On Sunday, July 28, 2002, at 03:31 , Curt Sampson wrote:
>
> On Sat, 27 Jul 2002, Benjamin wrote:
>
>>> - security
>>
>> Something like OpenSSH will do just fine, no issue at all
>
> Sure, if you completely ignore key management. In fact, many current
> Internet and other security problems go away completely if you just
> ignore key management. The only downside is that your encryption doesn't
> actually authenticate or protect anything.
put key management into the phone, which makes sense for other reasons
already.
>> Use SSH and register your peripherals once with your "hub" (notebook,
>> desktop etc) before using them. No SSH key registration, no access.
>
> And just how do you intend to do this registration? And how do you make
> sure that someone else doesn't "re-register" the camera you left on your
> desk when you went for lunch?
Ever heard of PIN numbers ?
I don't know for the oooh sooo advanced Japanese mobile phones, but any
GSM or US CDMA and TDMA phones I have used had a PIN and even a second
PIN2 for various sensitive settings to be changed.
So, if you want to register a device on your phone it would ask for your
PIN first. Sure, some people may choose to disable that, but then again,
some people leave their houses unlocked all the time and stick their
computers' password onto a sticky note on the monitor, some others write
their cash card PIN right onto the cash card.
In order to still provide a level of security for people who feel that a
PIN for device registration is too much of a hassle you could require an
explicit OK by the user whenever another device tries to connect to it
and then use a session timeout.
Again, this is already standard on my Nokia GSM phone. If I want to beam
a phonebook entry from another mobile phone via IR to my Nokia, it will
ask me if I want to allow the connection. If I don't the attempt to send
will time out.
Likewise, you could have a dialog on your camera "Device 'xyzxyzxyzxyz'
is trying to connect wirelessly. Allow ?" then press some button to
allow, some other to refuse and also reject if no button is pressed
within a given time. For added convenience you could also let the user
define a session time out (for example 20 minutes) during which the same
device would be allowed to connect again without further user
interaction.
This would be very easy to do and completely rules out the scenario that
Ken described by which anybody could scan for devices on a crowded train
and collect anything that is stored on those devices.
On a more sophisticated device like a notebook, you could have both a
registration procedure to allow your own mobile to always connect
automatically (and vice versa) using digital certificates and a user
interaction procedure for sporadically connecting devices, ie. friend's
camera.
All this is straightforward and nothing new. Hardly a big challenge as
Ken claimed it was.
regards
benjamin
Received on Sun Jul 28 18:39:07 2002