kwc.org Photos Spare Cycles MythBusters

Paper: Home Network Security

Home Network Security [html]
Carl M. Ellison Corporate Technology Group, Intel Corporation

This is the worst paper I've read on home networking. It is so far removed from any proper understanding of the home user that it saddens me that this is the basis of Universal Plug-n-Play Security. This is clearly people who design solutions for the corporate space trying to design for a space they've never worked in before.

Some of the bad highlights:

1) Paper basically adapts all the concepts of security in the workplace and maps them directly onto home life. In the workplace you at least get training on how to use all the backwards security measures that get used, and even there (where they're required) people often find them too cumbersome to maintain.

2) It assumes that people who can't even program VCRs can run a "Security Console" with "Access Control Lists" and properly compare SHA-1 hashes.

3) It implies that making a SHA-1 hash look like a product registration ID is user-friendly.

4) It shoves the security in the user's face

5) Has a crude overview of definitions of "home" yet never discusses how their obtuse technology solves any of the needs they present

6) While it provides a large enough set of primitives to work with, it doesn't provide a clue as to how any of the technology could be implemented usably. Does a user have to edit an ACL to share a photo with someone? Worse, does the user have to walk over to the security console to edit this ACL?

7) The security console definition mimicks the corporate world. As defined, there is only one security console, and it defines the ACL for all devices that it owns. Granted, I'm sure that this definition will eventually be reworked to be less centralized in nature, but as is it stinks.

Post a comment


related entries.

what is this?

This page contains a single entry from kwc blog posted on May 16, 2003 4:38 PM.

The previous post was Go Spurs!.

The next post is Paper: Using Memory Errors to Attack a Virtual Machine.

Current entries can be found on the main page.