On Tue, Dec 10, 2013 at 7:47 AM, Jari Arkko <jari.arkko@xxxxxxxxx> wrote:
Stewart,
You bring up a good point. And that is very important. The world of devices may be more significant for Internet privacy than the world of browsers and computers.
> Remembering of course that some platforms which wish
> to use the Internet simply do not have the capability for
> other than a very tiny very basic stack.
>
> I always use the PIC and the Arduino to remind myself what the
> lower end of the franchise looks like.
That being said, it is not always clear that small devises imply no security is possible. My day job crypto team has worked on Arduinos, for instance. And many of my friends who are in the devices business have been using 32 bit CPUs for a while now because they are more easily available and/or cheaper. All this reminds me also of my work fifteen years ago on optimising various protocols in cellular devices, only to find out that couple of years later most devices were capable of running 3D FPS games. Recently some of my colleagues did an analysis of the energy consumption in today's small CPU platforms, and found that wireless transmission/reception far outweighs any other activity, including crypto. But there are indeed challenges in security of the device world. I'd suggest they are mostly in the category of provisioning models (e.g., configuration) or architecture (e.g., transport vs. other types of security). More work needed...
The problem of low power is that one of the corollaries of Moore's law is that the low performance device gets cheaper and is added to more things. So the number of low performance devices goes up over time, not down.
Another constraint is the complete lack of user affordances. The best place to put network control is in the LED light bulb. But that does not have any buttons (and it is in the ceiling anyway).
We don't need to send many messages to such devices and we don't necessarily need to send them over wireless. But we do need to make sure that any messages we do send are not ambiguous. There is a home automation standard called X10 that is complete rubbish because it allows anyone in the same neighborhood to observe and send commands.
--
Website: http://hallambaker.com/
Website: http://hallambaker.com/