190 likes | 304 Views
Sensor Networks: Technology Transfer. Stephen Wicker – Cornell University. TRUST SN Technologies. Self-Configuring, Wireless Systems Camera Network Technologies Mote Design Localization Privacy Policy Real-Time Data Transfer Tools Security Models and Design Tools
E N D
Sensor Networks:Technology Transfer Stephen Wicker – Cornell University
TRUST SN Technologies • Self-Configuring, Wireless Systems • Camera Network Technologies • Mote Design • Localization • Privacy Policy • Real-Time Data Transfer Tools • Security Models and Design Tools • Medical Networking Transport Tools
Wireless Networked Embedded Systems: Next Generation SCADA/DCS Systems • DCS: Digital Control Systems • The overall collection of control systems that measure and change the infrastructure state to facilitate delivery of the commodity (electricity, water, gas, & oil) • Opportunity for a new generation of secure critical physical SCADA and DCS depend on the gathering, monitoring, and control of information from distributed sensing devices. • Powerful platform for privacy policy development.
A Typical Industrial Facility: 40+ years old, $10B infrastructure ~2 Square Miles 1400 Employees Operating Budget: $200M+/year Primary products: Chlorine, Silica, Caustics Highly profitable facility DHS, OSHA, EPA compliance
The Plant: A Complex Environment Other Computing Devices Plant Servers Business Management Personal Computer Network Manager Archive Replay Module Control Stations Area Servers Plant Network Modules Additional CN Modules Application Module History Module Fiber Optics Process Management Network Gateway Network Gateway PLC Gateway Network Interface Module Subnetwork Gateway Control Network Extenders Other Data Hiway Boxes PLC Other Subsystems Multifunction Controller Logic Manager Process Manager Subnetwork Extended Controller CONTROL NETWORK Advanced Process Manager Basic Controller Field Management Advanced Multifunction Controller LocalProcessors Smartine Transmitters Transmitters hours min secs 1 sec msec • sec
Comments from Marty Geering, BP Wireless Engineer, Cherry Hill, New Jersey
Camera Mote Daughter Board Source: ITRI
Sharing of sensor readings in real time Mobile display of locally obtained and globally shared sensor readings: Sensor readings are shared opportunistically: EVENTS Local Sensors are Queried: SHARED EVENTS SHARED SENSTRAC MobOS
Security: Threat Model • Mote-class Attacker • Controls a few ordinary sensor nodes • The attacker has the same capabilities as the network • Laptop-class Attacker • Greater battery & processing power, memory, high-power radio transmitter, low-latency communication • The attacker can cause more serious damage • Outsider Attacks • Passive eavesdropping: listening to the ongoing communication • Denial of service attacks: any type of attack that can cause a degradation in the performance of the network • Replay attacks: the adversary captures some of the messages, and plays them back at a later time which cause the network to operate on stale information • Insider Attacks: compromised node • Node runs malicious code • The node has access to the secret keys and can participate in the authenticated communication.
Basic Security Requirements • Confidentiality • Authentication • Integrity • Freshness • Secure Group Management • Availability • Graceful degradation • Design time security
Taxonomy of Security Attacks in Sensor Networks Tanya Roosta, Alvaro Cardenas, Shiuhpyng Shieh, Shankar Sastry, UC Berkeley 6/5/2014 6/5/2014
Embedded System Security Design Modeling and Analysis- Toolchain SMoLES_SEC Deployment Diagram SMoLES_SEC Adversary Model SMoLES_SEC Partitions and Dataflows Embedded System Design (with security extensions) Integrity Requirement Violated -- /SimpleSystem/PartitionB/Assembly_B1 has an integrity requirement which is violated by the information flow connecting /SimpleSystem/PartitionB/Port_B2 to /SimpleSystem/PartitionC/Port_C1. Model Transformation Security/Architecture Models Analysis “ESSC” 17
MedSN Progress • Examining various models for users involved and their method of access/integration in system • Physician and support staff • Patient • Patient family • Non-family • Insurance/Payer • Collaborative effort with Vanderbilt, Berkeley • Agreement for testing at Nashville assisted living facility • Joint Publications “ESSC”
Testbed Progress • Testbed Deployment at Cornell (supports medical effort with Vanderbilt and privacy effort with Berkeley) • Implementation of TinySec for MicaZ • Implementation of MAC layer power saving for MicaZ • Implementation of power aware routing in network • Implementation of HP Jornada based sound actuation overlay network • Deployment of PIR overlay network using Crossbow security motes • Joint Publications “ESSC”