1 / 34

How much Security for Switching a Light Bulb – The SOA Way

How much Security for Switching a Light Bulb – The SOA Way. Sebastian Unger, Stefan Pfeiffer, Dirk Timmermann University of Rostock, Germany Institute of Applied Microelectronics and Computer Engineering. Motivation.

gay
Download Presentation

How much Security for Switching a Light Bulb – The SOA Way

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How much Security for Switching a Light Bulb – The SOA Way Sebastian Unger, Stefan Pfeiffer, Dirk Timmermann University of Rostock, Germany Institute of Applied Microelectronics and Computer Engineering

  2. Motivation Q: What will you get from this presentation (or from reading the paper)?

  3. Motivation

  4. Motivation Q: What will you get from this presentation (or from reading the paper)? A: Introduction to problems with security for distributed embedded devices

  5. Agenda • Introductive scenario and derived key features • State of the art and problem statements • Outlook • Conclusion

  6. Scenario: Light Bulbs – The classical approach light bulbs switches

  7. Scenario: Security Key Features

  8. Scenario: Security Key Features Authenticity

  9. Scenario: Security Key Features Authenticity Integrity

  10. Scenario: Security Key Features Authenticity Integrity Confidentiality

  11. Scenario: Security Key Features Authenticity Integrity Confidentiality Authorization

  12. Scenario: Security Key Features Authenticity Integrity Confidentiality Authorization

  13. Scenario: Light Bulbs – The IoT approach light bulbs digitalSTROM-module 6LoWPAN-module PLC-module SOA engine SOA engine SOA engine IEEE 802.15.4 PLC digitalSTROM Internet /LAN Ethernet ZigBEE WiFi SOA engine SOA engine SOA engine IoT wall-switch smart-phone PC switches

  14. Scenario: Security Key Features IoT

  15. Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication

  16. Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network

  17. Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network Let participants gather security information about each other

  18. Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network Let participants gather security information about each other Plus: all this across different trust domains

  19. Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network Let participants gather security information about each other Plus: all this across different trust domains

  20. Problem Statement Development of (new) security concepts is cumbersome and expensive Technology designers tend to fall back on existing security techniques (even, if they are not ideal)

  21. Terminology What are those techniques and why are the not ideal?

  22. MAC Layer Security • Same key for everyone • or - • Different key for everyone ≙ subnet subnet router MAC LayerSecurity

  23. IP Sec Tunnel Mode Transport Mode subnet subnet Vendor A Vendor B IPSec is complex! node router IPSec Gateway

  24. Transport Layer Security (TLS aka. SSL) TLS Application TCP! Transport Internet MAC PHY

  25. Conclusion Network Stack Security • Existing basic security mechanisms not ideal for embedded devices • Solve single aspects only and are not suitable for embedded devices •  Security should be covered on application layer

  26. Application Layer Security: Academic Reserach Projects PEIS[4] PEIS[4] Gaia[10] PECES[7] SM4ALL[5] SM4ALL[5] iCOCOA[12] iCOCOA[12] MundoCore[9] MundoCore[9] PACE[13] PACE[13] Hydra/Linksmart[3] GREEN[8] GREEN[8] MobiPADS[11] MobiPADS[11] ubiSOAP(PLASTIC)[6] Amigo[2] Cooltown[1] Cooltown[1]

  27. Conclusion Application Layer Security • Security often not considered at all • If considered, then… • … employed technologies not suitable for embedded devices • … only single issues solved •  No interoperability between approaches

  28. Outlook: Future Work WebServices • Instead: • Find existing solution from different domain • isolate core concepts • develop methodology to transport core concepts to domain of embedded devices Do not reinvent the wheel WS-SecuritySuite

  29. Outlook: Future Work Devices Profile for Web Services Do not reinvent the wheel Devices Profile for WS-SecuritySuite

  30. Future Work in Detail • Communication technology for distributed systems • Base technology (Web Services) already adapted to embedded devices (DPWS) • WS Security suite offers all requested core features (message and connection level security, trust and authorization brokering, …) • Abstract Web Services to create security concept for any service-oriented communication technology • Open technology fosters interoperability

  31. Conclusion • Although often employed, existing basic technologies (IPSec, TLS, …) not ideal • Many approaches on application layer security exist but • they often solve single aspects only • are not interoperable •  Future WS Compact Security has the potential to form a basis for an interoperable security concept for distributed embedded devices (disregarding the base technology)

  32. Bibliography (1) [1] Barton, John; Kindberg, Tim: The Cooltown User Experience / Hewlett Packard Laboratories Palo Alto. 2001. Technical Report [2] IST Amigo Project: Ambient Intelligence for the networked home environment (Project Description). September 2004 [3] Eisenhauer, M.; Rosengren, P.; Antolin, P.: A Development Platform for Integrating Wireless Devices and Sensors into Ambient Intelligence Systems. SECON Workshops 2009 [4] Saffiotti, A. et al.: The PEIS-Ecology Project: vision and results. In: IEEE/RSJ Int. Conf. on Intelligent Robots and Systems (IROS). 2008 [5] Baldoni, R.: An Embedded Middleware Platform for Pervasive and Immersive Environments for-All. SECON Workshops 2009 [6] PLASTIC Consortium: A B3G Service Platform: The IST PLASTIC Projects. Technical Report [7] Handte, M. et al.: D4.1 Secure Middleware Specification - Version 1.4 / Peces - Pervasive computing in embedded systems. 2010. Technical Report

  33. Bibliography (2) [8] Sivaharan, T et al.: GREEN: A Configurable and Re-Configurable Publish-Subscribe Middleware for Pervasive Computing. In: Building 3760 LNCS (2005) [9] Aitenbichler, M. et al.: MundoCore: A Light-weight Infrastructure for Pervasive Computing. In: Pervasive and Mobile Computing (2007) [10] Román, M. et al.: Gaia: a middleware platform for active spaces. In: SIG-MOBILE Mob. Comput. Commun. Rev. 6 (2002) [11] Chan, A.; Chuang, S.-N.: MobiPADS: A Reflective Middleware for Context-Aware Mobile Computing. In: IEEE Trans. Softw. Eng. 29 (2003) [12] Ben Mokhtar, S et al.: COCOA: COnversation-based service COmposition in pervAsive computing environments with QoS support. In: Journal of Systems and Software 80 (2007) [13] Henricksen, K. et al.: Middleware for Distributed Context-Aware Systems. In: On the Move to Meaningful Internet Systems 2005: CoopIS, DOA, and ODBASE [14] Ellison, C.: UPnP Security Ceremonies Design Document.

  34. Thank you! Thank you very much for your attention! Any questions?

More Related