Security and privacy in mobile ad-hoc peer-to-peer environments are hard to attain, especially when working with passive objects without own processing power. We introduce a method for integrating such objects into a peer-to-peer environment without infrastructure components while providing a high level of privacy and security for peers interacting with objects. The integration is done by equipping passive objects with public keys, which can be used by peers to validate proxies acting on behalf of the objects. To overcome the problem of limited storage capacity on small embedded objects, ECC keys are used.
1 Introduction Currently, ad-hoc networks is a highly active research topic with many publications covering different aspects of this inter-disciplinary field (e.g. ). These aspects include, but are certainly not limited to, hardware (e.g. size, rugged design, power consumption, communication), software (e.g. operating system/platform, communication protocols, memory usage), interaction (e.g. interaction models, HCI aspects), security and application issues. In this paper, we will focus on privacy and security aspects of ad-hoc, peer-to-peer networks within the Smart Interaction project. The Smart Interaction project is an approach to interact with persons, things and places in a natural and non-obtrusive way. As for example people meet each other, their interaction profile is mutually compared in analogy to their natural, automatic choice of sympathy. Following the vastly successful way of human communication and coordination, the Peer-to-Peer (P2P) paradigm is used for direct communication among all participating devices. This offers complete device autonomy, independence of central authorities and reliability due to redundancy. Within the Smart Interaction project, this principle is even taken one step further by also being independent of any common communication infrastructure: we utilize solely ad-hoc wireless networks, currently either IEEE802.11b Wireless LAN (WLAN) or IEEE802.15.1 Bluetooth (BT). To match the flexibility of the P2P approach, local profiles describing the device capabilities, user attributes and preferences are kept on every peer. Upon spatial contact with other peers, these profiles provide the base for matching user interests and determining further, automatic coordination. Additionally, context constraints defined in profiles provide the necessary context awareness for ubiquitous applications; different situations, identified by context parameters, demand different behavior. As in any ubiquitous system, privacy and security are major concerns and are taken seriously by utilizing active and passive privacy control backed by strong cryptography. We do not aim to develop new cryptographic algorithms or novel security protocols, but instead utilize and combine well-known and secure techniques. However, we were unable to find protocols or methods for securely integrating passive objects without own processing capabilities into a P2P infrastructure. As this is an issue in our project, we developed a method to secure remote proxies that act on behalf of passive objects; this is our main contribution in the present work. The other aspects of the Smart Interaction projectâ„¢s framework are only presented as far as necessary to understand the security aspect. This paper is organized as follows: In section 2, we start by shortly explaining the hard- and software environment the Smart Interaction project is situated in, including our definition of (passive) objects. Section 3 then gives an overview of related work, while section 4 presents our approach to P2P privacy and security between powerful peers. An addition to this approach to securely integrate (passive) objects with powerful peers â€œ the main contribution â€œ is presented in section 5. After that, we give a short conclusion and an outlook on our planned future research in section