John Lyle is a post-doctoral research assistant at The Department of Computer Science, University of Oxford. His interests are in information security and privacy, in particular the use of secure hardware to create trusted systems. He recently submitted his DPhil thesis on the subject of Trustworthy Web Services and holds an MEng in Computing from Imperial College London. John works full-time on the webinos project and is primarily involved with the security and privacy architecture.

Can you provide an introduction to webinos security features?

The webinos platform is aiming to create a seamless experience for users of web applications. A big part of this is sharing device resources (e.g. photos, location data, profile information) between applications, as well as between different people. The security framework aims to make this as secure and privacy-preserving as possible through controlling which applications and people are allowed to access these resources.

There are several parts of the security framework. The main component is the access control policy system. This allows users to set policies dictating which applications may access each API and resource. This is present on every webinos-enabled device. Users will be given the option to allow or deny an application access to a resource when it is first used, and then revisit this decision later. Another important part is the identification of users and their devices: the security framework needs to know who is trying to access your personal zone resources and from which device, in order to stop unintentionally disclosing private information. In addition, the project will support signed widgets – applications which have a signature maintaining their integrity and authenticity. This prevents a third party from modifying an otherwise trustworthy application.

These components (plus a few more) will help users make decisions about which applications to use and trust, as well as keeping personal information under control.

What is new? What does webinos security functionality add which does not exist in the current ecosystem?

There are several new approaches and design principles we’ve been applying which we hope will make a big difference to web application security.

Firstly, the concept of a Personal Zone supports data privacy by keeping as much information within the control of the end users. Because applications will have reliable, synchronised local data storage, there will be no need to store personal information on public web servers. This helps a well-intentioned web developer obey the privacy requirements of end users.

Secondly, we’re following a number of new design approaches from recently published academic research. We have a set of _attacker personas_ based on data about real hackers. These help us make reasonable assumptions about the attacks that the webinos platform may face and what we should do about it.

Thirdly, we are progressing from the current state-of-the-art in access control policies, as currently seen on web browsers and mobile operating systems. We support both up-front decisions (Android-style permission requests at install time) as well as retrospective decisions (“I no longer trust Application FooBar with my location data”). These access control decisions can also be synchronised between all devices in the personal zone, saving the user from ticking the same boxes on each device.

There are also a number of other interesting security mechanisms we’re working on.  Secure data storage is obviously and important one, as well as more experimental research into platform integrity assessment, use of secure elements and trusted execution.

What work are you personally doing on webinos security and what is interesting about it?

Right now I’m working on the authentication system. Our aim is to establish strong user and device identities, without introducing new usernames or passwords, and with the minimum of overhead to users. We’re doing this by supporting OpenID identities. Users will be able to reuse their Facebook or Google login credentials in webinos. We’re adding further public key cryptography to identify the machines themselves, so we have two ways of making sure only you can access your personal data. This has the potential to be both secure and easy to use.

For developers reading this, what suggestions would you make for working with webinos and security in general?

The webinos platform will hopefully protect end users from some of the more dangerous aspects of the web.  However, it certainly wont be a silver bullet, and applications themselves will have a big role to play.

Developers should know that there is an enormous amount of good work being done on web application security and some great resources elsewhere. In particular:

• The OWASP project provides tutorials and resources for understanding web application security and avoiding the top threats.  If you want to check your application for XSS, CSRF and other content injection attacks, they have some great tools available.
• The recent book “The Tangled Web: A Guide to Securing Modern Web Applications” by Michal Zalewski is a fantastic read.  It contains a huge amount of information about browser security in an easy to read format.
• nodejs, which we’re using to build webinos, has some interesting modules available for security.  SandBox, for example -http://gf3.github.com/sandbox/ and Passport - http://passportjs.org/
• The W3C are looking at web application privacy best practices.  Their current working draft contains some useful ideas and links for getting started: http://www.w3.org/TR/app-privacy-bp/

You expect websites to remember your log in, so what if every car you stepped into could read your mind, completely personalizing any car you drive? Tapping into the information you’ve stored in the cloud, a “digital handshake” would transport your personal preferences to every car you drive.

He went on further to say that:  “Imagine you drive a Mondeo in Barcelona, and you pick up a hire car in London. When you step into that car, it would know all your preferences including the way you drive and temperature you prefer.

This vision may be not so far away as we first think. The webinos project is working to make it into a reality.

In a recent demo of in vehicle APIs demonstrated by webinos –  Simon Isenberg of webinos/BWW provided some specifics on how this would work using a web based architecture.

The vehicle can be a valuable provider of data. This data source can enable us to build a complete new breed of distributed Web applications and take the Web to a new level. Despite all the new possibilities, we have to take the specific challenges of software development in the automotive domain into account. A vehicle differs from the ‘Smart phone’ in the level of complexity.  Today’s cars feature up to 80 electronic control units (ECUs), which are interconnected using different bus technologies for the respective tasks inside a vehicle.

The following diagram illustrates the different bus systems inside the vehicle. In the end, all busses are connected to each other using a central gateway. At the central gateway messages which are used car-wide are converted and routed into another bus.

If we want to provide access to the vehicle, we have to interface directly with the different buses, which raises security risks. Depending on the integration level we have to obey certain norms and laws (cf., IEC 61508, Automotive Security Levels (ASIL)).  Thus, infotainment applications should not  interfere with safety critical functions inside the vehicle.

With respect to webinos, a good entry point into the vehicle system is the in-car headunit. The headunit hosts the navigation system as well as portable media integration and connects to the CD-Player, built-in GSM modem, the rear-seat entertainment system or the user’s cell phone. So, it is to some extent  sandboxed from the highly safety-critical systems inside the vehicle like airbag ECUs or an active breaking system. But there are still soft-real time messages used in the headunit. For instance, the data from the parking distance sensors are routed into the headunit to illustrate the distance to sensed objects on the central display. To ensure that a webinos application does not interfere with other vehicle components, webinos controls access to vehicle busses via the webinos API and provide safe read access to vehicle data. To this end the webinos API is – at least for now – limited to data available in the headunit, which is able to ensure the required safety properties.

In the first release of the webinos platform the Vehicle API has a strong focus on providing read access to vehicle data and methods for interacting with the on-board navigation system. The vehicle API is designed to be in line with current W3C specifications and is based on an event model.

The Vehicle API provides read access to the following:

-        Static vehicle data (make, model, fuel type, transmission type)

-        Distance sensor data

-        Trip computer data (average speed, consumption, mileage, range)

-        Climate data (air conditioning and vents)

-        Control data (wipers and  lights status)

-        Gear data

-        Navigation data (destination reached, guidance cancelled)

So, the webinos APIs provide an avenue (or at least a starting point) to fulfill the vision of the ‘Digital handshake’ as articulated by Bill Ford.

But how far is this future according to the auto makers?

Bill Ford Junior sees an incremental timescale: “In the near term, existing vehicle tech will continue to improve; for example maps will provide better driver information; mobile communications and driver interfaces will become more intuitive with alerts to traffic jams and accidents.”

Again this is consistent with the webinos vision and APIs

On the first day of the Mobile World Congress, we saw an announcement from the GSMA re mobile app privacy. GSMA Announces New Initiative Addressing Mobile App Privacy. Mobile operators in Europe, including Deutsche Telekom, France Telecom – Orange, Telecom Italia, Telefónica, Telekom Austria Group, Telenor Group, TeliaSonera and Vodafone, are now starting to implement these guidelines for their own operator-branded mobile applications.  The GSMA guidelines are HERE

This is a commendable effort and should be supported.

In a significant related development, the Wall Street Journal has an insightful article about how marketers are tracking smartphone users through apps, games and other software. In What They Know – Mobile, the WSJ says that

Some apps collect information including location, unique serial-number-like identifiers for the phone, and personal details such as age and sex. Apps routinely send the information to marketing companies that use it to compile dossiers on phone users.

WSJ then analyses the data collected and shared by 101 popular apps on iPhone and Android phones and presents it in an interactive database.

Thus, privacy guidelines are needed. Indeed more so when the ecosystems of the Web (Google, Facebook etc) push privacy boundaries analogous to shifting tectonic plates and interact with the ecosystems of Telecoms networks(which are conservative with respect to privacy).

While these two domains were distinct at one point, today they are hard to distinguish in an app driven ecosystem. Thus, while the GSMA approach is ideal for ‘operator branded mobile applications’, there is a wider on-going discussion for privacy of web apps.  Webinos is working towards that goal. The webinos policy architecture identifies the following threats and controls

Requirements

The webinos requirements including Device Permissions  go even further by enabling the protection of privacy of each user in line with the EU privacy directives. Ultimately, privacy may well evolve to the The right to be forgotten: treating the cause, not the symptoms .

So, while the current initiatives are interesting, they could be just the starting point of a more complex discussion on privacy especially as the ecosystems of the Web and the Telecoms interact through web apps.

Image Courtesy: NASA / Goddard Space Flight Center

The webinos demo shows how with any three webinos enabled devices; TV, Phone, PC, you can remotely control your media in a way that lets you chose which device you want to use to control or use your media.

This demo shows how we can use our phones as a window into a world of media from connected devices and printed objects, making a seamless link between the media stored on one device and our desire to share and consume that media on another device in a secure way with control resting firmly with the user and using open source web technology designed by webinos.

Using web based applications, open source technology and non-proprietary devices the user can experience safe, secure and frictionless sharing of media between friends using the best device for the job.

Download Demo flyer here

WebGL basically makes it possible to extend the capability of the JavaScript programming language to allow it to generate interactive 3D graphics within the web browser. This for example makes it possible to create games with a nice graphic experience using web technologies only. The Air Hockey demo showcases the flexibility with which a game can be delivered to the user.

The Air Hockey demo shows how a game could either be packaged as a webinos widget and run on a mobile device or a webinos enabled device being used as a controller for games running on other devices such as set top boxes.

The Hockey game is installed as a widget and runs on a mobile device which supports Web GL such as the Sony Xperia, it runs entirely within a browser such as Android Mobile or Chrome desktop.
The webinos service discovery API and event API provides the possibility to use one device as a remote controller, e.g. “game pad”, for a web application running on another device. This means that an Android phone running a simple webinos touchpad widget could be used to control the game running on a PC, TV or STB.

Demo uses following Open Source projects:

three.js WebGL engine – https://github.com/mrdoob/three.js/
Box2D-js physics engine – http://box2d-js.sourceforge.net/

3D Art by Roshan Poojari – http://roshan-poojari.blogspot.in/

More information: http://rinesh.in/?p=47

Download the Demo flyer here

Imagine if, when you get home, you can fire up your PC and remotely access all your contacts from your phone and tweet the exact screen shot of the TV you are watching. You can now tweet what you can see, hear and experience to all your friends, sharing your experiences and accessing data from all your personal technology devices, whether they are located around you, or left in the office.

Webinos code running on TV, Phone and PC enables information to be tweeted in a combined way, bringing you closer to people who aren’t sat with you. You can link all the information from the set top box into your tweet making the content of your tweets richer, with compelling imagery taken from your TV.

Webinos is about device sharing bringing TV, Phone and PC together, with data accessible from each device in a secure way. It’s about sharing your personal information and experience in a secure way between your own devices, and your friends.

Download the flyer here

Do you know how active you are throughout the day? Do you know how your heart rate is behaving? Would you like your doctor or personal trainer to be able to track your fitness and health in real time with just your phone and a simple heart rate monitor?

The webinos enabled heart rate demo shows how you can download a webinos application on a Smartphone and by wearing a heart rate monitor you can track your health throughout your day. You can then choose to share this data with any people you select – webinos gives you the ability to control your own privacy profile and to allow only those people you wish to be monitoring your behavior.

The webinos Heart rate demo shows one simple example of how the webinos technology and APIs can allow the user to extract data from many different types of sensor devices, such as motion sensors, remotely; in this case the sensor being a heart rate monitor.

This demo shows how webinos can allow a doctor to remotely check on patients’ pulse rates and analyse the data history, or allow a personal trainer to monitor the calories burned all through a remote mobile device.
By using Java Script APIs and Web technologies such as HTML5, and CSS, the webinos demo shows that you can achieve secure, real time, sharing of vital information using the webinos open source platform.

Download the Demo flyer here

Imagine going shopping with just your mobile phone, you browse the aisles, swiping products with your webinos enabled phone. You can chose to have them delivered, see information on the ingredients, get recipes or simply add them to your basket. As you go to leave the shop you swipe your phone on the NFC checkout icon, a payment screen loads on your phone, allowing you to chose your preferred payment method and confirm your purchase. If you’ve purchased items to be delivered your phone prompts you to agree to the transmission of your address for deliver, or if you’ve purchased age restricted items to pass on your age.

webinos provides support for electronic payment in a way that is agnostic as to the underlying payment system. The app indicates that it wants payment, but the user determines which payment solution to use to fulfil that intent. In the real world, stores recognize that consumers want a choice in how they pay for goods and services. Webinos supports that choice in a secure way. The demo shows the user being asked for a PIN to authenticate him/her as the legitimate owner of the phone. If you mislay your phone other people can’t use it to purchase goods.

The PIN dialog is provided by webinos not the web application. It includes an anti-phishing feature. Users can set a graphic and a text phrase as part of their webinos zone preferences. These are shown to the user by webinos as a proof that the dialog is generated by webinos and not an evil or corrupted website seeking to steal your PIN.

The use of NFC technology means more than just the convenience of “jedi wave” to purchase bulky goods. Near Field Communication, is a type of smart tag that is gaining traction in the retail industry, and with webinos enabled devices there is now the potential for an ecosystem of apps to develop around the shopping experience. Webinos defines APIs for web page scripts to read NFC tags, and to share specific information via NFC. We anticipate apps being provided by the stores, and by third parties for a value added experience.

Download the Demo flyer here

Smart television sets are getting more and more popular and aim to provide a central point for home media and all kinds of Internet services. Even if all new enabled services and features are in place and work fine separately from each other a proper interconnection between them is still missing. For example, watching a movie and being able surf the Web to gather additional information about the main actor using the television at the same time is nice. But there should be more than just the option to do things on one device that are already possible on disparate devices. Looking further at the usage of distributed services in applications across different devices and different device types, the situation gets even fuzzier. From a developer perspective if you don’t want to utilize proprietary or single platform solutions you probably will look into standards based Web technologies. Web applications are already benefiting from the broad range of new APIs emerging around the HTML5 specification process. Even if effort in the TV domain with focus on fusion of Web and TV is ongoing here, the coverage in terms of APIs is still very low. webinos has made a start on filling this gap and introduces the TV module API.

The video above shows the TV Module API demo. Martin Lasak, a research fellow from Fraunhofer FOKUS, duides you through the specifications and functionality of the API. You can now browse through channel lists; filter channels and enjoy cross-platform flexibility through Set-up box, mobile phone and TV. The video uses advanced Non-linear video technology and allows you to browse through the video content and click on links that forward you to further information about the technology.

A proof of concept demo for mobile payments using near field communications (NFC) will be shown during the 2012 Mobile World Congress in Barcelona. The webinos project has defined a preliminary payment API along with bindings to the GSMA OneAPI payment interface, and we look forward to following up with work on open standards.

User story

Imagine you are in a store with your webinos enabled phone. You swipe products to get further information and to add them to your shopping basket.

If you have food allergies, you would be able to instantly check if the item is safe for you to eat. You might also be able to get further information on where the item was produced, and suggestions for cooking recipes, along with help on purchasing related ingredients.

You have a real shopping basket or trolley to put the item in. When you leave the store you pass through the self-service checkout. A screen built into the checkout shows the items you are buying. If there are items such as alcohol or tobacco, you would need to show you are an adult by tapping on your phone, to signal your assent to passing this information to the checkout.

Larger or heavier items would be recorded for delivery to your home, and at checkout time, you would have to tap on your phone to signal your assent to providing your address and phone number to the store.

You will be able to install third party apps that track your purchases, e.g. as an aid to healthy living and managing your home finances. Businessmen will be able to seamlessly track their expenses during trips.

What is the role of webinos?

Webinos defines APIs for web page scripts to read NFC tags, and to share specific information via NFC. We anticipate apps being provided by the stores, and by third parties for a value added experience.

Webinos further provides support for electronic payment, in a way that is agnostic as to the underlying payment system. The app indicates that it wants payment, but the user determines which payment solution to use to fulfil that intent. In the real world, stores recognize that consumers want a choice in how they pay for goods and services. Webinos supports that choice.

The demo shows the user being asked for a PIN to authenticate him/her as the legitimate owner of the phone. If you mislay your phone other people can’t use it to purchase goods.

The PIN dialog is provided by webinos not the web application. It includes an anti-phishing feature. Users can set a graphic and a text phrase as part of their webinos zone preferences. These are shown to the user by webinos as a proof that the dialog is generated by webinos and not an evil or corrupted website seeking to steal your PIN.

Webinos levels the playing field to enable a rich ecosystem with all kinds of value added services based around web technologies.

Why is NFC valuable for stores?

It allows stores to offer users further information on products along with value-added services (e.g. personalized coupons, and loyalty programs) as a means to encourage further sales. It makes it easier and cheaper to carry out stock checks, and to assess which products are nearing their sell by date. It reduces staffing costs through self-service checkouts. However, what is missing from current industry initiatives is a means to enable third parties to add value though additional services. For food products, this could include recipes, information on ingredients and the farms and regions the food was produced in.

Summary

There are quite a few current initiatives on mobile wallets, and the question is how can we provide a higher level API that is agnostic with respect to the underlying payment solution, yet supports the third party value added services ecosystem. In the absence of open standards, we are likely to see only weak services for proprietary solutions, e.g. coupons and basic loyalty schemes. The webinos project is actively exploring the opportunities and will feed our results into the open standards process.