Paper on wireless comm. security

Robert S. Thau (rst@ai.mit.edu)
Wed, 20 Oct 1999 12:43:57 -0400 (EDT)


Hi Rohit (and anyone else, I guess); if you haven't already seen it,
Slashdot just posted a reference to a paper which may be of interest
to some folks here, on secure communications over wireless devices ---
a topic which is obviously a prerequisite for the whole munchkin
scenario. The paper seems to only cover pairwise interactions
directly (you could try to build something more general out of those
via a PGP-style web-of-trust, I suppose, but they never come out and
say so). It also has some interesting things to say about denial of
service attacks (e.g., make the device talk too much and you'll drain
the batteries). The paper is at:

http://www.cl.cam.ac.uk/~fms27/duckling/

the title, "The Ressurecting Duckling", is the name for their security
policy for pairwise interactions, which is, at the very least, in the
same spirit as the one in Rohit's munchkin project notes... [the basic
idea is to establish a device's identity by uploading a key into it
once, at the time it's taken out of shrink-wrapped, which never
changes again until the device is sold or scrapped --- the name comes
from the way baby ducks imprint on the first object they see as their
mother, and follow it around from then on.]

rst