Abstract
As people use an increasing number of smart devices for their everyday computing, it is surprising that these powerful, internet-enabled devices are rarely connected together to create personal networks. The webinos project is an attempt to make this possible so that resources can easily be shared between devices, regardless of the operating system or network they are using. However, increased connectivity raises a number of security and privacy issues, and in this paper we introduce a public key infrastructure designed to be suitable for personal computing across multiple devices. We recognize the need for our PKI to work on both mobile and home networks, use existing online user identities and take into consideration the different interaction styles found on smart devices in different form factors. We propose a set of principles for personal key infrastructures, describe our implementation and outline how it mitigates common threats and issues.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kinkelin, H., Holz, R., Niedermayer, H., Mittelberger, S., Carle, G.: On Using TPM for Secure Identities in Future Home Networks. Future Internet 3(1), 1–13 (2011)
Müller, A., Kinkelin, H., Ghai, S.K., Carle, G.: An assisted device registration and service access system for future home networks. In: 2nd IFIP Wireless Days, pp. 1–5. IEEE (December 2009)
Mitchell, C.J., Schaffelhofer, R.: Chapter 3 - The Personal PKI. In: Security for Mobility. Institution of Engineering and Technology, pp. 35–61 (2004)
SHAMAN Project: Deliverable 13, work package 3 (November 2002), http://www.isrc.rhul.ac.uk/shaman/docs/d13a3v1.pdf
Niemegeers, I., Heemstra de Groot, S.: From Personal Area Networks to Personal Networks: A User Oriented Approach. Wireless Personal Communications 22, 175–186 (2002)
Jehangir, A., Heemstra de Groot, S.M.: Securing Personal Network Clusters. In: Proceedings of the Third International Conference on Security and Privacy in Communication Networks, SecureComm, pp. 320–329 (2007)
Egele, M., Kruegel, C., Kirda, E., Vigna, G.: PiOS: Detecting Privacy Leaks in iOS Applications. In: Proceedings of the 18th Annual Network and Distributed System Security Symposium, NDSS. The Internet Society (February 2011)
Hornyack, P., Han, S., Jung, J., Schechter, S., Wetherall, D.: These aren’t the droids you’re looking for: retrofitting android to protect data from imperious applications. In: Proceedings of the 18th ACM conference on Computer and Communications Security, CCS 2011, pp. 639–652. ACM (2011)
UPnP Forum: UPnP Device Protection Service. Technical report, UPnP Forum (2011)
Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of pgp 5.0. In: Proceedings of the 8th USENIX Security Symposium, SSYM 1999, p. 14. USENIX Association, Berkeley (1999)
International Telecommunication Union: ITU-T Recommendation X.1112 — Device certificate profile for the home network. Technical report, ITU (2007)
Baugher, M., Lortz, V.: Home-Network Threats and Access Controls. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 217–230. Springer, Heidelberg (2011)
Ford, B., Strauss, J., Lesniewski-Laas, C., Rhea, S., Kaashoek, F., Morris, R.: Persistent Personal Names for Globally Connected Mobile Devices. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, OSDI 2006, pp. 233–248. USENIX Association, Berkeley (2006)
Kubota, A., Miyake, Y.: Autonomous DNSSEC: Secured Pseudo DNS Domains for Personal Networks. In: 2010 IEEE GLOBECOM Workshops (GC Wkshps), pp. 1576–1580 (December 2010)
International Telecommunication Union: ITU-T Recommendation X.1111 — Framework of security technologies for home network. Technical report, ITU (2007)
International Telecommunication Union: ITU-T Recommendation X.1121 — Framework of security technologies for mobile end-to-end data communications. Technical report, ITU (2004)
The webinos consortium: User expectations of security and privacy phase 2 (September 2011), http://webinos.org/blog/2011/11/01/webinos-repot-user-expectations-of-security-and-privacy-phase-2/
Chia, P.H., Yamamoto, Y., Asokan, N.: Is this App Safe? A Large Scale Study on Application Permissions and Risk Signals. In: Proceedings of WWW 2012: The World Wide Web Conference (April 2012)
Lyle, J., Faily, S., Fléchais, I., Paul, A., Göker, A., Myrhaug, H., Desruelle, H., Martin, A.: On the design and development of webinos: A distributed mobile application middleware. In: Göschka, K.M., Haridi, S. (eds.) DAIS 2012. LNCS, vol. 7272, pp. 140–147. Springer, Heidelberg (2012)
Balfanz, D., Durfee, G., Smetters, D.: Making the Impossible Easy: Usable PKI. In: Security and Usability: Designing Secure Systems that People Can Use, pp. 319–334. O’Reilly, Sebastopol (2005)
Jones, P.E., Salgueiro, G., Smarr, J.: WebFinger: IETF Network Working Group Internet Draft (May 2012), http://tools.ietf.org/html/draft-jones-appsawg-webfinger-04
OASIS: Extensible resource descriptor (xrd) version 1.0 (November 2010), http://docs.oasis-open.org/xri/xrd/v1.0/xrd-1.0.html
Saxena, N., Ekberg, J.E., Kostiainen, K., Asokan, N.: Secure device pairing based on a visual channel. In: IEEE Symposium on Security and Privacy, 6 p.–313 (May 2006)
Nguyen, L.H., Roscoe, A.W.: Authenticating ad hoc networks by comparison of short digests. Information and Computation (an International Journal) 206(2-4), 250–271 (2008)
Kainda, R., Flechais, I., Roscoe, A.W.: Secure and usable out-of-band channels for ad hoc mobile device interactions. In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds.) WISTP 2010. LNCS, vol. 6033, pp. 308–315. Springer, Heidelberg (2010)
Taylor, D., Wu, T., Mavrogiannopoulos, N., Perrin, T.: Using the Secure Remote Password (SRP) Protocol for TLS Authentication. RFC 5054 (Informational) (November 2007)
Eastlake 3rd, D.: Transport Layer Security (TLS) Extensions: Extension Definitions. RFC 6066 (Proposed Standard) (January 2011)
Lyle, J., Monteleone, S., Faily, S., Patti, D., Ricciato, F.: Cross-platform access control for mobile web applications. In: Proceedings of the IEEE International Symposium on Policies for Distributed Systems & Networks. IEEE (July 2012)
Coker, G., Guttman, J.D., Loscocco, P., Sheehy, J., Sniffen, B.T.: Attestation: Evidence and trust. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 1–18. Springer, Heidelberg (2008)
Levy, H.M.: Capability-Based Computer Systems. Butterworth-Heinemann, Newton (1984)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lyle, J. et al. (2013). Personal PKI for the Smart Device Era. In: De Capitani di Vimercati, S., Mitchell, C. (eds) Public Key Infrastructures, Services and Applications. EuroPKI 2012. Lecture Notes in Computer Science, vol 7868. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40012-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-40012-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40011-7
Online ISBN: 978-3-642-40012-4
eBook Packages: Computer ScienceComputer Science (R0)