2nd Workshop on Security in Ubiquitous ComputingUbicomp 2003, Seattle, Washington, USAOctober 12, 2003, 9am - 6pm |
|
Paper AbstractsLightweight Authentication Protocols for Low-Cost RFID TagsAbstract Providing security in low-cost RFID tags is a challenging task because tags are highly resource constrained and cannot support strong cryptography. Special lightweight algorithms and protocols need to be designed that take into account the limitations of the tags. In this paper, we propose a set of extremely lightweight tag authentication protocols. We also provide an analysis of the proposed protocols.full paper Security requirements for environmental sensing technologyyAbstract In this paper, we identify security objectives and requirements for a class of ubiquitous computing technology, namely environmental sensing infrastructure. The method used starts with analyzing scenarios to define user-driven security objectives for specific applications and identify hints to potential misuse in a realistic setting. The described applications are examined to understand how they could be built using existing sensing technology (TinyOS, InCA and the Context Toolkit are considered here). The resulting security requirements, related to technical, social and legal issues, drive the discussion about the features and shortcomings of the considered sensing technologies and aid in proposing suggestions for enhancing their security properties.full paper Trust-Based Model for Privacy Control in Context-Aware SystemsAbstract In context-aware systems, there is a high demand on providing privacy solutions to users when they are interacting and exchanging personal information. Privacy in this context encompasses reasoning about trust and risk involved in interactions between users. Trust, therefore, controls the amount of information that can be revealed, and risk analysis allows us to evaluate the expected benefit that would motivate users to participate in these interactions. In this paper, we propose a trust-based model for privacy control in context-aware systems based on incorporating trust and risk. Through this approach, it is clear how to reason about trust and risk in designing and implementing context-aware systems that provide mechanisms to protect users privacy. Our approach also includes experiential learning mechanisms from past observations in reaching better decisions in future interactions. The outlined model in this paper serves as an attempt to solve the concerns of privacy control in context-aware systems. To validate this model, we are currently applying it on a context-aware system that tracks users location. We hope to report on the performance evaluation and the experience of implementation in the near future.full paper Secure PC environment roaming technology for ubiquitous officeAbstract Since businessmen who are outside their homes or offices often want to netsurf for information retrieval and/or making documents, it is becoming popular to access public computers in sites such as rental offices and Internet cafes. However, there are two major problems with using such computers. One is the excessive time and effort needed to recreate the user's preferred desktop environment. The other problem is security. Our Shared PC concept eliminates these problems. The Shared PC represents a kind of ubiquitous office that can be safely created and used simply by inserting a personal IC card into a PC. The user's own PC environment, held at a server as encrypted files, is deciphered and restored using a private key stored in the IC card. Security is ensured because the local hard disk holding the user's personalized environment is formatted at the end of each session. This paper presents the Shared PC architecture and a field trial.full paper Trust Network-based Filtering to Retrieve Trustworthy Word-of-Mouth InformationAbstract We propose a method to retrieve trustworthy information from a word-of-mouth community space that could include inappropriate information. In a ubiquitous information society, high anonymity could cause some problems concerning human rights infringements, such as slander and invasion of privacy. On the other hand, unless anonymity is guaranteed at a certain level, free expression and speech would not be possible and may lead to an inactive information society. As a countermeasure to such problems, information rating-based filtering was examined in previous work. However, some diffculties such as the infringements of freedom of expression and the objective authenticity of the rating results have been pointed out. In this research, we pay attention to the reliance on relationships between people, and construct a model in which information is valued when it comes from people who can be relied on. Also, we aim to construct a framework for evaluating the trustworthiness of information by forming a community that is generally known as the web of trust model.full paper Anonymity for Users of Ubiquitous ComputingAbstract Anonymity is a protection goal that helps to protect the privacy of users by ensuring that their identity remains unknown. As privacy is a grave concern in pervasive computing, the need for suitable anonymity mechanisms is apparent. This contribution uses the Freiburg privacy diamond to analyze the possibilities for anonymity mechanisms in pervasive and highlights the problems that arise out of the one user many devices model.full paper LEXP: Preserving User Privacy and Certifying the Location InformationAbstract We propose Location information EXchange Protocol (LEXP) as a protocol for locationaware applications using a tracking system. This protocol is designed for preserving user privacy, and certifying users location information. In LEXP, objectdetection entities are separated from location-aware applications, and users can disclose their location information based on their intention. LEXP guarantees users to keep anonymity, and guarantees applications that a user cannot forge his location information. LEXP realizes these requirements by applying chain of confidence model and extending one-time password architecture.full paper |