http://www.techworld.com/security/news/index.cfm?newsID=10551 By John E. Dunn Techworld 05 November 2007 A Cambridge University team has come up with a novel way for computing devices to defend themselves against attack or malfunction of neighbours – let them commit digital suicide. The idea has been dubbed 'suicide revocation' by one of its inventors, PhD student Tyler Moore, and has special application in the field of emerging technologies, for example, in wireless sensory networks where devices peer with one another without using a server for control. In such a network, a device that was not operating correctly, or perhaps had had its security compromised in some way, could be shut down by a nearby device using a specially devised protocol, after its unreliability had been broadcast to other nodes. But in a radical departure from today’s security models, this device would also have to shut itself down to demonstrate good faith and stymie possible manipulation of the process, in effect commit suicide. According to Moore, such ad-hoc networks were rare today, but would become more common in future, possible the dominant form of network system. Examples were car-to-car networks through which vehicles could communicate traffic and other safety data to one another in a dynamic way. Similarly, the military were looking at networking devices for battlefield use, and such a system for excluding unreliable devices was essential in that environment. The concept could, in principle, be used for mainstream applications such as PCs, but this would require operation a network to be owned or controlled by only one company to avoid causing disputes. “Networks in the future will become more peer-to-peer oriented. Services are being driven to the edge and you are going to see more responsibilities put on to clients,” said Moore. The software to make possible suicide revocation had been written, but so far only modelled in simulations to test its operation, he said. The suicide idea sounds extreme, but the Cambridge researchers are reacting to the very different security problems presented by ad-hoc networks, which have yet to be thought through in enough detail to make them usable in the real world. The full paper, New Strategies for Revocation in Ad-Hoc Networks, co-authored by Moore, Jolyon Clulow, Shishir Nagaraja, and esteemed security luminary Ross Anderson, can be read here [1]. [1] http://www.cl.cam.ac.uk/~twm29/esas07.pdf __________________________________________________________________ CSI 2007 is the only conference that delivers a business-focused overview of enterprise security. It will convene 1,500+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. - www.csiannual.com
This archive was generated by hypermail 2.1.3 : Tue Nov 06 2007 - 03:15:02 PST