Security for Ubiquitous Computing / Edition 1

Hardcover (Print)
Buy New
Buy New from
Used and New from Other Sellers
Used and New from Other Sellers
from $99.29
Usually ships in 1-2 business days
(Save 25%)
Other sellers (Hardcover)
  • All (11) from $99.29   
  • New (7) from $99.29   
  • Used (4) from $106.06   


* Ubiquitous computing refers to computers embedded in everyday devices communicating with each other over ad-hoc wireless networks
* Focuses on two very hot topics: ad-hoc wireless networking and security
* Covers security issues for well-established and widely used technologies such as GSM, Bluetooth, and IP
* Presents a framework to make sense of the many and varied issues at stake, a taxonomy of the major problems and in-depth discussion of some specific, cutting-edge solutions
* Includes a primer on security and the basics of cryptography
* Describes the security issues in "peer-to-peer networking," a new technology that is gaining prominence in the media with applications such as Napster and ICQ Chat

Read More Show Less

Editorial Reviews

From the Publisher
"...a remarkably readable introduction to the in background material." (IEEE Network, New Books & Multimedia Column, November 2002)
From The Critics
Written for developers and researchers, this book describes the current state of ubicomp research and provides a concise introduction to general issues in security and cryptology. Technical aspects of ubicomp security are then discussed, as are peer-to-peer and ad-hoc networking. Chapters concentrate on authentication, confidentiality, integrity, availability, anonymity, functions, and existing network solutions. The emphasis throughout is on security solutions. Stajano teaches engineering at the University of Cambridge. Annotation c. Book News, Inc., Portland, OR
Read More Show Less

Product Details

Read an Excerpt

Security for Ubiquitous Computing

By Frank Stajano

John Wiley & Sons

ISBN: 0-470-84493-0

Chapter One


Ubiquitous computing is the vision of a world in which computing power and digital communications are extremely inexpensive commodities, so cheap that they are embedded in all the everyday objects that surround us. This book examines the security issues of such a scenario.

In this chapter we briefly introduce ubiquitous computing (more on this in the next chapter), we define some basic terminology and we point out the principal security concerns that we shall be facing.

1.1 Scenario

The established trend in consumer electronics is to embed a microprocessor in everything-cellphones, car stereos, televisions, VCRs, watches, GPS (Global Positioning System) receivers, digital cameras. In some specific environments such as avionics, electronic devices are already becoming networked; in others, work is underway. Medical device manufacturers want instruments such as thermometers, heart monitors and blood oxygen meters to report to a nursing station; consumer electronics makers are promoting the Firewire standard for PCs, stereos, TVs and DVD players to talk to each other; and kitchen appliance vendors envisage a future in which the oven will talk to the fridge, which will reorder food over the net.

It is to be expected that, in the near future, this networking will become much more general. The next step is to embed a short range wirelesstransceiver into everything; then many gadgets can become more useful and effective by communicating and cooperating with each other. A camera, for example, might obtain the geographical position and exact time from a nearby GPS unit every time a picture is taken, and record that information with the image. At present, if the photographer wants to record a voice note with the picture, the camera must incorporate digital audio hardware; in the future, the camera might instead let the photographer speak into her digital audio recorder or cellphone. Even better, the audio data might optionally take a detour through the user's powerful laptop, where a speech recognition engine could transcribe the utterance, so as to annotate the photograph with searchable text rather than just with audio samples-and of course this could be done at any time that the camera detects the proximity and availability of the laptop with the speech recognition service. In this scenario each device, by becoming a network node, may take advantage of the services offered by other nearby devices instead of having to duplicate their functionality.

This vision, as we shall see in chapter 2, was first put forward by Mark Weiser of Xerox PARC, who coined the locution "ubiquitous computing" in 1988. Between then and now, many research organizations have started projects to explore various facets of this vision, and some of this research is now materializing into consumer products. In 2001, the most visible commercial incarnations of this idea were two open standards for wireless radio networking: Bluetooth, originally thought of as a "serial cable replacement" for small computer peripherals, and 802.11, originally developed as a wireless LAN system for laptops. Estrin, Govindan and Heidemann present a future scenario of ubiquitous embedded networking that encompasses this and much more.

1.2 Essential terminology

Computer people generate neologisms at an alarming rate. The inflation of trendy buzzwords and acronyms is all too often a dubious marketing gimmick to cover the lack of contents, but there are cases in which a new term genuinely is the best way to describe a new technology or a new way of doing things. I leave it to the reader to decide whether my use of new terms in this book falls in the first or the second category, but it seems in any case a good idea to define the most relevant ones in advance.

The focus of this work shall be the examination of security issues for ubiquitous computing and ad hoc networking. The Oxford English Dictionary (henceforth "the OED") defines "ubiquitous" as

Present or appearing everywhere; omnipresent.

With ubiquitous computing we refer to a scenario in which computing is omnipresent, and particularly in which devices that do not look like computers are endowed with computing capabilities. "A computer on every desk" does not qualify as ubiquitous computing; having data processing power inside light switches, door locks, fridges and shoes, instead, does.

As we saw in section 1.1, we envisage a situation in which all those devices are not only capable of computing but also of communicating, because their synergy then makes the whole worth more than the sum of the parts. We do not however expect a fixed networking infrastructure to be in place-certainly not one based on cables. It would be less than practical to run data cables between switches, locks and fridges-not to mention shoes. A wireless network infrastructure looks more plausible: as happens with mobile telephones, a base station could cover a cell, and a network of suitably positioned base stations could cover a larger area. But we are interested in a broader picture, in which even this arrangement may not always be possible or practical: think of a photographer taking pictures in the desert and whose camera wants to ask the GPS unit what coordinates and timestamp to associate with the picture. The computing and the communications may be ubiquitous, but the network infrastructure might not be. In such cases the devices will have to communicate as peers and form a local network as needed when they recognize each other's presence. This is what we mean by ad hoc networking. The OED defines "ad hoc" as

Devoted, appointed, etc., to or for some particular purpose.

The wireless network formed by the camera and the GPS receiver is ad hoc in the sense that it was established just for that specific situation instead of being a permanent infrastructural fixture.

Finally, it would perhaps be desirable to define security, not because the term is new or unfamiliar, but because it is overloaded, and may be interpreted differently by different readers.

A common mistake is to identify security with cryptology, the art of building and breaking ciphers (cryptography and cryptanalysis respectively). While it's true that cryptology gives computer security many of its technical weapons, to identify the two is to miss the big picture and to expose oneself to less glamorous but probably more effective attacks. As demonstrated by Anderson with a wealth of case studies, what fails in real life is rarely the crypto.

In a nutshell, security is really risk management. Security is assessing threats (bad things that may happen, e.g. your money getting stolen), vulnerabilities (weaknesses in your defences, e.g. your front door being made of thin wood and glass) and attacks (ways in which the threats may be actualized, e.g. a thief breaking through your weak front door while you and the neighbours are on holiday), estimating costs for the threats, estimating probabilities for the attacks given the vulnerabilities, developing appropriate safeguards (a priori vaccines) and countermeasures (a posteriori remedies), and implementing the ones for which the certain price of the defence is worth spending compared to the uncertain loss that a potential threat implies.

In this context it is apparent that cryptology is only one of many tools, not the discipline itself. Amoroso, whose clear terminology we adopted in the previous paragraph, offers a rigorous overview of this process. Schneier, author of an extremely popular cryptography textbook, candidly admits in a later book to having previously missed the forest for the trees.

Having clarified this, I shall give an overview of computer security mechanisms for the uninitiated reader in chapter 3.

1.3 Problems

Ubiquitous computing imposes peculiar constraints, for example in terms of connectivity, computational power and energy budget, which make this case significantly different from those contemplated by the canonical doctrine of security in distributed systems.

A well-established taxonomy subdivides computer security threats into three categories, according to whether they threaten confidentiality, integrity or availability. Let us review these three fundamental security properties given the preconditions of ubiquitous computing.

Confidentiality is the property that is violated whenever information is disclosed to unauthorized principals. Everyone realizes that wireless networking is more vulnerable to passive eavesdropping attacks than a solution based on cables: by construction, information is radiated to anyone within range. It is natural to expect that the security requirements of a wireless system will include addressing this concern.

Integrity is violated whenever information is altered in an unauthorized way. This applies both to information within a host and to information in transit between hosts. Imagine a wireless temperature sensor on your roof that relays its measurements to a display inside your house (at ORL we built a prototype of such a device for Piconet in 1998, as part of a playground of simple communicating devices which also included fans, displays, logging nodes and so on (see section 2.5.5); but a much nicer, if less versatile, commercial version could probably be bought at Radio Shack even then). If an attacker modifies either the sensor's firmware or the transmitted messages so that the displayed temperature is off by 10 degrees then, if you are sufficiently gullible, you may be cheated into wearing the wrong type of clothes for that day's weather. If this does not look like a terribly dramatic security violation, imagine instead that the sensor is monitoring a patient's temperature in a clinic or, even better, that it is part of an alarm system for a nuclear power plant. As happens with confidentiality, the wireless nature of communications increases the vulnerability of the system to integrity violations: if the receiver listens to the strongest signal that "looks right", an attacker wishing to substitute forged messages for the original ones only needs to shout loudly enough, without having to splice any cables. As for the integrity of hosts, as opposed to that of messages in transit, the ubiquitous computing vision of unattended devices ready to communicate with whoever comes in range clearly makes it likely that an attacker will sooner or later tamper with such unattended devices if this can bring her any benefits.

Availability is the property of a system which always honours any legitimate requests by authorized principals. It is violated when an attacker succeeds in denying service to legitimate users, typically by using up all the available resources. As we remarked about integrity, the fact that ubiquitous computing implies unattended devices opens the door to many abuses. If we envisage that these ubiquitous hosts might accept mobile code that roams from one of them to another, then denial of service might also be caused by malicious programs that lock up the host device.

While illustrating the three fundamental security properties of confidentiality, integrity and availability we have repeatedly referred to "authorized principals". It follows that a fundamental prerequisite of a secure system is the ability to establish whether any given principal is or is not authorized to perform the action it is requesting. To define "who is authorized to do what" is the duty of the security policy, a concise specification of the security goals of the system. In order to ascertain whether the policy authorizes a principal to perform an action, there is also a need for identification (finding out who the principal claims to be) and particularly authentication (establishing the validity of this claim). Authentication is one of the foundations of security: it is easy to come up with examples that demonstrate that, in its absence, the three fundamental properties can be trivially violated. (Looking for example at confidentiality, even if your communications are protected with military-grade encryption, you are still liable to suffer from a disclosure threat if you have unknowingly established your encrypted channel with a recipient other than the one you intended.) Since authentication is such a central issue, we shall examine how various existing systems deal with it and then turn to the peculiar problems encountered in performing authentication in ad hoc networking, where the absence of infrastructure makes the traditional approaches impracticable.

We shall also look more closely at a peculiar aspect of confidentiality that is not quite mainstream: anonymity. Most of the attention devoted to confidentiality concentrates on how to prevent disclosure of the contents of messages, which leads naturally to cryptology. Sometimes, however, the really sensitive information is not in the body but in the header. Given the same number of pages, a detective or a spy will generally find an itemized phone bill for his target much more revealing than the transcript of any individual phone call. This sort of attack is called traffic analysis. The danger is not limited to the world of secret agents: credit cards and loyalty cards record your spending patterns, cash machine transactions and cellular telephone calls timestamp your whereabouts, and the fusion of all these logs can be used to build disturbingly detailed and intrusive dossiers on private individuals. As we design the technology that will enable ubiquitous computing, we have a duty to protect future users (ourselves included) from what could otherwise turn by default into an Orwellian ubiquitous surveillance.

We shall examine each of these problems in turn: I have dedicated one chapter to each of the boldface terms in this section. Finally, an appendix offers a brief survey of deployed network security solutions.

1.4 Notation

Existing notations for encryption are many and varied. To some extent, each author seems to come up with his or her own preferred flavour. I shall not break with this tradition: in the interest of explicitness, I shall adopt my own personal variation that will allow us to mention the cipher explicitly where this is useful, and to identify the function being performed without relying on implicit inferences from the key in use. We shall use the function names E, D, S, V, h and MAC respectively for encryption, decryption, signature, verification, hash and message authentication code (see chapter 3 for definitions of these terms), with optional subscript and superscript to indicate key and algorithm. So

E(m), [E.sub.[K]](m), [E.sup.AES.sub.I


Excerpted from Security for Ubiquitous Computing by Frank Stajano Excerpted by permission.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

About the Author.




Contact Information.

1. Introduction.


Essential terminology.



2. Ubiquitous computing.

Xerox PARC.

Norman's Invisible Computer.


HP's Cooltown.

ORL/AT&T Labs Cambridge.

Security issues.

3. Computer security.





Security policies.

4. Authentication.

New preconditions.

The Resurrecting Duckling security policy model.

The many ways of being a master.

5. Confidentiality.

Cryptographic primitives for peanut processors.

Personal privacy.

6. Integrity.

Message integrity.

Device integrity.

7. Availability.

Threats to the communications channel.

Threats to the battery energy.

Threats from mobile code.

8. Anonymity.

The Cocaine Auction Protocol.

The anonymity layer.

9. Conclusions.

Appendix A: A Short Primer on Functions.

Appendix B: Existing Network Security Solutions.

Annotated bibliography.


Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)