (M2M, P2P), Agents XML metalanguage
To find an Esperanto (interoperability) Allows to describe policies, rules, intentions, predicates

Metacomputation: grid
Swarm of computers (10 6) running one single application

Issue : the semantical socket at the bottom of the application layer

Access ubiquity (layer 2 MAC)

Vertical software engineering High data rate Internet (digital divide) Urbanization
Construction of an Harlequin mantle (802.11, 802.15, UMTS, )

Dialectic of usages
Feb-02 50

Remedies to mobility vulnerabilities

Distribution
Trusted hierarchy by subsidiarity One can distribute secrets which are longer

Intelligence everywhere
Inside the network Network have a better throughput Capillarity larger & larger

Security hopping (security evasion)

Classical cryptography : immutable world To zap one billions of security policy implementations
1 single security policy but 10 9 implementations Each solution is fallible but the whole is highly secure

Secret contents
Delivery Content Network (DCNs), Storage Area Networks Flood the network with machines able to compute secrets
Secret Content Networks : huge repository of keys
Feb-02 51

Conclusion
Lurbanisation des systmes de communication
Ubiquit, universalit Complexit : Structure, Architecture, Urbanisme

Les nouvelles exigences dans les futurs rseaux

QoS, mobilit, configurabilit, scurit

Le seuil de la complexit des architectures

Performance versus intelligence Les points de vue
oprateurs, manufacturiers, fournisseurs de services et utilisateurs

La complexit projete dans lurbanisme, larchitecture, les protocoles, les extrmits et la subsidiarit (management rparti)

Le rythme des ruptures et des volutions

dans le cadre de la convergence et des rajustements de la tectonique des 3 plaques
Tlcoms, Informatique, Audiovisuel
Feb-02 52