Title: Security in Pervasive Computing (Abstract of Invited Talk)
Abstract: The audience of SPC 2003 needs no introduction to the Mark Weiser vision of ubiquitous computing: the etymological meaning of “computing present or found everywhere” is not to be taken in the narrow sense of “a computer on every desk” but rather in that of embedding computing and communication capabilities into all the everyday objects that surround us. Various embodiments of this vision have been proposed over the past fifteen years by researchers from all over the world, covering the whole spectrum of implementation maturity from thought experiments to well-engineered commercial solutions. From self-contained information appliances such as Norman’s hypothetical “home medical advisor” to the microscopic embedded RF-ID tags proposed by the Auto-ID Center that allow the washing machine to refuse to wash your precious white shirts until you remove the red sock that got in there by mistake, the idea of computing devices pervading our environment is now much closer to reality than to science fiction. Moving from one computer per company in the 1960s to one computer per desktop in the 1990s to hundreds of computers per person in the current decade is an enormous quantitative change. So large, in fact, that it becomes also a quantitative one. Many old solutions will not scale by so many orders of magnitude. Recycling obsolete paradigms may lead to expensive mistakes—particularly in the field of security. Authentication is an area in which the advent of pervasive computing will require new ideas and new strategies. We have relied for a long time on passwords as the primary mechanism for authenticating a user to a computer; this solution was never particularly user-friendly (“invent a password, including funny characters and numbers, that you won’t forget or write down, but that nobody could possibly guess”), but it is obvious that it will never scale to the scenario of hundreds of computers per person. Interestingly, the very first computers—of ENIAC and EDSAC vintage—did not require passwords to be accessed: one would just walk up to them and load a punched paper tape in the reader. Neither did the first personal computers, before they were linked up into LANs or the Internet. These are examples of the “Big Stick” security policy model: whoever has physical access to the device is allowed to take it over. In its simplicity, this policy is a very good match for many real-world situations. It is effective, sensible and reasonably easy to enforce. In many pervasive computing usage cases it will be a better strategy than passwords. Big Stick, however, is not suitable for every situation. Think of a vending machine or, for a more extreme example, a safe. A central new problem in the pervasive computing scenario is therefore that of “Secure Transient Association”: pairing up a master and a slave device so that the slave will
Publication Year: 2004
Publication Date: 2004-01-01
Language: en
Type: article
Access and Citation
AI Researcher Chatbot
Get quick answers to your questions about the article from our AI researcher chatbot