■Ubiquitous Computing Society and Information Security
In a ubiquitous computing society, a wider range and larger amount of information than in modern information society will spread into every corner of the living environment and information services based on such information will support our lives in a sophisticated manner (Figure 1). An information protection mechanism is necessary to safely and comfortably use "information" that forms such a ubiquitous computing society as one of the important resources to support our lives, just like water, gas and electricity. Information security in a ubiquitous computing society is called "Ubiquitous security". In order to realize ubiquitous security, a wide range of social infrastructures, not only technology but also operation and a legal system, have to be implemented and improved.
Figure 1: Ubiquitous Computing Society and Security
■eTRON to protect electronic entities
eTRON (entity TRON) is the information security infrastructure architecture to support the above-mentioned "ubiquitous security". eTRON realizes a special form information (electronic entities) which is protected from various threats such as forgery, reproduction and alterations utilizing tamper-resistant hardware, in other words, information with the behavior similar to physical objects which are difficult to forge, reproduce and alter. In modern society, there is a problem that specialists have more knowledge on the digital technology and benefit from the technology whereas non-specialists can not benefit from it and, thus, there is a clear disadvantage to the non-specialists. YRP Ubiquitous Networking Laboratory (YRP UNL) tries to solve this issue by "materializing electronic information" with eTRON technology, and making it easier for non-specialists to use the otherwise unapproachable technology, so that the disadvantage due to the unfamiliarity is reduced (Figure 2).
Figure 2: Problem of Asymmetry and Universal Design
In a ubiquitous computing society, "information" will definitely play an important role. This "information" will be utilized in all scenes of day-to-day life. "Information security technology" that protects "information" to enable us to use information comfortably needs to be designed from a standpoint of universal design so it can be easily used by anyone. However, electronic "information" is invisible. In our approach, "information storage" that robustly stores information and all the means for protecting information routes as "physical objects" (hardware) have been materialized using eTRON technology so that they can be recognized by anyone. YRP UNL would like to establish security in our lives by providing a security device called "eTRON", which is physical object that is visible and touchable so that anyone can use eTRON as they wish to control information in their lives. For example, let's take personal seals and house keys in which are authority information in material forms. We routinely use these without any difficulty. If "eTRON" hardware device is used, it will be possible to use electronic entities as easily as seals and house keys.
In this way, information that should be protected with "eTRON" is "electronic entities". These "electronic entities" are stored in the eTRON-specification hardware "eTRON device" that supports information access control mechanisms and is physically and logically tamper-resistant. Additionally, based on a protocol called "eTP (entity Transfer Protocol)", a robust "peer-to-peer" secure communication channel can be established between eTRON nodes and information will be securely transmitted and received in the channel (Figure 3). eTP is a security protocol for eTRON that utilizes various types of cryptographic technology.
Figure 3: Information Security Pipeline established with eTP
■eTRON hardware and record of its use
eTRON architecture has various eTRON devices which correspond to each application. The eTRON/8 card is equipped with an 8bit microcontroller and an ISO/IEC 14443-compliant non-contact interface. This eTRON device is in the same form as a credit card operating with weak inductive current without battery (Photo 1). Also eTRON/16 chip incorporates 16bit microcontroller. There is a version with a dual-interface, equipped with both ISO/IEC 7816-compliant contact communication interface and ISO/IEC 14443 -compliant non-contact interface. eTRON/16 chip is designed under the assumption that it will be used by embedding into various computer nodes such as T-Engine and ubiquitous communicator. eTRON/16 chip is equipped with advanced instructions to support the development of various applications to deal with previously-mentioned electronic entities. As one of the implementations of eTRON/16 chip, we have UIM-form chip (Photo 2). Moreover as a successive eTRON devices for increased processing speed, larger memory capacity, increased communication speed and multiple functions have been developed. They include "SECURETRON32-B" corresponding to biometric authentication within chip (Photo 3), "UT01" with enhanced PKI function (Photo 4), and "UT03" with a few dozen MB of storage (Photo 5).
eTRON/8 card has been already used by more than 300,000 people at the Expo 2001: Experience the Future held in Kobe city, Hyogo Prefecture in 2001, National Museum of Emerging Science and Innovation (Miraikan) in Koto-ku, Tokyo, which was opened in 2001, and a Digital Museum III exhibit held at the University Museum of the
University of Tokyo in 2002. Also as an appliance using eTRON/16 device, "ubinet pass CO", a small device equipped with USB interface (Photo 6) and "ubinet pass AD-L", a small device equipped with ISO/IEC14443-compliant non-contact interface (Photo 7) are being developed. "Ubinet pass AD-L" is adopted as the electronic lock system in some parts of the Hongo campus of the University of Tokyo in 2006. In addition, conversion adaptor, "UT-SCI (Secure Contactless Interface)" (Photo 8) to use contact chip via non-contact interface is provided.
|
|
|
|
Photo 1: eTRON/8 Card |
Photo 2: UIM-type eTRON/16 Dual Device |
Photo 3: SECURETRON32-B
(picture courtesy of Dai Nippon Printing Co., Ltd.) |
Photo 4: UT01
(The University of Tokyo) |
|
|
|
|
Photo 5: UT03 |
Photo6: UbinetPassCO
(picture courtesy of Dai Nippon Printing Co., Ltd.) |
Photo 7: UbinetPass AD-L
(Dai Nippon Printing Co., Ltd.) |
Photo 8: UT-SCI
(The University of Tokyo) |
■Identification prevention technology
Identification prevention technology is a privacy control mechanism to enable owners of physical objects that are made intelligent using ubiquitous computing technology to utilize them safely and comfortably. Embedding electronic tags such as RFID tags into various physical objects will cause a risk that identification information stored in the tags may be read against the intention of the owners and their behavior maybe tracked by a third party. Such risks can be avoided by using identification prevention technology.
The point of identification prevention technology is that it is an access control mechanism against tag information (including IDs) that may become a clue for tracking behavior. This mechanism enables the owner of a physical object at that moment to control the access to information that may potentially encourage behavior tracking. The core technology to realize this identification prevention technology is an identification prevention air protocol (Figure 4). This protocol allows only proper readers/writers to access tag information. On the other hand, it does not allow other readers/writers to access such information and it does not respond to readers/writers that are not intended by the owner to track behavior. This is because not responding or simply responding with the same encrypted information each time may encourage behavior tracking. The identification prevention air protocol is technology to prevent tags from being identified by readers/writers other than proper ones.
Identification prevention technology is used as one of the criteria to be define a ucode tag security class in ubiquitous ID technology infrastructure.
Figure 4: Identification Prevention Air Protocol
■Flexibly Switchable Cryptographic system
A switchable cryptosystem (Figure 5) is a framework for cipher control management to automate smooth and secure cipher switching within devices and to utilize cryptographic algorithm that is the most appropriate for the situation and the environment for the use of cryptographic assets. This system is characterized by a mechanism that selects the most appropriate cipher and encourages the use of the selected module. This mechanism is linked with a cryptographic management server that manages all the cryptographic modules, based on the description of cipher evaluation standards with information on functions, types and attributes of the cryptographic modules.
Devices have a cryptographic control manager that controls, manages and maintains cryptographic assets. This enables upper level systems such as applications and middleware to leave everything from selection and execution of cryptographic modules appropriate for various conditions and environments to updating, switching and maintenance of these modules to this manager. This manager has a highly abstract security API that gives a full control of cipher-switching without influencing the upper level systems. In addition, by operating in collaboration with eTRON devices, the security of cryptographic key management and updating and distribution of ciphers is further strengthened.
Implementing a switchable cryptosystem makes it possible to flexibly deal with, as a total system, various security policies in execution environments and dangers that cryptographic technology may be exposed to outside threats.
Figure 5: Flexibly Switchable Cryptographic system
