Add New Page: You are not allowed to add pages Select section/namespace. New page title.


Users by Trust Level

Trust level - Trust level represents the access rights that the application will grant to external entities. This allows us to define the access rights or privileges required at each entry point, and those required to interact with each asset.

**small business owner (wisp)**

This user is both a *Node Administrator* and a *Dashboard* Administrator. As such, they have full control over the networks routing, complete access to every node, and full access to the content of any data sent over the network unencrypted as well as *all* header information.

**Community steward (network maintainer/ administrator)**

This user acts as a *Node Administrator* for a subset of nodes on the network. This user may also act as a *Dashboard* Administrator in order to ensure the health of the network and apply remote changes en-mass to the network. In a situation where this user exists there are usually multiple groups of these users who work together to maintain the total network.

**Service Creator**

This user is a *Client* who may be announcing their service from a node's announcement service, or be running their own serval daemon in order to maintain a constant key for encryption and authentication of their services data.

**Local Client**

This is a *Client* who used the network to access local services.

**Last Mile Client**

This is a *Client* who used the network to access services over the mesh and through a gateway to the internet. Once a user leaves the network all security built into the network is shed and traffic is passed as it is elsewhere on the open internet.

**Infrastructural Activist**

This user uses and acts as a *Node* to create pop-up ad-hoc infrastructure. This infrastructure can host services locally or be used to provide infrastructure to p2p applications run by clients.

**Community Anchors**

This *Deployer/Anchor* are schools, libraries, medical and healthcare providers, community colleges and other institutions of higher education, and other community support organizations and entities to facilitate greater use of broadband service by or through those organizations that host a commotion node. These actors usually are supported by community stewards who actually manage and maintain commotion equipment

**Node Hosts**

Node hosts are individuals who act as *Deployer/Anchor*'s by deploying Commotion hardware on their home or business. They can also act as their own *Node Administrator* or rely on a *Community Anchor* for that support.

Users based upon privacy needs


  • small business owner (wisp)
  • paid local admin (network maintainer/ installer / administrator)

Key Considerations:

Accountability: Service providers need to be able to identify sources of malware/spam attacks, and users who are hogging a wildly disproportionate amount of bandwidth.

Authenticity: Service providers may need to be able to verify that users are who they claim to be, whether for the purpose of billing, maintaining accountability, or ensuring that rouge actors aren't getting onto the network by stealing valid users' identities.

Community Technologist

  • Content Creator
  • Tool Builder
  • Tech Trainer

Non Technical End User

  • Digital Content Consumer
    • Last Mile

Key Considerations:

Availability: Non-technical users may generally expect their devices to “just work”, and may develop habits and practices that are predicated on having immediate, unfailing access to network connectivity. Thus, network failures may have a more severely negative effect on these users than on others, for these users may be less likely to have contingency plans in place to deal with such failures.

Integrity: End Users of all kinds need to know that their traffic has not been modified

  • Digital Content Creator
  • Journalist
  • Activist
  • Historian
  • Blogger
  • Educator
  • Sensor Warden (a person who sets up a sensor)

Community Anchors

  • Use to provide services
  • Provide support as a service

Individuals with Commotion equipment on their building

  • Non-users that may be impacted

Example User For Brainstorm


Most Important Properties:

Unlinkability: A Journalist's responsibility to a source should extend to the network itself. If the network can be used to prove that a link exists between the two parties communicating then a journalist cannot safely use the network to communicate with sources.

Authenticity: A journalist needs to be able to ensure that the data they receive from a source is not counterfeited by another party. If this is not ensured the journalist will be unable to report based upon their existing network of trust.

Unobservability: Anonymous tips and leaks to a journalist demand that the transfer of data is unobservable so that they can ensure their anonymity is maintained and their connection to the data is obscured.

Integrity: If messages can be modified in transit a journalist will not be able to determine if otherwise messages have been manipulated (this is a component of authenticity.)

Security Requirements


Confidentiality refers to preventing the disclosure of information to unauthorized individuals or systems. For example, a credit card transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and from the merchant to a transaction processing network. The system attempts to enforce confidentiality by encrypting the card number during transmission, by limiting the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by restricting access to the places where it is stored. If an unauthorized party obtains the card number in any way, a breach of confidentiality has occurred. Confidentiality is necessary for maintaining the privacy of the people whose personal information a system holds.


In information security, data integrity means maintaining and assuring the accuracy and consistency of data over its entire life-cycle.[6] This means that data cannot be modified in an unauthorized or undetected manner. Integrity is violated when a message is actively modified in transit. Information security systems typically provide message integrity in addition to data confidentiality.


For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, system upgrades and in spite of malicious acts and environmental mishaps.


In computing, e-Business, and information security, it is necessary to ensure that the data, transactions, communications or documents (electronic or physical) are genuine. It is also important for authenticity to validate that both parties involved are who they claim to be. Some information security systems incorporate authentication features such as “digital signatures”, which give evidence that the message data is genuine and was sent by someone possessing the proper signing key.

  • Commotion will do this through the Serval Key Management System


In any real system there are many reasons why actual operation will not always reflect the intentions of the owners: people make mistakes, the system has errors, the system is vulnerable to certain attacks, the broad policy was not translated correctly into detailed specifications, the owners change their minds, etc. When things go wrong, it is necessary to know what has happened: who has had access to information and resources and what actions have been taken. This information is the basis for assessing damage, recovering lost information, evaluating vulnerabilities, and taking compensating actions outside the system such as civil suits or criminal prosecution.


In law, non-repudiation implies one's intention to fulfill their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction.

*Identity management*

Identity management means managing various partial identities (usually denoted by pseudonyms) of an individual person, i.e., administration of identity attributes including the development and choice of the partial identity and pseudonym to be (re-)used in a specific context or role.


Anonymity of a subject from an attacker’s perspective means that the attacker cannot sufficiently identify the subject within a set of subjects, the anonymity set


Unlinkability of two or more items of interest (IOIs, e.g., subjects, messages, actions,…) from an attacker’s perspective means that within the system (comprising these and possibly other items), the attacker cannot sufficiently distinguish whether these IOIs are related or not


Undetectability of an item of interest (IOI) from an attacker’s perspective means that the attacker cannot sufficiently distinguish whether it exists or not


Unobservability of an item of interest (IOI) means

  • undetectability of the IOI against all subjects uninvolved in it and
  • anonymity of the subject(s) involved in the IOI even against the other subject(s) involved in that IOI

Attacker's perspective


Identifiability of a subject from an attacker’s perspective means that the attacker can sufficiently identify the subject within a set of subjects, the identifiability set


Linkability of two or more items of interest (IOIs, e.g., subjects, messages, actions, …) from an attacker’s perspective means that within the system (comprising these and possibly other items), the attacker can sufficiently distinguish whether these IOIs are related or not


Detectability of an item of interest (IOI) from an attacker’s perspective means that the attacker can sufficiently distinguish whether it exists or not.

Ref: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management – A Consolidated Proposal for Terminology (Pfitzmann & Hansen) link: http://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.31.pdf Ref: http://research.microsoft.com/en-us/um/people/blampson/43-ComputersAtRisk/WebPage.html