Security for ubiquitous computing

SECURITY FOR UBIQUITOUS COMPUTING

Security for Ubiquitous Computing

Frank Stajano

Copyright q 2002 John Wiley & Sons, Ltd

ISBNs: 0-470-84493-0 (Hardback); 0-470-84869-3 (Electronic)

WlLEY SERIES IN COMMUNICATIONS NETWORKING & DISTRIBUTED SYSTEMS.

Series Editor: David Hutchison, Lancaster University

Series Advisers: Harmen van As, TU Vienna

Serge Fdida, University of Paris

Joe Sventek, Agilent Laboratories, Edinburgh.

The ‘Wiley Series in Communications Networking & Distributed Systems’ is a series of expert￾level, technically detailed books covering cutting-edge research and brand new developments in

networking, middleware and software technologies for communications and distributed systems.

The books will provide timely, accurate and reliable information about the state-of-the-art to

researchers and development engineers in the Telecommunications and Computing sectors.

Other titles in the series:

Wright: Voice over Packet Networks

Jepsen: Java for Telecommunications

Mishra: Quality of Service

Sutton: Secure Communications

SECURITY

FOR UBIQUITOUS COMPUTING

Frank Stajano

University of Cambridge, UK

JOHN WILEY & SONS, LTD

Copyright 0 2002 by Frank Stajano

Published by John Wiley & Sons, Ltd

Baffins Lane, Chichester,

West Sussex, PO1 9 1 UD, England

National 01 243 779777

International (+44) 1243 779777

e-mail (for orders and customer service enquiries): [email protected]

Visit our Home Page on http://www.wiley.co.uk or http://www.wiley.corn

All Rights Resewed. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any

form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except under the terms

of the Copyright Designs and Patents Act 1988 or under the terms of a licence issued by the Copyright Licensing Agency,

90 Tottenham Court Road, London, W1 P 9HE, UK, without the permission in writing of the Publisher, with the exception of

any material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive

use by the purchaser of the publication.

Neither the author(s) nor John Wiley & Sons, Ltd accept any responsibility or liability for loss or damage occasioned to

any person or property through using the material, instructions, methods or ideas contained herein, or acting or

refraining from acting as a result of such use. The author@) and Publisher expressly disclaim all implied warranties,

including merchantability of fitness for any particular purpose.

Designations used by companies to distinguish their products are often claimed as trademarks. In all instances where

John Wiley & Sons, Ltd is aware of a claim, the product names appear in initial capital or capital letters. Readers,

however, should contact the appropriate companies for more complete information regarding trademarks and

registration.

Other Wiley Editorial Ofices

John Wiley & Sons, Inc., 605 Third Avenue,

New York, NY 101 58-001 2, USA

WILEY-VCH Verlag GmbH

Pappelallee 3, D-69469 Weinheim, Germany

John Wiley & Sons Australia Ltd, 33 Park Road, Milton,

Queensland 4064, Australia

John Wiley & Sons (Canada) Ltd, 22 Worcester Road

Rexdale, Ontario, M9W 1 L1, Canada

John Wiley & Sons (Asia) Pte Ltd, 2 Clementi Loop #02-01,

Jin Xing Distripark, Singapore 129809

British Library Cataloguing in Publication Data

A catalogue record for this book is available from the British Library

ISBN 0470 84493 0

Produced from PostScript files supplied by the author.

Printed and bound in Great Britain byT J International Ltd, Padstow, Cornwall.

This book is printed on acid-free paper responsibly manufactured from sustainable forestry, in which at least two trees

are planted for each one used for paper production.

To Carl Barks

“The Duck Man”

1901-03-27 - 2000-08-25

Master storyteller and meta-inventor

Creator of Gyro Gearloose

Contents

About the author ............................. xi

Foreword ................................. xii

Preface ................................... xiv

Acknowledgements ............................ xvii

Contact information ............................ xx

1 Introduction 1

1.1 Scenario ............................... 1

1.2 Essential terminology ........................ 2

1.3 Problems .............................. 4

1.4 Notation ............................... 6

2 Ubiquitous computing 8

2.1.1 Disappearing computing .................. 9

2.1 XeroxPARC ............................ 9

2.1.2 Tabs, pads and boards ................... 10

2.1.3 Calm technology ...................... 12

2.2 Norman's Invisible Computer .................... 13

2.3 MIT ................................. 15

2.3.1 Tangible bits ........................ 15

2.3.2 The WearComp ....................... 16

2.3.3 Auto-ID ........................... 21

2.3.4 Oxygen ........................... 25

2.4 HP'S Cooltown ........................... 26

2.5 ORL/AT&T Labs Cambridge .................... 27

2.5.1 The Active Badge ...................... 28

2.5.2 The Active Floor ...................... 35

2.5.3 The Active Bat ....................... 37

2.5.4 TRIP ............................ 40

2.5.5 PEN ............................. 43

2.6 Security issues ........................... 48

vi

Contents vii

2.6.1 The disappearing computer ................. 49

2.6.2 The voting button ...................... 50

2.6.3 The input recognition server ................ 50

2.6.4 The Home Medical Advisor ................ 51

2.6.5 The Weather and Traffic Display .............. 52

2.6.6 The Home Financial Center ................ 52

2.6.7 Security versus usability .................. 52

2.6.8 The WearCam ....................... 54

2.6.9 Networked cameras and microphones ........... 55

2.6.10 Auto-ID ........................... 56

2.6.1 1 The Active Badge and other location systems ....... 56

2.6.12 Recording gadgets and other devices that Hollywood dislikes 59

3 Computer security 60

3.1 Confidentiality ........................... 60

3.1 .l Encryption and decryption ................. 61

3.1.2 Security by obscurity (don’t) ................ 61

3 .l . 3 Brute force attacks ..................... 62

3 .I . 4 The confidentiality amplifier ................ 64

3.1.5 Stream and block ciphers .................. 65

3.1.6 Public key cryptography .................. 66

3.1.7 Hybrid systems ....................... 67

3.1 . 8 Other vulnerabilities .................... 68

3.2 Integrity ............................... 69

3.2.1 Independence from confidentiality ............. 69

3.2.2 Error-detecting codes .................... 70

3.2.3 Hash ............................ 70

3.2.4 MAC ............................ 71

3.2.5 Digital signature ...................... 72

3.2.6 Integrity primitives compared ............... 73

3.3 Availability ............................. 75

3.4 Authentication ............................ 75

3.4.1 Passwords .......................... 76

3.4.2 One time passwords .................... 77

3.4.3 Challenge-response and man-in-the-middle attacks .... 78

3.5 Security policies ........................... 82

3.5.1 Setting the goals ...................... 82

3.5.2 The Bell-LaPadula security policy model ......... 83

3.5.3 Beyond multilevel security ................. 84

... v111 Contents

4 Authentication

4.1 New preconditions .........................

4.1.1 The absence of online servers ...............

4.1.2 Secure Transient Association ................

4.2 The Resurrecting Duckling security policy model .........

4.2.1 Imprinting and reverse metempsychosis ..........

4.2.2 Recovery of the imprinting key ...............

4.2.4 Bootstrapping ........................

4.2.5 The policy’s principles ...................

4.2.6 Anonymous authentication .................

4.2.7 Other uses for the Duckling model .............

4.2.8 The computer as a duckling ................

4.3 The many ways of being a master .................

4.3. l Human or machine? ....................

4.3.2 Smart dust .........................

4.3.3 Mater semper certa ......................

4.2.3 Multilevel souls .......................

4.3.4 Further indirection issues ..................

5 Confidentiality

5.1 Cryptographic primitives for peanut processors ..........

5.1.1 Asymmetric asymmetric cryptosystems ..........

5.1.2 Maximum rate vs . maximum number of cycles ......

5.2 Personal privacy ...........................

5.2.1 The “only dishonest people have things to hide” fallacy . .

5.2.2 Leaving traces on shared devices ..............

5.2.3 Secure disposal vs . encrypted storage ...........

6 Integrity

6.1 Message integrity ..........................

6.1.1 Integrity for point-to-multipoint ..............

6.1.2 Guy Fawkes .........................

6.1.3 TESLA ...........................

6.2 Device integrity ...........................

6.2.2 Tamper resistance ......................

6.2.3 Trusted path .........................

6.2.1 The relationship between integrity and authenticity ....

85

85

85

87

88

88

89

90

91

91

93

94

95

98

99

99

100

102

106

107

107

110

111

111

114

118

123

123

124

125

126

127

127

128

131

Contents ix

7 Availability 133

7.1 Threats to the communications channel .............. 134

7.1.1 Redefining “denial of service” ............... 134

7.1.2 Covert communication techniques ............. 135

7.1.3 Speaking to unknowns ................... 135

7.1.4 Plutocratic access control .................. 136

7.1.5 Cryptographic puzzles ................... 137

7.2 Threats to the battery energy .................... 138

7.2.1 Peanut devices have limited energy ............ 138

7.2.2 Resource reservation .................... 140

7.3 Threats from mobile code ...................... 145

7.3.1 The watchdog timer .................... 146

7.3.2 The grenade timer ..................... 148

7.3.3 Limiting the addressable range ............... 150

8 Anonymity 152

8.1 The Cocaine Auction Protocol ................... 153

8.1.1 Why a cocaine auction? .................. 153

8.1.2 The protocol ........................ 155

8.1.3 Attacks ........................... 156

8.2 The anonymity layer ........................ 160

8.2.1 The dining cryptographers ................. 160

8.2.2 Anonymous broadcast based on physics .......... 161

8.2.3 A fundamental protocol building block .......... 162

8.2.4 The strength (or weakness) of broadcast anonymity .... 164

9 Conclusions 166

A A short primer on functions 169

A.l Sets ................................. 169

A.2 Relations .............................. 170

A.3 Functions .............................. 171

A.4 Functions of many arguments .................... 173

B Existing network security solutions 175

B.l Needham-Schroeder ........................ 176

B.l. 1 The original protocol .................... 176

B.1.2 Denning-Sacco ....................... 177

B.2 Kerberos ............................... 179

B.3 Public key infrastructures ...................... 181

B.4 IPSEC ................................ 184

X Contents

B.5 SSL/TLS ..............................

B.6 GSM .................................

B.7 Bluetooth ..............................

B.7.1 System overview ......................

B.7.2 Security services ......................

B.7.3 Link keys ..........................

B.8 802.11 ................................

188

190

193

193

194

196

200

Annotated bibliography

About the author

Frank Stajano is a faculty member in the Department of Engineering of the Uni￾versity of Cambridge (United Kingdom), where he holds the ARM Lectureship in

Ubiquitous Computing Systems at the Laboratory for Communications Engineer￾ing.

Having been elected a Toshiba Fellow, he spent one year as a visiting scientist

at the Toshiba Corporate R&D Center in Kawasaki (Japan), conducting research

on ubicomp security and writing this book. While in Japan he also collaborated in

research activities with the Universities of Kei6 and Waseda.

Prior to these appointments he spent 8 years as a research scientist at AT&T

Laboratories Cambridge (formerly ORL), where he took part in several research

projects and gained extensive experience of innovative ubicomp systems both as a

user and as a developer. He worked on a variety of topics from distributed multi￾media to object oriented scripting and web programming, as well as on the security

of the PEN (formerly Piconet) embedded networking system.

He holds a Ph.D. in computer security from the University of Cambridge and a

Dr. Ing. in electronic engineering from Universith “La Sapienza” of Rome (Italy).

Outside computers his main area of expertise is comics, a subject on which he

coauthored two books. He is fluent in three languages and is currently learning a

fourth. He is also a keen practitioner of Japanese martial arts, in particular jtid6 and

kend6.

Foreword

Twenty or even ten years ago, computer security was a marginal speciality for geeks

who liked to obsess about things like enciphering email. Nowadays, it is centre

stage. Cyberterrorism and electronic fraud are the subject of hand-wringing press

articles; but that’s only the beginning.

Financial and political power are now largely exercised through networked sys￾tems. Cash machine and credit card networks decide whether you can get money;

burglar alarm networks decide whether the police will come to your house; identify￾friend-or-foe systems tell the military which aircraft might be worth intercepting.

Most of the investment in cryptography and computer security goes to ensure that

these sinews of civilisation will continue to perform dependably in the way that

their builders envisaged.

Within another ten years, all sorts of devices that are stand-alone or not even

computerized will be connected to the net; your fridge, your heart monitor, your

bathroom scales and your shoes might all work together to monitor (and nag you

about) your cardiovascular health. There will be more sinister aspects: the military

is already funding research on “smart dust” to provide universal surveillance, and

tiny robot insects to sting enemies to death.

How will power and control be exercised in this brave new world?

Already, powerful interests are staking out huge territories. Hollywood has bul￾lied the consumer electronics industry into building copyright control mechanisms

into a wide range of gadgets; now DVD players, games consoles and even some

PCs enforce security rules that are often against their owners’ interests and wishes.

You may record your lectures on a minidisc recorder, and then find that you can’t

back up the recordings anywhere. And it’s not just “information” goods that end up

being controlled in annoying ways by others. Insurance firms in Norway insist that

the owners of expensive cars fit an alarm that monitors the car’s location using GPS

and reports it using a GSM mobile phone. But what’s the point of buying a Jaguar

if you have to fit an alarm whose log will invalidate your insurance if the car is ever

driven at half its rated top speed? For whom is the system providing “security”?

Security in ubiquitous computing is going to be a huge issue, for both engineers

and policy people alike. That’s why this book is important.

As Frank Stajano worked for years at AT&T Labs, which spawned much of

the technology, he can give many good examples-active badges, smart floors,

x111 ...

intelligent coffee machines, even CD covers that cause your home music system

to play the album when you open them. Many of these have raised surprising new

security issues, involving complex trade-offs between usability, privacy, reliability

and control.

Protecting large networks of simple devices also raises a lot of difficult tech￾nical problems. Conventional solutions, such as public key infrastructures, tend

to be unworkable or just simply irrelevant; conventional security policies, such as

protecting those transactions deemed “confidential”, don’t block the attacks we are

most concerned about. Here we come to Frank’s original work-protection mech￾anisms with such delightful names as the “Resurrecting Duckling Security Policy”,

the “Grenade Timer” and the “Cocaine Auction Protocol”.

Security in the twenty-first century is going to be a much more complex busi￾ness. It will include a lot more technical issues and will touch the everyday world

at many more points. Developers and policy people are going to have to learn to

think in new ways. Frank’s book can help make that fun.

Ross Anderson

Cambridge, UK

Preface

The brief and frantically evolving history of computing and digital communications

is entering another major paradigm shift.

It took computers barely half a century to evolve from grandiose isolated room￾sized machines, affordable only by a handful of major organizations, to inexpensive

multimedia-capable PCs, now commonplace in every home and office, connected

to form a worldwide internet. The next major evolutionary step, in part already

underway, brought about by a synergy of hardware miniaturization, wireless com￾munications and distributed software systems, is going to be ubiquitous comput￾ing (ubicomp for short). No longer just one or two, but hundreds or thousands of

computers per human being, now in the form of networked processors invisibly

embedded in everyday objects rather than in conventional keyboard-and-monitor

boxes.

Many of us have already lost track of the number of objects we own that contain

a microprocessor (try listing them). In the future many more objects, from appli￾ances to furniture to clothes, not to mention nanotechnology-based robots, will

contain embedded processors, and will also be endowed with short-range wireless

networking capabilities. Today, some manufacturers embed audio input hardware

in their digital camera so that you can annotate your pictures by voice. This is an in￾elegant kitchen-sink-style design: why should a still picture camera be encumbered

with audio hardware? Tomorrow, though, manufacturers will be able to embed ad

hoc networking capabilities into everything, and you will be able to annotate the

photographs in your camera by speaking into your cellphone, which already in￾corporates digital audio hardware as part of its primary function. Devices will be

able to share hardware peripherals and offer their services to each other. Industry

shares this vision: in 2001, membership in the Bluetooth SIG was almost unani￾mous among companies in consumer electronics, computing or communications.

However, when everything is capable of spontaneously and autonomously ex￾changing data with anything else in range, new concerns come about. You like to

be able to “beam” your electronic business card from your PDA to that of a new

acquaintance, but who exactly is in a position to consult the entries in your ad￾dress list or diary? As these devices become more and more pervasively integrated

in our daily routine, and as they get to know more and more about our preferences

and habits, the privacy issues of the secrets held by our digital butlers acquire a new

xv

relevance. Besides, if your wirelessly networkable PDA now even carries electronic

money, how do you guard against invisible electronic pickpockets who don’t even

have to touch you to burgle you?

There are many fine books on computer security, and new ones are now com￾ing out on ubiquitous computing, ad hoc networking and specific implementation

technologies such as Bluetooth and 802.1 1. What’s missing is a book focusing on

the intersection of the two topics: sufficiently specialized on ubiquitous comput￾ing that it does not spend most of its page budget on unrelated issues, like most

security books do, and at the same time much more detailed than the obligatory￾but-not-particularly-insightful security chapter typically found in the current crop

of books on wireless networking.

This is it. This is the book written for people interested in “the big picture”

on the security issues of ubiquitous computing. It is aimed at a technical audience

but does not require prior knowledge of either security or ubicomp. It will also be

valuable to readers versed in only one of these two fields, who will find it a gentle

introduction to the other.

The style is simple and equations-free. The book opens with a panoramic view

of the many facets of the ubicomp phenomenon and continues with a readable

jargon-busting primer on security and the important concepts of cryptology. After

a survey of these fundamentals, the book focuses on the aspects that make ubiq￾uitous computing security different from that of traditional distributed systems. It

provides pointers to first-hand sources and to current research in an extensively an￾notated bibliography; where appropriate, it also presents new inventions to solve

new problems in authentication, availability and anonymity. There is also an ap￾pendix reviewing, for comparison, the security solutions adopted in a number of

well known distributed systems.

I know from direct personal experience that the engineers, researchers and man￾agers who are interested in a sound technical introduction to ubicomp security are

busy professionals whose reading time is limited. With this in mind, my aim has

been to produce a readable, technically accurate, up to date and short book. This

is not a cookbook full of implementation recipes, or an encyclopaedia that tells the

clueless practitioner what to do in every possible case. It is instead a technical

overview of the field, including a broad framework to make sense of it all, a taxon￾omy of the major problems and a few in-depth discussions of specific problems.

Even though the first commercial implementations of some aspects of the ubi￾comp vision are now starting to appear, the grand scenario is still definitely a thing

of the future; and ubicomp security, which would be a global property of the whole

system, certainly hasn’t happened yet. I wish it does before the deployment is

complete.

For this wish to be granted it is necessary for everyone involved to approach