Towards Adaptive Security for Ubiquitous Computing Systems

The flexibility and dynamism of ubiquitous computing systems have a strong impact on the way their security can be achieved, reaching beyond traditional security paradigms like perimeter security and communication channel protection. Constant change of both the system and its environment demand adaptive security architectures, capable of reacting to events, evaluating threat exposure, and taking evolving protection needs into account. We introduce two examples of projects that contribute to meeting the challenges on adaptive security. The first focuses on an architecture that allows for adaptive security in mobile environments based on security services whose adaptation is guided by context information derived from sensor networks. The second addresses engineering aspects of secure ubiquitous computing systems through making security solutions accessible and deployable on demand and following emerging application-level requirements.

CoBIs

This chapter describes example use cases for ubiquitous computing technology in a corporate environment that have been evaluated as prototypes under realistic conditions. The main example reduces risk in the handling of hazardous substances by detecting potentially dangerous storage situations and raising alarms if certain rules are violated. We specify the requirements, implementation decisions, and lessons learned from evaluation. It is shown that ubiquitous computing in a shop floor, warehouse, or retail environment can drastically improve real-world business processes, making them safer and more efficient.

Trust and Accountability

Ubiquitous computing implies that literally any activity in everyday life can be assisted or accompanied by networked computers. Therefore, the concepts of everyday social life must be carefully reflected on when developing applications for ubiquitous computing. The present chapter focuses on the concepts of trust and accountability. First, both concepts are introduced with their everyday semantics. Second, we explain why trust is relevant for ubiquitous computing, and introduce the main issues for dealing with trust in computer science. Third, we show how accountability can be achieved in distributed systems using reputation and micropayment mechanisms. In both sections, we provide a short overview of the state-ofthe- art and give detailed examples for a deeper understanding. Finally, we provide a research outlook, again arguing for the integration of these concepts into future ubiquitous computing applications.

Introduction to Ubiquitous Computing

The present chapter is intended as a lightweight introduction to ubiquitous computing as a whole, in preparation for the more specific book parts and chapters that cover selected aspects. This chapter thus assumes the preface of this book to be prior knowledge. In the following, a brief history of ubiquitous computing (UC) is given first, concentrating on selected facts considered as necessary background for understanding the rest of the book. Some terms and a few important standards are subsequently mentioned that are considered necessary for understanding related literature. For traditional standards like those widespread in the computer networks world, at least superficial knowledge must be assumed since their coverage is impractical for a field with such diverse roots as UC. In the last part of this chapter, we will discuss two kinds of reference architectures, explain why they are important for the furthering of Ubiquitous Computing and for the reader’s understanding, and briefly sketch a few of these architectures by way of example.

PROMISE

Product lifecycle management (PLM) processes can be greatly improved and extended if more information on the product and its use is available during the various lifecycle phases. The PROMISE project aims to close the information loop by employing product embedded information devices (PEIDs) in products. In this chapter, we present the goals and application scenarios of the project with special focus on the middleware that enables the communication between PEIDs and enterprise applications. Furthermore, we give details of the design and implementation of the middleware as well as the role of Universal Plug and Play (UPnP) as device-level protocol.

Mouth and Ear Interaction

This chapter gives an overview of the challenges that have to be mastered while working with audio. The vision of ubiquitous computing involves challenges for the future workplace. Tasks to be performed by workers are becoming more and more complex, which leads to an ever-increasing need to deliver information to workers. This can be information from a manual or instructions on how to proceed with the current task. Workers typically have their hands busy and use of a mouse or a keyboard will force them to stop working. Mouth and ear interaction can be performed without focusing attention on the device. But audio is also a medium that is not easy to handle. This chapter provides an understanding of why audio-based interfaces are difficult to handle and you will also be provided with some pointers as to how these challenges can be mastered to improve the quality of applications involving mouth & ear interaction.

Adapting to the User

Adaptation is one of the key requirements to handle the increasing complexity in today’s computing environments. This chapter focuses on the aspect of adaptation that puts the user into focus. In this context it introduces the different adaptation types possible for ubiquitous computing services like interaction, content, and presentation. To allow for an automatic adaptation it is important to get some means about the users. Basic requirements to model the users and approaches to personalize applications will be presented.

Multimodal Warehouse Project

In this chapter, we present the Multimodal Warehouse Project, which aimed at applying multimodal interaction to a warehouse picking process. We provide an overview of the warehouse picking procedure as well as the overall architecture of the multimodal picking application and technologies applied to design the application. Furthermore, we describe the execution of user tests of the picking application at a warehouse and present the results of these tests. In this way, the authors hope to provide the reader with a better understanding of how multimodal systems can be built and the opportunities as well as the challenges of applying multimodal technology to real-world application scenarios.

Advanced Hands and Eyes Interaction

This chapter gives an overview of the broad range of interaction techniques for use in ubiquitous computing. It gives a short introduction to the fundamentals of human-computer interaction and the traditional user interfaces, surveys multi-scale output devices, gives a general idea of hands and eyes input, specializes them by merging the virtual and real world, and introduces attention and affection for enhancing the interaction with computers and especially with disappearing computers. The human-computer interaction techniques surveyed here help support Weiser’s idea of ubiquitous computing (1991) and calm technology (Weiser & Brown, 1996) and result in more natural interaction techniques than in use of purely graphical user interfaces. This chapter will thus first introduce the basic principles in human-computer interaction from a cognitive perspective, but aimed at computer scientists. The humancomputer interaction cycle brings us to a discussion of input and output devices and their characteristics being used within this cycle. The interrelation of the physical and virtual world as we see it in ubiquitous computing has its predecessors in the domain of virtual and augmented realities where specific hands and eyes interaction techniques and technologies have been developed. The next step will be attentive and affective user interfaces and the use of tangible objects being manipulated directly without using dedicated I/O devices.

Security for Ubiquitous Computing

Taking typical ubiquitous computing settings as a starting point, this chapter motivates the need for security. The reader will learn what makes security challenging and what the risks predominant in ubiquitous computing are. The major part of this chapter is dedicated to the description of sample solutions in order to illustrate the wealth of protection mechanisms. A background in IT security is not required as this chapter is self-contained. A brief introduction to the subject is given as well as an overview of cryptographic tools.