What is the pervasive computing paradigm?
It looks forward to context-aware devices embedded in all parts of our environment, from our physical selves, to our homes, offices, streets and so forth. Humans will be surrounded by intelligent, intuitive, interfaces capable of providing information and communication facilities efficiently and effectively.
Systems will recognize the presence of individuals, perhaps even their mood, in an unobtrusive manner, modifying their functionality according to the user's changing needs. The prolific amount of communicating devices will provide and enable multiple dynamic networks at any one location. Users will be able to traverse these networks, passing seamlessly from one to another, coexisting in many at a single point in time.
While networks based on the server-client model will still exist (wired and wireless), they will have to interact dynamically with those that can operate quite differently, such as grids. Where many devices capable of true peer-to-peer communications are in close proximity to each other, they will be able to automatically form short-lived ad hoc mesh networks. Effectively, smart devices will become temporary nodes on a dynamic network, each capable of routing traffic to its neighbors.
There will be a requirement for both humans and their autonomous agents to move between environments seamlessly, with minimum effort, creating a truly ubiquitous intelligent environment. The systems created from the integration of these large, complex networks of smart devices will provide many new, ubiquitous services: nu-services. Ranging across the provision of local area information from devices embedded in the environment, integrated telematics services (e.g. wireless control of household appliances via voice in the car), wired home services (e.g. intelligent fridges capable of automatically ordering food online as stocks get low), wireless vending machines (imagine mobile telephones doubling as credit cards, passports and holding personal health information), to the remote monitoring of critical bodily functions.
Implications for information security
Crucial to securing any data is the ability to authenticate users permitted to have access. However, in a pervasive computing environment, access to trusted third parties and public key infrastructures is not guaranteed. So when users demand spontaneous security new means of authentication will have to be found.
In a pervasive computing environment it will be impossible to separate corporate networks from smart devices. Employees will unwittingly wear devices into the office; they will access their office VPN via wired homes, city hot-spots or utilizing mesh networks. The devices used to connect to such VPNs may also inadvertently provide unwanted visitor access to a corporate infrastructure. Boundary security policy mechanisms will have to evolve to support such a dynamic environment. Intrusion detection systems will have to be able to spot bad behavior distributed over dynamic networks of smart devices. It may not be feasible to offer single sign-on to networks, since users have no idea how many systems they are possibly signing on to.
With so many more devices potentially connecting to our networks we are likely to see an increased threat from distributed denial-of-service attacks. Likewise, so many more platforms capable of carrying infection will demand better anti-virus mechanisms. If it becomes possible to design self-extracting steganography algorithms, we may face the difficult challenge of protecting ourselves from viruses self-extracting themselves from images when we can't even tell that they are there. Clearly it is not feasible to educate against the use of images, as we have against the opening of executable files attached to email.
Grid technologies and quantum computing will provide huge amounts of computing resources. Quantum technology will potentially offer massive storage capabilities, although the capability is still immature and a long way off delivering. Grid technologies will enable larger calculations to be made by distributing them over many different physical resources in a manner transparent to the user. Ultimately, this could result in organizations utilizing competitors' resources to perform sensitive functionality. Grid technologies, and accompanying services, will make significant demands on security policy. It is unlikely that organizations will be happy for their data to reside physically on machines belonging to unknown organizations (and potentially competitors) without having convincing security measures in place.
QinetiQ research strategies
Such extreme changes in environment will demand both an evolution of current security methodologies, and extremely new approaches. There are many research strands being followed at QinetiQ to invent novel protection mechanisms against future threats; the three outlined here address key requirements for secure ubiquitous computing environments.
Hacker-tolerant networking
We have been a partner in an E.U. Information Society Technologies project named MAFTIA (malicious and accidental fault tolerance for internet applications). The aim of the project is to design networks that are no longer reliant on traditional boundary mechanisms, but can tolerate an intrusion. By distributing data, authentication services and intrusion detection services it is possible to build a system which can withstand larger numbers of servers being corrupted without compromising security of data.
High assurance methods
Analytical techniques have been developed which use formal methods for verifying that protocols and system architectures are secure, and that source code is correct, and to automatically generate test suites. Such techniques can not only identify potential errors, but also enable proof of correctness. As part of our work in the Department of Trade and Technologies Next Wave Technologies Programme we will continue to research methodologies for reasoning about protocols for key management, quality of service and wireless; security policies; agent technologies, and interoperability of communications devices. The project will address spontaneous secure communication, authentication policy matrices, evolving of trust models, and tools to guarantee integrity.
Future infection protection
Current techniques for infection protection typically employ boundary mechanisms that use 'signatures' of known infections. These rely upon syntactic descriptions, and provide no protection against unknown infections. Services currently exist which enable the removal of malicious code before it reaches the network, in cases when the infection spreads itself using email. We are investigating the use of formal methods to identify other semantic patterns in infection behavior. If successful this will enable the removal of whole classes of infection where the actual instance has not been seen before.
Dr Sadie Creese is technical manager for security assurance in the QinetiQ Trusted Information Management Systems Assurance Group (www.qinetiq.com).
QinetiQ is exhibiting at Infosecurity Europe, Europe's largest and most important information security event. Now in its 8th year, the show features Europe's most comprehensive FREE education program, and over 200 exhibitors at the Grand Hall at Olympia from April 29- May 1, 2003. www.infosec.co.uk
