Refereed papers

Personal notes, even when shared with others, often contain highly sensitive information. From a security and privacy point of view, currently available (web) services that upload such personal notes to potentially untrusted third party servers are therefore problematic and we suggest to encrypt all notes before transferring them from the user's personal device. However, synchronization and sharing of encrypted data is a non-trivial issue, because conflict resolution and merging algorithms need to be applied to plain-text content. With Private Notes, we propose an architecture for client-side encryption, merge, and conflict handling of personal notes stored in XML format. We adopt the OpenPGP standard for symmetric and asymmetric encryption and WebDAV for synchronizing and sharing notes on arbitrary web servers. Specific implementations in the form of a plug-in for the Tomboy desktop note taking application and the Android and iOS mobile platforms demonstrate the ease of use of encrypted notes sharing.

Model-driven development (MDD) has seen wide application in research, but still has limitations in real world industrial projects. One project which applies such MDD principles is about developing the software of a feature phone. While advantages seem to outweigh any disadvantages in theory, several problems arise when applying the model-driven methodology in practice. Problems when adopting this approach are shown as well as a practical solution to utilize one of the main advantages of MDD-portability. Issues that originate from using a tool which supports a model-driven approach are presented. A conclusion sums up the personal experiences made when applying MDD in a real world project.

Exploits on mobile phones can be used for various reasons; a benign one may be to achieve system-level access on a device that was locked by the manufacturer or service provider (also known as `jailbreaking' or `rooting'), while potentially malicious reasons are manifold. Independently of the use case however, a specific exploit is not sufficient to achieve the desired access rights. Typically, exploits provide temporary privilege escalation immediately after their execution. To provide additional access to applications, permanent privilege escalation is required - in the benign case, including secure access control for the user to decide which (parts of) applications are granted elevated access. In this paper, we present a framework that can use arbitrary temporary exploits on Android devices to achieve permanent `root' capabilities for select (parts of) applications.

Spatial messaging is a direct extension to text and other multi-media messaging services that have become highly popular with the current pervasiveness of mobile communication. It offers benefits especially to mobile computing, providing localised and therefore potentially more appropriate delivery of nearly arbitrary content. Location is one of the most interesting attributes that can be added to messages in current applications, including gaming, social networking, or advertising services. However, location is also highly critical in terms of privacy. If a spatial messaging platform could collect the location traces of all its users, detailed profiling would be possible - and, considering commercial value of such profiles, likely. In this paper, we present Air-Writing, an approach to spatial messaging that fully preserves user privacy while offering global scalability, different client interface options, and flexibility in terms of application areas. We contribute both an architecture and a specific implementation of an attribute based messaging platform with special support for spatial messaging and rich clients for J2ME, Google Android, and Apple iPhone. The centralised client/server approach utilises groups for anonymous message retrieval and client caching and filtering as well as randomised queries for obscuring traces. An initial user study with 20 users shows that the overall concept is easily understandable and that it seems useful to end-users. An analysis of real-world and simulated location traces shows that user privacy can be ensured, but with a trade-off between privacy protection and consumed network resources.

The project SESAME utilizes smart metering, building automation and policy-based reasoning to support home owners and building managers in saving energy and in optimizing their energy costs while maintaining their preferred quality of living. In this paper, we present how user-created policies are being applied to develop a system of least interference that supports the user in gaining awareness about energy consumption habits and saving potentials. Proposed concepts are currently being implemented and validated in an extensible demonstrator platform which provides a proof-of-concept for an innovative technical solution.

Mobile devices, per definition, are supposed to assist in organizing all kinds of things, also tasks of course, because usually such devices are always at hands. But due to the very limited and time consuming possibilities to interact with such devices many fall back to other means to organize their life, like a simple pencil and paper. We developed a collaborative task repository that facilitates collaboration and teamwork, but on the other hand demands that all tasks have to be entered into that system. Therefore a smart and userfriendly interface to that repository is mandatory. This work presents concepts on how to improve the user interface of mobile devices so that capturing tasks on-the-go becomes feasible. We propose to move away from display driven user interfaces to more sophisticated interfaces that utilize all the sensors and actors of current mobile devices.

Secure device pairing is especially difficult for spontaneous interaction in ubiquitous computing environments because of wireless communication, lack of powerful user interfaces, and scalability issues. We demonstrate a method to address this problem for small, mobile devices that does not require explicit user interfaces like displays or key pads. By shaking devices together in one hand for a few seconds, they are securely paired. Device authentication happens implicitly as part of the pairing process without the need for explicit user interaction “just for security”. Our method has been implemented in two variants: first, for high-quality data collection using wired accelerometers; second, using built-in accelerometers in standard Nokia 5500 mobile phones.

Spontaneous interaction is a desirable characteristic associated with mobile and ubiquitous computing. The aim is to enable users to connect their personal devices with devices encountered in their environment in order to take advantage of interaction opportunities in accordance with their situation. However, it is difficult to secure spontaneous interaction as this requires authentication of the encountered device, in the absence of any prior knowledge of the device. In this paper we present a method for establishing and securing spontaneous interactions on the basis of spatial references that capture the spatial relationship of the involved devices. Spatial references are obtained by accurate sensing of relative device positions, presented to the user for initiation of interactions, and used in a peer authentication protocol that exploits a novel mechanism for message transfer over ultrasound to ensures spatial authenticity of the sender.

Secure communication over wireless channels necessitates authentication of communication partners to prevent man-in-the-middle attacks. For spontaneous interaction between independent, mobile devices, no a priori information is available for authentication purposes. However, traditional approaches based on manual password input or verification of key fingerprints do not scale to tens to hundreds of interactions a day, as envisioned by future ubiquitous computing environments. One possibility to solve this problem is authentication based on similar sensor data: when two (or multiple) devices are in the same situation, and thus experience the same sensor readings, this constitutes shared, (weakly) secret information. This paper introduces the Candidate Key Protocol (CKP) to interactively generate secret shared keys from similar sensor data streams. It is suitable for two-party and multi-party authentication, and supports opportunistic authentication.

Small, mobile devices without user interfaces, such as Bluetooth headsets, often need to communicate securely over wireless networks. Active attacks can only be prevented by authenticating wireless communication, which is problematic when devices do not have any a priori information about each other. We introduce a new method for device-to-device authentication by shaking devices together. This paper describes two protocols for combining cryptographic authentication techniques with known methods of accelerometer data analysis to the effect of generating authenticated, secret keys. The protocols differ in their design, one being more conservative from a security point of view, while the other allows more dynamic interactions. Three experiments are used to optimize and validate our proposed authentication method.

Securing wireless channels necessitates authenticating communication partners. For spontaneous interaction, authentication must be efficient and intuitive. One approach to create interaction and authentication methods that scale to using hundreds of services throughout the day is to rely on personal, trusted, mobile devices to interact with the environment. Authenticating the resulting device-to-device interactions requires an out-of-band channel that is verifiable by the user. We present a protocol for creating such an out-of-band channel with visible laser light that is secure against man-in-the-middle attacks even when the laser transmission is not confidential. A prototype implementation shows that an appropriate laser channel can be constructed with simple off-the-shelf components.

Most authentication protocols designed for ubiquitous computing environments try to solve the problem of intuitive, scalable, secure authentication of wireless communication. Due to the diversity of requirements, protocols tend to be implemented within specific research prototypes and can not be used easily in other applications. We propose to develop a common toolkit for ubiquitous device authentication to foster wide usability of research results. This paper outlines design goals and presents a first, freely available implementation.

Ultrasound has been proposed as out-of-band channel for authentication of peer devices in wireless ad hoc networks. Ultrasound can implicitly contribute to secure communication based on inherent limitations in signal propagation, and can additionally be used explicitly by peers to measure and verify their relative positions. In this paper we analyse potential attacks on an ultrasonic communication channel and peer-to-peer ultrasonic sensing, and investigate how potential attacks translate to application-level threats for peers seeking to establish a secure wireless link. Based on our analysis we propose a novel method for authentic communication of short messages over an ultrasonic channel.

Context awareness is one of the building blocks of many applications in pervasive computing. Recognizing the current context of a user or device, that is, the situation in which some action happens, often requires dealing with data from different sensors, and thus different domains. The Growing Neural Gas algorithm is a classification algorithm especially designed for un-supervised learning of unknown input distributions; a variation, the Lifelong Growing Neural Gas (LLGNG), is well suited for arbitrary long periods of learning, as its internal parameters are self-adaptive. These features are ideal for automatically classifying sensor data to recognize user or device context. However, as most classification algorithms, in its standard form it is only suitable for numerical input data. Many sensors which are available on current information appliances are nominal or ordinal in type, making their use difficult. Additionally, the automatically created clusters are usually too fine-grained to distinguish user-context on an application level. This paper presents general and heuristic extensions to the LLGNG classifier which allow its direct application for context recognition. On a real-world data set with two months of heterogeneous data from different sensors, the extended LLGNG classifier compares favorably to k-means and SOM classifiers.

Spontaneous interaction in ad-hoc networks is often desirable not only between users or devices in direct contact, but also with devices that are accessible only via a wireless network. Secure communication with such devices is difficult because of the required authentication, which is often either password- or certificate-based. An intuitive alternative is context-based authentication, where device authenticity is verified by shared context, and often by direct physical evidence. Devices that are physically separated can not experience the same context and can thus not benefit directly from context authentication. We introduce a context authentication proxy that is pre-authenticated with one of the devices and can authenticate with the other by shared context. This concept is applicable to a wide range of application scenarios, context sensing technologies, and trust models. We show its practicality in an implementation for setting up IPSec connections based on spatial reference. Our specific scenario is ad-hoc access of mobile devices to secure 802.11 WLANs using a PDA as authentication proxy.

Internet-Recht bewegt sich grundsätzlich an der Schnittstelle zwischen Gesetzgebung und Technik. Wie an vielen Schnittstellen gibt es auch hier Schwierigkeiten zu überwinden, und zwar nicht nur in der Findung gemeinsamer Ziele, Arbeitsgruppen und schlussendlich Lösungen, sondern vor allem im gegenseitigen Verständnis der den jeweils anderen Bereich betreffenden Probleme. Dieser Beitrag soll die technischen Hintergründe einiger aktueller Themen an dieser Schnittstelle allgemein verständlich näher bringen. Die Auswahl an Themen, welche aus technischer Sicht einer Klärung durch die Gesetzgebung bedürfen bzw. derer, die durch neue Gesetze die Entwicklung neuer technischer Systeme erfordern, ist derzeit kaum mehr überschaubar und wächst weiter. Daher erfolgt in diesem Beitrag eine Konzentration auf die technischen Grundlagen für viele dieser Themen sowie auf eine kleine Auswahl von Themen, die von allgemeinem, auch öffentlichem bzw. gesellschaftlichem Interesse sind. Konkret werden die folgenden Themen angesprochen: Grundlagen der Kryptographie, Sichere Signatur, Digitales Rechte Management (DRM) und Peer-to-Peer Systeme. Diese Themen stellen eine subjektive Auswahl dar, sollten jedoch die derzeit am stärksten – auch durch die Tagespresse – diskutierten Gebiete abdecken. Der Beitrag ist auf Leser ohne technisches Detailwissen ausgerichtet, Erfahrung im Um- gang mit Computersystemen, also zum Beispiel mit Webbrowsern und Emailprogrammen, wird jedoch angenommen.

Abstract The design principles of pervasive computing software architectures are widely driven by the need for opportunistic interaction among distributed, mobile and heterogeneous entities in the absence of global knowledge and naming conventions. Peer-to-Peer (P2P) frameworks have evolved, abstracting the access to shared, while distributed information. To bridge the architectural gap between P2P applications and P2P frameworks we propose patterns as an organizational schema for P2P based software systems. Our Peer-it hardware platform is used to demonstrate an application in the domain of flexible manufacturing systems.

This paper presents the topic of context prediction as one possibility to exploit context histories. It lists some expected benefits of context prediction for certain application areas and discusses the associated issues in terms of accuracy, fault tolerance, unobtrusive operation, user acceptance, problem complexity and privacy. After identifying the challenges in context prediction, a first approach is summarized briefly. This approach, when applied to recorded context histories, builds upon three steps of a previously introduced software architecture: feature extraction, classification and prediction. Open issues remain in the areas of prediction accuracy, dealing with limited resources, sharing of context information and user studies.

So genannte “kontextsensitive Systeme” haben zum Ziel, die eingesetzten Computersysteme automatisch an die aktuellen Situationen anzupassen und damit bessere Interaktion mit der Umgebung zu ermöglichen. Diese Arbeit befasst sich mit dem nächsten logischen Schritt nach der Erkennung des jeweils aktuellen Kontextes, nämlich der Vorhersage zukünftiger Kontexte. Zu diesem Zweck wurde eine mehrschrittige Software-Architektur entwickelt, welche aus den Daten mehrerer einfacher Sensoren die aktuellen und zukünftig erwarteten Kontexte gewinnt. Die entwickelte Architektur wurde bereits in Form eines flexiblen Software-Frameworks umgesetzt und mit aufgezeichneten Daten aus alltäglichen Situationen evaluiert. Diese Betrachtung zeigt, dass die Vorhersage abstrakter Kontexte in Grenzen bereits möglich ist, jedoch noch Raum für Verbesserungen der Vorhersagequalität in zukünftigen Arbeiten offen bleibt.

Smart space and smart appliances, i.e. wirelessly ad-hoc networked, mobile, autonomous special purpose computing devices, providing largely invisible support and context-aware services have started to populate the real world and our daily lives. In such a world, where literally everything is connected to everything with invisible, wireless data links, we need new styles on how humans and things can interact. We have proposed a “spontaneous interaction” thought model, in which things start to interact once they reach physical proximity to each other: Explained using the metaphor of an “aura”, which like a subtle invisible emanation or exhalation radiates from the center of an object into its surrounding, a “digital aura” is built on technologies like Bluetooth radio, RFID or IrDA together with an XML based profile description, such that if an object detects the proximity (e.g. radio signal strength) of another object, it starts exchanging and comparing profile data, and, upon sufficient “similarity” of the two profiles, starts to interact with that object. A “digital aura” depending on the implementation technology, is dense in the center of the object, and thins out towards its surrounding until it is no longer sensible by others. Profiles described as semi-structured data and attached to the object, can be matched by a structural and semantic analysis. Peer-to-peer concepts can then be used to implement applications on top of the digital aura model for spontaneous interaction.

Today's information appliances are usually very powerful, featuring local storage and processing power, communication technology and supporting many different applications. They are either mobile, like laptop computers, handheld devices, mobile phones or wearables, or fixed, like TV set-top boxes, home entertainment centers or even whole rooms equipped with various interacting devices; but most of them have various hardware components that can be used as sensors for querying the environment. By exploiting these sensors, it is possible to make devices context aware and thus adaptive to the current user's situation. This paper presents the basic structure of a framework which eases the implementation of context aware applications by providing the current and future, predicted context.

Many of the currently available sensors do not provide simple, numerical values but more complex data like a list of other devices in range. Although these sensors can, in the general case, not be transformed to numerical values, they nonetheless provide valuable information about the device or user context. For exploiting all available context information, it is thus important to also regard ordinal and nominal sensor values. In this paper, we propose to jointly develop a meta data format for the evaluation and assessment of context recognition and prediction methods.

For a qualitative and quantitative assessment of context prediction and recognition methods, real-world data sets are inevitable. By collecting sensor data on a single notebook over a period of a few months we got a rather large log file of homogeneous and heterogeneous features reflecting the users activities during this time frame. In this paper we present which devices were exploited as sensors, which information was logged and how this information was stored for further processing by classification algorithms.

Mobile Peer-to-Peer (P2P) computing applications involve collections of heterogeneous and resource-limited devices (such as PDAs or embedded sensor-actuator systems), typically operated in ad-hoc completely decentralized networks and without requiring dedicated infrastructure support. Short-range wireless communication technologies together with P2P networking capabilities on mobile devices are responsible for a proliferation of such applications, yet these applications are often complex and monolithic in nature due to the lack of lightweight component/container support in these resource-constrained devices. In this paper we describe our lightweight software component model P2Pcomp that addresses the development needs for mobile P2P applications. An abstract, flexible, and high-level communication mechanism among components is developed via a ports concept, supporting protocol independence, location independence, and (a)synchronous invocations; dependencies are not hard-coded in the components, but can be defined at deployment or runtime, providing late-binding and dynamic rerouteability capabilities. Peers can elect to provide services as well as consume them, services can migrate between containers, and services are ranked to support Quality-of-Service choices. Our lightweight container realization leverages the OSGi platform and can utilize various P2P communication mechanisms such as JXTA. A “smart space” application scenario demonstrates how P2Pcomp supports flexible and highly tailorable mobile P2P applications.

Context awareness is currently being investigated for applications in different areas, including Mobile Computing. Many mobile devices are already shipped with support for Bluetooth and Wireless LAN, making these technologies commonly available. It is thus possible to exploit the wireless interfaces as sensors for deriving information about the device/user context. However, extracting features from typical Bluetooth or Wireless LAN properties is difficult because not only numerical, but also non-numerical features like the list of MAC addresses in range are important for context awareness. In this paper, we introduce a method to automatically classify these highly heterogeneous features with supervised or un-supervised classification methods. By defining two operators, a distance metric and an adaption operator, any feature can be used as input for the classifier and can thus contribute to context detection.

Current mobile devices like mobile phones or personal digital assistants have become more and more powerful; they already offer features that only few users are able to exploit to their whole extent. With a number of upcoming mobile multimedia applications, ease of use becomes one of the most important aspects. One way to improve usability is to make devices aware of the user's context, allowing them to adapt to the user instead of forcing the user to adapt to the device. Our work is taking this approach one step further by not only reacting to the current context, but also predicting future context, hence making the devices proactive. Mobile devices are generally suited well for this task because they are typically close to the user even when not actively in use. This allows such devices to monitor the user context and act accordingly, like automatically muting ring or signal tones when the user is in a meeting or selecting audio, video or text communication depending on the user's current occupation. This paper presents an architecture that allows mobile devices to continuously recognize current and anticipate future user context. The major challenges are that context recognition and prediction should be embedded in mobile devices with limited resources, that learning and adaption should happen on-line without explicit training phases and that user intervention should be kept to a minimum with non-obtrusive user interaction. To accomplish this, the presented architecture consists of four major parts: feature extraction, classification, labeling and prediction. The available sensors provide a multi-dimensional, highly heterogeneous input vector as input to the classification step, realized by data clustering. Labeling associates recognized context classes with meaningful names specified by the user, and prediction allows to forecast future user context for proactive behavior.

Security and privacy in mobile ad-hoc peer-to-peer environments are hard to attain, especially when working with passive objects without own processing power. We introduce a method for integrating such objects into a peer-to-peer environment without infrastructure components while providing a high level of privacy and security for peers interacting with objects. The integration is done by equipping passive objects with public keys, which can be used by peers to validate proxies acting on behalf of the objects. To overcome the problem of limited storage capacity on small embedded objects, ECC keys are used.

This paper presents a new model for simulating Spiking Neural Networks using discrete event simulation which might possibly offer advantages concerning simulation speed and scalability. Spiking Neural Networks are considered as a new computation paradigm, representing an enhancement of Artificial Neural Networks by offering more flexibility and degree of freedom for modeling computational elements. Although this type of Neural Networks is rather new and there is not very much known about its features, it is clearly more powerful than its predecessor, being able to simulate Artificial Neural Networks in real time but also offering new computational elements that were not available previously. Unfortunately, the simulation of Spiking Neural Networks currently involves the use of continuous simulation techniques which do not scale easily to large networks with many neurons. Within the scope of the present paper, we discuss a new model for Spiking Neural Networks, which allows the use of discrete event simulation techniques, possibly offering enormous advantages in terms of simulation flexibility and scalability without restricting the qualitative computational power.