Download presentation
Presentation is loading. Please wait.
Published byMarsha Sutton Modified over 9 years ago
1
How much Security for Switching a Light Bulb – The SOA Way Sebastian Unger, Stefan Pfeiffer, Dirk Timmermann University of Rostock, Germany Institute of Applied Microelectronics and Computer Engineering
2
Motivation 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de2 Q: What will you get from this presentation (or from reading the paper)?
3
Motivation 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de3
4
Motivation Q: What will you get from this presentation (or from reading the paper)? A: Introduction to problems with security for distributed embedded devices 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de4
5
Agenda Introductive scenario and derived key features State of the art and problem statements Outlook Conclusion 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de5
6
Scenario: Light Bulbs – The classical approach light bulbs switches 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de6
7
Scenario: Security Key Features 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de7
8
Scenario: Security Key Features Authenticity 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de8
9
Scenario: Security Key Features Authenticity Integrity 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de9
10
Scenario: Security Key Features Authenticity Integrity Confidentiality 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de10
11
Scenario: Security Key Features Authenticity Integrity Confidentiality Authorization 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de11
12
Scenario: Security Key Features Authenticity Integrity Confidentiality Authorization 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de12
13
Scenario: Light Bulbs – The IoT approach light bulbs switches SOA engine digitalSTROM- module SOA engine PLC- module Internet / LAN SOA engine smart- phone SOA engine PC SOA engine IoT wall- switch ZigBEE digitalSTROM IEEE 802.15.4 PLC WiFi Ethernet 6LoWPAN- module SOA engine 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de13
14
Scenario: Security Key Features IoT 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de14
15
Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de15
16
Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de16
17
Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network Let participants gather security information about each other 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de17
18
Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network Let participants gather security information about each other Plus: all this across different trust domains 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de18
19
Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network Let participants gather security information about each other Plus: all this across different trust domains 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de19
20
Problem Statement Development of (new) security concepts is cumbersome and expensive Technology designers tend to fall back on existing security techniques (even, if they are not ideal) 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de20
21
Terminology What are those techniques and why are the not ideal? 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de21
22
MAC Layer Security subnet Same key for everyone - or - Different key for everyone MAC Layer Security ≙ router 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de22
23
IP Sec Transport Mode Tunnel Mode subnet routernodeIPSec Gateway IPSec is complex! Vendor AVendor B 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de23
24
Transport Layer Security (TLS aka. SSL) TLS PHY MAC Internet Transport Application TCP! 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de24
25
Conclusion Network Stack Security Existing basic security mechanisms not ideal for embedded devices Solve single aspects only and are not suitable for embedded devices Security should be covered on application layer 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de25
26
Cooltown[1] Amigo[2] Hydra/ Linksmart[3] PEIS[4] SM4ALL[5] ubiSOAP (PLASTIC)[6] PECES[7] MundoCore[9] GREEN[8] Gaia[10] MobiPADS[11] iCOCOA[12] PACE[13] Cooltown[1] PEIS[4] SM4ALL[5] MundoCore[9] GREEN[8] MobiPADS[11] iCOCOA[12] PACE[13] 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de26 Application Layer Security: Academic Reserach Projects
27
Conclusion Application Layer Security 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de27 Security often not considered at all If considered, then… … employed technologies not suitable for embedded devices … only single issues solved No interoperability between approaches
28
Web Services WS-Security Suite Do not reinvent the wheel Instead: Find existing solution from different domain isolate core concepts develop methodology to transport core concepts to domain of embedded devices 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de28 Outlook: Future Work
29
Web ServicesDevices Profile for WS-Security Suite Devices Profile for Do not reinvent the wheel 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de29 Outlook: Future Work
30
Communication technology for distributed systems Base technology (Web Services) already adapted to embedded devices (DPWS) WS Security suite offers all requested core features (message and connection level security, trust and authorization brokering, …) Abstract Web Services to create security concept for any service- oriented communication technology Open technology fosters interoperability 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de30 Future Work in Detail
31
Although often employed, existing basic technologies (IPSec, TLS, …) not ideal Many approaches on application layer security exist but they often solve single aspects only are not interoperable Future WS Compact Security has the potential to form a basis for an interoperable security concept for distributed embedded devices (disregarding the base technology) 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de31 Conclusion
32
Bibliography (1) [1] Barton, John; Kindberg, Tim: The Cooltown User Experience / Hewlett Packard Laboratories Palo Alto. 2001. Technical Report [2] IST Amigo Project: Ambient Intelligence for the networked home environment (Project Description). September 2004 [3] Eisenhauer, M.; Rosengren, P.; Antolin, P.: A Development Platform for Integrating Wireless Devices and Sensors into Ambient Intelligence Systems. SECON Workshops 2009 [4] Saffiotti, A. et al.: The PEIS-Ecology Project: vision and results. In: IEEE/RSJ Int. Conf. on Intelligent Robots and Systems (IROS). 2008 [5] Baldoni, R.: An Embedded Middleware Platform for Pervasive and Immersive Environments for-All. SECON Workshops 2009 [6] PLASTIC Consortium: A B3G Service Platform: The IST PLASTIC Projects. Technical Report [7] Handte, M. et al.: D4.1 Secure Middleware Specification - Version 1.4 / Peces - Pervasive computing in embedded systems. 2010. Technical Report 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de32
33
Bibliography (2) [8] Sivaharan, T et al.: GREEN: A Configurable and Re-Configurable Publish-Subscribe Middleware for Pervasive Computing. In: Building 3760 LNCS (2005) [9] Aitenbichler, M. et al.: MundoCore: A Light-weight Infrastructure for Pervasive Computing. In: Pervasive and Mobile Computing (2007) [10] Román, M. et al.: Gaia: a middleware platform for active spaces. In: SIG-MOBILE Mob. Comput. Commun. Rev. 6 (2002) [11] Chan, A.; Chuang, S.-N.: MobiPADS: A Reflective Middleware for Context-Aware Mobile Computing. In: IEEE Trans. Softw. Eng. 29 (2003) [12] Ben Mokhtar, S et al.: COCOA: COnversation-based service COmposition in pervAsive computing environments with QoS support. In: Journal of Systems and Software 80 (2007) [13] Henricksen, K. et al.: Middleware for Distributed Context-Aware Systems. In: On the Move to Meaningful Internet Systems 2005: CoopIS, DOA, and ODBASE [14] Ellison, C.: UPnP Security Ceremonies Design Document. 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de33
34
Thank you! Any questions? Thank you very much for your attention! 08/30/2012Sebastian Unger – University of Rostock – sebastian.unger@uni-rostock.de34
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.