Re: The Future of Security

[Damir Rajnovic <drajnovi () cisco com>]

Hello there,

At 10:59 06/12/1999 -0800, David LeBlanc wrote:
> So, I expect the processing power of these Java-enabled gizmos to be as
> small as possible, which also tells me that the IP stack isn't going to be
> sophisticated, and experience tells me that means they are probably prone
> to DoS attacks.  Next, we're talking about basing the security of these
> devices on some sort of ACL, yet they are supposed to 'discover' one
> another.  Discovery implies 2 things - one is that they will be chatty, and
> the other is that they will respond to requests for at least a minimal

See http://www.cl.cam.ac.uk/~fms27/duckling/ This paper addresses some 
of your questions.

The Resurrecting Duckling:
Security Issues for Ad-hoc Wireless Networks

Frank Stajano and Ross Anderson 

In the near future, many personal electronic devices will be 
able to communicate with each other over a short range wireless
channel. We investigate the principal security issues for such 
an environment. Our discussion is based on the concrete example of
a thermometer that makes its readings available to other nodes over 
the air. Some lessons learned from this example appear to be quite 
general to ad-hoc networks, and rather different from what we have 
come to expect in more conventional systems: denial of service, the 
goals of authentication, and the problems of naming all need re-examination. We present the resurrecting duckling 
security policy model, which 
describes secure transient association of a device with multiple 
serialised owners.

Cheers,

Gaus
============
Damir Rajnovic <drajnovi () cisco com>    Cisco PSIRT Manager
Team URL: <http://www-tac.cisco.com/Teams/PSIRT/>
Phone: +44 20 8756 9731      Mobile: +44 7715 546 033
4 The Square, Stockley Park, Uxbridge, MIDDLESEX UB11 1BN, GB
============
There is no insolvable problems. Question remanins: can you 
acceppt the solution?