Dependability in a digitally integrated world - the challenge of moving from physical to logical boundaries

Speaker: Stephan Engberg

24th August 2005 , 2pm , Devonshire G21/G22 Conference Room

Abstract

When we move towards a fully integrated world where even physical artifacts are integrated with the electronic network through RFID and sensors, we are faced with the problem that systems and even databases might be provable dependable with automatic error and fault recovery. But this cannot be extended to the broader system incorporating the human factor. How do we protect systems and data when attackers initiate an identity theft attack on security cleared personel? We are faced with challanges requring us to question the basic definitions of security and dependability. This talk is addressing the needs and issues involved in moving to a context-centered security model focussing on empowerment to break the trade-off between integration and risk accumulation. We will address issues of mobile Identity and new solutions to RFID security to illustrate how multi-level fallback can be designed for success even with seriously limited ressources and groing resistance due to surveillance and privacy concerns. One key aspect of context understanding is that serverside global identification of people and devices is likely a design mistake. The main strenght of IPv6 is likely not that each device can have a persistent unique id but that devices can have a new unique id every time as this makes devices more difficult to target and only available in context. When we design with the assumption that perimeter security fails, not only do we design more dependable systems where one failure such as identity theft doesnt lead to cascading security failures, we also make more trustworthy systems focussing on the fundamentals of a democracy by alligning the issues of privacy and security.