Multilevel Security in Location Aware Applications

1
Multilevel Security in Location Aware Applications

• Alexander Ng
• Monash University
• Masters of Computing (Research)
• Supervisor A/P Arkady Zaslavsky

2
History of Context-aware Computing

• Unpredictability of mobile computing environment
• Emerging popularity of ad hoc mobile networks
• Need to optimize use of limited resources for
  information delivery to a variety of devices and
  platforms
• Context sensing, detects environment and
  situation
• Applications that are adaptive to changing
  context
• Identify tradeoffs in user experience, computing
  power and security Difficult but possible
  challenge

3
Managing the context

• Mobile user limitations
• Battery power
• Device
• Data type

• Private network

• Public network

• Location
• Where am I?
• Is it safe to transmit?

4
Location Awareness and Context Specific Security

• Users context includes Location, device
  characteristics, environment, activity, QoS,
  battery, data type
• Important for applications to adapt according to
  location
• Location change Context change
• Location will affect modes of interaction between
  user and application.

5
Adaptive Security in Location Aware Applications

• Current focus of research attention is on privacy
  issues in location aware applications
• Little is discussed on the relationship between
  location and security.
• Security in mobile applications will be adversely
  affected by location and situational awareness
• The need to differentiate between location within
  safer private networks and weaker public
  networks

6
Research Issues

• What happens when resource availability conflicts
  with security, context and location?
• Location and context related but different
• 2 devices could be in the same location but
  differing contexts
• Similarly same context but different locations

7
Objectives

• Investigate the relationship between context
  awareness and security.
• Determine context specific security as security
  levels that are influenced by context parameters
  in a pervasive environment.
• Emphasis will be on security aspects that are
  affected by location
• This research will exploit the use of Trusted and
  Untrusted Zones to demonstrate adaptive security
  in mobile applications

8

• Am I safer on a private network?

Roaming

• Do I feel secure sending sensitive data on a
  public network?

9
Location Adaptive Security(LOCAS)

• Trusted Zones and Untrusted Zones
• What do we do if were outside a trusted Zone?
• Ensure sufficient security based on location and
  context Best effort possible scenario
• LOCAS Investigates Context Specific Security,
  with emphasis on location awareness as a prime
  factor.
• LOCAS simulates a delicate balance of security
  and computing power.

10

• Public Network

• Mobile client must optimize best effort
  security level according to resourcesavailable.

• Im transmitting sensitive data
• Client responds to context and location
• Heightened security alertness is indicated by the
  red layer (extra line of defence)

• Battery battery

• SSL

• CPU

• QoS

• Location

• Browser

• Security levels raised
• Invoke SSL

• Private Network

• Power levels

• Encryption and decryption

• Raise shields, Mr Sulu! Capt James T Kirk

11

• Battery Power too low
• CPU resource low
• Reduce security

• Private Network

P Battery Power S Security Level R CPU
Resource
12
Resource Management

• The system must decide whether to security levels
  are sufficient to the context
• Not imperative to have high security in private
  networks
• A delicate balance. Does the prevailing context
  and system resources allow heightened security?
• A reasonable compromise has to be made
• How does location information affect Security?