Navigation

Smart Environments Working Group

The increasing miniaturization of computing systems is driving the penetration of intelligent appliances in every human activity. Over the past decades, computers have slowly moved from highly specialized air-conditioned computer rooms, literally into our pockets in the form of PDAs and mobile phones. At the same time, ubiquitous networking and device mobility is changing the threat landscape that users and organizations have to face. The move from office space to open space, from sometimes connected to always connected, and the merging of physical and virtual identities, is leaving users and organizations more vulnerable than ever.

Goals

The goals of this working group are:

  1. to identify and discuss future developments and upcoming threats in the areas of wireless networks, ambient intelligence environments, cellular telephony networks, vehicular networks, RFID, network monitoring, and the Internet of things;
  2. to network and coordinate the efforts between players in academia and industry that are active in these areas; and
  3. to try identifying appropriate ways and developments to counter these threats.
  4. to inform and influence decision makers about the results of our activities, something that should help them initiate necessary action to thwart the identified threats.
  5. to prepare a chapter in a white book that highlights the most important threats in this area. This text will contain clear recommendations for policymakers to address the identified challenges.
  6. to facilitate the creation of a roadmap for research in the identified areas

Scope

In this working group, we discuss all threats in smart environments. This includes threats to the users, to organizations, and possibly the larger impact to society. The following list enumerates the topics that are in scope. Moreover, it provides exemplary questions that belong to these different topics.

  • Threats to privacy: How do you protect users from being tracked? How do you prevent mobile devices from leaking information?
  • Security in smart devices: How do you define security policies for mobile devices, home appliances, or sensors? How do you protect such smart devices? How do you prevent malicious user penetration in smart-home environments? How do you deal with malicious users feeding false information to ubiquitous smart sensors?
  • Threats to and from wireless networks: How do you protect the countless wireless networks that are emerging? How do you protect wireless networks from attacks on the spectrum? How do you protect from rogue wireless networks? How to you prevent wireless network hijacking?
  • Threats from user and device mobility: How do you counter attacks that target mobile devices which provide different environments and capabilities to the user from the familiar home or office desktop? How do you protect from the spread of viruses and malware that jump from one device to another as users travel from one place to another? How do you protect data on mobile devices that are stolen? How do you secure mobile devices with multiple types of network interfaces?
  • Cross network attacks: How do you protect the Internet infrastructure from malicious mobile hosts? How can network attacks jump from one type of wireless network to another?

Mechanisms

This section describes the way in which the working group attempts to achieve the goals outlined in Section I. We envision four mechanisms to achieve the outlined goals:

  1. First, we have two mailing lists. One mailing list is public and allows participants to exchange ideas about possible future threats, to point out an emerging threat that starts to manifest in the wild, and to provide pointers to material (publications, presentations, events) that is related to the addressed areas. This mailing list is public, that is, anyone is invited to join and express her opinion. Of course, the mailing list owner (the consortium) moderates the list to prevent spam or postings that are unrelated to the topic.

    The second mailing list is private and provides access only to trusted, vetted members. Initially, the list members are the participants of the first FORWARD workshop that expressed interest in this working group. Any list member can suggest new members. The approval of a new addition to the list requires the positive recommendation of at least two other list members. Also, the existing list members can voice qualified objections against the approval of a new member. This list is closed because it serve as a platform to exchange data that is more sensitive in nature. This includes operational information, sensitive information about current cases, or information about novel threats that are not known to a larger audience yet. It also serves as a means to establish a trusted nucleus of (European) security professionals that remains alive after the end of the project.

  2. In addition to the mid-term working group meeting, there are regular (at least, bi-monthly) telephone conferences in which participants can directly engage in lively discussions. Depending on the size of the working group, this meetings might be divided (by topic) and held separately.

  3. Third, the working group maintains an open, living document that captures the discussions in the mailing lists and telephone meetings. This document is actively maintained by the members of the consortium. It provides a first structure of the topics that are relevant for this working groups. It also contains questions that the working group leaders feel are important and should be addressed. Of course, everybody is welcome to contribute to this document. It will be run similar to a Wiki to allow participants to quickly undo vandalism.

  4. Fourth, the consortium members in this working group will prepare a chapter for a white book that highlights the most important threats in this area. This text will contain clear recommendations for policymakers to address the identified challenges.