Privacy Scales in Ubiquitous Computing Forum

Digital Privacy

Chapter Thirteen

Privacy Scales in Ubiquitous Computing Forum

People buy and use devices. All these devices can be connected to each other wirelessly. Also all these devices can be recognized automatically. People can track the devices; find their addresses, also potentially, trigger services or activities. Ubiquitous computing refers to the environment where these devices are enhanced with digital qualities.

Control is one of the UC problems. The control issues have been raised and this causes privacy issues associated with UC. Author states two reasons for losing privacy in UC environments.

1.      Losing control over being accessed: People will perceive control when they are aware that their response can lead them to desired outcome. Author stated that in a UC  environment, “this aspect would imply that people can easily opt out of being accessed by the intelligent infrastructure”

2.      Lack of control over inform use and maintenance

Based on RFID PET research, privacy enhancing technologies has two type models:

1.      User Model: In this model, users have full control over RFID tags.

2.      Agent Model: In this model, RFID tags are answering the network requests.

And also author has presented three scales developer of a UC and RFID technology.

1.      Control Definition and initial items development

2.      Empirical item testing

3.      Internal consistency and reliability of control items.

Reference:

Acquisti, Alessandro, Gritzalis, Stefanos, Lambrinoudakis, Costas, De Capitani Di Vimercati, Sabrina (2008). “Digital Privacy, Theory, Technologies, and Practices”. Auerback Publications. Taylor & Francis Group, LLC

Security by Design

Beautiful Security

Chapter Ten

Security by Design

Authors believe security is beautiful when system designer apply it in system design lifecycle (design, built, and test). And they believe it is ugly when we use it as an afterthought. Also they believe security is highly interrelated, and is achievable in cost effective way. When you want to have a secure environment you need to know, and clearly define the environment to have an effective environment security posture. Whenever we need a secure system you need to have a clearly known, clearly defined system.

Security vulnerabilities contribute to low reliable, poor system performance, and poor quality system. What we need to do is focusing on achieving security and quality before expanding the feature set product. What the authors suggest is achieving appropriate levels of quality and security then transition a product to volume production.

Before developing a program;

·        Determine the attributes that need to be measured

·        Interdependencies of these attributes

·        And the acceptable levels for these attribute.

Some suggestions:

·        Develop risk based security programs that address security at all phases of the system development lifecycle.

·        Instead of testing security into the system, design security.

·        Good design discipline reduces the total cost of designing, developing and operating a system in many cases.

·        Well designed system will provide significant benefits in improved security.

Reference:

Oram, Andy, Viega, John (2009). “Beautiful Security, Leading Security Experts Explain How They Think”, Copyright 2009 O’reilly Media, Inc.

The Evolution of PGP's Web of Trust

Beautiful Security

Chapter Seven

The Evolution of PGP's Web of Trust

What is PGP: PGP or Pretty Good Privacy was people’s first opportunity to use strong encryption in 1991. It let people from all around the world to connect with privacy. And it solve the problem of connecting people who never had exchanged secure keys. PGP is a software. It is an implementation of many implementation of the OpenPGP standard.

Few concept related to PGP

Trust: the mechanism that is used to decide whether a key is valid. Trust is a relationship that helps us determine validity. 

Validity: Validity is only a score to determine whether the name on a key is accurate. A key is valid if it is actually owned by the person who claims to own it.

How PGP works: you tell PGP whom you trust to sign keys, and PGP tells which keys are valid by tallying up a score for each key depending on who signed the key and how much you trust the person who signed it.

Trust Models: A Trust model is a general scheme that formalized trust.

Direct Trust: The most straightforward type of trust. It is the best, simple, well and trustworthy model of trust. In this model a certificate that holds the key is signed by the certificate itself. This model has one problem. It does not scale very well to the size of the internet.

Hierarchical Trust: In this model validate a certificate which has signed by someone whom you believe to be accurate. This model is a straightforward model. It has an obvious risk. If the authority makes a mistake the effect of that mistake is great.

Cumulative Trust: This model takes a number of Factors and uses them to decide whether a certificate is valid.

PGP web of trust:

In the PGP trust model, all users are also certification authorities. This mode uses “introducer” instead of “authority”.

Revocation: all PKIs need a way to revoke certificates. Revocation is theoretically simple in a hierarchical PKI. Revocation is needed because people lose their control of keys or computers. PGP web of trust has two mechanisms for revocation:

1.      Key revocation: users must be able to revoke the whole thing. By signing this key, revocation signature invalidates all of its certifications.

2.      Signature revocation: A key can create a signature declaring that another signature is no longer valid.

Scaling Issues: The Web of Trust works at its best with groups of people up to few thousand people. But it does not work well with a large network such as internet, because there are few paths between people who do not know each other. There few ways to improve the scaling.

1.      Extended introducers: expanding introducers to multilevel hierarchies is one way which improve the scaling. Each signing node in the tree must be given trust.

2.      Authoritative keys: Some keys or certificates are presumed to be genuine just because they come from an appropriate authority.

Reference:

Oram, Andy, Viega, John (2009). “Beautiful Security, Leading Security Experts Explain How They Think”, Copyright 2009 O’reilly Media, Inc.

Beautiful Security Metrics

Beautiful Security

Chapter three

Beautiful Security Metrics

To turn IT security into a science instead of an art, security metrics are needed. This chapter states that medical research, in order to advance human health has used metrics. The author has stated that as you can feel health but you cannot touch it, you can feel security but you cannot touch it.  Also health and security are about achieving the absence of something. In health care is about absence of failures in physical or mental well being. And security is about absence of failures in confidentiality, availability and integrity.

5 questions which Security metrics should deliver are;

1.      How secure am I?

2.      Am I better off now than I was this time last year?

3.      Am I spending the right amount of dollars, effort, or time?

4.      How do I compare with my peers?

5.      Could that happen to me?

There are three problems to answer these questions:

·        First: What is the definition of secure?

·        Second problem is Context. For Vulnerability in an IT asset, the criticality, use, and connectedness of the asset should be considered.

·        The third problem is Uncertainty. Many executives have no idea about vulnerabilities.

Security Metrics:

One example for security metrics: TJX (outsider breach) the biggest case of payment card theft ever recorded (as of 2008). Author believes this breach have started in July 2005 and continued for 18 months until December 2006, when TJX took action. Card holders began to see strange transactions on their credit card bills.

How it happened:

Public perspective:

·        TJX Cos says it suffered an unauthorized intrusion into its computer systems

·        Credit card companies, banks and customers begin to report fraudulent use of credit and debit card numbers

·        TJX reports that hackers may have access to its computer

Technology perspective:

·        Wireless LANs born: IEEE 802.11b completed and approved.

·        Hack to crack WEP protection of wireless communication demonstrated.

·        IEEE 802.1 X ratified to address port-level security using extensible authentication protocol (EAP).

·        IEEE 802.11 B security weaknesses stated.

·        TJX use of WEP protection still prevalent at retail stores.

Some recommendations:

·        Set the value of all SSIDs for IEEE 802.1b to something obscure.

·        Change the default setting for authentication to disallow open access for all clients

·        Update the configurations for every client and WAP when you change the key management for WEP

·        To achieve a strong wireless security:

ü  Turn off WEP

ü  Select obscure SSIDs

ü  Isolate wireless subnets with routers and firewalls

ü  Use 802.1X for key management

What did TJX wrong?

o   TJX did not follow guidelines issued. The hackers used this fact to access to TJX’s network.

o   They used default configuration for WAP

o   They used self-evident SSID’s and open access

The TJX’s WAP’s let hackers gather enormous quantities of valuable data with an incredible small investment.

Reference:

Oram, Andy, Viega, John (2009). “Beautiful Security, Leading Security Experts Explain How They Think”, Copyright 2009 O’reilly Media, Inc.