Yong Xiong, Johannes Helander, Alessandro Forin, and Gideon Yuval
Invisible computing creates better everyday devices by augmenting them with computation and communication. The native interface of a particular device suffices, with computation and communication occurring transparently to the user. An invisible computing device does not require setup or maintenance overhead and can be deployed incrementally without prerequisite infrastructure. Low-cost invisible computing devices could be used in areas such as home automation, wearable computing, sensor networks, or control of critical infrastructure, e.g. power grids.
Security is crucial in invisible computing. Nobody wants their home automation system accessed by others, or their everyday lives monitored by hackers. Security systems typically require the creation, distribution and revocation of security keys—a management chore that is potentially at odds with the invisibility requirements. Also at odds is the need for the devices to operate and communicate independently, without access to centralized services. Devices should also fail independently; compromising one device should not compromise the whole system. Finally, a personal security system should be able to scale and federate itself with other systems, for instance when some monetary transaction is involved.
This paper describes a security and communication model for invisible computing that combines limited resource consumption, interoperability, and security. It argues that the model presented sets a minimum level of functionality. It uses a combination of standard protocols and well known encryption primitives. The implementation for an embedded microcontroller demonstrates that the goals are achievable with an efficient and understandable design.
Johannes Helander and Yong Xiong. Secure Web Services for Low-cost Devices, May 2005.