1 Department of Applied Mathematics and Computer Science, Technical University of Denmark2 Embedded Systems Engineering, Department of Applied Mathematics and Computer Science, Technical University of Denmark3 Copenhagen Center for Health Technology, Center, Technical University of Denmark
Within the last five to ten years we have experienced an incredible growth of ubiquitous technologies which has allowed for improvements in several areas, including energy distribution and management, health care services, border surveillance, secure monitoring and management of buildings, localisation services and many others. These technologies can be classified under the name of ubiquitous systems. The term Ubiquitous System dates back to 1991 when Mark Weiser at Xerox PARC Lab first referred to it in writing. He envisioned a future where computing technologies would have been melted in with our everyday life. This future is visible to everyone nowadays: terms like smartphone, cloud, sensor, network etc. are widely known and used in our everyday life. But what about the security of such systems. Ubiquitous computing devices can be limited in terms of energy, computing power and memory. The implementation of cryptographic mechanisms that comes from classical communication systems could be too heavy for the resources of such devices, thus forcing the use of lighter security measures if any at all. The same goes for the implementation of security protocols. The protocols employed in classical communication systems were not designed for the ubiquitous environment, hence their security has to be proven again, leading to the definition of new protocols designed specifically to address new vulnerabilities introduced by the ubiquitous nature of the system. Throughout the network security community this problem has been investigated for some time now and this has resulted in some lightweight cryptographic standards and protocols, as well as tools that make it possible for security properties of communication protocols which are typical of ubiquitous systems. However the abilities of the ubiquitous attacker remain somehow undened and still under extensive investigation. This Thesis explores the nature of the ubiquitous attacker with a focus on how she interacts with the physical world and it denes a model that captures the abilities of the attacker. Furthermore a quantitative implementation of the model is presented. This can be used by a security analyst as a supporting tool to analyse the security of an ubiquitous system and identify its weak parts. Most importantly this work is also useful for system designers, who wish to implement an eective secure solution while developing their system.