Pervasive Computing in Security - Report Example

Running head: Pervasive Computing in Security The Importance of Pervasive Computing In Security By _________________________ Introduction The new revolutionary computing technology that we are confronting today upholds a paradigm that envisions a world surrounded by processors, computers, sensors, and digital communications. Pervasive computing provides us with the opportunity to develop an enriched environment with a comfortable and convenient information era equipped with the required secure measures to protect physical and computational infrastructures into an incorporated environment. This incorporation highlights the needs of perfect security of computing devices and sensors that provides new concepts of protective measures like never thought before. The best example of such measures is the concept of "smart cards" and "Biometrics". Pervasive computing enables researchers to think the best possible security aspects to minimize the threats of computer and cyber crime that leads towards the killer applications, cyber-criminals as computer culprits take advantage of the vulnerabilities present in the traditional computing environments. According to Kagal et al. "securing pervasive computing environments presents challenges at many levels". (Kagal et al, 2002) We will discuss how and in what ways we can implement the security measures to understand and evaluate the importance of pervasive computing in security. Methodology Authentication is the process of proving that you are who you say you are and establishing proof of identity. Authentication can be achieved through the use of passwords, smart cards, biometrics, or a combination thereof. People are the next most important security component. Often, people are the weakest link in any security infrastructure. Most corporate security relies on the password a user chooses. If the user chooses his or her first name as the password, the time, energy, and money spent evaluating, purchasing, and implementing security solutions go out the window. Numerous methods exist to gain access to a system. Social engineering preying on the weakest factor in any security infrastructure, the human-is one of the most successful methods. From pretending to be a helpdesk worker and asking users to change their passwords, to dressing up as the copy machine repair technician to gain physical access to a building, social engineering is effective in gaining access to an organization's systems. (Andress, 2003) Other methods include trying to guess username and password combinations and using exploits in operating systems and applications to gain access to systems. Some common exploits include buffer overflows, Windows exploits, and Web server application exploits. The most popular tool for information theft attacks is the network sniffer. With a sniffer, an attacker monitors traffic on a network, usually looking for username-password combinations. (Andres, 2003) The use of sniffers is known as a passive attack because the sniffer's snooping does not require any action on the part of the attacker. Active attacks, on the other hand, do require action. Examples of active attacks are "dumpster diving" or calling up an individual at a target company and asking for information. Security Awareness Security awareness can be provided at the utmost by conducting seminars and awareness campaigns. Such campaigns work well in explaining topics like password selection, screen locking, document labeling, and physical (door) security. Posters, e-mails, screensavers, and mouse pads printed with security tips and expectations help provide day-to-day reminders. Some companies even establish security incentive programs for their employees. Multifactor Authentication The three major types of authentication which are commonly used now a days are: Something you know-personal identification number (PIN), password. Something you have-SecurID, smart card, iButton. Something you are-that is, some measurable physical characteristic of you, such as fingerprints or speech. This authentication technique is called biometrics. Smart cards, SecurID, and iButtons are great for authentication, but what happens if someone steals your device If all that is required for authentication is the presence of a token device, your authentication is not that much stronger than a regular old password. Individually, any of these approaches have limitations. (Andress, 2003) "Something you have" can be stolen, whereas "something you know" can be guessed, shared, or forgotten. "Something you are" is usually considered the strongest approach, but it is costly to deploy and manage. To make authentication stronger, you can combine methods, often referred to as multifactor or strong authentication. The most common type is two-factor authentication, such as using a PIN code as well as a SecurID token to log on to your network. The example of two-factor authentication is the use of automatic teller machine (ATM) card. Smart Cards One of the most important implementation of security in computers is through the use of "smart cards" which are devices that look and feel like a credit card but act like a computer. They can be used to verify a user's identity to log on to a Windows domain, enable a student to view his or her grades, and possibly replace many of our existing identification, credit, and access cards that are now a part of daily life. A smart card is programmable, so many different applications and data can be loaded onto them infinitely. Smart cards also have storage and processing capabilities, which means they have the ability to add or subtract value. (Andress, 2003) The computer functionality of a smart card also provides security features usually not available in basic credit cards. Plus, smart cards have an actual processor built into them and don't rely on a magnetic stripe as credit cards do. Although the built-in processor gives smart cards a lot of capabilities, a smart card is not a stand-alone computer. It must be connected to more powerful computers to be of any use. Smart cards today contain an 8-bit micro controller and hold 16KB or more of information. To make the communications between a computer and smart card work, one has to place the card in a reader that is connected to the computer. Contactless smart cards also exist, which transfers data over radio waves. Either way, smart cards are designed to withstand many different environments and scenarios. Smart cards must work under all conditions and keep data safe even if exposed to extreme situations, such as power fluctuations and heat. The smart card is part of the payments system revolution, according to Catherine A. Allen, vice-president of Citibank's Technology Office and chairman of the Smart Card Forum, a group of banks and vendors interested in smart cards. (Lunt, 1995) Smart cards require a high level of security, ensuring that an unauthorized person cannot remove value from a card or otherwise put unauthorized information on the card. Because it is hard to get at the data without authorization, and because it fits in one's pocket, a smart card is appropriate for secure and convenient data storage. Finally, cross-platform support has been lacking in smart-card technology. With the recent introduction of the Java Card, the smart card industry has begun to experience the first stages of a platform model, in which the operating system provides application developers with an opportunity to create applications on a common code base. Price is a definite factor when you're deciding whether to roll out a smart-card system. A typical card costs about $15. For smart cards to become widespread, this cost needs to fall to around $1 or $2 per card. As with biometrics, some computer manufacturers sell keyboards and laptops with built-in smart-card readers. As smart cards are often used in conjunction with digital certificates. The certificate is stored on the card, providing an additional layer of protection for the certificate. Biometrics Biometrics is the science of using digital technology to identify individuals based on the individual's unique physical and biological qualities (Page, 2001). Biometric devices measure physical attributes. The most commonly measured attribute is a fingerprint, but the shape of a person's face, the pattern of the eye's iris, the person's typing patterns, or the sound of his or her voice are also measurable attributes. Some security experts argue that biometrics is the only true form of user authentication because it physically authenticates the person (for example, each person's fingerprint is unique). With biometrics, you will never have to remember multiple passwords. (Andress, 2003) Biometrics are used for human recognition which consists of identification and verification. The terms differ significantly. With identification, the biometric system asks and attempts to answer the question, "Who is X" In an identification application, the biometric device reads a sample and compares that sample against every record or template in the database. This type of comparison is called a "one-to-many" search (1:N). Depending on how the system is designed, it can make a "best" match, or it can score possible matches, ranking them in order of likelihood. Identification applications are common when the goal is to identify criminals, terrorists, or other "wolves in sheep's clothing," particularly through surveillance. (Gatune, 2003) Many devices exist to meet any level of security paranoia. If you want ultimate security for a nuclear reactor, retina-scanning devices that read the pattern of blood vessels inside eyes are available. Other devices, such as fingerprint scanners, that are more conducive to the everyday business environment also exist. Biometrics has been around for many years, but the technology did not exist to make it accurate or economically feasible to roll out to every user's desktop. Now, many computer manufacturers offer keyboards with built-in fingerprint scanners. Conclusion Facial recognition systems as well as surveillance cameras are being extensively used to monitor schools, airports, stadiums, and large crowd gatherings. Does this type of surveillance make people feel more secure, or is it an infringement on a person's freedom of movement and privacy What happens if a wrongful identification is made and a person is detained because of that mistake (Baird, 2002) The move from computers to Biometrics and ATMs brings forth new challenges to security and privacy, which cannot be addressed by mere adaptation of existing security and privacy mechanisms. Unless security concerns are accommodated early in the design phase, pervasive computing environments will be rife with vulnerabilities and exposures. (Campbell et al) References Andress Amanda, 2003. "Surviving Security: How to Integrate People, Process, and Technology": Auerbach Publications. Place of Publication: Boca Raton, FL. Publication Baird L. Stephen, 2002. "Biometrics Security Technology": It Is Important for Students to Understand That Technology Can Be Used as Part of a Solution to a Problem: The Technology Teacher. Volume: 61. Issue: 5. Page Number: 18+. COPYRIGHT 2002 International Technology Education Association Campbell Roy, Al- Muhtadi Jalal, Naldurg Prasad, Mickunas M. Dennis. "Towards security and privacy for pervasive computing". Gutane Julius, Horn Christopher, Thomas Aryn, Woodward D. John, 2003. "Biometrics: A Look at Facial Recognition": Rand. Place of Publication: Santa Monica, CA. L. Kagal, J. Undercoffer, F. Perich, A. Joshi, and T. Finin, 2002. "Vigil: Enforcing Security in Ubiquitous Environments," in "Grace Hopper Celebration of Women in Computing" Lunt Penny, 1995. "The Smart Cards Are Coming! but Will They Stay": ABA Banking Journal. Volume: 87. Issue: 9. Page Number: 46+. Simmons-Boardman Publishing Corporation; COPYRIGHT 2002 Page, D. (2001). Biometrics: Facing Down the Identity Crisis. (6 pages). Hightech Careers Read More