Key establishment in constrained devices - review
=================================================


1. Rating
   Rate the paper in the following categories (For each category,
   choose a one numeric rating)
 
  Technical quality

    5: Contents are completely correct. There are no errors.
 
  Originality

    5: New results of publishable quality and good analysis of current state
 
  Editorial quality

    4: Mostly understandable, some improvements identified below

  Overall grade (overall, how do you rate this paper?)

    5: Excellent

  Confidence (how confident are you about this review?)

    2: I have some general knowledge of this subject



2. Detailed comments

  2a. Technical quality

      The paper discusses how resource and hardware constrained devices, 
      such as sensors, can gain security associations. First, the paper 
      presents overview on limitations of these devices, particularly 
      consentrating on computing, memory and communication costs. Then, 
      the paper presents state-of-art research ideas for enabling communication 
      between each device in the sensor network. Finally, the paper contributes 
      with novel ideas. In time-domain amplification, devices are associated 
      by keeping them physically close for a some period of time. In fixed-device 
      amplification, secrecy amplification idea by  Anderson et al. is modified to
      utilize characteristics of mobile domain. In environment monitoring, devices 
      can be associated when they detect an environment change (a situation which 
      occurs when some devices disappear and new have become visible).

      In short, the strenght of the paper is that it provides quite good and novel ideas.
    
      {Point out any errors, and suggest how they can be corrected.}

      - A small detail in section 3: For me stating that a shared key is inadequate
        solution seems to be a quite strong statement. With some threat models and 
        use cases (e.g. small amount of sensors in protected environment such as 
        home) a shared key might be good enough solution.
     
      {Point out any new ideas in the paper that can be improved or further
       developed. Suggest how.}

     - Environment monitoring model mentions advertising (i.e. passive listening)
       as a way to monitor environment. Could also service discovery (i.e. actively
       searching new nodes) be also used?

     - How about monitoring other contextual information. For instance, location data from
       satellites or communication network might be used when associating mobile users
       devices (if we assume that an attacker cannot follow the user). Also, if e.g. home 
       can be considered to be trustworthy area, we could associte everything, which we 
       can determine to be inside home.


  2b. Originality

      The paper claims new ideas, which are clear improvements to current knowledge
      on key establishment in constrained devices. I have not heard any similar ideas
      before.
  
      State of the art survey seems to be correctly focused. Though, I'm not 
      convinced that it is extensive and covers all relevant AKE issues related to 
      constrained devices / sensors. 


  2c. Editorial quality

      The paper (particularly contributed novel ideas) is a bit difficult to
      understand. Hence, the paper could still benefit from some editing. 

     - Novel ideas are the most important contribution of a scientific paper. 
       Abstract states that some new ideas are presented but does not describe 
       them. Would it be possible to give some overview  on what kind of ideas
       will be presented? 

     - More detailed discussion how mechanisms are used and where they are needed 
       (use cases) might make paper more easy to understand.

        - Could you explain why do each sensor need to communicate securely and 
          directly with evary other sensor in the network. 
          Section 3 leaves this unclear for the reader. I would
          argue that in most cases sensors need to communicate only with one 
          centralized node (sensors are often used only to collect information, 
          which more advanced machine then analyses and utilizes).
        [- Use of central node might be one way to provide secure communication between
          every node in the network. (If we assume that there is such a advanced machine, 
          which could store keys of every sensor and act as a router between sensors.)]

     - More detailed discussion how these schemes could be attacked against might provide 
       an alternative view point and, consequently, more depth, credibility and
       understandability to the paper.

     - In the environment monitoring idea (Section 6), I did not understand 
       how the illustrated message change prevents attacker from making 
       fake advertisements or from sending fake replies if advertised addresses 
       are tested.

     - The text could refer to the figures (and explain them).