Towards security auto-configuration for smart appliances

Now that smart home appliances are easily plugged into smart home networks, the question of how to simplify security management, especially of access rights, for such appliances arises. The problem is aggravated by the fact that home users cannot be considered as “skilled” administrators, but are instead often technology-unaware users. Establishing trustworthiness when it comes to secure smart appliances has been considered as a “holy grail” not met by any current technology. The SECURE project aims to develop security mechanisms based on human notions of trust, which may prove part of the solution. Trust-based security mechanisms allow access rights to evolve among previously unknown principals, thus minimizing security configuration. This paper outlines the process of applying the SECURE project’s security technology to smart home appliances with minimal user intervention.

[1]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[2]  Stephen Marsh,et al.  Formalising Trust as a Computational Concept , 1994 .

[3]  Paddy Nixon,et al.  Dynamic trust models for ubiquitous computing environments , 2002 .

[4]  Angelos D. Keromytis,et al.  Key note: Trust management for public-key infrastructures , 1999 .

[5]  S. Ungar,et al.  Home network security , 2002, Proceedings 2002 IEEE 4th International Workshop on Networked Appliances (Cat. No.02EX525).

[6]  Christian Damsgaard Jensen,et al.  Towards a Framework for Assessing Trust-Based Admission Control in Collaborative Ad Hoc Applications , 2002 .

[7]  James H. Aylor,et al.  Computer for the 21st Century , 1999, Computer.

[8]  R. Sietmann,et al.  UNIVERSAL PLUG AND PLAY , 1999 .

[9]  Sadie Creese,et al.  Authentication for Pervasive Computing , 2003, SPC.

[10]  Audun Jøsang,et al.  The right type of trust for distributed systems , 1996, NSPW '96.

[11]  R. Chen,et al.  Poblano A Distributed Trust Model for Peer-to-Peer Networks , 2001 .

[12]  Li Gong,et al.  User authentication and authorization in the Java/sup TM/ platform , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[13]  Christian Damsgaard Jensen,et al.  Bank Accounting and Ubiquitous Brokering of Trustos , 2002 .

[14]  Carl M. Ellison,et al.  SPKI Requirements , 1999, RFC.

[15]  Vipin Samar,et al.  Making login services independent from authentication technologies , 1995 .

[16]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[17]  Paddy Nixon,et al.  Security models for trusting network appliances , 2002, Proceedings 3rd IEEE International Workshop on System-on-Chip for Real-Time Applications.

[18]  Stephen Hailes,et al.  A distributed trust model , 1998, NSPW '97.

[19]  Yong Chen,et al.  End-to-End Trust Starts with Recognition , 2003, SPC.

[20]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[21]  Jean-Marc Seigneur,et al.  HOUSe-KEEPER, A Vendor-independent Architecture for Easy Management of Smart Homes , 2001 .