Based Security Model for Home system Rudolf Volner, Ph.D. Departement of Civil Air Transport, Institute of Transport, Faculty of Mechanical Engineering VŠB -Technical university of Ostrava, E-mail:
[email protected]
Tel.: ++420 5 96 99 17 65 Fax: ++420 5 96 99 17 67
Petr Boreš, Ph.D. Department of Circuit Theory, Faculty of Electrical Engineering, Czech Technical University in Prague, Technická 2, 128 00 Prague 6 E-mail:
[email protected] Abstract. The term security network intelligence is widely used in the field of communication security network. A number of new and potentially concepts and products based on the concept of security network intelligence have been introduced, including smart flows, intelligent routing, and intelligent web switching. Many intelligent systems focus on a specific security service, function, or device, and do not provide true end-to-end service network intelligence. True security network intelligence requires more than a set of disconnected elements, it requires an interconnecting and functionally coupled architecture that enables the various functional levels to interact and communicate with each other. Recent studies conclude that early and specialized prehospital patient management contributes to emergency case survival, especially in cases of serious injuries of the head, the spinal cord and internal organs. The delivery of highquality quality pre-hospital medical care in emergency cases (such as accidents happened within a stadium) requires immediate access to a wide range of medical information (critical biosignals, patient’s medical history, etc). However, stadium's paramedic personnel who usually are the first to handle such situations do not have immediate access to such information, as well as the required advanced theoretical knowledge and experience. Since, for practical and financial reasons, stadiums cannot be manned by specialized physicians (enough to handle crisis situations) paramedic personnel can only rely on directions provided to them by experts. The above mentioned problem could be efficiently solved through the usage of a mobile device which would allow specialized physicians located at a hospital site, to coordinate remote paramedical staff via telediagnosis and interactive teleconsultation means. 2 Intelligent security and communication networks Intelligent security and communication networks must at least be able to understand the security and communication environment, to make decisions, and to use and manage network resources efficiently. More sophisticated levels of security network intelligence include the ability to recognize user, application, service provider, and infrastructure needs, as well as expected and unexpected events, the ability to present knowledge in a world model, and the ability to reason about and plan for the future. For the purposes on this paper, CSNI is defined as the ability of a network system to act appropriately in a changing environment. An appropriate action is one that increases the optimal and efficient use of network resources in delivering high-quality services; success is the achievement of behavioral sub-goals that support the service provider’s overall goals. Both the criteria for success and the service provider’s overall goals are defined external to the intelligent security network system. Typically, they are defined by the service provider’s business objectives and are implemented by network designers, programmers, and operators. CSNI is the integration of knowledge and feedback into an input and output-based, interactive, goal-directed, security, networked system that can plan and generate effective, purposeful action directed toward achieving goals. Network intelligence will evolve through growth in computational power and through the accumulation of knowledge about the types of input data needed for making decisions concerning expected response, and about the algorithmic processing required in a complex and changing communications environment. Increasingly sophisticated network intelligence makes possible look-ahead planning, management before responding and reasoning about the probable results of alternative actions. These intelligent network capabilities can provide service providers with competitive and operational advantages over traditional networks. 3 Security model In order to come up with a model that can deal with the security requirements of smart appliances, we first develop a
classification of smart home appliances, categorizing them into eight different functional groups, as shown in Table 1. Next we consider possible threats that any internet-enabled device may encounter - Table 2. We then examine possible countermeasures that can be taken against such threats - Table 3. Correlation of our classification with an analysis of present and past security-related incidents yields us taxonomy of threats to smart home appliance as shown in Table 4, where H, M and L indicate high, medium, and low level threat likelihood, respectively and there was no supporting data for centries. The home system (HS) architecture For a network, the serving area is partitioned into a number of basic service areas designated as cells. Each cell is served by a base station – centre HS, which exchanges radio signals with mobile terminals – home control centers. Mobility is central to networks. To provide mobility, tracking mobile terminal locations becomes an important and primary function of network and hence some databases are introduced to support such a capability. In HS/ATM networks, each HS network covers a large geographical area and incorporates a number of base stations. Meanwhile, the location database of wireless cluster manager is broken into two parts: • one for the mobile terminals which are permanently registered in the community, the home community – home part, • the other for the mobile terminals which are visiting the community – visiting part. 5 Characterization of services, traffic sources and system teletraffic Traditional traffic modeling of data sources assumed that the inter-arrival times of traffic packets were basically exponential in distribution and independent of one another, which means that the process is memory-less. However, recent studies of the behaviour of individual multimedia sources and system-level activity show that traffic traces are distributed in ways more complex than this. Our analysis has aimed at improving the best-fitting model for a given traffic scenario when the underlying flow keeps changing over time and space. To be confident that the results are useful a model was sought that: • was as simple as possible in a computational sense without compromising accuracy, • had a physical explanation in the network context, • can be related to real measurements for verification purposes by the operators. The investigation focused on extensions that could retain tractability, in two steps as described below: • statistical multiplexing, • parameterization. Traffic generation – if the traffic is memory-less, generation of traffic to support the simulations can be achieved simply by a negative exponentially distributed process to specify packet inter-arrival time. However, modeling self-similar traffic is much more complex [5], [6], [7], [8], [9]. 2. Biometric security Video-acoustic detection platform The system is composed by the main module, the control and management module. This module uses the concept of task and event, establishing the task which are made by the rest of modules, the execution policies when events happen and the management of such events. The information of task, events, policies, logs and classification results are stored in a system database. The system is compounded by another set of basic modules that accomplish different tasks – fig. 1: • image module , • acoustic, • authentication, • classification. The main functionalities of the system are – fig.2 : • monitoring of a closed, • capture of video-acoustic images allowing the correlation between both media, • automatic intruder pre-detection thorough the processing of the video-acoustic images, • user authentication thanks to use of smart cards and the visual and acoustic characteristics of the user, • classification of the data obtained by the system, Handwritten signature verification system Parameterization is one of the critical points of the verification system. The choice of the parameterization system will be crucial and it will depend on several elements as vector size and classification system. Taking into account the classifier nature – based on geometric properties – and the good results of the use of direct images in other applications as facial recognition, four parameterization techniques has been proposed:
• • • •
contour, contour following, region, direct.
Iris authentication biometric system The human iris has some characteristics that make it suitable to be use in biometrics applications: • the possibility of finding an iris equal to another one is considered to be null, even the two iris of the same individual are different, • the iris pattern does not change through the user’s whole life, • it is naturally isolated by the cornea, • modifying it surgically without any risk for the vision is nearly impossible, • the physically response to light provides it a suitable way to test the aliveness of it. Iris recognition systems relays on a very similar architecture. Based system in the feature of hand palm The system captures the characteristic of the person and it processes it to create an electronic representation called – model in alive. Finally, the system compares the model in alive with the model of reference of the person. If both models coincide the verification was carried out with success. In opposite case, the verification is failed. In the case that the function of the biometric system is identification, the person does not report to biometric system which is him identity. The use of the palm of the hand as measure of authentication has turned out to be an ideal solution for applications of middle security, where the convenience is an option lot more important than the security or the precision. In the same way, this technique offers a good balance between performance and facility of use. Voice biometrics Voice-biometrics systems can be categorized as belonging two industries: • speech processing, • biometric security. The following section outline the best-known commercialized forms of voice biometrics: • speaker verification, • speaker identification. Applications of voice biometrics provide security, fraud prevention or monitoring. Current research and market trends indicate that future applications of voice-biometrics will be text-independent and incorporate other speechprocessing and biometric technologies. 2. RFID technologies An RFID system is composed of a reader, connected to a host system, and a transponder. The reader and the transponder communicate on precise radio waves bands generating a data energy clock. The average distance of this invisible link goes from few centimeters to several meters. The reader can be located in a specific place such as the entrance of a security area or carried by personnel in order to randomly localize tagged items. It activates, or initiates, communication with the tag by broadcasting a radio signal. The transponder, or tag, is composed of a chip, made of silicon or polymer, and an antenna. There is a twofold option concerning the type of tag. We can have an “active” tag composed of a chip and a battery or a “passive” tag not requiring any internal power source. This last alternative allows a passive broadcast and identification on request only. Beside, as there is no internal power supply, its lifetime is longlasting and the simplicity of its components allows a cheap price, a quite basic and reliable building. The tag only responds to the reader’s radio frequency emission and derives its power from the energy waves transmitted. A passive type tag is not a smart tag; its functions are limited to identification and localization. RFID tag carries more data than barcode or magnetic stripe and can be attached to, or embedded in, an item allowing its permanent and remote tracking owing to a unique serial number stored in the chip. This serial number refers to a database to which the system is linked (the host system). Information contained in the database includes item identifier, description, movement and localization. The type of information housed will vary by application. The core interest of RFID is the given ability to localize and identify an object owing to the possible remote capture of information. System elements Electronic watermarking in its most general definition is the technique of embedding some information, often called ‘the watermark’, into a host signal without noticeably modifying that signal.
• Voice Signal: The voice signal is the host medium that carries the watermark or within which the watermark is hidden. In the aeronautical radio application the host signal is an electrical speech signal which is produced from the speaker’s microphone or headset. • Watermark: The watermark itself is the information or data that is embedded into the voice signal. It could for example consist of the 24 bit aircraft identifier and—depending on the available data rate auxiliary data such as the aircraft’s position. • Watermark Encoder: The watermark encoder is an electronic device, which could be fitted into a small adaptor box between the headset and the existing VHF radio. It converts the analogue speech signal to the digital domain. An integrated digital signal processor embeds the watermark data according to embedding algorithms which are the subject of Section IV. The watermarked digital signal is then converted back to an analogue speech signal for transmission with the standard VHF radio. • Transmission Channel: The transmission channel consists of the airborne and ground based radio transceivers, corresponding wiring, antenna systems, etc., and the VHF radio propagation channel. • Received Signal: Although the signal contains a watermark, it is technically and perceptually still very similar to the original audio signal and can therefore be received and listened to with every standard VHF radio receiver without any modify captions. This allows a stepwise deployment and parallel use with the current legacy system. • Watermark Decoder: The watermark decoder extracts the data from the received signal, assures the validity of the data and displays it to the user. The information can then become integrated into the ATC systems, e.g. by highlighting the radar screen label of the aircraft that is currently transmitting. EMERGENCY HEALTH~ARE MOBILE UNITS Recent studies conclude that early and speciaIized prehospital patient management contributes to emergency case survival, especially in cases of serious injuries of tbe head, the spi na I cord and internal organs. The delivery of highquality quality pre-hospital medicalcare in emergency cases (such as accidents happened within a stadium) requires immediate access to a wide range of medical information (critical biosignals, patienťs medical history, etc). However, stadium's paramedic persbnneI who usually are the first to handle such siruations do not have immediate access to such infonnation, as well as the required advanced theoretical knowledge and experience. Since, for practical and financial reasons, stadiums cannot be manned by specialized physicians (enough to handle crisís situations) paramedic personnel can only rely on directions provided to them by experts. The above mentioned problem could be effjciently solved through the usage of a mobile device which would allow specialized physicians located at a hospital site, to coordinate remote paramedical staff via telediagnosis and interactive teleconsultation means. Athlos utilizes mobile units which mainly consist of four modules, the biosignal acquisition module, which is responsible for critical biosignals acquisition (ECG, Sp02, blood pressure, etc), a digital camera for image captuling, a processing unit; and a wireless communication module (3G and WiFi), which is responsible to transmit the collected medical information. MOBILE ACCESS SYSTEM FOR FIRST RESPONDERS First responders are members of organizations and agencies such as emergency communication centers, emergency medical services, fire rescue, police, etc. When a crisis occurs (accident, fire, etc) first responders must quickly collaborate to assess the nature, severity and effects of the situation as well as to plan and coordinate their response actions. However, first responders' needs for information access and sharing are not well supported. Furthennore, many first responders are mobile as part of their routine work and must relocate to an incident site in an emergency, bringing what they need with them. Athlos address these needs and provides ubiquitous, fast and reliable access to information. The Mobile Access System allows first responders (police, fire rescue, ambulances, etc) to have immediate, secure (and authorized) access to a wide range of useful multimedia information while moving to the crisis site. Mobile access is achieved through GSM or 3G public networks using personal mobile devices (palmtops, laptops, etc). The information provided. (including reports ITom the organizers, photos, videos, etc) helps first responders to better assess the situation and organize the operation prior to arrival to the crisis site. COORDINATION CENTRE The coordination centre is the core of the system. AII data from the distributed system components (emergency units; access control units, etc) are col!ected and further processed here, in order to assist crisis situations management. It íncludes the central database where al! col!ected data are stored, as wel! as the necessary software applications (access card issuance, monitoring applicatíons, control panel, telecommunication units, etc). TESTING ENVIRONMENT A pilot versí on of Athlos is irnplemented in a stadium hosting athletic events, including basketbal! games, athletics and gymnastics. The intelligent access contro! system is composed of tennina!s with embedded fingerprint biometric devices, which are located in the entrances of the stadium, as we]] as RFID smart card readers placed in the zone borders of the stadium and at the entrances. The tennina!s communicate with a centra! server (coordination centre) through a wireless LAN. The central server hosts an administration system and a database fi]]ed with data concerning access privileges for sports fans.
Access control for Type A users is implemented through the use of RFID smartcards and for Type B users, through . the use of biometrics. The coordination centre was located in a secure office of the stadium, while user enrolment took place after informing the users through the Internet and on-spot, in a secure office by the ticket booth. System evaluation is an ongoing process with a twelve month duration, focusing on system security, performance and acceptance. Specialized methodologies are deployed for the evaluation of security [13], performance [14] and acceptance [15]. CONCLUSIONS Athlos is an integrated system, which comprises intelligent access control systems, smart cards, emergency mobile units and wireless links for authenticating participants and managing crisis situations during Jarge scale athletic events. Athlos is based on state of the art technologies and infrastructures including RFID smart card technologies, biometrics, data security techniques and wireless communication networks. Future work, regards the processing and finalizing of the evaluation results towards the enhancement of the system. Architecture description The architecture of the proposed system is depicted in the following figure. The integrated system comprises the following basic components: • The intelligent access control system • The emergency mobile units • The mobile access system for next responders • The coordination centre 5 Conclusion The security requirements or each functional type appliance were identified. Appropriate solutions were proposed. It considered compliance with existing standards and liaise with appropriate for a to downstream new requirements important when trying to address security requirements or smart home appliances. It argued that successive security implementation involves cooperation of manufacturers, network operators and service providers. An architecture wherein security issues are managed through universal home gateways by network operators in a product based fashion is proposed and manufacturers and service providers are recommended to adapt the technology, in order to offset resource limitations of individual smart appliances and make their security issues straight forward to ordinary users. 6 Conclusion In this paper, we have proposed a HS/ATM network for supporting multimedia communication to mobile terminals. Here the network is partitioned into core and edge networks. The advantage of this portioning has been discussed. The network bandwidth is allocated in such a way that each VP is semi-permanently allocated a certain amount of using existing optimization techniques. Cell scheduling and queuing implementations were discussed. We conclude, that based on the proposed bandwidth management framework, all ATM service classes can be served with reasonable QoS guarantees, the CAC procedures easily implemented, and potential rate-based ABR congestion control easily incorporated. The work described in this paper has been strongly directed by the mobile communication industry’s real concerns in realizing business opportunities in the next generation of mobile multimedia communication networks. The models that were implemented provide the opportunity for new insights into the behaviour of mobile multimedia communication systems, including the mobility of subscribers, the types of traffic they generate and the expected properties of that traffic individually and in aggregate. References [1] Herper, Matthew. "Emerging Technologies: 'Smart' Kitchens A Long Way Off', Forbes, Feb. 2003. [2] Volner, R.: CATV – “Interactive Security and Communication System”, 34th Annual 2000 International Carnahan Conference on Security Technology, October 2000 Ottawa, Canada, pp. 124-136 , IEEE Catalog Number 00CH37083, ISBN 0-7803-5965-8, [3] Volner, R.: “Home security system and CATV”, 35th Annual 2001 International Carnahan Conference on Security Technology, October 2001 London, England, pp. 293 – 306 IEEE Catalog Number 01CH37186 , ISBN 0-7803-6636-0, [4] Volner, R., Poušek, L., “Wireless Biomedical Home Security Network – architecture and modelling”, 38th Annual 2004 International Carnahan Conference on Security Technology, October 2004 Albuquerque, New Mexico, USA, pp. 69 – 76, IEEE Catalog Number 04CH37572, ISBN 0-7803-8506 - 3 References [1] Volner, R., : CATV – Interactive Security and Communication System, proceedings the institute of electrical and electronics engineers, 34th Annual 2000 International Carnahan Conference on Security Technology, October 2000 Ottawa, Canada, pp. 124-136, IEEE Catalog Number 00CH37083, ISBN 0-7803-5965-8,
[2] Volner, R., : Home security system and CATV, 35th Annual 2001 International Carnahan Conference on Security Technology, October 2001 London, England, pp. 293 – 306 IEEE Catalog Number 01CH37186, ISBN 0-7803-6636-0, [3] Volner, R., : CATV Architecture for Security, 36th Annual 2002 International Carnahan Conference on Security Technology, October 2002, Atlantic City, New Jersey, USA, pp. 209 – 215, IEEE Catalog Number 02CH37348, ISBN 0-7803-7436-3, [4] Volner, R., Poušek, L. : Inteligence Security Home Network, 37th Annual 2003 International Carnahan Conference on Security Technology, October 2003 Taipei, Taiwan, pp. 30 – 37, IEEE Catalog Number 03CH37458 , ISBN 0-78037882-2, [5] Volner, R., Boreš, P., Tichá, D.: CATV - architecture and simulation network; conference proceedings, The 6th Biennial Conference on Electronics and Microsystems Technology BEC 98, Tallinn, Estonia, October 1998, pp. 211 214 [6] Volner, R., : Inteligence CATV – Traffic models, Design and Analysis, International Conference on Computer, Communication and Control Technologies CCCT’03 and The 9th International Conference on Information Systems Analysis and Synthesis ISAS 03, Proceeding volume IV, July 2003, Orlando, Florida, USA, pp. 340 – 345, ISBN9806560-05-1, CD - ISBN 980-6560-10-8, [7] Volner,R. et al.: CATV In Multimedia Transmission Systems, Electronic Horizont, Vol.55, Nov./ Dec. 1995 [8] ATM Forum Technical Committee: Traffic management specification version 4.0, AFTM 0056.000, Apr. 1996 [9] Volner, R., Boreš, P., Tichá, D.: CATV and PC = Information Network; proceedings of International Symposium on Signals, Circuits and Systems SCS ‘97, Iasi, Romania, October 1997, pp. 81 - 84 [10] ATM Forum technical committee: Flow controlled connections proposal for ATM traffic management, sept. 1994 [11] Volner, R. : ATM/IP CATV network, Poster Abstract of the 25th International Conference on Information Technology Interfaces, Cavtat, Croatia, june 2003, pp. 57 - 58, ISBN 953- 96769-8-3, REFERENCES [I] Dimitriadis, c., Polemi, D.: Biometrics -Risks and . Controls. Inťonnation Systems Contro! Journal (ISACA), vol.4 (2004) 41-43
Fig. 1 System architecture
Figure. 4 Use of certification mechanism
Figure 3 Mobility model into three submodels
WAN
Fibre Optic System
Security system Metro police
MAN
BMHS network
Other centre BMHS
Centre BMHS
Security system BMHS
Biometric identification
Security cameras
Telemetrically security system
Telemetric systems
Video and audio identification
Home control centre
TV
PC
Audio
Text
Data
Figure 2 The HS interactive system can be structured in a hierarchical way for system scalability and evolution