Contributions: The main idea of the paper is that when a product is
unwrapped, it imprints itself to the first signal it hears. That
signal becomes its master. According to the authors, that ensures
that new products are controlled only by their intended owners. Once
the owners want to sell, the object is told to die. The product can
be resurrected for new use.
Presentation: The presentation was at a high-level and was quite
intuitive. They present a very novel approach to wireless and ad hoc
networks.
Weaknesses: The authors mention an attack on ad hoc networks to drain
battery power. A variant of that attack I read about in my database
class is an attacker interfering with the network traffic causing the
nodes to start communicating with each other. Their conclusions
section is rather brief. I cannot say (for example) that really like
sentences full of parenthesis (a parenthesis is a round looking
thing), because too frequent use of them (and also dashes too) starts
making a sentence rather dreary to read (and ultimately takes too much
time to read) and is (quite) frustrating, because a parenthetical
expression (this is a parenthetical expression) can usually be reduced
to a separate (and possibly smaller) separate sentence.
Future Work: An actual implementation with their experimental results
seems to be the next natural step in their research.
============================================================================
What are the contributions of the paper?
The paper represents new security requirements and challenges in
ad-hoc wireless networks and provides its resurrecting ducking
security policy model to think about the solution space.
What is the quality of the presentation?
The quality of the presentation is excellent. The sections are well
structured. The system constraints are clearly indicated. The wireless
thermometer prototype is very helpful to explain the security issues
and the metaphor about biology makes their ideas easy to understand.
What are the strengths of the paper?
The paper comprehensively investigated the security issues in ad-hoc
wireless networks in early times (1999) and clearly explained these
issues in the paper. It effectively addresses some security issues
that normally do not exist in other environments, such as battery
exhaustion, secure transient association and imprinting.
What are the weaknesses of the paper?
No concrete solutions are provided or indicated.
What is some possible future work?
The future work might be to design new protocols and to develop new
technologies that can be used to build up the networks and its devices
with the desired security features.
============================================================================
What are the contributions of the paper? New resurrecting duckling
security policy model designed especially for low power nodes in the
ad-hoc wireless networks. An attempt to solve authentication problem
for the environment without common trusted authority.
What is the quality of the presentation? Good. Clear structure,
right logic. But too scarse bibliography, a lack of paper desciption
alogn with some informalities. Using of medical terms for no reason.
What are the strengths of the paper? Realistic assumptions on the
wireless network nodes. Good ideas on possible attacks.
What are its weaknesses? Although authors presented the
priority-based approach for assuring that node's resources are
devoted to the primary client mainly, an attacker can pretend to be
primary service and achieve the same goal - draining of a battery,
because authentication will require a lot of power. I'd recommend to
use another strategy: do not allow too frequent communication with
anyone, but if secondary clients use the service too often - just
report about this to the primary client.
Wireless imprinting based on a secret key is not secure: 1. secret key
can't be secret as long as it is the same for all devices and is
transmitting without encoding (even in the case of using code, the
message can be repeated) 2. the intruder can connect to the duckling
just after the secret key is send by the real mother and imitate the
latter The issue can be solved by requiring of physical contact for
imprinting (mentioned in the paper), but this is not always possible
and convenient.
If several mothers are presented, the idea to treat the first sends a
packet as the real mother is unadequate - user's and his
neighbourhood's remote controls can interfere in this case.
The idea of "master password" known by manufacturer is not secure -
after the one-time information leaking all devices will become
vulnerable to intruders.
The authors mentioned a prototype of wireless termometer, but didn't
give any more info.
What is some possible future work? Work on the leaks in the
resurrecting duckling security model. Find out if new types of
attack (such as sleep deprivation torture attack) mentioned in the
paper can violate proposed security model. What about using the same
nodes by several "mothers"?
============================================================================
This paper examines the main security issues in an ad-hoc wireless
network of mobile devices. Due to the system constraints, denial of
service, authentication, naming, and tamper resistance are all
different from those in conventional systems. Particularly, it
presents the resurrecting ducking security policy model, which
describes the secure transient association of a device with multiple
serialized owners.
It avoids all the mathematical symbols and formulas and it does not
follow the rigid format which conference papers usually have. However,
a brief summary should be made at the end of a section to reinforce
the author's viewpoints in this section.
The main strength is it opens a way for the authorization mechanism,
the resurrecting ducking security policy model, which implements the
secure and transient association between devices and users. However,
it is only on the theoretical level. It is needed to implement the
resurrecting ducking security policy in real wireless networks, and
examine whether the secure transient association can be fully
realized.
============================================================================
The main contributions of this paper are to examine the security
issues that face ad-hoc networks and to offer a possible solution to
address them. It defines availability as being the most important
aspect of an ad-hoc network, followed by authenticity and integrity.
It also briefly discusses the concept of confidentiality in such
networks. The paper offers a couple of policies on how to address
these issues, the most notable of which is the “resurrecting ducklingâ€
security model to allow devices to associate with each other. This
model basically defines a method for associating a lower device with a
controlling device and how such associations could be reset.
The overall quality of the presentation was quite good. The paper was
fairly easy to read as is usually the case in papers that don’t
contain much technical information. This paper flowed a little
differently than most I’ve read; instead of discussing all the issues
in a opening section then providing solutions to these issues in later
sections, it discussed each section then immediately provided a
solution. This method helped to keep the issues and solutions more
closely associated in the readers mind.
The paper had quite a few strengths. The greatest of these was
probably the use of a single example which carried throughout the
paper. Using a single example in this way makes it much easier for
the reader to stay focused on the concepts rather than getting lost
trying to interpret many different examples, or worse, have to
visualize the concepts with no examples at all. The paper also used
some creative and interesting analogies, such as the “resurrecting
ducking†and the concept of the duckling’s “body†being inhabited
by multiple “souls†to illustrate the principles. This kept the
paper interesting while giving the reader a useful frame of reference.
The paper did however have a couple of weaknesses. First, the paper
barely even attempted to cover the topic of confidentiality, and
basically only said “use encryptionâ€. The fact that this section is
right before the conclusion almost makes it seem like the author
simply got tired of writing the paper and decided to stop. Second,
the paper really doesn’t give any technical example or test results of
the principles that it is discussing.
The future work derived from this paper would basically be to expand
the principles given (especially the concept of confidentiality) and
perhaps build a prototype ad-hoc network illustrating the principles.
============================================================================
What are the contributions of the paper?
The paper presents a study of ad-hoc wireless network, considering
several security properties: availability, authenticity, integrity,
confidentiality. The work is based on a concrete example of a
thermometer, and also tries to generalize the study to more general
cases. Considering a number of possible owners of a "new-born" device,
the work presents the resurrecting duckling policy model.
What is the quality of the presentation?
The presentation is quite good. The paper presents a good flow between
the introductory sections and the content sections. Taking a real case
(thermometer) example was a good idea, so that the reading flows more
smoothly than working with theoretical concepts. On the other hand, I
personally found the conclusion of this paper quite weak. I would
expect the conclusion to tell what was new in this work compared to
related literature, and not just repeating some points presented in
the text.
What are the strengths of the paper?
In my opinion, the most interesting ideas brought by the authors were
to think in very constrained environments used in an ad-hoc wireless
network. More precisely, rethinking the importance of confidentiality,
integrity and authenticity, given that the nodes are quite limited in
processing and in power. However, one or more of these properties may
be required in other real-world applications.
What are its weaknesses?
Considering a concrete example (thermometer) was a good idea, and made
the paper understanding much simpler. However, I think that this
approach has a major drawback of not considering other devices and
more general cases. This way, I think the paper could have considered
the problem of security issues more generally. Another weakness of
this paper is that it does not consider side-channel attacks during
the imprinting process. What would happen if the imprinting process is
performed in an environment with multiple attackers? How to recover
from an erroneous imprinting, where the device recognizes Malice as
its mother? Even if the secret material is performed using physical
contact, which is simple, cheap and effective, the secret is
transmitted in plaintext. This way, several side-channel attacks could
take place. I think the paper could show how such devices would be
resistant to side-channel attacks. Furthermore, since a secret key is
going to be reused several times, how to protect the system from
replay attacks? In my opinion, the paper should answer all these
questions to be more complete.
What is some possible future work?
Possible future work could study more general devices in order to make
the analysis more comprehensive. In addition to this, the paper should
consider the presence of attackers and answer the questions above.
============================================================================
While the ideas presented in the paper may not have been novel, credit
must be given to the authors who unified them to present a very
practical "Resurrecting Duckling" security policy. The wide spectrum
of issues addressed, such as battery-life, processing power,
multi-device communications and maintenance were are all focused
around the practicality of the security policy. The paper also
discusses a few topics such as tamper-resistance and change of
ownership (of a device) which I believe are important concerns and are
generally not given much attention while discussing security and
ubiquitous computing.
Although the authors recognize that their approach is a compromise
between ubiquity and security, I feel that they fail to address
properly the situations in which it may not be feasible to implement
their suggestions. The paper takes the example of a thermometer in a
hospital and it forms the basis of the discussion but I feel that it
would not take much to imagine a different scenario where perhaps the
requirements and threat model could be very different making their
assumptions and suggestions perhaps a little unrealistic.
Overall I found the paper to be very enjoyable. Due to its simple
language and the metaphors to real life, the paper is a pleasurable
reading experience.
============================================================================
What are the contributions of the paper?
-Presents overview of wireless networks -Presents security issues
-Presents attacker models that are specific to wireless / small
devices for example: battery drain -Presents a security model that is
base on animal's imprinting instincts as well as proposed solutions
for some security issues
What is the quality of the presentation?
-Good, clear, precise and well reorganized
What are the strengths of the paper?
-The imprinting idea is new and very interesting -Great introduction,
lots of background information provided for readers with limited
security or networking knowledge
What are its weaknesses?
-Not much in my opinion.
What is some possible future work? -Possibly some usability / user
friendliness improvement on the model. The paper presents some
complicated functionality to say just a thermometer. Functions such
as setting proper dying date, resurrecting and similar set up
procedure can be overwhelming for users that only wants to read the
temperature outside.
============================================================================
What are the contributions of the paper?
The paper gives a brief introduction of ad-hoc wireless network
environment and investigate the main security issues in the ad-hoc
wireless network environment. For each of the security issue, the
paper discusses the potential security problems and possible
solutions. Under the topic of Authenticity, the paper presents the
resurrecting duckling security policy model, which describes the
describes the secure transient association of a device with multiple
owners.
What is the quality of the presentation?
The presentation of the paper is generally good. By first giving an
introduction, then discussing the main security issues and finally
solutions and conclusions, The structure of the paper is very well
organized and audiences can follow the flow of ideas easily. However,
the conclusion part is Very small compared with the introduction part
and authors should use some graphs, charts and figures to support the
ideas, even though the paper is not very technical.
What are the strengths of the paper?
The introduction part of Adhoc wireless network is very clear and
system constraints listed are very realistic to reflect the real
situations. The authors use a thermometer and a emerging duckling as
the concrete examples to explain the concepts and this makes the paper
very readable for both technical and non-technical audience. The
authors discuss the preconditions, possible attacks and potential
solutions for each of the security issues, so that readers can have a
good insight of the real world situations of the ad-hoc wireless
environment.
What are its weaknesses?
The authors discuss very little/brief about the associations between
each of the security issues and provide little supporting ideas about
how we can improve one security issue without affecting another. For
example, how we can improve authentication process without delaying
the service or decreasing the availability and how we can improve the
availability under the constraints of high latency.
What is some possible future work?
The authors can do more investigations on the possible attacks against
the ad-hoc wireless network such as: middle man attacks and playback
attacks and the possible solutions against these attacks. Having
presented the concept of "resurrecting duckling" security model, many
audiences might be interested about how the model can be implemented
such as what techniques are being used for interactions among the
users and how the service/security level can be optimized under these
constraints listed at the beginning of the paper.
============================================================================
> CONTRIBUTIONS
This paper explores security issues in ad-hoc wireless networks with
intermittent communication where power and processing capabilities are
limited. The authors argue (mostly through examples) that conventional
security schemes which provide authentication, naming and service
availability are not applicable to such networks. They also introduce
a novel attack: "sleep deprivation torture" and a new security policy
model: the "resurrecting duckling".
> QUALITY
This paper serves as a survey of security techniques (circa 1999) and
how/if they are applicable to ad-hoc wireless networks with
constrained resources. Some of the information and examples are now
out of date (we now have converged devices such as cell phones that
contain cameras, eliminating the need for a security to scheme to
protect a camera that talks to a cell phone) but in general, the paper
is clear and well-written.
> STRENGTHS
The authors cover all the key security properties (confidentiality,
integrity, authenticity and availability) and their application to
ad-hoc wireless networks with constrained resources (peanut cpu,
limited battery power and high latency). They also present a new
attack ("sleep deprivation torture") and a new model for security
policy (the "resurrecting duckling").
> WEAKNESSES
The paper doesn't provide any experimental evidence for the ideas
presented; there is no implementation to evaluate the "resurrecting
duckling" model or a demonstration of the "sleep deprivation torture
attack" (although this one is easy to believe/understand).
> FUTURE WORK
There could be more work on tamper-resistance (with regards to the
core bootstrap portion of code in a node that accepts software
upgrades), further studies on how to ensure the integrity of a node
and more research on the idea of secure transient association (an
implementation and analysis of the ideas presented in this paper would
be great).
============================================================================
What are the contributions of the paper? - This paper points out the
new problems in Ad-hoc Wireless Networks, namely: availability,
authenticity, integrity and confidentiality. These problems are
different from the classical environment. - This paper also gives
concrete example via a thermometer to illustrate the problems arisen
from the Ad-hoc Wireless Networks environment. - Moreover, a strategy
is proposed by this paper to address the Authenticity problem. The
strategy is named "The resurrecting Duckling". The strategy has things
to do with Imprinting, Resurrecting and Transmitting of soul. These
are words used to indicate the relationship between software and
hardware of a node and actions that could be done on a node.
-------------------------------------------------------------------------------------------------------------------------
What is the quality of the presentation? - The presentation gently
introduces audiences to new problems in the new environment. Sections
are well designed to help the reading. - Overall, the presentation is
solid.
-----------------------------------------------------------------------------------------------------------------------------
What are the strengths of the paper? - This paper realizes the new
problems, distinguishes as well as relates them to the classical
problems in computing in general. Problems are clearly pointed out for
examining. - Practical examples via the thermometer have real value
to relate current problems to the discussion. This helps to make the
discussion concrete. - An interesting strategy is proposed based on a
natural concept "Birth".
-------------------------------------------------------------------------------------------------------------------------
What are its weaknesses? - While Authenticity is discussed at length,
Availabilty, Integrity and Confidentiality lack details. - Privacy
issued is not looked into. A section regards Privacy should exist. -
Although thermometer does it job in the discussion, this paper needs
more discussion for general devices. Not every device in this
environment has poor CPU, Memory, etc. Possible communications
between a variety of devices are mostly left out. - To complete the
discussion, human factor should be mentioned. Responsibility of the
human in an environment enriched with wireless devices becomes more
important. Leaving behind a PDA or a Security Badge breachs any
security measure.
-------------------------------------------------------------------------------------------------------------------------------
What is some possible future work? - Providing more details for
sections Availabilty, Integrity, and Confidentiality. - Addressing
Privacy issues. - Incorperate human factor into the discussion. -
Looking into other types of attack that have been materialized
recently.
============================================================================
Topics of wireless network are getting more and more popular. There is
an advertisement in MC showing that a graduate of Master of Math from
Waterloo who is a leader of the wireless network department in Google
will give a talk on the state-of-art wireless network development. It
is hard not to see fanfares about wireless network in this world right
now, but little do we know how secure it is (at lease by then when it
was a "duckling").
The Author gave a different view on security concerns about this more
and more digital and networked world. With the emerge and on-going
research of Ad-hoc wireless network, pretty much everything with an
embedded system has the potential to be networked. The Author examined
the main security issues and weighted them in the order of
human-relevancy. For availability, the idea of sleep deprivation
torture really caught my eye. Personally, I think this is a kind of
side-channel attack. Actually I think most of the attacks in this
paper belong to side-channel attack domain. In the section of
Authenticity, the author presented his "resurrecting duckling"
security policy (it is interesting to know the biological phenomenon
"imprinting"). The presentation in this section is very strong as the
Author uses metaphors and statements back and forth to elaborate his
idea. The next section Integrity also contains many metaphor and
lively examples. Overall the paper is very well presented, and very
easy to read. In my opinion, wireless network is more prone to
side-channel attack than any other systems. The signal is easily
available and the devices sending/receiving signal are more easily to
be tampered with. I wish the Author can zoom in on a specific issue
and deploy a more in-depth discussion, but nonetheless this paper
served as an great introduction at the time it was written to the
security issues involved in wireless network.
============================================================================
1.What are the contributions of the paper? The main contribution of
this paper is that it found out some security problem of ad-hoc
wireless network and offered a solution called the resurrecting
duckling security policy model. Also, the detail and some concepts of
this model are impressive, such as the imprinting which is ably used
biology notion for reference. Moreover, the model of secure transient
association is interesting.
2.What is the quality of the presentation? I think it is good. It used
a concrete example—thermometer, and most of the presentation based on
the example makes it integrated and easy to understand. The structure
of the presentation is clear, since this paper is just explaining some
of the models and theirs principles.
3.What are the strengths of the paper? The strengths were put on the
topics of Authenticity. In this part, the paper provided some new
models and concept, all of them are impressive. Especially the
imprinting, the paper used a big space to talking about its principles
and usability.
4.What are its weaknesses? The idea for me is a little bit
abstract. Since there is a lab of the topic and they are doing some
experiment, why they do not show us some real work or some result of
their work. Also, the mechanism of the imprint is a little bit hard to
use and they do not provide some authentication of the imprint itself.
5.What is some possible future work? Since the development of the
ad-hoc wireless network is faster than ever before, there should be
lots of future work for them. Based on this paper, I think they need
some time to test the usability of the models and make some
amelioration.
============================================================================
This paper investigates the security issues that arise in ad-hoc
wireless network of mobile devices. Some of required security
properties are discussed, namely, confidentiality, integrity and
authenticity, and availability. The authors describe the issues of
securing a temporary connected devices by resurrecting duckling
security policy model. Imprinting, reverse metempsychosis and escrowed
seppuku are the resurrecting duckling security policy discussed in the
paper. this paper spells out the problems and opportunities in an
ad-hoc environment.
The authors have a vision in looking for devices that have an embedded
processor and a transceiver. The paper was presented by giving an
example in the ad hoc environment; witch is the wireless temperature
sensor. The authors mentioned the system constraints in ad-hoc
networks witch includes peanut CPU, battery power and high
latency. Then, resurrecting duckling security policy were
discussed. The presentation of the paper seems to me quite good and
wide space solution was propoesd.
In imprinting policy of the resurrecting duckling security, how is a
secret shared between the mother device and the duckling. If the
public key encryption is used then too much operations for thin device
and what about the vervication?
============================================================================
The paper examined the main security issues that arise in an ad-hoc
wireless network of mobile devices. It analysis the main constraints
on such kind of systems: Peanut CPU, Battery power and High latency,
and enumerates the new problems arise because of these
constraints. The secure issues of availability, authenticity,
integrity and confidentiality are studied in order. A novel threat to
availability ---sleep deprivation torture is brought to
notice. Limitations on the acceptable primitives for cryptographic
protocol are also discussed. Besides these new problems, the author
also spells out new opportunities opened up by the model of secure
transient association. They believe this kind of association will
become increasingly important in real networking application. The
solution the author proposes is formalized in the Resurrecting
Duckling security policy model. The slave device is the duckling,while
the master controller acts as its mother duck. The duckling may be in
one of two states, imprinted or imprintable, depending on whether it
contains a soul or not; it starts (pre-birth) as imprintable, becomes
imprinted at birth when a mother duck gives it a soul, and it becomes
imprintable again on death,when the soul dissolves. The soul is a
shared secret that binds the duckling to its mother: as long as the
soul is in the body, the duckling will stay faithful to the mother and
obey no one else. Resurrection is allowed, as the name of the policy
suggests, but the duckling's metempsychosis works in reverse: instead
of one soul inhabiting successive bodies, here we have one body
hosting a succession of souls. The soul is originally transferred from
mother to duckling over a non-wireless channel (e.g. electrical
contact) in order to bootstrap the rest of the protocol. Death, which
makes the duckling imprintable by a new mother, may be triggered by
the conclusion of the current transaction or by a deliberate order
from the mother duck, but not by one from an outside principal. The
mother duck should backup the soul with local escrow parties since, if
the soul is lost (for example because your dog chews on the remote
control), the duckling will be unresponsive to any other principal and
it will be impossible to reset it to the imprintable state. The
presentation of this paper is quite good. The author has a talent for
making descriptions of quite complex technology palatable (and often
even humorous) through the use of analogy, metaphor and other forms of
allusions to the non-digital world. "The Resurrecting Duckling
security policy" explores a metaphor for the ownership of mobile
devices based on Konrad Lorenz's theory of parenthood by imprinting
(first demonstrated in ducklings). The explanation of the concept
"reverse metempsychosis" summarize what happen to the devices
vividly. The paper presents a novel approach in ad-hoc networking and
does provide authentication. However, the paper only covers cases
involved a definite master-slave relationship between the mother and
the duckling. We can envisage cases of ad-hoc networks between devices
that it would be more natural to consider as peers. This flaw has been
remedied in a second paper "The Resurrecting Duckling --- What Next?",
which was published a year later than this paper. The new model
introduces temporary master-slave relationship, use of credentials and
policies which enable peer-to-peer relationship and the concept of
"godmother". To protect the original mother, the method of different
levels of control is also presented. The extended model covers a wide
range of new uses and it seems that most of the practical scenarios in
ad- hoc wireless networking has been addressed. Future work may be
addressing more security threats and extending the model to more
complex networks.
============================================================================
What are the contributions of the paper?
The paper has two main contributions. The first is the analysis of
security issues in ad-hoc wireless networks and the ways in which they
differ from other types of networks. The second is the "resurrecting
duckling" security policy, a proposed model to implement a desirable
property identified for such networks, secure transient association.
What is the quality of the presentation?
The quality is reasonably high. The tone of the paper is rather
whimsical and uses colourful metaphors such as calling the software on
a device its soul. This both hurts and helps the paper. On the one
hand, the metaphor helps to explain the proposed solution and make it
easily understandable. On the other hand, talking about reverse
metempsychosis in a paper about network security seems very out of
place and is occasionally distracting.
What are the strengths of the paper?
The greatest strength of the paper is in how it breaks from the
traditional areas of interest in network security and suggests new
priorities and interesting areas for pervasive, ad-hoc wireless
networks of mobile devices. New threats and attacks are identified and
their implications are discussed. Additionally, all of these things
are explained in a way that is easy to understand.
What are its weaknesses?
One weakness of the paper is that many of the solutions it proposes,
including the "resurrecting duckling" model, are left quite vague
without much detail about how they would function and how effective
they would be in practice. Also, the paper makes statements about what
properties would be of greatest importance to typical users without
any indication that actual users were consulted at all. Finally, the
duckling metaphor, while at times illuminating, is also rather strange
and could be seen as a weakness as readers may not be inclined to take
it seriously.
What is some possible future work?
Since the paper is mostly theoretical, much future work could be done
in implementing and putting into practice some of the ideas and
solutions that were proposed. Also, while the paper has intuitions
about what is most important to typical (i.e. non-military) users of
these networks, more work could be done to find out if these really
are their priorities.
============================================================================
The paper entitled "The Resurrecting Duckling: Security Issues for
Ad-hoc Wireless Networks" is a well organized and interesting report.
It discusses the main security issues that arise in an ad-hoc wireless
environment of mobile devices. The authors introduce the resurrecting
duckling security policy model that represents a solution using secure
transient association. The authors use the example of a thermometer
that makes its temperature readings available to devices over the air.
The term "resurrecting duckling" is used for this security policy
because it represents the behaviour of a duckling when it first
emerges from its egg and how it will recognize its mother as the first
moving object it sees that makes a sound. This imprinting behaviour
is what the authors are presenting for their wireless devices and
their respective owners. Using an ignition key to associate the
device with its owner, the awakened device can then only be controlled
by the owner. This model presents a solution that would combat a
variety of attacks including attacks where devices are controlled by
other people. It also makes stolen devices practically useless.
The quality of the presentation of this paper is good. It has a good
introduction where background information is presented in an
understandable manner. The paper flowed quite nicely, making it a
very easy read. The authors discussed future possibilities in
wireless networks where devices would take advantage of the services
of nearby devices rather than having to duplicate its functionality.
This involves more communication with devices and more security issues
in this environment. This paper shows well defined constraints for
systems which support ad-hoc networks. It then nicely presents the
security properties in order of importance, which makes sense. These
constraints and security properties strengthen the quality of the
paper since it touches on real and important issues that occur in a
wireless environment. Various attacks such as sleep deprivation
torture would cause the devices to not be available due to battery
exhaustion. This, along with many other examples, demonstrates that
there are more security issues in wireless networks than just
eavesdropping.
An area of this paper that has weakened its quality is in its
discussion of confidentiality. It mentions that authenticity is a
real issue in this sort of environment and the authors didn't discuss
any sort of tested solutions on this subject.
Some future work in this area could involve: - better, effective
battery management for mobile devices; - addressing issues for
physical tampering of devices; for example, the transducer sensor for
the thermometer could be easily tampered with causing readings to be
incorrect; - implementations of an ad-hoc wireless environment with
this security model.
Overall, this paper is intriguing and well developed. It is quite
enjoyable to read as the authors touch on some interesting issues in a
wireless environment along with a creative solution model.
============================================================================
Contributions of the paper:
This paper tries to investigate and address security issues in
wireless ad-hoc networks. The authors consider an environment in which
many principals act as network peers in intermittent contact with each
other. The major security concerns which are discussed are:
availability, integrity (and authenticity which is considered related
to integrity) and confidentiality. Considering three system
constraints, namely, computation power, battery power and high
latency, the authors conclude that while strong symmetric cryptography
is feasible, asymmetric cryptography is not.
The authors believe that availability is the most important security
concern and also state that unlike military environments, jamming is
not the biggest issue, but "sleep deprivation torture attack" against
battery life is the most important. To address this issue they suggest
prioritizing tasks. For the authentication problem the authors reason
that the classical approach based on "centralized system
administrator" is not practical. They specify the desired
authentication system as "secure transient association" which is
decentralized, transient and secure.
The authors solution for the above mentioned security requirements is
a system named "resurrecting duckling." This approach suggests that a
secret be "imprinted" into a device by the first entity that contacts
the devices after its "born." The authors suggest adding features such
as "reverse metempsychosis" for example by an identifiable
transaction, by ageing or by instructed suicide. It also seems to be
possible to consider "multilevel security concepts" in this new
model. The authors ultimate solution to many possible threats during
the imprinting is "physical contact." To address the integrity problem
in the absence of enough computation power to perform digital
signature, the use of shared secret key and MAC functions is
suggested. The authors discuss that this method is as dependent on
"tamper proofness" as the conventional digital signatures based on
public/private keys are.
The authors remark about confidentiality is interesting. They strongly
believe in the precedence of authentication to confidentiality, and
once former is done, the latter is just a matter of encryption. The
common secret resulted from the authentication phase can be used for
purposes such as spread-spectrum or frequency-hopping.
Quality of the presentation:
The paper is very well written i.e. the verbal presentation of the
paper seems to be excellent, especially because of its use of a
concrete example in the context of the PicoNet project. The also
clearly tell the reader about the source of their ideas about the
proposed security system which makes the paper very intuitive.
On the other hand lack of a well defined system model along with
related notations is the most important presentation deficiency
problem of the paper. The authors could have use some established
notation to summarize their proposed system in the form of a concise
and accurate algorithm.
Strengths of the paper:
I believe the authors have been able to successfully establish a
strong security model, which unlike many other theoretically correct
system is practical and easy to use. In the context of ubiquitous
computing, reducing the electronic security to the physical security
is an important goal which is achieved in this paper.
The paper "Key agreement in peer-to-peer wireless networks" claims to
be proposing a user friendly key agreement system. However in the best
case it requires sophisticated distance bounded devices or coding
techniques. On the other hand the very simple model in this paper
thos not need any of them and seems to be as secure!
Weaknesses of the paper:
The authors present no formal proof the the "security" of the proposed
model. Also the do not give enough evidence of many of statements such
as their assumption about the difference between availability issues
of commercial systems and military system, or their assumption about
the feasibility of physical contact.
The authors constantly mention experiences from PicoNet project while
no quantitative results (such as scale, etc.) from these experiences
have been presented in the paper.
Possible future work:
I believe this paper opens many interesting research questions, since
lots of new ideas are proposed in the paper and very few of them are
actually verified. Also the formal proof of the proposed system along
with generalization (if possible) of the results may be good future
work.
============================================================================s
• What are the contributions of the paper? The paper talks about
some new security problem of the ad-hoc networking, and gives a new
possible solution—the resurrecting duckling security policy model—to
implement secure transient association. • What is the quality of the
presentation? Because this paper was written in 1999, it was high
level at that time. • What are the strengths of the paper? This
paper covers lots of material related to ad-hoc networking. It talks
about the main security issues of mobile devises in ad-hoc wireless
network. And it gives enough examples and words describe those
issues. Those issues are availability, authenticity and integrity.
Also, it describes the main constrains of those mobile devices. It
gives a solution to the security issues, which is the resurrecting
duckling security. • What are its weaknesses? The solution (the
resurrecting duckling security) the author gives is a bit weak. It
mentions the device will recognise as its owner the first entity that
sends it a secret key and because of the cheap and simple issue, the
key can be plaintext by physical contact. Is it security enough? I
think attackers will be much easier to attack such device since no
cryptography is involved. Also, the paper does not give enough
examples to describe this new solution. • What is some possible
future work? Refine the new solution—resurrecting duckling security.
Find a new way that deals with the tradeoff between the device battery
issues and security issues.
============================================================================
What are the contributions of the paper?
This paper discusses security issues specific to ad-hoc wireless
networks and illustrates why traditional methods are impractical. It
also describes attacks specific to low-power devices. It also
presents the resurrecting duckling model to overcome some of the
attacks.
What is the quality of the presentation?
The paper is a well-written, easy-read. The authors used many
examples to illustrate the problems of wireless networks, which helped
readers understand. The use of metaphors was also helpful, and the
creative naming of new concepts was fun.
What are the strengths of the paper?
The authors try to be very practical, and make few assumptions. The
acknowledge problems for which they do not have solutions (tamper
resistance). They also consider the economics/cost of security, and
try to leave this as a choice for the user/application.
What are its weaknesses? While a good start, this paper is very
general. Once applied to real systems, many unforseen issues will
likely crop up. The idea that devices can be "ordered to commit
suicide" by the manufacturer in case the key is lost is necessary
(otherwise the device will become useless) but in practice
manuafacturers can rarely keep secrets from reverse engineers
(eg. satelite TV).
What is some possible future work? Adress the weaknesses.
============================================================================
The vision of the future is that all the devices whether they be
consumer electronics, medical equipment, kitchen devices etc. will
each behave as a network node therefore will be able to talk to
near-by devices providing more utility to the users than can each
device provide independently. Over the past years there have been
significant efforts in the area of Ad-hoc wireless networks and the
like. Piconet, HomeRF, IrDA and Bluetooth standards are some common
examples. Unfortunately such wireless standards are more prone to
privacy and security attacks than conventional systems. The paper
currently under review brings out exactly the same issue, compares and
contrasts the securtiy issues with conventional systems and presents
some neat ideas to implement conventional security measures in Ad-hoc
wireless systems.
The main contribution of this paper is that it provides food for
thought about implementing security in the fairly new field of
wireless networks and thus qualifies to be one of the pioneer works in
this field. The paper is very simple and easy to read. The authors
have successfully presented their ideas without clobbering the
material with too many technical details. They have made effective use
of various metaphors to describe some novel and interesting key
concepts such as "Secure Transient Association" and "The Resurrecting
Duckling". Being a pioneer work also has some drawbacks it lacks the
actual implementation details and presents issues and their solution
using imagination only, which may or may not be true in practice. Also
the resurrecting duckling model assumes a strict mother/child
relationship which is not always useful. It is not hard to see that
sometime allowing a child device to control/order another child device
can be more useful. Authors can extend their model to incorporate such
relationships in future work.
============================================================================
Contribution:
The paper identifies required security properties and constraints of
ad hoc networks. Its main contribution is a novel approach to
security, the “resurrecting duckling†security policy. The
“resurrecting duckling†enables secure transient association of a
device with multiple serialized owners. Duckling starts as a newborn,
and becomes imprinted by the first principal that sends it an
authentication key (mother duck). Imprinting is done through physical
contact during which a shared-secret authentication is
transferred. Duckling stays faithful to its owner (mother) until its
death. Only an owner can force a device to die and thereby reverse its
status to newborn. Through reverse metempsychosis, a new imprinting by
another mother is possible.
Quality:
The tone of the paper appears too informal for technical
writing. However, the mechanics are adequate and the writing is clear
and concise. Furthermore, the sentences are descriptive, informative
and easy to understand. The title precisely conveys the intent of the
paper, while the abstract is somewhat ambiguous and offers very little
information in regards to the “resurrecting duckling†security
policy. The paper did suffer somewhat from imprecise and vague
descriptions of the “mother duck†or the master. It was unclear
whether the master is an actual device or a human. A higher level of
detail and more accurate definitions should have been provided
throughout the paper. The conclusion was missing a brief summary of
the security policy described in the paper.
Strengths:
Required security properties are clearly stated (availability,
confidentiality, integrity and authenticity). Additionally, major
constraints on ad-hoc systems (peanut CPU, battery power, high
latency) along possible attacks (frequency jamming, battery
exhaustion) are identified. The “resurrecting duckling†security
policy is very intuitive and easy to understand. It provides a
solution that allows key distribution to be performed locally, without
a central principal involved.
Weaknesses:
Although the duckling analogy is very vivid, descriptive and easy to
understand, authors’ overall writing style presents the work in the
form of a narrative, rather than in a form of a technical
paper. Consequently, there is a lack of technical detail associated
with this work. It is unclear who is the duckling’s actual master, the
human or the device? The distinction between a human-master and
device-master is rather blurred. Additionally, a major security issue,
such as an adversary imprinting itself on a duckling isn’t
addressed. Furthermore, the issue of clearing isn’t precisely defined,
and it’s not obvious if it can be done remotely. The paper states that
the duckling can talk to other devices but no other devices can
control him, which makes the purpose of the communication unclear. If
other devices cannot request information from a duckling, what can
other devices gain from communicating with a duckling?
Future Work:
The permanent master-slave relationship needs to be extended to cover
peer-2- peer relationships. Possibility of a duckling communicating
and interacting with others (either its siblings or other devices)
should be explored. The siblings and peer relationships could be
exploited to offer a greater range of service. Additionally, the work
needs to be extended in a way in which it would be possible to tell
whether the device has been imprinted on or not. Furthermore,
consequences and the appropriate response to an adversary imprinting
onto a duckling should be researched. Hierarchical relationships of
multiple “mother-ducklingâ€-s should be properly described. For
example, what is the proper relationship between A and C if A is a
mother of B, and B is a mother of C. Does that mean that A is a mother
of C even though it wasn’t physically imprinted on C?
============================================================================
# What are the contributions of the paper? The paper contributes a
# model for a secure wireless ad-hoc networks. It opens up some secure
# problems in the future wireless networks, and brings us an
# opportunity to work on the security of future ubiquitous
# systems. Some of the paper's suggestions have already been deployed
# in real life.
# What is the quality of the presentation? The presentation is clear
# and well-organized. The paper structure is coherent and easy to
# follow.
# What are the strengths of the paper? Even though the paper was
# submited 7 years ago, but it already pointed out features of devices
# used in the future wireless networks and proposed some novel
# solutions and ideas in their model,especially in the Authenticity
# portion with the secure transient association.Besides, the authors
# presented their model ideas very creatively by attaching them with
# pictures and words of real-life stories. The paper also showed a
# good approach using cryptography in securing the wireless
# network. Good examples were given and analyzed in the paper.
# What are its weaknesses? The ideas in the paper are still a little
# abstract, not much technical detail is mentioned which might be a
# problem when deployed in real life. This resurrecting duckling
# security policy mode is just basically applied (useful) to
# Authenticity, Integrity and Confidentiality of the system, however
# the Availability of the system is still vulnerable. Moreover, with
# what the model suggested for Authenticity, a user in the future
# might need a device to exchange and store all secret keys with other
# devices, and it's a security thread if that specific device is lost
# or stolen. The tamper resistance section in the paper is somewhat
# not related and relevant to the model.
# What is some possible future work? We need to put more work on
# technical details to deploy it in real life. If there exists any
# other possible attacks on this model ? Is there any better model
# that ensures the Availability of the system ?
============================================================================
What are the contributions of the paper? This paper spells out new
problems and opportunities of the security issues involved in ad-hoc
wireless networks, and then presents the resurrecting duckling
security policy model, which describes secure transient association of
a device with multiple serialised owners so as to address them.
What is the quality of the presentation? The paper is good in terms of
its narration using examples, which make the idea easy to grasp and
make the papaer easy to read. However, this overall structure of the
paper is less organized. First, the outline titles are not
consistent. Some are single words, some are questions. Also, using a
single world as a secion title is not very informative bacause it says
nothing about the author's attitude. So, it is hard, if not
impossible, to extract the papaer's gist by simply glancing at its
outline.
What are the strengths of the paper? The papaer is based on a concrete
example, and thus it is more convincing and practical. It investigates
the security issues of an environment characterised by the presence of
many principals acting as network peers in intermittent contact with
each other. Also, it investigates the security properties including
confidentiality, integrity and availability.
What are its weaknesses? The paper introduces a new solution space -
"the resurrecting duckling security policy model", but this model
seems to only address one of the authentication security issues
mentioned in the paper, not all the security issues as the paper title
implies. Also, this paper seems to answer its own questions in a
relatively vague style.
What is some possible future work? More detailed systematic
investigation could be made on "the resurrecting duckling security
policy model" such as what kind of attacks can be launched upon this
model and how to make the model resistent again thus attacks.
============================================================================
What are the contributions of the paper?
The authors study the security issues in ubiquitous computing from
four aspects, availability, authenticity, integrity and
confidentiality, while considering the constrains of wireless devices
and the potential attacks. The authors further proposed a
"resurrecting duckling" security policy model to describes security
transient association of a device with multiple serialized owners.
What is the quality of the presentation?
The paper is well organized. The presentation is easy to read and
understand. The paper is also well motivated. However, I would say the
paper is not comprehensive in that many discussions seem to stay at
shallow introductory level and does not fully cover all problems. This
might be, at least partially, because this is a very early 2000 paper
though.
What are the strengths of the paper?
The 'resurrecting duckling" security policy is simple and seems to be
a good solution for handling the device slave-master association. What
are its weaknesses? The authors talk about limited CPU power and
battery power and argue that what kind of computations,
e.g. encryption, decryption, signature etc., are feasible and what are
not, which does make sense. However, there is really lack of either
referencing or any measurement data to support their arguments. It is
well-known that there are some tradeoffs among device size, battery,
computing capacity, but some measurement data may provide the readers
a better sense on the problem, say in what kind of CPU and battery
configuration, what kind computation consumes battery power at what
speed or degree.
What is some possible future work?
One possible future work might be to quantify the relationship between
CPU power, batter power and feasibility of each computation, say
encryption, decryption, key exchange, signature etc. with various
algorithms to provide a guideline for future research and real
applications. Some compromises are always required when designing such
devices/systems in ubiquitous computing environment. The question is
how to guide this kind of tradeoff with the present of some other
factors. For example, a same thermometer device may choose different
security algorithms while being used in different environments, say
hospital and nuclear powerplant, based on the communication frequency,
importance of security etc.
============================================================================