Security for ambient intelligent systems

Abstract

Providing security in a distributed, ambient intelligent system is a huge challenge. The main reason is that the traditional security model is not valid anymore. Traditional security assumes that there is a vulnerable channel between communicating parties, where eavesdropping, modification of messages or denial of service attacks can occur. But it also assumes that the sender and receiver operate in some form of secure environment. Hence all models of attacks focus on the channel. Due to the distributed nature of ambient intelligent systems, the attack can be anywhere on the communication channels and on the devices. The attacker has the advantage that he can choose the easiest entry. For instance, a traditional concept like a firewall assumes that there is a trusted 'inside' and a distrusted 'outside' with a clear boundary between the two. In an ambient intelligent system, there is no inside and outside. Both the user and the attacker are inside the system. Similar arguments can be made for Virtual Private Networks (VPNs). VPNs are a sophisticated layer of software on top of existing infrastructure, like the Internet, to allow sender and receiver to communicate in a secure way. It typically provides end-to-end privacy and authentication for e-commerce, financial transactions, confidential information exchange in business environments, etc. It does not address the fundamental property of ambient intelligent systems, namely that the information is distributed in the system and not centralized in the endpoints that communicate, like a customer on a home PC talking to a bank. Even if every node could be provided with VPN software, it will not work, because its computation requirements are too high, and it would deplete the limited energy supply of typical nodes in an ambient intelligent system. Secondly, it does not protect against denial-ofservice attacks and sleep-deprivation attacks, two possible attacks in ambient intelligent systems. It is also too expensive for many typical set-ups of ambient intelligent systems. For instance, individual monitoring nodes, such as for temperature or seismic activity, do not contain a lot of useful information and the individual sensor readings do not need privacy protection as provided by VPNs. It is the combined knowledge of a large set of nodes or a whole area that provides useful information, such as to track activity in the environment. The privacy of that information is not even protected by a traditional VPN. Hence it is our opinion that security in an ambient intelligent system and in sensor networks is a system design problem. Security is difficult to provide, because a system is as secure as its weakest link. The attacker has the advantage that he can choose his entry point. Hence in an embedded context, all levels of abstraction need to be investigated regarding security. This includes system and protocol level, algorithm level, architectural level and physical level. We will give examples of each of these levels and illustrate this with examples. © 2005 Springer-Verlag Berlin Heidelberg.