Trusted or Untrusted—
Defining the Permissions of Guests.

Matthew Johnson

University of Cambridge Computer Laboratory

Smart Environments

• Embed computing in the environment.
• Recognize and obey us.
• Ignore everyone else.
• People need to be able to use it.
• People will buy what works, not what is secure.

Guests

• In real life there are people the system doesn't recognise who we want it to obey.
• People we invite in we want to have limited control over the environment.
• How do you express 'invite' in code?
• How do you define scope and duration?

How Smart Environments Work

• Object/Subject tagging.
• Position-based.
  • Active Bat
  • Track everything
  • Centralised decision management
• Proximity-based.
  • Limited centralisation
  • Short range wireless comms
  • Decisions and functionality mainly localised

Identifying Guests

• How do you know who is a guest and who is a stranger?
• Guests have been invited into the house.
• Guests have the permission of a user.

Defining Access Permissions

• Once we have identified a guest we need to be able to specify what they can and can't do.
• Appliances already have a security policy/use model—can we use that?
• Must not be complex to use
  • As a guest
  • As the owner when admitting a guest
  • As the owner during normal use

Demo

Demo Concepts—Security Policies

• Existing security policy for appliances—if you can touch it you can use it.
• Harness this policy for the digital world as well, and rely on the current social restrictions to still apply.
• Guest can therefore ‘self authorize’ by performing an action which places them inside the house.

Demo Concepts—Types of Function

• Some appliance functions we are happy to have any guest use, and rely on social norms to police them.
• Some functions we may want to be more picky about, or possibly disallow altogether
• Four types of function:
  • Guests can use without authorisation
  • Guests need authorisation once
  • Guests need authorisation every time
  • No guests

Demo Concepts—Implementation

• Anything for which being a guest is sufficient can be self-authorised.
• Callback mechanism required for authorisation with an admin.
• With the aid of these four function types we can make configuration simpler for the user.

Other Appliances and Delegation

• Guests may stay for an extended period of time in which they are staying in a bedroom.
• Light, heating and so on controls in their room.
• Access control to the house and/or bedroom.
• May wish to delegate control of their room to them.
• May wish to make some privacy guarantees within their room.

Conclusion

• Smart homes will become a reality.
• Initial systems will provide functionality and not security to be acceptible.
• People will want to be able to have guests.
• Can we provide security which allows guests and yet is still acceptible and does not restrict functionality?