Security parallels between people and pervasive devices

Unique and challenging security problems arise due to the scarcity of computational, storage, and power resources in the low-cost pervasive computing environment. Particularly relevant examples of resource-constrained systems are low-cost radio frequency identification (RFID) systems. Surprisingly, the computational abilities of low-cost pervasive devices like RFID tags are similar to another pervasive, weak computing "device": people. Neither low-cost pervasive devices nor people can efficiently perform public-key or even symmetric cryptographic operations. Neither can store long random strings nor devote too much time or energy to security protocols. Both may need to authenticate themselves over a public channel to an untrusted terminal, without any outside help or external devices. Because of these similarities, pervasive security may benefit by adapting techniques from human-computer security, or vice versa. This article treats RFID tags as a model for other low-cost pervasive devices, and describes some of their practical constraints. Several parallels between the pervasive and human-computer security settings are discussed. Finally, this article highlights one particular human-computer authentication protocol, due to Hopper and Blum, that is immediately adaptable to low-cost RFID. Borrowing techniques from Hopper and Blum, or other human-computer protocols could lead to practical pervasive security protocols.