I have written the security chapter for a multi-author volume on ubiquitous computing that will be published by Springer later this year. For me it was an opportunity to pull together some of the material I have been collecting for a possible second edition of my 2002 book on Security for Ubiquitous Computing—but of course a 30-page chapter can be nothing more than a brief introduction.
Anyway, here is a “release candidate” copy of the chapter, which will ship to the book editors in a couple of weeks. Comments are welcome, either on the chapter itself or, based on this preview, on what you’d like me to discuss in my own full-length book when I yield to the repeated pleas of John Wiley And Sons and sit down to write a new edition.
Some feedback:
I like the historic intro, but if you consider this being a chapter in a much longer book you might repeat a lot of the history and thereby wasting at least 2 pages. I always find this annoying in multi-author books.
You cite some books by author and not more clue (title).I would add the book titles in the text to avoid people to refer to your bib index to know which you mean.
On page 5 you use the term “risk” as likelihood of occurrence, which is just one (less often used?) possible meaning. It could also mean “possible threat outcome” with more attributes like likelihood, cost of mitigation and severity of damage. (But I do agree that it is very important to make clear it is always a trade off, there is no 100% security)
Page 9 – backup haha: you might need to add some solutions here. For example apples iPods have the property that for most management functions you need to sync them which automatically backs up, this is a good solution, devices should always backup the data as a natural process.
You should maybe mention the term multi factor authentication.
2.2 repeats a bit the location concerns of 2.1
I think for technologies Bluetooth, NFR and WLAN are a large risk contributor, they are missing here.
Another large technology risks are zombies: if million of devices can be controlled by an attacker (worm) and the owners don’t care about updates (why should anybody update the firmware on a 5$ kitchen clock) then this is a major threat to infrastructures (DDOS)
2.3 The RFIDs in the European travel pass have an interesting property you might mention: the OCR of the number in order to authenticate for reading basic data (i.e. w/o visual contact you cant identify a person. this assumes if you let somebody look at your pass you agree with identification) (unless you did your crypto wrong like the Dutch with too small keys)
For section 3.2 you might want to mention the OLPC project which tries to implement a software protection system on the laptops which allows children who cannot read(!) to handle it but still allow open access to the devices: http://wiki.laptop.org/go/OLPC_Bitfrost
Classical usability problems are default-open WLANs, Bluetooth Pins or SSL Certificate Dialogs.
BTW: I had actually quite some more suggestions and while reading the next page i deleted them from the nodes since you mentioned them. Therefore I am quite pleased with the text.
I miss some statements at the end what needs to change for people to get sensitive about the problems. However, I am not sure what actually can be done beside preaching.
Greetings
Bernd
Good summary. For the question at the end about the part ordinary users must play in the security of ubicomp, we need to recast the idea: “technical hygiene”, perhaps?
Re: The generic lack of security is therefore also due to the fact that customers don’t appear to place a high value on it,
as shown by their unwillingness to pay any substantial extra premium to obtain it (Acquisti, 2004).
This misinterprets the evidence. The suggestion is that non-customers are not persuadable to pay a substantial extra premium for a promise of good security. Damn right – people who care about security have ample reasons to be a very cynical lot and not believe such claims. Doesn’t mean they don’t value it.
Re: You may design strong security and privacy protection features only to see that your users don’t actually care and just leave them all disabled for simplicity.
Not necessarily. I have left my phone logon protection disabled, not because I don’t care, but because the security risk is low, and I can slightly increase my privacy by making any record of my calls and movements deniable. Other people may do the same with their home computers and wireless routers. These are cases where so-called privacy “protection” may actually reduce privacy.
I agree with you that the first step is always to educate the general public about the risks. These days there isnt much teaching and preaching going on as there is selling and manipulating.
IT security issues have become ubiquitous since virtually any (non) action in daily life can potentially imply juridical or financial consequences, and even the most banal activities cause privacy concerns when ‘observed’ by computers. These security issues should be identified and highlighted to the public.
Thanks a lot to all for your valuable comments which all helped improve the material, whether adopted or not. All of you were duly credited in the acknowledgements. I have now shipped my camera-ready copy to the editors. Once the copy-editors do their stuff and I have a really final version I’ll put it on my web page.
I am glad that several of you cared about that last bit, which is also the one dearest to my heart. Yes, we have a duty to educate the general public, but without preaching to them. Personally, I’ll keep doing my best with forthcoming writing and speaking engagements.
@Bernd: extra thanks for the time and thought you put into your detailed and perceptive comments! If and when I do a second edition of the book, you’d make a valuable technical reviewer if you wanted to.
Frank I would be happy to help you with that Work and do some Review.
(and if you can get Springer to send me a review book, I can also blog it and write a amazon review of this book project 🙂
Gruss
Bernd
Thanks Bernd.
As for the review copy, I might be able to do that with the 2nd ed of my own Wiley book but it’s unlikely it will happen with this multi-author Springer one—believe it or not, I’ve had to negotiate extensively even to get the promise of a single copy of it for myself as a contributing author, and never mind any mention of royalties.
In the end I only wrote this chapter for Springer (but retaining the (C)) because one of the editors is a friend and because I had something I wanted to write anyway that I hope readers will appreciate.