2nd Workshop on Security in Ubiquitous Computing

Ubicomp 2003, Seattle, Washington, USA

October 12, 2003, 9am - 6pm

Home
Call for Papers
Program
Participation
Contact
Ubicomp Conference

Program

Sunday, 12 October 2003

9:00 - 9:30 Introduction
  • Round-table introduction of workshop participants and presenters
  • General workshop and conference notices
  • Workshop overview and goals
9:30 - 10:30 Authentication turned upside down

Authentication is based on the possession of a secret token by a subject, and the ability of its target to gain sufficient evidence of this ownership, either through token exchange or issuing of a challenge. - Authentication has been said to be a bootstrap of all security mechanisms, namely authorization, integrity, confidentiality and non-repudiation. However, some argue today that we can forget about traditional authentication in UbiComp for these reasons:
  • The simple ubiquitous devices don't support "serious" authentication anyway
  • Many applications are being transformed by UbiComp technology, such that "identity" has obscure meanings
  • Privacy concerns demand the decoupling of secret keys and identities
In this section, we will try to shed some new light on these issues.

Paper: Lightweight Authentication Protocols for Low-Cost RFID Tags (Istvan Vajda, Levente Buttyan)

Paper: Security Requirements for Environmental Sensing Technology (Giovanni Iachello, Gregory Abowd)

Wrap-up: The Credential and Attribute Revolution

10:30 - 11:00 Break

11:00 - 12:30 Exposing privacy to trust

Traditional Trust Management is based on the availability of attributes, formulation of policies, and the execution of the policies on the attributes to derive an evaluation of trust for an entity laying claim to the attributes. The goal of privacy management is to protect an entity's personal attributes and information from unwarranted disclosure. It therefore seems as though one has to be sacrificed for the other, in particular applications (i.e. sometimes one has to give up a measure of privacy to gain trust). Does this imply a need for a framework for the mutual interaction/use of the two? Can trust in an infrastructure be sufficiently obtained and managed, so that privacy is not easily compromised?

Paper: Trust-Based Model for Privacy Control in Context-Aware Systems (Waleed Wagealla, Sotirios Terzis, Colin English)

Paper: Secure PC Environment Roaming Technology for the Ubiquitous Office (Shigeyoshi Iizuka, Kei Uwazumi, Kiyoshi Nakahama, Shinya Nakajima, Katsuhiko Ogawa)

Paper: Trust Network-Based Filtering to Retrieve Trustworthy Word-of-Mouth Information (Hiromitsu Kato, Yoshinori Sato, Takashi Fukumoto, Koichi Homma, Toshiro Sasaki, Motohisa Funabashi)

Wrap-up: Trust vs. Privacy

12:30 - 2:00 Lunch breack

2:00 - 3:30 Anonymity - "the panacea of Ubicomp security?"

Anonymity research in communications came about to support groupware for ad-hoc groups, blind voting and online commercial activities. The concern was that while one can take part in the corresponding physical activities without any significant commitment of identity (shopping, spontaneous discussion forum, casting ballots etc), the nature of networking protocols does not guarantee this.

Paper: Anonymity for Users of Ubiquitous Computing (Alf Zugenmaier, Adolf Hohl)

Paper: LEXP: Preserving User Privacy and Certifying the Location Information (Ken Nakanishi, Jin Nakazawa, Hideyuki Tokuda)

Wrap-up: How will be security mechanisms affected by anonymity requirements?