Presentation is loading. Please wait.

Presentation is loading. Please wait.

How much Security for Switching a Light Bulb – The SOA Way Sebastian Unger, Stefan Pfeiffer, Dirk Timmermann University of Rostock, Germany Institute of.

Similar presentations


Presentation on theme: "How much Security for Switching a Light Bulb – The SOA Way Sebastian Unger, Stefan Pfeiffer, Dirk Timmermann University of Rostock, Germany Institute of."— Presentation transcript:

1 How much Security for Switching a Light Bulb – The SOA Way Sebastian Unger, Stefan Pfeiffer, Dirk Timmermann University of Rostock, Germany Institute of Applied Microelectronics and Computer Engineering

2 Motivation 08/30/2012Sebastian Unger – University of Rostock – Q: What will you get from this presentation (or from reading the paper)?

3 Motivation 08/30/2012Sebastian Unger – University of Rostock –

4 Motivation Q: What will you get from this presentation (or from reading the paper)? A: Introduction to problems with security for distributed embedded devices 08/30/2012Sebastian Unger – University of Rostock –

5 Agenda Introductive scenario and derived key features State of the art and problem statements Outlook Conclusion 08/30/2012Sebastian Unger – University of Rostock –

6 Scenario: Light Bulbs – The classical approach light bulbs switches 08/30/2012Sebastian Unger – University of Rostock –

7 Scenario: Security Key Features 08/30/2012Sebastian Unger – University of Rostock –

8 Scenario: Security Key Features Authenticity 08/30/2012Sebastian Unger – University of Rostock –

9 Scenario: Security Key Features Authenticity Integrity 08/30/2012Sebastian Unger – University of Rostock –

10 Scenario: Security Key Features Authenticity Integrity Confidentiality 08/30/2012Sebastian Unger – University of Rostock –

11 Scenario: Security Key Features Authenticity Integrity Confidentiality Authorization 08/30/2012Sebastian Unger – University of Rostock –

12 Scenario: Security Key Features Authenticity Integrity Confidentiality Authorization 08/30/2012Sebastian Unger – University of Rostock –

13 Scenario: Light Bulbs – The IoT approach light bulbs switches SOA engine digitalSTROM- module SOA engine PLC- module Internet / LAN SOA engine smart- phone SOA engine PC SOA engine IoT wall- switch ZigBEE digitalSTROM IEEE PLC WiFi Ethernet 6LoWPAN- module SOA engine 08/30/2012Sebastian Unger – University of Rostock –

14 Scenario: Security Key Features IoT 08/30/2012Sebastian Unger – University of Rostock –

15 Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication 08/30/2012Sebastian Unger – University of Rostock –

16 Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network 08/30/2012Sebastian Unger – University of Rostock –

17 Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network Let participants gather security information about each other 08/30/2012Sebastian Unger – University of Rostock –

18 Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network Let participants gather security information about each other Plus: all this across different trust domains 08/30/2012Sebastian Unger – University of Rostock –

19 Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network Let participants gather security information about each other Plus: all this across different trust domains 08/30/2012Sebastian Unger – University of Rostock –

20 Problem Statement Development of (new) security concepts is cumbersome and expensive Technology designers tend to fall back on existing security techniques (even, if they are not ideal) 08/30/2012Sebastian Unger – University of Rostock –

21 Terminology What are those techniques and why are the not ideal? 08/30/2012Sebastian Unger – University of Rostock –

22 MAC Layer Security subnet Same key for everyone - or - Different key for everyone MAC Layer Security ≙ router 08/30/2012Sebastian Unger – University of Rostock –

23 IP Sec Transport Mode Tunnel Mode subnet routernodeIPSec Gateway IPSec is complex! Vendor AVendor B 08/30/2012Sebastian Unger – University of Rostock –

24 Transport Layer Security (TLS aka. SSL) TLS PHY MAC Internet Transport Application TCP! 08/30/2012Sebastian Unger – University of Rostock –

25 Conclusion Network Stack Security Existing basic security mechanisms not ideal for embedded devices Solve single aspects only and are not suitable for embedded devices  Security should be covered on application layer 08/30/2012Sebastian Unger – University of Rostock –

26 Cooltown[1] Amigo[2] Hydra/ Linksmart[3] PEIS[4] SM4ALL[5] ubiSOAP (PLASTIC)[6] PECES[7] MundoCore[9] GREEN[8] Gaia[10] MobiPADS[11] iCOCOA[12] PACE[13] Cooltown[1] PEIS[4] SM4ALL[5] MundoCore[9] GREEN[8] MobiPADS[11] iCOCOA[12] PACE[13] 08/30/2012Sebastian Unger – University of Rostock – Application Layer Security: Academic Reserach Projects

27 Conclusion Application Layer Security 08/30/2012Sebastian Unger – University of Rostock – Security often not considered at all If considered, then… … employed technologies not suitable for embedded devices … only single issues solved  No interoperability between approaches

28 Web Services WS-Security Suite Do not reinvent the wheel Instead: Find existing solution from different domain isolate core concepts develop methodology to transport core concepts to domain of embedded devices 08/30/2012Sebastian Unger – University of Rostock – Outlook: Future Work

29 Web ServicesDevices Profile for WS-Security Suite Devices Profile for Do not reinvent the wheel 08/30/2012Sebastian Unger – University of Rostock – Outlook: Future Work

30 Communication technology for distributed systems Base technology (Web Services) already adapted to embedded devices (DPWS) WS Security suite offers all requested core features (message and connection level security, trust and authorization brokering, …) Abstract Web Services to create security concept for any service- oriented communication technology Open technology fosters interoperability 08/30/2012Sebastian Unger – University of Rostock – Future Work in Detail

31 Although often employed, existing basic technologies (IPSec, TLS, …) not ideal Many approaches on application layer security exist but they often solve single aspects only are not interoperable  Future WS Compact Security has the potential to form a basis for an interoperable security concept for distributed embedded devices (disregarding the base technology) 08/30/2012Sebastian Unger – University of Rostock – Conclusion

32 Bibliography (1) [1] Barton, John; Kindberg, Tim: The Cooltown User Experience / Hewlett Packard Laboratories Palo Alto Technical Report [2] IST Amigo Project: Ambient Intelligence for the networked home environment (Project Description). September 2004 [3] Eisenhauer, M.; Rosengren, P.; Antolin, P.: A Development Platform for Integrating Wireless Devices and Sensors into Ambient Intelligence Systems. SECON Workshops 2009 [4] Saffiotti, A. et al.: The PEIS-Ecology Project: vision and results. In: IEEE/RSJ Int. Conf. on Intelligent Robots and Systems (IROS) [5] Baldoni, R.: An Embedded Middleware Platform for Pervasive and Immersive Environments for-All. SECON Workshops 2009 [6] PLASTIC Consortium: A B3G Service Platform: The IST PLASTIC Projects. Technical Report [7] Handte, M. et al.: D4.1 Secure Middleware Specification - Version 1.4 / Peces - Pervasive computing in embedded systems Technical Report 08/30/2012Sebastian Unger – University of Rostock –

33 Bibliography (2) [8] Sivaharan, T et al.: GREEN: A Configurable and Re-Configurable Publish-Subscribe Middleware for Pervasive Computing. In: Building 3760 LNCS (2005) [9] Aitenbichler, M. et al.: MundoCore: A Light-weight Infrastructure for Pervasive Computing. In: Pervasive and Mobile Computing (2007) [10] Román, M. et al.: Gaia: a middleware platform for active spaces. In: SIG-MOBILE Mob. Comput. Commun. Rev. 6 (2002) [11] Chan, A.; Chuang, S.-N.: MobiPADS: A Reflective Middleware for Context-Aware Mobile Computing. In: IEEE Trans. Softw. Eng. 29 (2003) [12] Ben Mokhtar, S et al.: COCOA: COnversation-based service COmposition in pervAsive computing environments with QoS support. In: Journal of Systems and Software 80 (2007) [13] Henricksen, K. et al.: Middleware for Distributed Context-Aware Systems. In: On the Move to Meaningful Internet Systems 2005: CoopIS, DOA, and ODBASE [14] Ellison, C.: UPnP Security Ceremonies Design Document. 08/30/2012Sebastian Unger – University of Rostock –

34 Thank you! Any questions? Thank you very much for your attention! 08/30/2012Sebastian Unger – University of Rostock –


Download ppt "How much Security for Switching a Light Bulb – The SOA Way Sebastian Unger, Stefan Pfeiffer, Dirk Timmermann University of Rostock, Germany Institute of."

Similar presentations


Ads by Google