UCH Goes EAL4—The Foundation of an Eco System for Ambient Assisted Living: ISO/IEC 15408 Common Criteria Based Implementation of the ISO/IEC 24752 Universal Control Hub Middleware
We are interested in an alternative to “built-in one-size-fits-all” user interfaces for appliances and services in intelligent environments. The ISO/IEC 24752 Universal Remote Console (URC) technology provides an open box that can connect arbitrary users with arbitrary appliances and services. Its core is the Universal Control Hub (UCH), a middleware providing standardized abstract interfaces that serves as a contract between a personalized user interface and the appliances/services. The UCH allows for “plugging” a new user interface into the abstract interface to adapt it to the user’s needs. Whereas the URC approach applies to intelligent environments in general (IoT, IoS), it has shown to be particularly useful when accessibility is a mandatory requirement. In order to foster an ecosystem that allows for sharing third-party resources, the Open URC Alliance has been founded. However, third-party resources are potential threats, which can harm the platform, its connected appliances, and even other resources involved. In fact, we are convinced that future usage of networked technologies, such as the URC technology, will not be possible unless a user will trust it. In this paper, we describe a pioneering effort by which we through a security-by-design approach along the prescriptions of the ISO/IEC 15408 common criteria (CC) methodology systematically develop and implement a secure UCH that guarantees fundamentally necessary security–privacy–trust properties, such as access control, role concepts, correct transportation of sensitive data, etc. The implementation is targeting a certification on the evaluation assurance level 4, that is, Methodically Designed, Tested and Reviewed.
KeywordsResource Server Common Criterion Online Banking Session Manager Security Objective
This research is partly funded by the Saarland government under the contract (Förderkennzeichen) T/2-EFI-001-04/05/2013 (SUCH). The responsibility for this publication lies with the authors. Special thanks go to Christer Samuelsson, Stefan Denne, David Maulat, Michael Kabdebo, and Gottfried Zimmermann for valuable comments during preparation of this paper.
- 1.CCRA Members: Common criteria for information technology security evaluation: Part 1: Introduction and General Model. Tech. Rep. Version 3.1, Revision 4, Common Criteria (September 2012). http://www.commoncriteriaportal.org/files/ccfiles/CCPART1V3.1R4.pdf
- 2.CCRA Members: Common criteria for information technology security evaluation: Part 3: Security Assurance Components. Tech. Rep. Version 3.1, Revision 4, Common Criteria (September 2012). http://www.commoncriteriaportal.org/files/ccfiles/CCPART1V3.1R4.pdf
- 3.Diaz-Orueta, U., Etxaniz, A., Gonzalez, M., Buiza, C., Urdaneta, E., Yanguas, J.: Role of cognitive and functional performance in the interactions between elderly people with cognitive decline and an avatar on tv. Univers. Access Inf. Soc. 13(1), 89–97 (2014). http://dx.doi.org/10.1007/s10209-013-0288-1
- 4.Frey, J., Schulz, C., Nesselrath, R., Stein, V., Alexandersson, J.: Towards pluggable user interfaces for people with cognitive disabilities. In: Proceedings of the 3rd International Conference on Health Informatics (HEALTHINF), pp. 428–431 (January 2010)Google Scholar
- 5.Gauterin, A., Alexandersson, J., Neßelrath, R., Schulz, C.H., Frey, J., Schmidt, A., Hoffmann, M., Kühn, G., Hauser, C., Kugler, M.: Accessible elevator. In: VDE (ed.) Ambient Assisted Living, 5. AAL-Kongress 2012. Technik für ein selbstbestimmtes Leben, VDE VERLAG GmbH (2012)Google Scholar
- 6.ISO: ISO/IEC 24752: Information technology—user interfaces—universal remote console, 5 parts. “International Organization for Standardization” (2008)Google Scholar
- 7.Mayer, C., Zimmermann, G., Grguric, A., Alexandersson, J., Sili, M., Strobbe, C.: A comparative study of systems for the design of flexible user interfaces. J. Ambient Intell. Smart Environ. (2015), to appearGoogle Scholar
- 8.Vanderheiden, G., Zimmermann, G.: Use of user interface sockets to create naturally evolving intelligent environments. In: Proceedings of the 11th International Conference on Human-Computer Interaction (HCI 2005). Caesars Palace, Las Vegas, Nevada USA (2005)Google Scholar
- 9.Zimmermann, G.: Universal control hub 1.0 (ATR). Tech. Rep. 1.0, openURC alliance (2013). http://www.openurc.org/TR/uch1.0-20131217/
- 10.Zimmermann, G.: URC-HTTP protocol 2.0 (ATR). Tech. Rep. 2.0, openURC alliance (2013). http://www.openurc.org/TR/urc-http-protocol2.0-20131217/
- 11.Zimmermann, G., Vanderheiden, G.: The universal control hub: an open platform for remote user interfaces in the digital home. In: Jacko, J.A. (ed.) Human-Computer Interaction. LNCS, vol. 4551, pp. 1040–1049. Springer (2007)Google Scholar
- 12.Zimmermann, G., Vanderheiden, G.: A dream\(\ldots \) The universal remote console. In: ISO Focus+. pp. 11–13 (February 2010)Google Scholar