A Person-Oriented Ubiquitous and Secure Information Communication Environment Supported by Data-Driven Networking Processor

Transcription

1 A Person-Oriented Ubiquitous and Secure Information Communication Environment Supported by Data-Driven Networking Processor Hiroshi Ishii Department of CommunicationEngineering School of Information Technology and Electronics Tokai University 1117 Kitakaname, Hiratsuka Kanagawa , JAPAN Yoshitsugu Kondo NTT Information Sharing Platform Laboratories, Nippon Telegraph and Telephone Corporation, , Midori-cho, Musashino, Tokyo , JAPAN Hiroaki Nishikawa Department of Computer Science, Graduate School of Systems and Information Engineering, University of Tsukuba, Tsukuba Science City, Ibaraki , JAPAN Abstract - This paper proposes a basic concept of person-oriented ubiquitous and secure information sharing environment. In the ubiquitous network environment, people, within a predefined restriction, can access and use information, network and computing resources wherever and whenever they are. Here, the owner of the resource and/or information is not necessarily same as the user. At the same time, the user specific information does exist which is owned by the user itself but often managed by other organization. So the secure and safe resource management is required. We propose two approaches for consolidating the ubiquitous and secure information sharing platform, one is right-token management platform and the other is use of objective-specific VPN. We also propose to use a data-driven networking processor as a hardware platform supporting above resource and data management platform layers, which has in nature the passiveness and high real-time multi-processing capability. We propose to use it as engines for continuous authentication and enciphering at the terminal side and communication protocol handlers, authentication and enciphering in the network. keywords: authentication, ubiquitous services, information sharing, VPN, data-driven processor 1. Introduction This paper proposes a basic concept of person-oriented ubiquitous and secure information sharing environment. Nowadays, so-called ubiquitous service is under realization, which enables us to access and utilize versatile computing and network resources and information wherever and whenever we are. Considering public phone service as one of legacy ones, we can use it whenever and wherever the phone is available if we pay for it. This example can be generalized for ubiquitous communication world, i.e., if the user profile is within a restriction specific to the resource and/or information users want to access, he or she can use it. Here, of course, the owner of the resource and/or information is not necessarily same as the user. At the same time, the user specific information does exist which is owned by the user itself. The information is often managed and stored by other organizations than the user. For instance, clinical records are managed and stored by clinics and hospital, banking information is by banks, and so on. It is not realistic to store all of this type of user-specific information in such tamper resistant equipment as IC cards. So, secure management and access to the information are also important requirements in the ubiquitous

2 communication environment. And multiple type of personal information each of which has different attributes and is managed in the different organizations need mechanism for association to harmonize each other, e.g. matching between medical and medicinal personal information. In addition, as a preliminary phase before information and resource management stage, the authenticity of living body (bio-metrics authentication) is also important issue. Considering the case where service utilizes services having multiple associations with multiple information and resources, processing bottleneck cannot be ignored. This paper proposes followings to satisfy those requirements above. First, we propose ubiquitous computing resource network management framework focusing on the right-token management and describe how to realize the platform on which users can access necessary resources under appropriate conditions. Second, by use of computing and network resource which becomes accessible through above platform, we propose remote access mechanism to the VPN which manages each type of information and policy matching mechanism between different VPNs. Finally, for the purpose of data access authentication and avoidance of processing bottleneck caused by simultaneous parallel processing, we will apply data-driven networking processor. We describe the architecture and VLSI realization of the data-driven processor. 2. Ubiquitous computing resource network management framework In recent years, the search for next-generation information environments has been a popular pursuit. Concepts that have been put forward include EasyLiving [1], AwareHome [2] and Context-Aware User Authentication [3]. All three involve the recognition of particular people by systems installed at particular locations, with the aim of offering each person specific services or information. In contrast to this, actualizing ubiquitous computing resources on networks requires that people be able to use the resources and find some value in doing so. The key point here is to create a situation in which people are able to select and use ubiquitous computing resources on demand. However, we also want to be able to restrict the number of times a resource can be used or the length of time over which it can be used. Further desirable restrictions include the restriction of resource usage to particular locations and to particular people. Resource here indicates a broad category that includes digital content, network resources, computational resources, storage resources, and applications. A platform that has these features will be particularly helpful when users are able to roam across usage environments. We need to try to separate the right to use ubiquitous-resources from ownership of the ubiquitous-resources or devices. A simple basis for this is a concept of right-tokens. Only a user who has the correct right-token is given access to a ubiquitous-resource or device. The user need not possess the resource or device. This is similar to the concept of electronic ticket systems, such as FlexTicket [4]. However, the focus of existing systems has been on ensuring the correctness of the electronic tokens (tickets). They do not tackle the situation of a user roaming through various usage environments, where the requirement is that the system should offer customized services according to user attributes or in response to current user needs. We have thus been considering a network platform that includes mechanisms for issuing and dynamically distributing right-tokens, which are essentially sets of conditions on ubiquitous-resource usage. Conditions specified by the tokens might include permission for user access to particular kinds of ubiquitous-resources, permission to use devices belonging to a particular owner, and numbers of times or lengths of time over which usage is allowed. To achieve this, the platform will have to be able to assess the applicability of right-tokens, and this will be particularly desirable in localized environments. We refer to the platform as a right-token management platform. The platform must autonomously and

3 dynamically control ubiquitous-resource utilization on the basis of conditions described in right-tokens and profiles of users and devices. The respective types of profile are stored in IC cards and embedded secure ICs (Fig. 1), both of which can contain right tokens. To control ubiquitous-resource utilization on a local basis according to profiles stored in IC cards or secure ICs, we need to select suitable entities and clarify a framework of trust (right-token management framework). The latter should be defined in terms of trust relationships among entities, so that each is able to ascertain the profile and access rights of others. Therefore, we propose a model of entity roles in the right-token management framework. That is, we describe the entities, the trust relationships among the entities that guarantee the authenticity of the respective types of profile. We also cover the access-control model of the right-token management framework, which describes the access-right transfer relationships among the entities. Through experiments with a prototype system, we confirmed the effectiveness of our approach, especially in terms of functionality and security of the proposed right-token management framework. Secure IC IC card User Profile Device Profile Judgment Mechanism Judgment results Device Outline of Configuration IDs ( ID, Issuer ID, etc.) conditions Keys to start to use target objects Signature Signature target area Fig. 1 judgment mechanism We plan to adapt the right-token management framework to other target resources, such as wireless network resources, thus demonstrating its applicability as a general-purpose framework. In the near future, we will investigate the possibility of avoiding the need to construct secure channels by having right-token judgment executed inside the IC chips. 3. Data management by closed network Accessibility control to the information or resource that is common to some restricted people is described in section 2. Here, we discuss a person-specific data management. Personal data must be got in case where the user needs it and at the same time the data must be managed in a secure manner. One typical example is the IC card within which much volume of personal data is stored. Although it is easy for the user to access the information, it is not realistic to store all the information in IC card. Another is the cases where user s data is stored in the hard disk of his own PC or where it is stored and managed by a service provider to which user-specific data is given by the user itself for a specific objective. In this case, we have to consider safe and secure data access mechanism.

4 The data management proposed here is achieved by use of a VPN (Virtual Private Network) which is a secure closed network. One type of VPN has been provided by network providers for the purpose of cost reduction and assurance of security mainly to enterprises. At the same time, end user provided VPNs are also used. Here, the contents of data stored in a VPN are limited to a specific objective, which may cause less influence than the case where any kind of data is stored in en-bloc manner. Each VPN is managed by the service provider and has a different security policy that will bar other VPN from freely connecting to it. For instance, a user s medical data is stored in clinics and hospitals. Here, we assume there is medical information sharing platform and existence of VPN among medical centers. When a user would like to get its own medical information, it accesses the VPN remotely. To assure ubiquitous access, we assume to use mechanism proposed in section 2. And authenticity of the user is assured by the mechanism described in the section 4. The remote access to the VPN is realized by several kinds of VPN protocols such as IP-sec, PPTP, SoftEther and so on. A user-to-vpn connection can be established safely through the remote VPN access mechanism. In some case, however, information exchange between different VPNs shall be needed, for example, clinics in a clinical VPN must talk about the user s medicinal information with pharmacists in the medicinal VPN. Generally each VPN has its own security policy so that it is not permitted to directly communicate. We propose to establish a filtering mechanism at the user side that matches different policies. Details are for further study but the main concept is to establish a user-specific firewall between different VPNs. Each communication between any pair of VPNs regarding the specific user is made through the user-specific firewall. Through this mechanism, we believe to establish safe and secure personal data management and exchange. objective-specific VPNs for each user information VPN for objective-a VPN for objective-b VPN for objective-c policy matching user terminal Fig. 2 Objective-specific VPN

5 4. Data-Driven Networking Processor: CUE-v2 VLSI prototype named CUE-v2[6] has already been developed as a hardware platform by the authors. The CUE-v2 is a networking-oriented data-driven processor having following features. a) passive operational mode inherent in data-driven ready-to-fire principle; The CUE-v2 can realize highly-efficient response to events from outer world without any interrupt handlings. b) concurrent operating capability based on data-driven execution scheme; The CUE-v2 can naturally perform multiple processing without any context switching overheads. c) real-time multiple media processing capability without any control overheads by fully utilizing the above feature a) and b). In fact, data-driven realtime biometrics authentication system has been realized by previous version data-driven processor named CUE-v1 and the system demonstrated essentiality of continuous authentication scheme for secure networking architecture [7]. Furthermore, the CUE-v2 was realized as a hybrid processor enabling simultaneous processing of data-driven and control threads to give higher performance for inline processing and to avoid any bottlenecks in sequential part of real-time program frequently encountered in actual time-sensitive applications [8]. The authors therefore believe the CUE-v2 will be one of the most promising hardware platforms to study future secure information sharing networking infrastructure. Data driven packet router Fetch Decode Firing Control & Schedule Register Exec Exec Exec Exec IF0, IF1 : Instruction fetch ID0, ID1: Instruction Decode FC0, FC1, FC2 : Firing Control & schedul- Data driven path Control driven path Shared path Fig.3 Data-driven processor CUE-v2 5. Person-oriented ubiquitous and secure information sharing environment By combination of mechanisms proposed in sections above, we can establish a person-oriented ubiquitous and secure information sharing environment. The environment has two basic mechanisms and the underlying platform. One is the assurance of ubiquitous access to the computing and network resources encompassing digital content, network resources, computational resources, storage resources, and applications by virtue of right-token management. Users can select and use ubiquitous computing resources on demand under some

6 restriction such as the number of times a resource can be used or the length of time over which it can be used. Another is data management specific to a person by use of VPN. After getting computing resource through the mechanism above, user access its own data by remote access to the VPN specific to an objective. Harmonization of data related to multiple objectives can be achieved by the person specific policy matching filter. At the same time, we consider the adoption of data-driven processor as underlying hardware platform fitting to this environment. It enables realization of important hardware engines for the objectives such as bio-metrics authentication and multiple associations handlers for the processing bottleneck. management: Secure and ubiquitous resource access DDP engine Data-driven processor (DDP): Efficient processing and assurance of security in processor layer DDP gateway VPN VPN Objective-specific VPN Objective-specific VPN: management of personal information in the network Fig. 3 Basic concept proposed here 6. Conclusion We proposed a basic concept of person-oriented ubiquitous and secure information sharing environment. Combination of right-token management and objective-specific VPN realizes ubiquitous and secure information sharing platform. Underlying data-driven engine supports continuous bio-metrics authentication and settlement of processing bottleneck. We have just established the joint project to tackle realization of our basic proposal. We believe combination and harmonization of our three approaches will achieve new paradigm of secure and safe information sharing in ubiquitous manner.

7 References [1] B. Brumitt, B. Meyers, J. Krumm, A. Kern, and S. Shafer, EasyLiving: Technologies for intelligent environments, Proceedings of Handheld and Ubiquitous Computing, volume 1927 of Lecture Notes in Computer Science, pp , Bristol, UK, Sept [2] C. D. Kidd, R. J. Orr, G. D. Abowd, C. G. Atkeson, I. A. Essa, B. MacIntyre, E. Mynatt, T. E. Starner, and W. Newstetter, "The Aware Home: A living laboratory for ubiquitous computing research", Proceedings of the Second International Workshop on Cooperative Buildings, Integrating Information, Organization, and Architecture, pp , Pittsburgh, USA, Oct [3] J. E. Bardram, R. E. Kjaer, and M. Ø. Pedersen, Context-aware user authentication supporting proximity-based login in pervasive computing, Proceedings of the Fifth International Conference on Ubiquitous Computing, pp , Seattle, USA, Oct [4] Y. Tajima and H. Ishii, Distributed VPN Architecture for Purpose-Oriented Network, Proceeding of Multimedia, Distributed, Cooperative and Mobile Symposium (DICOMO) 2002, pp ,tokyo, July 2002 [5] J. Miyoshi and H. Ishii, "Network-based Single Sign-on Architecture for IP-VPN," Proc. of 2003 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM'03), pp , Victoria, Canada, Aug [6] S. Ito, R. Kurebayashi, H. Tomiyasu and H. Nishikawa, A Processor Architecture for Simultaneously Processing Dataflow and Control-flow Threads, Proceedings of the 15th IASTED International Conference on Parallel and Distributed Computing and Systems, pp (Nov. 2003). [7] Y. Wabiko, K. Aoki and H. Nishikawa, Data-Driven Realtime Biometrics Authentication for Secure Networking System, Proceedings of the 2004 International Conference on Parallel and Distributed Processing Techniques and Applications, pp (June 2004). [8] S. Ito, S. Nomoto, H. Tomiyasu and H. Nishikawa, The Microarchitecture of the CUE-v2 Processor: Enabling the Simultaneous Processing of Dataflow and Control-Flow Threads, Proceeding of the the 2004 International Conference on Parallel and Distributed Processing Techniques and Applications, pp (June 2004).