340 likes | 472 Views
How much Security for Switching a Light Bulb – The SOA Way. Sebastian Unger, Stefan Pfeiffer, Dirk Timmermann University of Rostock, Germany Institute of Applied Microelectronics and Computer Engineering. Motivation.
E N D
How much Security for Switching a Light Bulb – The SOA Way Sebastian Unger, Stefan Pfeiffer, Dirk Timmermann University of Rostock, Germany Institute of Applied Microelectronics and Computer Engineering
Motivation Q: What will you get from this presentation (or from reading the paper)?
Motivation Q: What will you get from this presentation (or from reading the paper)? A: Introduction to problems with security for distributed embedded devices
Agenda • Introductive scenario and derived key features • State of the art and problem statements • Outlook • Conclusion
Scenario: Light Bulbs – The classical approach light bulbs switches
Scenario: Security Key Features Authenticity
Scenario: Security Key Features Authenticity Integrity
Scenario: Security Key Features Authenticity Integrity Confidentiality
Scenario: Security Key Features Authenticity Integrity Confidentiality Authorization
Scenario: Security Key Features Authenticity Integrity Confidentiality Authorization
Scenario: Light Bulbs – The IoT approach light bulbs digitalSTROM-module 6LoWPAN-module PLC-module SOA engine SOA engine SOA engine IEEE 802.15.4 PLC digitalSTROM Internet /LAN Ethernet ZigBEE WiFi SOA engine SOA engine SOA engine IoT wall-switch smart-phone PC switches
Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication
Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network
Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network Let participants gather security information about each other
Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network Let participants gather security information about each other Plus: all this across different trust domains
Scenario: Security Key Features IoT Seemless integration of new devices, includes negotiation of suitable authentication Securely remove devices from network Let participants gather security information about each other Plus: all this across different trust domains
Problem Statement Development of (new) security concepts is cumbersome and expensive Technology designers tend to fall back on existing security techniques (even, if they are not ideal)
Terminology What are those techniques and why are the not ideal?
MAC Layer Security • Same key for everyone • or - • Different key for everyone ≙ subnet subnet router MAC LayerSecurity
IP Sec Tunnel Mode Transport Mode subnet subnet Vendor A Vendor B IPSec is complex! node router IPSec Gateway
Transport Layer Security (TLS aka. SSL) TLS Application TCP! Transport Internet MAC PHY
Conclusion Network Stack Security • Existing basic security mechanisms not ideal for embedded devices • Solve single aspects only and are not suitable for embedded devices • Security should be covered on application layer
Application Layer Security: Academic Reserach Projects PEIS[4] PEIS[4] Gaia[10] PECES[7] SM4ALL[5] SM4ALL[5] iCOCOA[12] iCOCOA[12] MundoCore[9] MundoCore[9] PACE[13] PACE[13] Hydra/Linksmart[3] GREEN[8] GREEN[8] MobiPADS[11] MobiPADS[11] ubiSOAP(PLASTIC)[6] Amigo[2] Cooltown[1] Cooltown[1]
Conclusion Application Layer Security • Security often not considered at all • If considered, then… • … employed technologies not suitable for embedded devices • … only single issues solved • No interoperability between approaches
Outlook: Future Work WebServices • Instead: • Find existing solution from different domain • isolate core concepts • develop methodology to transport core concepts to domain of embedded devices Do not reinvent the wheel WS-SecuritySuite
Outlook: Future Work Devices Profile for Web Services Do not reinvent the wheel Devices Profile for WS-SecuritySuite
Future Work in Detail • Communication technology for distributed systems • Base technology (Web Services) already adapted to embedded devices (DPWS) • WS Security suite offers all requested core features (message and connection level security, trust and authorization brokering, …) • Abstract Web Services to create security concept for any service-oriented communication technology • Open technology fosters interoperability
Conclusion • Although often employed, existing basic technologies (IPSec, TLS, …) not ideal • Many approaches on application layer security exist but • they often solve single aspects only • are not interoperable • Future WS Compact Security has the potential to form a basis for an interoperable security concept for distributed embedded devices (disregarding the base technology)
Bibliography (1) [1] Barton, John; Kindberg, Tim: The Cooltown User Experience / Hewlett Packard Laboratories Palo Alto. 2001. Technical Report [2] IST Amigo Project: Ambient Intelligence for the networked home environment (Project Description). September 2004 [3] Eisenhauer, M.; Rosengren, P.; Antolin, P.: A Development Platform for Integrating Wireless Devices and Sensors into Ambient Intelligence Systems. SECON Workshops 2009 [4] Saffiotti, A. et al.: The PEIS-Ecology Project: vision and results. In: IEEE/RSJ Int. Conf. on Intelligent Robots and Systems (IROS). 2008 [5] Baldoni, R.: An Embedded Middleware Platform for Pervasive and Immersive Environments for-All. SECON Workshops 2009 [6] PLASTIC Consortium: A B3G Service Platform: The IST PLASTIC Projects. Technical Report [7] Handte, M. et al.: D4.1 Secure Middleware Specification - Version 1.4 / Peces - Pervasive computing in embedded systems. 2010. Technical Report
Bibliography (2) [8] Sivaharan, T et al.: GREEN: A Configurable and Re-Configurable Publish-Subscribe Middleware for Pervasive Computing. In: Building 3760 LNCS (2005) [9] Aitenbichler, M. et al.: MundoCore: A Light-weight Infrastructure for Pervasive Computing. In: Pervasive and Mobile Computing (2007) [10] Román, M. et al.: Gaia: a middleware platform for active spaces. In: SIG-MOBILE Mob. Comput. Commun. Rev. 6 (2002) [11] Chan, A.; Chuang, S.-N.: MobiPADS: A Reflective Middleware for Context-Aware Mobile Computing. In: IEEE Trans. Softw. Eng. 29 (2003) [12] Ben Mokhtar, S et al.: COCOA: COnversation-based service COmposition in pervAsive computing environments with QoS support. In: Journal of Systems and Software 80 (2007) [13] Henricksen, K. et al.: Middleware for Distributed Context-Aware Systems. In: On the Move to Meaningful Internet Systems 2005: CoopIS, DOA, and ODBASE [14] Ellison, C.: UPnP Security Ceremonies Design Document.
Thank you! Thank you very much for your attention! Any questions?