What are the threats?

The general threats to security are well known, but we reiterate them here because it is necessary to keep them in mind when proposing a security

• Confidentiality - Protection of information from disclosure to unauthorized entities
• Integrity - Prevention of unauthorized changes to information
• Availability - Ability to access a resource whenever needed
• Non-repudiation - Confidence that a message was sent by a certain party or device and not an impostor
• Authentication - Is the person (or device) who he (it) claims to be?
• Authorization - Is the subject allowed to access a particular object or to perform a particular operation?

Because SensorNet is a vital component of Homeland Security, it is necessary to implement a viable security solution that provides strong proof of identity and contains the encryption tools and information necessary to provide protection from most of these threats. SensorNet has decided to implement a Public/Private Key Certificate infrastructure. Initially this will be done via software, but soon will be converted to hardware-based tokens. This Public Key Infrastructure (PKI) has several advantages

• Flexibility - The security system should be able to protect all of our resources as well as implementing security policies that are more sophisticated than mere file-access restrictions
• Uniformity - The solutions should look the same (but may have differing properties) across SensorNet
• Collaboration - Things that encourage the collaboratory aspects of SensorNet should be encouraged.
• Conformance to standards - PKI is a mature tool set supported on all platforms in an interchangeable manner.