Towards Security Auto-Configuration for Smart Appliances Jean-Marc Seigneur, Christian Damsgaard Jensen, Stephen Farrell, Elizabeth Gray, Yong Chen Distributed Systems Group Department of Computer Science Trinity College, Dublin 2, Ireland. secure-tcd@cs.tcd.ie Abstract Now that smart home appliances are easily plugged into smart home networks, the question of how to simplify security management, especially of access rights, for such appliances arises. The problem is aggravated by the fact that home users cannot be considered as “skilled” administrators, but are instead often technology-unaware users. Establishing trustworthiness when it comes to secure smart appliances has been considered as a “holy grail” not met by any current technology. The SECURE project aims to develop security mechanisms based on human notions of trust, which may prove part of the solution. Trust-based security mechanisms allow access rights to evolve among previously unknown principals, thus minimizing security configuration. This paper outlines the process of applying the SECURE project’s security technology to smart home appliances with minimal user intervention. 1. Introduction Weiser’s vision of ubiquitous computing [1] will become true when computing capabilities will be woven into the fabric of everyday life. Currently, major companies in the household appliances market are getting increasingly involved in smart home appliances – appliances with communications capability [2]. Soon, a digital heartbeat will be embedded in many everyday appliances. These appliances will be used within home networks, which, in turn, will be permanently connected to the Internet. The fact that the environment is the home is important, because the home environment differs fundamentally from the corporate environment. In a corporate environment, there is the assumption of the presence of an administrator. In home environments, no “skilled” administrator is present and most of the users are less than “fully” knowledgeable. Thus, the general requirement is that smart appliances should strive for auto-configuration wherever possible. Technologies have emerged in the past few years, which ease the installation and use of home networks and their attached smart devices, e.g. Universal Plug and Play (UPnP) [3] or the Open Service Gateway initiative (OSGi) [4]. However, once all appliances in a household are automated and connected through a network, it becomes essential to consider issues of security, especially access control. The issue of simplifying the management of smart appliances reappears, this time due to security management. In the smart home, access control has to be configured and managed by technology-unaware and busy householders, without the presence of a full-time dedicated system administrator. Current security management solutions for smart appliance middleware lack such required auto-configuration. For example, UPnP products available in 2002 “tend to have been designed based on requirements of industry rather than of the home, making their administration difficult and sometimes assuming the existence of both physical security and a group of on-call support professionals” [5]. In this paper, we present the technology developed within the SECURE project [6] and show how it achieves implicit access control management, thus minimizing user intervention thanks to security mechanisms based on human notions of trust and entity recognition. Section 2 describes the SECURE project and its applicability for smart home appliances is described in section 3 along with some preliminary results. Related work is presented in section 4. Finally, section 5 describes our conclusions and outlines future work in this area. 2. The SECURE project The SECURE (Secure Environments for Collaboration among Ubiquitous Roaming Entities) project is investigating dynamic and self-configuring security mechanisms for global computing based on human notions of trust. This subsection gives an overview of SECURE. Others [7] present SECURE in greater details. Collaboration Model Security Policy Security Framework Computational Trust Model Validation Collaboration Model Security Policy Security Framework Computational Trust Model Computational Trust Model Validation Validation Figure 1: SECURE project overview. The project has five different operational goals: Define a formal computational trust model Define a collaboration model (dynamic aspects of the trust model) Define means to specify security policies based on trust Develop a framework for trust management Validate the approach in the context of the formal model Others have detailed how trust can be formalized as a computational concept [8-10]. The SECURE project provides a trust engine which can dynamically assess the trustworthiness of an entity based on the three sources of trust: observation, recommendation and reputation [7]. Another component of the SECURE framework is the entity recognition module, which allows recognition of previously observed/encountered entities. Usually, authentication is the first step to ensure security in computing environments but other work [11] discusses why traditional authentication should be revised for pervasive computing. The entity recognition process and end-to-end trust model [12] address this problem by recognition, which is a more general concept