On Tue, Dec 10, 2013 at 7:47 AM, Jari Arkko
<jari(_dot_)arkko(_at_)piuha(_dot_)net> wrote:
Stewart,
Remembering of course that some platforms which wish
to use the Internet simply do not have the capability for
other than a very tiny very basic stack.
I always use the PIC and the Arduino to remind myself what the
lower end of the franchise looks like.
You bring up a good point. And that is very important. The world of
devices may be more significant for Internet privacy than the world of
browsers and computers.
That being said, it is not always clear that small devises imply no
security is possible. My day job crypto team has worked on Arduinos, for
instance. And many of my friends who are in the devices business have been
using 32 bit CPUs for a while now because they are more easily available
and/or cheaper. All this reminds me also of my work fifteen years ago on
optimising various protocols in cellular devices, only to find out that
couple of years later most devices were capable of running 3D FPS games.
Recently some of my colleagues did an analysis of the energy consumption in
today's small CPU platforms, and found that wireless transmission/reception
far outweighs any other activity, including crypto. But there are indeed
challenges in security of the device world. I'd suggest they are mostly in
the category of provisioning models (e.g., configuration) or architecture
(e.g., transport vs. other types of security). More work needed...
The problem of low power is that one of the corollaries of Moore's law is
that the low performance device gets cheaper and is added to more things.
So the number of low performance devices goes up over time, not down.
Another constraint is the complete lack of user affordances. The best place
to put network control is in the LED light bulb. But that does not have any
buttons (and it is in the ceiling anyway).
We don't need to send many messages to such devices and we don't
necessarily need to send them over wireless. But we do need to make sure
that any messages we do send are not ambiguous. There is a home automation
standard called X10 that is complete rubbish because it allows anyone in
the same neighborhood to observe and send commands.
--
Website: http://hallambaker.com/