Security, privacy and trust issues raised by the Personal Server Concept

This paper is a survey of user risks associated with the Personal Server concept. The Personal Server concept is used as a surrogate for future mobile devices. The risks are threats involving security, privacy and trust. An overview of the concept is provided, followed by descriptions of three usage models: mobile storage, application server, and beacon receiver. Each usage model description includes a discussion of risks that result from that usage. No solutions are provided. The Personal Server concept Among other ends, Pervasive Computing deconstructs the User Interface which has dominated computing for the last two decades. Since the Personal Computer (from Apple and IBM) arrived in the early ‘80s, User Interface has consisted of a human sitting upright in front of a vertical display surface wielding a keyboard and pointing device on a horizontal surface. This paradigm is unchallenged for “real” computers, but the advent of Personal Digital Assistants and especially cell phones has challenged it in the larger arena. The Personal Server project [5,6] explores an extreme alternative approach to this paradigm by asking “What if your computer had no standard user interface?” How would that change what our computers consists of and how we use them? How would the world have to change in order to accommodate us? How would that change how we feel about computing? How would it change the impact computers have on our lives? To explore these questions we created a mobile device with considerable processing power, storage, battery capacity and communication capability but no display or input device. It is a fully capable computer without an inherent user interface. We don’t expect to see a product built this way, but we hope that what we learn can be applied to building better mobile computing devices of all sorts. The Personal Server prototype consists of an Intel PX255 processor, which includes Intel XScale® technology, two Compact Flash slots for memory expansion, a Zeevo Bluetooth radio, and a battery capable of running the device for about a day. The prototype is being manufactured and sold by Crossbow Technologies for the benefit of researchers in many disciplines who want a compact, highly capable mobile computing platform. An open source Linux distribution is available on SourceForge to support it. Compact Flash cards with capacities of up to 4 gigabytes are currently being sold, and larger ones have been announced. The Personal Server is analogous to a personal version of the back-end servers that provide file, web, database and application services to desktop computers. Just as the Personal Computer took the mainframe computer out of the back room two decades ago, and the notebook PC took the Personal Computer out of the office, and the PDA took the PC onto the street, the Personal Server takes the back-end server out of the back room and puts it in the pocket or purse. An important implication of this analogy is that while PCs of all sorts are often turned on and off, servers tend to be “always on”, providing services even when the user is not directly engaged. The Personal Server is designed to run all day in the user’s pocket, and this is a characteristic it shares with the cell phone. Capabilities of a Personal Server may eventually be included in some other form of mobile device, such as a Personal Digital Assistant or cell phone, since its physical components are very similar to both. The immediate questions posed by the Personal Server concept are: • What computing needs can such a device satisfy? • What personal needs can such a device fulfill? • How does one interact with such a device? • Can interaction with such a device be effective and satisfying? • Can interaction with such a device be safe? This paper explores the issues related to last question using our learnings from the other questions. Summary of security and privacy issues Because the Personal Server explores an extreme computing model, it raises unique issues of security, privacy and trust in addition to those present in any mobile device. We expect aspects of the Personal Server to make their way into mainstream products in the future, and the Personal Server project provides a relatively clear view of what those issues may be. Any mobile device raises concerns about security (“Can someone modify or destroy my data?”), privacy (“Can someone read my data?”), and trust (“Can I count on my data being available when I need it?”). The way these issues manifest themselves depends on the nature of the device, the nature of its use, and the expectations of its user. The Personal Server concept expands on those issues because of its lack of display and dependence on a wireless connection to the world. For any computer system, the most severe threats involve external communication, and all of the Personal Server’s operations involve interaction with external sources. Moreover, the Personal Server concept proposes new primary modes of external interaction such as annexing external User Interaction devices and listening to Information Beacons. Annexation raises new questions for secure authentication, and listening to beacons raises new issues of privacy. This paper summarizes the security, privacy and trust issues uncovered by the Personal Server project. We will not explore issues that are common to all mobile devices, concentrating on those that are unique to Personal Server concept. We hope that this exposition of issues will add to the overall picture [4] of what we need to do to make the Pervasive Computing environment safe.