30 years of Computer Security Research Swept under the Rug

I was in a meeting discussing minimal security for a home network application. The question on the table was whether the family users need or want separate identities when interacting with network devices.

Thinking about it, it seems like taking the computer security model (e.g. you log onto to your work station) and apply it to generic devices that are on the network seems silly. For example, do you log into the refrigerator or the toilet if it happens to be networked (a.k.a. living in Hong Kong)? This seems stupid but these devices monitor the user’s health. How can they do that without the current user being identified?

From 30 years of computer security research and even more of non-computer security work, identity is required for security. But I think this identity is really only a tag for a set of privileges and does not necessarily need to be a single individual. I do think that for security of large group of people you need to identify each person (or more accurately each login should be given to only one person) but I believe for most families this is not necessary in general and in general identity is more a feature enabler (i.e. your toilet tracking your individual hydration and telling you to drink more water) than a set of privileges. The set privileges (e.g. watching a rated R movie) can be accessed by people who prove they are in the adult group by knowing the adult password.

To that end here is patent that seems to use the remote control to identify the TV viewer: link

Leave a Reply

Your email address will not be published. Required fields are marked *