Anda di halaman 1dari 6

IEEE International Conference on Wireless & Mobile Computing, Networking & Communication

Towards an Understanding of
Security Concerns within Communities
Sara Bury, Johnathan Ishmael, Nicholas J.P. Race, Paul Smith, and Mark Rouncefield
Computing Department, InfoLab21
Lancaster University,
Lancaster, UK
{sara.bury, ishmael, race, p.smith},

AbstractThis paper documents some of the socio-technical community setting, using a WMN as a technological back-
issues involved in developing security measures for a community drop, will clearly be useful for future ubiquitous computing
environment, looking at the users of a wireless mesh network environments that have a community aspect [10].
deployed within a rural village in north west England. We
adopt an interdisciplinary methodological approach in eliciting By emphasising the socio-technical we suggest that security
requirements, to analyse the success of treating a community as provision extends beyond a narrow technical emphasis to
an organisation and implementing an approach, an OCTAVE include the perceptions, knowledge and fears of users. This
method; in its original form designed to uncover security elements information may well impact on the success or failure of
for businesses. Using a focus group technique we chart some of security policies and the eventual use and usefulness of the
the assets and security concerns of the community members,
leading to a greater understanding of peoples perceptions of network, especially in the community environment. However,
security, both personally and within the community, and the role getting some analytical purchase on exactly how a community
of security in their regular computer usage. feels about security, what their fears and (mis)perceptions
might be, and translating them into security policies and
I. I NTRODUCTION protocols is far from easy, and perhaps relies on skills and
practices not obviously associated with security experts or
Wireless Mesh Networks or WMNs [14] are being increas- even computer scientists.
ingly used to provide affordable network connectivity to com- Apart from several papers by Dourish et al. [7], [6] that
munities where wired deployment strategies are impossible or attempt to introduce a social perspective as a contrast to
unreasonably expensive for example, in rural areas. Such purely technical understandings of security we have seen little
communities rely on WMNs to bridge what is sometimes research that has concerned itself with some of the impor-
referred to as the digital divide, the separation between tant socio-technical issues involved in determining security
those with high quality Internet access and those without, requirements in community settings. It is in this sense that
and they are proving to be particularly valuable to individuals, this research requires some interdisciplinary sensitivities, not
community activities and local businesses [4]. least in a concern with exactly how certain basic questions
Unfortunately, computer networks are frequently being ex- might be posed to users: what are users afraid of?, what do
ploited by attackers, which can affect their utility for legitimate they value thats worth protecting?, how much do they want
use, especially in the more unusual networking scenarios to be involved?, how automated do they want the process to
presented in community WMNs. In response to the general be? etc., and what weight we need to attach to their answers.
threat a number of counter measures have been developed, in- As Agre (1999) [1] argues; The design of community
cluding intrusion prevention systems such as network firewalls, networks can support positive values in this complicated
and intrusion detection systems that aim to detect anomalous world, but only so long as the designers understand what
behaviour caused by attacks. To what extent these approaches they are getting into. We would like to have some greater
can be directly applied in a community WMN context is not awareness of exactly what kind of security issues we are
clear for a number of socio-technical reasons. As such, we getting into. What we are aiming at is then an awareness of
are investigating suitable security mechanisms that can be and sensitivity towards a range of user concerns that may in
employed in a community WMN context. turn impinge on and inform approaches to the security of the
This paper is concerned with documenting and under- network. Like Dourish et al. [7], [6] then, we also stress the
standing some of the socio-technical issues involved with ways in which security issues and perceptions are inevitably
developing security measures for WMNs that are deployed in embedded in complex social and cultural contexts. The par-
and as part of a community network. These communities may ticular context we wish to explicate is that of communal life.
have very different approaches to network management and In the context of a community we are interested initially
operation when compared to the understood norm in computer in teasing out, in explicating, peoples particular ideas and
network security, alongside the obvious technical complica- concerns about security - together with a method to accomplish
tions. Progress toward understanding security concerns in a this - alongside understanding the various complex technical

978-0-7695-3393-3/08 $25.00 2008 IEEE 478

DOI 10.1109/WiMob.2008.90
challenges before commencing the extremely difficult task in affordances and dynamics is, in this case, shaped by a
of somehow meshing these very different aspects together: concern for security. As Mynatt [9] notes, the essential features
developing a technology that is sensitive to user concerns and of community are to do with boundaries, relationships and
a user community sensitive to the requirements and limitations change values and emphases that correspond fairly well
of the technology. with a range of security concerns. For example, the boundaries
In this project, we deliberately adopt an interdisciplinary of community are not just spatial but also relational, social,
approach, and this paper presents our efforts to understand technological, institutional etc.. Indeed, fundamental to this
whether the formalisation of an OCTAVE [2] style process, notion of community is the notion of place that Harrison
a user-driven and asset-centric process, to identify an ap- and Dourish (1996) [8] define as a space which is invested
propriate security strategy in a community WMN is both with understandings of behavioural appropriateness, cultural
possible and useful. We present results from a focus group expectations, and so forth. This therefore incorporates some
held with members of a community that use a shared WMN notion of membership, (and of awareness of membership)
infrastructure. The aim of the focus group was to elicit the of inclusion and exclusion. In a similar fashion community
security concerns of the villagers and extrapolate assets that is based on meaningful and multi-layered relationships that
need to be protected as part of a security strategy. We found are significant and persistent for members. These relations
the focus group enlightening, and discovered that conventional become a mutual source of orientation and definition of ap-
sociological interests in community (such as belonging) are propriate and inappropriate behaviours and values. In this way
reflected in the assets and concerns that were elicited. the community establishes expectations and responsibilities.
This will include notions of reciprocity and commitment as
II. WMN IN THE C OMMUNITY: C OMMUNITIES , well as shared values and practices; values and practices that
T ECHNOLOGY AND D ESIGN may well include adhering to a range of security protocols and
The WMN, and the community, we are interested in is Wray, practices.
a small, relatively remote village in the north of Lancashire,
where the community felt strongly that the lack of broadband III. M ETHODOLOGICAL I SSUES IN U NDERSTANDING
availability (a consequence of their remoteness) in their village S ECURITY
was jeopardising local businesses, education and impacting on While it seems essential that measures are taken to deter-
other aspects of community life. It has a population of less than mine the most probable and damaging attacks for a particular
500 and has a single post office and general store, two pubs, network, determining exactly how to proceed appropriately
a cafe, a parish church, a school, a village hall and a single in a community, as opposed to a more understood business,
main street. context is complex. One approach to this involves identifying
In early 2004, a Lancaster University-led project into wire- the most vulnerable assets associated with an organisation
less mesh networking provided the community with access to (those that, if exploited, would have the highest impact,
broadband. In collaboration with members of the community, and also those that have the highest probability of being
the University built a wireless mesh network within the village attacked) and the vulnerabilities associated with them. Within
to investigate the resilience and capabilities of the technology, business settings there exists the Operationally Critical Threat,
offering Internet access to residents in their homes and at pub- Asset and Vulnerability Evaluation (OCTAVE) method [2] to
lic locations in the local area. For our purposes, it appeared a determine an enterprises critical assets1 and the technical
thriving, interesting and (for research) convenient community. vulnerabilities associated with them.
The WMN is deployed in Wray as a community network. The motivation for adopting an OCTAVE-like approach in
Undoubtedly the word community is a feelgood word, for a community context, and therefore considering a community
as Bauman [5] argues: It feels good: whatever the word as a form of organisation, is compelling. The method defines
community may mean, it is good to have a community, a set of principles; for example, the process of determining a
to be in a community. However, it is evidently the case that security strategy should be led by the organisation itself an
social, economic and technological changes have altered the attractive proposition in our context because of the probable
nature, importance and influence of community [12], [13], lack of funding for expensive security consultancy. Assets
so exactly what the expectations are for a community network form the basis on which a security strategy is developed
is open to some debate. given the largely non-technical user-base in Wray, who
Technology allows for the use and maintenance of any may have an idea of what they want to protect, but not
dispersed social network, so community may have little to do how to achieve it, defining assets is an approachable starting
with the individuals geographical location, but become instead point that could be built upon by more a more technically
an achieved social construct of mutual ties, orientations and aware subset of the community. A process like OCTAVE
obligations. But technology alone has no obvious relationship brings to the fore security trade-offs, which will have an
with any sense of community and can evidently either rein- important role in forming a security strategy in this context
force or fragment community and community life, depending
on the interaction between technologies (and their affordances) 1 Assets in an enterprise setting could include employees email or a
and particular communities (and their dynamics). Our interest customer database.

consider the how do I want to be involved? question. tity, reputation or safety may also manifest themselves very
However, determining how best a community could go about differently, and have different priorities within a community
this process, potentially by itself, raises a number of important setting. For example, while businesses and communities share
and interesting methodological issues. much the same legal framework, their orientation to issues of
The original OCTAVE method is intended for use in large privacy, e-mail privacy for example, may, for very good and
corporate, military, and governmental organisations. Based compelling legal reasons, be entirely differently.
upon the OCTAVE principles further methods can be de- There are also a range of difficult practical organisational
veloped for use in different contexts. One such method is issues to be faced, determining exactly the who, how, where
OCTAVE-S [3], specifically created for use in businesses with and when to hold the kind of meeting required by an OCTAVE-
less than 100 employees. The process is carried out by much like approach to security. For example, can a group of three
smaller groups of people, knowledgeable about the network to five people sufficiently know the usage and organisation of
they are assessing. Meetings are held to create asset-based a network to carry out the process on behalf of everyone else?
threat profiles, which involves identifying what exists on the Probably not, we think.
network that is valuable, and ranking their value according Nevertheless, as part of a methodologically eclectic project
to perceived necessity and importance. The second step is to we are currently investigating ways that an activity such as
identify vulnerabilities in the networking infrastructure that OCTAVE could be carried out in the context of the Wray
could affect the assets that have been identified as most critical. village network, using, as an initial approach, the mechanism
The last step is to take the information from steps one and two of focus groups in order to identify the assets and current
and identify specific risks that combine the vulnerabilities and security practices of the villagers. In this fashion, we hoped
assets, and from that develop security strategies to mitigate to test the applicability and the boundaries of the OCTAVE
potential problems. approach and perhaps identify areas for further development
But can a process such as OCTAVE-S be easily transposed or supplementation in this particular setting. We aimed then to
to a community WMN context? In what ways, and to what investigate the use of the core OCTAVE ideas and the available
extent, is a community like a business or an organisation? prior knowledge in this area, but extending it to apply in a
Or a business like a community? Understanding some of the community environment, hopefully empowering community
relevant differences and similarities between a business and a users to ensure the security of their own networks.
community forms part of the bedrock of modern sociological
analysis as reflected in Tonnies seminal work on Gemeinschaft IV. I MPLEMENTING AN OCTAVE M ETHOD A PPROACH TO
and Gesellschaft [11]. The detail of this debate need not C OMMUNITY S ECURITY
concern us: basically a business is an organisation that is We embarked on an OCTAVE-S like approach by setting up
planned, rational and purposeful in pursuit of a restricted range a focus group meeting in the village cafe. The focus group was
of goals associated with the development, production and sale facilitated by members of the project team and a number of
of a particular product or service. villagers, with a variety of interests, experience and expertise
A community is an organisation or group of some kind that (from business users of the WMN to those who only used it
shares, to a greater or lesser extent, particular values, resources for leisure or family purposes), were invited to come along and
and beliefs. Our interest and our analysis is concerned with discuss their use of the WMN and any security concerns they
whether subtle differences in motivation, expectation and might have. In this fashion, we hoped to obtain some specific
involvement come to be reflected in security concerns in empirical data on WMN users concerns about security issues
ideas about assets that need to be protected or threats that such as identity theft, privacy, and so on, reflecting peoples
might be identified, or resources that might be deployed. While actual, as opposed to imagined, security worries.
assets such as those in an enterprise setting obviously exist, In a wide-ranging discussion various issues were raised. As
the set of assets to protect in a community WMN context part of an attempt to begin the process of identifying assets,
may be quite different; as will be the resources that might be the session began with some general questions about security,
called upon. However there is no overwhelming theoretical or safety and storage.
methodological reason why a community cannot be treated
like an organisation and there are obvious advantages of Focus Group Extract 1 (simplified abbreviated transcript)
comprehensiveness and generalisability to be gained from P (project team) . . . what sort of things do you have stored
adopting a structured approach like OCTAVE, particularly on your computers?. . . This is potentially private, so dont
when combined with other qualitative approaches to security think were forcing you to tell us. Who are you comfortable
requirements, since their combination precisely permits us to sharing those things with? Are you particularly concerned
explore some of the subtleties of determining security issues. about keeping any of those things safe?
Obviously certain aspects, relevant to security like a con- V1 (villager) Personal, family photos saved, no negatives
cern with boundaries, relationships and change are common any more etc., work stuff invoices, time sheets, tax, data
to both communities and businesses, even if the motivations files. . . things that are critical to keep.
behind them, the contrasting motivations of profit and sociality, P If someone got them who wasnt supposed to have them
may be very different. Other assets, such as privacy, trust, iden- would that cause a problem?

V1 Would be bad, could be terrible for the company. Like worries. . . when using your computer on the Internet?
when building a new rig, industrial espionage. . . I dont have V8 I worry about identity, what youve done on
these printed out so much, use Linux, I go away a lot so I keep the network, or how people can pretend youve done
a regular back up at my brothers [house], if someone stole things. . . something maybe youve never done, or the worst
the laptop there would be a second copy somewhere else. thing youve done. . . maybe if I dislike you I could make stuff
V2 Billions of photographs, backed up onto a portable up and tell people bad things about you.
hard-disk. Village Website, also on the community laptop, V3 kids do this on Bebo! pretend to be other people. . .
and also on the desktop and the portable storage. Backs V9 . . . I work with people who are scared of their teenage
up to Gmail, lots of accounts. . . always have access to them children on chatrooms. They get worried. In their rooms with
somewhere else, then. Bank details held in the Web interface, their mates fiddling about. . .
books for the business held. Wouldnt like people going to look P You have kids who use the computer, do you have
at my computer, but nothing especially to hide. Anyone I know concerns?
can look. More bothered about phishing emails, can see lots V7 They are pretty sensible, MSN requires them to accept
of people being taken in. . . thinking about protecting unwary people they know. They talk to their friends, dont talk to
people. random people. Theyre not using social networking sites, only
V3 Personal computer doesnt have much on Id be communicating with people they know.
worried about others seeing. Keep the village details, backs V3 Social networking, friends of friends are the is-
up every 3 months or so. . . There are issues with people sue. . . two clicks and its nasty.
having financial business accounts which cant be shown prior V8 Friends Reunited, someone made a site about someone
to trading, cant release the information before a certain else, a silly one, people thought it was true. How do they
time. . . Dont store passwords on the machine. Do Internet authenticate a person as themselves?
banking, want that to be safe. V2 Someone in the village made a Bebo page. . . posted
V4 Ran a business, closed down a few years ago, still pictures of herself on the Internet. Linked to that are pictures
receiving information. . . correspondence, personal stuff, but of V3s children.
not confidential. . . I dont want to lose my photos, but arent
Finally, there was also some unprompted discussion on the
of much interest to other people.
specific security of the WMN:
V5 Photos saved. . . correspondence is kept. Thats about
all. Im worried about phishing, how do they get your address? Focus Group Extract 3 (simplified abbreviated transcript)
One of them the Web browser said it was a phishing attack, P . . . interested to know if there are concerns that are mesh
the other didnt. specific?
V3 You shouldnt click!. . . they can install spyware on your V7 If I were using a wired network, would I be more
computer by visiting the page. secure? What access does the university have to see the data
V2 If you hover over the link in the email you can see being transferred? These are the questions that occur to me. I
where the link is taking you. dont worry about people accessing my computer specifically,
V6 Photographs, and emails, but only pictures Id be sad have a wireless network in my house controlled by MAC
to lose. I dont do anything to keep them safe, my son put address.
some on a CD, but Im bad about that. P At the moment youre not sure if youre better off on
V7 I have no work stuff on my personal computer, only on the wired network or mesh network?
laptop thats backed up at work. . . at a personal level, dont V7 Yes.
keep passwords saved. . . Take backups, put photos on DVD V2 Same as this person who thinks its not as secure.
every month. . . you cant lose memories, I wouldnt want to V3 It probably isnt as secure as wired, but not as insecure
throw them away, but losing a few photos, Im not worried as the messages in [Microsoft] Windows unsecured network
about. connection would imply.
V8 Same as V7, Ive worked in a business, seen people V2 Is it any less safe using the Uni[versity]? Normal ISPs
cry when their data has been lost and not backed up. I put still have to record information.
stuff on a CD, I use the mother in-laws house as an external V8 Always make sure you understand anyone could be
backup place. Purely because if you have something stolen, watching your network traffic. . . Mesh network is wireless, if
its important to keep photos safe, and other things. . . its all you buy a cable from BT, that goes through to their network.
about risk, what you conceive the risk to the data to be. they own and manage it. If you connect to Wray you wont
specifically know you are connecting to Wray. . . in the same
The discussion then began to focus on more specific con-
way as making a connection to a BT exchange.
cerns about safety and about the possible malicious use of the
V3 If you run a home network without restrictions, you
network either by those in the village or outsiders:
have the same problems, your network could spill out into
Focus Group Extract 2 (simplified abbreviated transcript) other houses.
P what are your concerns, safety concerns on the network? V8 No disrespect, but someone could have your MAC
People are worried about losing things, do you have any other address in seconds. . .

These three short extracts give some flavour of precisely deployment and appreciation of social scientific methodologies
how in the course of the focus group session a range of fears and analytic frameworks.
and vulnerabilities (real or imagined) were identified. These In this fashion, traditional approaches to design that focus
included; mesh infrastructure spoofing; specific targeting of in- only on the relative importance of particular functionalities
formation stored, for reasons of industrial espionage; phishing and their relative cost can be supplemented, supported or
emails and how to deal with them; breaking hard-drive data challenged by reference to user concerns and interests. So,
encryption; identity theft, or knowledge about usage; lack of for example, initially, and perhaps unsurprisingly, we focused
security stopping people gaining direct access to the WMN; on identity theft as an assumed focus of concern for residents
fear of downloading something and not realising or knowing within Wray, but found their concerns to be more nuanced,
what its doing. They also illustrate the interesting interplay with people being more concerned with their reputation
between a purely technical view of security and a socio- (within the community), and the reputation of their children,
technical view where a users interests, fears and concerns, and the family as a whole.
including their misunderstandings and misconceptions, are In a similar fashion we quickly realised the importance of
identified and then taken account of in the design process. providing some form of explanation of security in the WMN
The focus group also enabled us to begin the OCTAVE-style since it is evident that people in the village are not completely
process of identifying assets, including: aware of the organisation and security of the Wray network
stored photographs and work documents; as it currently stands. There is a general lack of understanding
unfettered use of the home computer; regarding precisely how secure the network is (or isnt). In
personal information stored on the computer; such a setting any improvements to security need to be
privacy of browsing habits etc.; carefully introduced and explained if they are going to be
personal identity and reputation protection from theft appreciated. A number of people in the focus group requested
and damage or unauthorised use; a Q&A or FAQ sheet to outline and explain basic security
children and the protection of children from various information, whilst others mentioned the need for some form
forms of exploitation or abuse; of security education over the WMN, either to help allay
safety and security of the less computer literate members peoples fears or to raise awareness of security issues.
of the community; Finally, the focus group suggested ways in which a number
and access to the Internet with a high quality connection of group concerns could be addressed by introducing security
that allows remote access, teleconferencing and Skype. measures on the Wray network through; increased security
for identifying the Wray infrastructure to the clients; in-
What is interesting from an interdisciplinary view is the way
creased security for authenticating clients on the network; and
in which conventional sociological interests in community are
IDS or anomaly detection systems identifying when peoples
also reflected in these readily identified security concerns and
computers are behaving in a suspicious manner and may be
assets. One obvious example is the worry about membership
(who belongs); since recognisable members and membership
As a way of identifying applicable security measures that
categories, allied with recognisable boundaries can be utilised
address the concerns of the users attending the focus group,
as initial filters for suspicion and trust.
following an OCTAVE-like process has, to this point, been
Similarly, the allied concern with identity and representation
a success. What is not clear is how representative these
over the WMN; how people can represent themselves and
concerns are of the community as a whole. To get some
manage their identities as a means for ensuring both the
indication of this, we propose to summarise and present back
security of their identity and their trusted interactions with
to the wider community, using an on-line forum, for example,
others; and managing spatial relations in order to integrate the
the identified security concerns, and solicit comments a
real and the virtual also reflect common sociological tropes.
departure from the OCTAVE-S process. We currently have
These involve having ideas about exactly where people, who
little understanding of the answers to the how much do they
are interacting via the WMN, might be in time and space
want to be involved? and how automated do we want the
as part of the common grounds for shared expectations and
process to be? questions. (Although current practices indicate
comprehension of behaviour.
likely answers to these questions.) Answers to these questions
Finally, an expressed desire for a security-related FAQ sheet will significantly influence the specific security mechanisms
clearly points to ongoing aspects of community development we could deploy in the community. A way of addressing
and history, that the community should be able to reflect and this problem could be to present a range of (technological)
learn from experience, to develop robust sociality. solutions to the concerns highlighted, and try to determine how
palatable, in relation to the questions, the community finds
This research is at an early stage but what clearly emerges We are not the first (nor likely the last) to try and understand
from the work so far is the importance of an interdisciplinary the social and cultural aspects of security. Our approach
approach to the topic of security, since getting a useful differs from previous attempts (Dourish et al. [7], [6]) in
understanding of user fears and expectations requires the that our emphasis is on community life, practices, values

and associated issues of boundaries relationships and change [3] C. Alberts, A. Dorofee, J. Steven, and C. Woody. Introduction to the
that may be different from those found either individually or OCTAVE Approach. pages 1517.
[4] L. Annison. JFDI Community Broadband: Wennington. Digital Dales
in workplace settings. Our interests therefore extend beyond Ltd, November 2006.
detailing existing individual security practices, those that peo- [5] Z. Bauman. Community: seeking safety in an insecure world. Polity
ple are likely to implement, to uncovering aspects of social, Press, London, 2000.
[6] P. Dourish and K. Anderson. Collective Information Practice: Exploring
communal life that people think are worth keeping secured. We Privacy and Security as Social and Cultural Phenomena. Human
also attempt to apply and develop a structured methodological Computer Interaction, 21:319342, 2006.
approach to understanding community security requirements, [7] P. Dourish, E. Grinter, J. Delgado de la Flor, and M. Jospeh. Security in
the wild: User strategies for managing security as an everyday, practical
to documenting communal sets of values and practices held problem. Personal and Ubiquitous Computing, 8(6):1930, 2004.
in common, the very things, some might say, that security [8] S. Harrison and P. Dourish. Re-place-ing space: the roles of place and
policies and protocols are designed to defend. space in collaborative systems. In CSCW96, pages 6776, 1996.
[9] E. Mynatt, V. ODay, A. Adler, and M. Ito. Network Communities:
ACKNOWLEDGEMENTS Something Old, Something New, Something Borrowed... Computer
Supported Cooperative Work, 7(12):123156, January 1998.
Paul Smiths research is supported by Telekom Austria AG. [10] N. Taylor, K. Cheverst, D. Fitton, N. Race, M. Rouncefield, and
The authors are grateful to the members of the Wray village C. Graham. Probing communities: Study of a village photo display.
In OzCHI 2007, pages 1724, 2007.
community that took part in the focus group that contributed [11] F. Tonnies. Community & Society: Gemeinschaft and Gesellschaft.
to this research. Transaction Publishers, Edison, NJ, 1988.
[12] B. Wellman. Sociology for the 21st Century: Continuities and Cutting
R EFERENCES Edges, chapter From Little Boxes to Loosely-Bounded Networks: The
Privatization and Domestication of Community. University of Chicago
[1] P. Agre. Rethinking networks and communities in a wired society. In Press, Chicago, IL, 1999.
American Society for Information Science, Pasadena, May 1999. [13] B. Wellman, A.Q. Haase, J. Witte, and K. Hampton. Does the Internet
[2] C. Alberts, S. Behrens, R. Pethia, and W. Wilson. Operationally Critical Increase, Decrease, or Supplement Social Capital? Social Networks,
Threat, Asset, and Vulnerability Evaluation Framework, version 1.0. Participation, and Community Commitment. American Behavioral
Technical Report CMU/SEI-99-TR-017, Carnegie Mellon University, Scientist, 45(3):435455, 2001.
June 1999. [14] Y. Zhang, J. Luo, and H. Lu, editors. Wireless Mesh Networking
Architecture, Protocols and Standards. Auerbach Publications, 2007.