Harald Vogt

Efficient Object Identification with Passive RFID Tags

Radio frequency identification systems with passive tags are powerful tools for object identification. However, if multiple tags are to be identified simultaneously, messages from the tags can collide and cancel each other out. Therefore, multiple read cycles have to be performed in order to achieve a high recognition rate. For a typical stochastic anti-collision scheme, we show how to determine the optimal number of read cycles to perform under a given assurance level determining the acceptable rate of missed tags. This yields an efficient procedure for object identification. We also present results on the performance of an implementation.

Multiple object identification with passive RFID tags

We investigate the applicability of passive RFID systems to the task of identifying multiple tagged objects simultaneously, assuming that the number of tags is not known in advance. We present a combinatorial model of the communication mechanism between the reader device and the tags, and use this model to derive the optimal parameter setting for the reading process, based on estimates for the number of tags. Some results on the performance of an implementation are presented.

Byte Code Verification for Java Smart Card Based on Model Checking

The paper presents a novel approach to Java byte code verification: The verification process is performed “offline” on a network server, instead of incorporating it in the client. Furthermore, the most critical part of the verification process is based upon a formal model and uses a model checker for checking the verification conditions. The result of the verification process can be securely communicated to the runtime platform with cryptographic means.

The value of handhelds in smart environments

The severe resource restrictions of computer-augmented everyday artifacts imply substantial problems for the design of applications in smart environments. Some of these problems can be overcome by exploiting the resources, I/O interfaces, and computing capabilities of nearby mobile devices in an ad-hoc fashion. We identify the means by which smart objects can make use of handheld devices such as PDAs and mobile phones, and derive the following major roles of handhelds in smart environments: (1) mobile infrastructure access point; (2) user interface; (3) remote sensor; (4) mobile storage medium; (5) remote resource provider; and (6) weak user identifier. We present concrete applications that illustrate these roles, and describe how handhelds can serve as mobile mediators between computer-augmented everyday artifacts, their users, and background infrastructure services. The presented applications include a remote interaction scenario, a smart medicine cabinet, and an inventory monitoring application.

Dependability Issues of Pervasive Computing in a Healthcare Environment

This paper proposes that the healthcare domain can serve as an archetypical field of research in pervasive computing. We present this area from a technological perspective, arguing that it provides a wide range of possible applications of pervasive computing technology. We further recognize that pervasive computing technology is likely to create concerns about the security of healthcare systems, due to increased data aggregation, ubiquitous access, and increasing dependency on technical solutions. But we also justify why the same technology can help building more robust, more dependable systems that increase the quality of healthcare. We identify building blocks that are necessary to achieve this goal: a pervasive middleware, appropriate handling of exceptional situations, and dependability assertions for small devices.

Exploring message authentication in sensor networks

This paper explores the design space for message authentication in sensor networks. Several types of authentication are put into relation: end-to-end, hop-to-hop, and physical and virtual multipath authentication. While end-to-end authentication provides the highest and most general security level, it may be too costly or impractical to implement. On the other end of the security scale, hop-to-hop authentication can be implemented with little effort but provides security only to a highly restricted attacker. Multipath authentication provides an intermediate security level that may be appropriate for many applications of sensor networks, trading energy for security guarantees. Virtual multipaths offer an improvement, reducing energy demands while retaining crucial security properties of physical multipaths.

Autonomous and distributed node recovery in wireless sensor networks

Intrusion or misbehaviour detection systems are an important and widely accepted security tool in computer and wireless sensor networks. Their aim is to detect misbehaving or faulty nodes in order to take appropriate countermeasures, thus limiting the damage caused by adversaries as well as by hard or software faults. So far, however, once detected, misbehaving nodes have just been isolated from the rest of the sensor network and hence are no longer usable by running applications. In the presence of an adversary or software faults, this proceeding will inevitably lead to an early and complete loss of the whole network.For this reason, we propose to no longer expel misbehaving nodes, but to recover them into normal operation. In this paper, we address this problem and present a formal specification of what is considered a secure and correct node recovery algorithm together with a distributed algorithm that meets these properties. We discuss its requirements on the soft- and hardware of a node and show how they can be fulfilled with current and upcoming technologies. The algorithm is evaluated analytically as well as by means of extensive simulations, and the findings are compared to the outcome of a real implementation for the BTnode sensor platform. The results show that recovering sensor nodes is an expensive, though feasible and worthwhile task. Moreover, the proposed program code update algorithm is not only secure but also fair and robust.

Mobile code as an enabling technology for service-oriented smartcard middleware

Smartcards can be seen as service providing entities that implement a secure, tamper-proof storage and offer computational resources which make them ideally suited for a variety of tasks such as authentication management of personal profiles, and other kinds of secure information processing. Integration of smartcards into networked environments though, has not been achieved yet in a transparent manner. The authors describe the requirements for the design of middleware for smartcards and propose a platform for the execution of mobile code as the core of such middleware. This is in contrast to traditional architectures based on a request-broker scheme that would need huge standardization efforts to be applicable to smartcards. As an instance of such middleware, we describe our implementation which is centered around the mobile code facilities available in Java and the service trading features of Jini.

Some Research Challenges in Pervasive Computing

The topics of privacy, security and trust have become high priority topics in the research agenda of pervasive computing. Recent publications have suggested that there is or at least needs to be a relationship of research in these areas with activities in context awareness. The approach of the workshop, on which this proceedings reports, was to investigate the possible interfaces between these different research strands in pervasive computing and to define how their concepts may interoperate. This first article is therefore the introduction and overview of the workshop, providing some background on pervasive computing and its challenges.

Java Bytecode Verification by Model Checking

Verification plays a central role in the security of Java bytecode: the Java bytecode verifier performs a static analysis to ensure that bytecode loaded over a network has certain security related properties. When this is the case, the bytecode can be efficiently interpreted without runtime security checks. Our research concerns the theoretical foundations of bytecode verification and alternative approaches to specifying and checking security properties. This is important as currently the “security policy” for Java bytecode is given informally by a natural language document [LY96] and the bytecode verifier itself is a closed system (part of the Java virtual machine). We believe that there are advantages to more formal approaches to security. A formal approach can disambiguate the current policy and provide a basis for verification tools. It can also help expose bugs or weaknesses that can corrupt Java security [MF97]. Moreover, when the formal specification is realized in a logic and verification is based on a theorem prover, extensions become possible such as integrating the verification of security properties with other kinds of verification, e.g., proof-carrying code [NL96,NL98].