Presentation is loading. Please wait.

Presentation is loading. Please wait.

How much Security for Switching a Light Bulb – The SOA Way Sebastian Unger, Stefan Pfeiffer, Dirk Timmermann University of Rostock, Germany Institute of.

Published byMarsha Sutton Modified over 9 years ago

Similar presentations

Presentation on theme: "How much Security for Switching a Light Bulb – The SOA Way Sebastian Unger, Stefan Pfeiffer, Dirk Timmermann University of Rostock, Germany Institute of."— Presentation transcript:

1 How much Security for Switching a Light Bulb – The SOA Way Sebastian Unger, Stefan Pfeiffer, Dirk Timmermann University of Rostock, Germany Institute of Applied Microelectronics and Computer Engineering

2 Motivation 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de2 Q: What will you get from this presentation (or from reading the paper)?

3 Motivation 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de3

4 Motivation Q: What will you get from this presentation (or from reading the paper)? A: Introduction to problems with security for distributed embedded devices 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de4

5 Agenda Introductive scenario and derived key features State of the art and problem statements Outlook Conclusion 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de5

6 Scenario: Light Bulbs – The classical approach light bulbs switches 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de6

7 Scenario: Security Key Features 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de7

8 Scenario: Security Key Features Authenticity 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de8

9 Scenario: Security Key Features Authenticity Integrity 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de9

10 Scenario: Security Key Features Authenticity Integrity Confidentiality 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de10

11 Scenario: Security Key Features Authenticity Integrity Confidentiality Authorization 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de11

12 Scenario: Security Key Features Authenticity Integrity Confidentiality Authorization 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de12

13 Scenario: Light Bulbs – The IoT approach light bulbs switches SOA engine digitalSTROM- module SOA engine PLC- module Internet / LAN SOA engine smart- phone SOA engine PC SOA engine IoT wall- switch ZigBEE digitalSTROM IEEE 802.15.4 PLC WiFi Ethernet 6LoWPAN- module SOA engine 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de13

14 Scenario: Security Key Features IoT 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de14

15 Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de15

16 Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de16

17 Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network Let participants gather security information about each other 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de17

18 Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network Let participants gather security information about each other Plus: all this across different trust domains 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de18

19 Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network Let participants gather security information about each other Plus: all this across different trust domains 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de19

20 Problem Statement Development of (new) security concepts is cumbersome and expensive Technology designers tend to fall back on existing security techniques (even, if they are not ideal) 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de20

21 Terminology What are those techniques and why are the not ideal? 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de21

22 MAC Layer Security subnet Same key for everyone - or - Different key for everyone MAC Layer Security ≙ router 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de22

23 IP Sec Transport Mode Tunnel Mode subnet routernodeIPSec Gateway IPSec is complex! Vendor AVendor B 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de23

24 Transport Layer Security (TLS aka. SSL) TLS PHY MAC Internet Transport Application TCP! 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de24

25 Conclusion Network Stack Security Existing basic security mechanisms not ideal for embedded devices Solve single aspects only and are not suitable for embedded devices  Security should be covered on application layer 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de25

26 Cooltown[1] Amigo[2] Hydra/ Linksmart[3] PEIS[4] SM4ALL[5] ubiSOAP (PLASTIC)[6] PECES[7] MundoCore[9] GREEN[8] Gaia[10] MobiPADS[11] iCOCOA[12] PACE[13] Cooltown[1] PEIS[4] SM4ALL[5] MundoCore[9] GREEN[8] MobiPADS[11] iCOCOA[12] PACE[13] 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de26 Application Layer Security: Academic Reserach Projects

27 Conclusion Application Layer Security 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de27 Security often not considered at all If considered, then… … employed technologies not suitable for embedded devices … only single issues solved  No interoperability between approaches

28 Web Services WS-Security Suite Do not reinvent the wheel Instead: Find existing solution from different domain isolate core concepts develop methodology to transport core concepts to domain of embedded devices 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de28 Outlook: Future Work

29 Web ServicesDevices Profile for WS-Security Suite Devices Profile for Do not reinvent the wheel 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de29 Outlook: Future Work

30 Communication technology for distributed systems Base technology (Web Services) already adapted to embedded devices (DPWS) WS Security suite offers all requested core features (message and connection level security, trust and authorization brokering, …) Abstract Web Services to create security concept for any service- oriented communication technology Open technology fosters interoperability 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de30 Future Work in Detail

31 Although often employed, existing basic technologies (IPSec, TLS, …) not ideal Many approaches on application layer security exist but they often solve single aspects only are not interoperable  Future WS Compact Security has the potential to form a basis for an interoperable security concept for distributed embedded devices (disregarding the base technology) 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de31 Conclusion

32 Bibliography (1) [1] Barton, John; Kindberg, Tim: The Cooltown User Experience / Hewlett Packard Laboratories Palo Alto. 2001. Technical Report [2] IST Amigo Project: Ambient Intelligence for the networked home environment (Project Description). September 2004 [3] Eisenhauer, M.; Rosengren, P.; Antolin, P.: A Development Platform for Integrating Wireless Devices and Sensors into Ambient Intelligence Systems. SECON Workshops 2009 [4] Saffiotti, A. et al.: The PEIS-Ecology Project: vision and results. In: IEEE/RSJ Int. Conf. on Intelligent Robots and Systems (IROS). 2008 [5] Baldoni, R.: An Embedded Middleware Platform for Pervasive and Immersive Environments for-All. SECON Workshops 2009 [6] PLASTIC Consortium: A B3G Service Platform: The IST PLASTIC Projects. Technical Report [7] Handte, M. et al.: D4.1 Secure Middleware Specification - Version 1.4 / Peces - Pervasive computing in embedded systems. 2010. Technical Report 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de32

33 Bibliography (2) [8] Sivaharan, T et al.: GREEN: A Configurable and Re-Configurable Publish-Subscribe Middleware for Pervasive Computing. In: Building 3760 LNCS (2005) [9] Aitenbichler, M. et al.: MundoCore: A Light-weight Infrastructure for Pervasive Computing. In: Pervasive and Mobile Computing (2007) [10] Román, M. et al.: Gaia: a middleware platform for active spaces. In: SIG-MOBILE Mob. Comput. Commun. Rev. 6 (2002) [11] Chan, A.; Chuang, S.-N.: MobiPADS: A Reflective Middleware for Context-Aware Mobile Computing. In: IEEE Trans. Softw. Eng. 29 (2003) [12] Ben Mokhtar, S et al.: COCOA: COnversation-based service COmposition in pervAsive computing environments with QoS support. In: Journal of Systems and Software 80 (2007) [13] Henricksen, K. et al.: Middleware for Distributed Context-Aware Systems. In: On the Move to Meaningful Internet Systems 2005: CoopIS, DOA, and ODBASE [14] Ellison, C.: UPnP Security Ceremonies Design Document. 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de33

34 Thank you! Any questions? Thank you very much for your attention! 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de34

Download ppt "How much Security for Switching a Light Bulb – The SOA Way Sebastian Unger, Stefan Pfeiffer, Dirk Timmermann University of Rostock, Germany Institute of."

Similar presentations

HOlistic Platform Design for Smart Buildings

HOlistic Platform Design for Smart Buildings
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Internet of Things (IoT) Work Group

Internet of Things (IoT) Work Group
Omniran-14-0037-00-00TG 1 Cooperation for OmniRAN P802.1CF Max Riegel, NSN (Chair OmniRAN TG)

Omniran TG 1 Cooperation for OmniRAN P802.1CF Max Riegel, NSN (Chair OmniRAN TG)
Contextualized Information-Centric Home Networking (draft-ravindran-cibus-01.txt) IRTF/ICN-RG (IETF-89) Ravi Ravindran, Asit Chakraborti, G.Q.Wang.

Contextualized Information-Centric Home Networking (draft-ravindran-cibus-01.txt) IRTF/ICN-RG (IETF-89) Ravi Ravindran, Asit Chakraborti, G.Q.Wang.
Deployment of the Light Weight IPv6 protocols In the Internet of Things(IoT) draft-fu-lwig-iot-usecase-00 Qiao Fu China Mobile 2014.11.13 1.

Deployment of the Light Weight IPv6 protocols In the Internet of Things(IoT) draft-fu-lwig-iot-usecase-00 Qiao Fu China Mobile
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
Collaborative Sensing over Smart Sensors Vassileios Tsetsos, Nikolaos Silvestros & Stathes Hadjiefthymiades Pervasive Computing Research Group Dept of.

Collaborative Sensing over Smart Sensors Vassileios Tsetsos, Nikolaos Silvestros & Stathes Hadjiefthymiades Pervasive Computing Research Group Dept of.
Service Oriented Architectures in Heterogeneous Environments

Service Oriented Architectures in Heterogeneous Environments
. Smart Cities and the Ageing Population Sustainable smart cities: from vision to reality 13 October 2014. ITU, Geneva Knud Erik Skouby, CMI/ Aalborg University-Cph.

. Smart Cities and the Ageing Population Sustainable smart cities: from vision to reality 13 October ITU, Geneva Knud Erik Skouby, CMI/ Aalborg University-Cph.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
1 i-Networking Lab.. 2 Introduction of SAMSUNG’s IPv6 Development Bryan K. Chang Samsung Advanced Institute of Technology.

1 i-Networking Lab.. 2 Introduction of SAMSUNG’s IPv6 Development Bryan K. Chang Samsung Advanced Institute of Technology.
Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September 2014 1 Oberthur Technologies – Identity.

Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September Oberthur Technologies – Identity.
Building an Application Server for Home Network based on Android Platform Yi-hsien Liao Supervised by : Dr. Chao-huang Wei Department of Electrical Engineering.

Building an Application Server for Home Network based on Android Platform Yi-hsien Liao Supervised by : Dr. Chao-huang Wei Department of Electrical Engineering.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Software Architecture for Mobile Distributed Computing Presented by: Deepak N Lakshminarayanan The University of Texas at Dallas Under the Guidance of.

Software Architecture for Mobile Distributed Computing Presented by: Deepak N Lakshminarayanan The University of Texas at Dallas Under the Guidance of.
Partnering for Innovation Dr. Götz-Philip Brasche ATC 2005, Stockholm, October 18, 2005 Intelligent Web Services for Networked Home Environments.

Partnering for Innovation Dr. Götz-Philip Brasche ATC 2005, Stockholm, October 18, 2005 Intelligent Web Services for Networked Home Environments.
Omniran-13-0041-01-0000 1 ZigBee SEP2 Smart Grid Use Case Analysis Date: 2013-05-15 Authors: NameAffiliationPhone Max RiegelNSN+49 173 293

Omniran ZigBee SEP2 Smart Grid Use Case Analysis Date: Authors: NameAffiliationPhone Max RiegelNSN
Omniran-13-0019-01-0000 1 OmniRAN Wi-Fi Hotspot Roaming Use Case Date: 2013-03-17 Authors: NameAffiliationPhone Max RiegelNSN+49 173 293

Omniran OmniRAN Wi-Fi Hotspot Roaming Use Case Date: Authors: NameAffiliationPhone Max RiegelNSN

Similar presentations

Ads by Google