1 / 26

A Middleware Approach to Configure Security in WSN

A Middleware Approach to Configure Security in WSN. Peter Langendörfer Steffen Peter, Krzysztof Piotrowski, Renato Nunes, and Augusto Casaca. Outline. Background & Motivation Middleware Compiler Middleware Architecture Conclusions. Background & Motivation.

sonja
Download Presentation

A Middleware Approach to Configure Security in WSN

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Middleware Approachto Configure Security in WSN Peter Langendörfer Steffen Peter, Krzysztof Piotrowski, Renato Nunes, and Augusto Casaca

  2. Outline • Background & Motivation • Middleware Compiler • Middleware Architecture • Conclusions

  3. Background & Motivation

  4. Background: Application Scenarios

  5. Background:WSN Security Tomography UbiSec&Sens Contribution of Security solutions for… - Middleware Security - Sensor measurements - Transport, Network, MAC send erroneous data, inject wrong control packets, send changed data, duplicate data, eavesdrop Apps Transport Middleware Network sensed data injection, access sensed data, service disruption, etc. routing loop, black hole grey holes, wormhole, injecting, network partitioning, etc exploiting backdoors, buffer overflows, remote node programming, direct programming, denial of service attacks OS MAC eavesdropping, man-in-the-middle, replay, spoofing Sensor HW RF complete jamming, selective/partly jamming, eavesdropping, replay attacks tamper with sensor, falsified sensor reading invasive attacks, semi-invasive attacks, non-invasive attacks

  6. Background:Security the Centre of Gravity WP2 – Network Security authentication security “re-recognition” & reliability key pre-distribution WSN access secure aggregator node election secure routing secure distributed data storage in-network routing & processing concealed data transport aggregation Secure DCU routing & reliable transport data plausibility aggregator node discrepancy election query WP1 – Networking WP3 - Middleware & Middleware Security

  7. Middleware Compiler

  8. Middleware Compiler Concept • Tailor made security architecture for WSN applications • Result could be part of a more general middleware • Result can be specific for a certain application • Determination of the configuration • Offline (before deployment) • Online (after deployment)

  9. Protocols Sec. MAC_2 Sec. MAC_1 Sec. routing_2 Complex services Basic services Sec. routing_1 Transport_prot_2 CDA_alg2 TEA DES CDA_alg3 CDA_alg1 ECC RSA AES Resilient data aggregation alg_1 Sec. localization Resilient data aggregation alg_2 Sec. random generator Secure & robust data storage explicit dependencies implicit dependencies Module interdependencies

  10. Application development phase Tailor made Software configuration Influences selection Tool Box development phase Selection of components legend Development Phases Application Requirements Application deployment phase configTOOL SensorNode Description USS Module Description USS Toolbox

  11. Application Sensor node HW Req. Sec. MAC_2 • Configuration and • Management Module • Req. vs features of modules • Interoperability of modules • Security of combination AES Sec. routing_1 Sec. MAC_1 Sec. routing_2 Sec. random generator Application Resilient data aggregation alg_1 CDA_alg3 RSA Sec. robust data storage CDA_alg1 CDA_alg2 ECC Sec. localization TEA Resilient data aggregation alg_1 Resilient data aggregation alg_2 OS AES Sec. rout_1 Secure local. Tailor made security architecture Sec. robust data storage DES ECC Sec. MAC_1 CDA_alg2 Sensor node HW Providing customized security architectures

  12. Compiler Operation Compiler Input • Required functions: Functionality needed by the application • Available modules: dependencies, interface description, security parameters, code size, etc.. Compiler Operation • Construct all module selections that fulfil the application requirement (functional) • Select module configuration based on constraints such as code size of modules, supported key length etc. • Final Evaluation: selection of best alternative: apply additional parameters like energy consumption, total code size, performance, security implications

  13. Sec. robust data storage Sec. robust data storage Public key crypt. CDA Alg_1 ECC CDA_alg2 Alg_2 RSA Alg_3 Sec. rout_1 ECC Sec. MAC Sec. routing Alg_1 Alg_1 Sec. MAC_1 Alg_2 Alg_2 Secure local. Secure local. Selection of Modules Application constraints Hardware constraints M iddleware compiler Performance constraints Available security modules selected security modules

  14. Simple Example: Authentication

  15. Example Application needs ‘Asymmetric Cryptography’ • Possible configurations: • ECEG with hardware ECC and classic pseudo RNG • ECEG with hardware ECC and cipher stream RNG • ECEG with software ECC and classic pseudo RNG • ECEG with software ECC and cipher stream RNG • RSA? Real RNG? No implementation

  16. Module Description XML description • Every module is an entity • Attributes: • Implementation • Is 1 if it is an implementation, 0 if it is an interface • Optional <is> tag says which module is the parent of the entity. Entity inherits the interfaces from parents ECEG is ‘Asymmetric Cryptography’ ECC Software is (an implementation of) ECC • Optional list of <requires> and <conflict> tags • ECEG requires ECC • Additional attributes Code size, security degree, energy consumption

  17. Module Description– Example <entity name="Asymmetric Cryptography" implementation="0"></entity> <entity name="ECEG" implementation="1"> <is>Asymmetric Cryptography</is> <requires>ECC</requires> <requires>RNG</requires> </entity> <entity name="RSA" implementation="0"> <is>Asymmetric Cryptography</is> </entity> <entity name="ECC" implementation="0"></entity> <entity name="ECC HW" implementation="1"> <is>ECC</is> <requires>ECC co-processor</requires> </entity> <entity name="ECC SW " implementation="1"> <is>ECC</is> </entity>

  18. Middleware Architecture

  19. Middleware Architecture • Set up is role dependent: sensor node vs. configuration center • Application dependent services • Basic services • Complex services • Abstraction layer • Communication interface • Memory Management Interface • Middleware Core: • Dynamic code update module • State management module • Message interpreter • Core is unique on all sensor nodes

  20. Sensor node Currently Deployed Complex Services MessageIF Currently Deployed Basic Services Node&Network State Management DCU Hardware&OS Abstraction Layer OS Hardware Middleware Architecture Configuration center Application Logic Currently Deployed Complex Services Currently Deployed Complex Services (Task 3.2; WP1; WP2) MessageIF (T. 3.4) MessageIF Currently Deployed Basic Services DCU (T3.5) DCU

  21. Middleware Core DCU • Reconfiguration of sensor nodes during their lifetime • Provides functionality for secure code update (AA Stuff) • Potential triggers • newly detected vulnerabilities of security modules or • simple reconfiguration due to deployment of new applications. State Management Module (SMM) • Monitoring of the sensor node and maintaining its state • Triggering code updates e.g. in case of • expiration of timers • detection of malicious actions.

  22. Middleware Core Message Interpreter • local intelligence to decide handling of incoming messages e.g. answering vs. forwarding • middleware scheduler which passes incoming data to the corresponding modules.

  23. External triggers for online reconfiguration Request new configuration Extreme strange data Sensor readings no influence on other nodes influence on other nodes DCU Collecting data Analysing abnormal behaviour M1: Network set-up Min # data processing data sending done Processing done additional code needed Sending data Attack running Counter measures M2: normal operation M3: Management Extreme strange network behaviour Set-up finished

  24. Sensor node Currently Deployed Complex Services MessageIF Currently Deployed Basic Services (T3.1) Node&Network State Management DCU configKIT Hardware&OS Abstraction Layer OS Hardware USS Toolbox Rep. WP1; WSN Config MAP WP2; WP3; Middleware Architecture: online configuration Configuration center Application Logic Currently Deployed Complex Services Currently Deployed Complex Services (Task 3.2; WP1; WP2) New config needed MessageIF (T. 3.4) MessageIF Currently Deployed Basic Services DCU (T3.5) DCU

  25. Conclusions Summary • Midleware Compiler • New concept towards “simple” security architectures for WSN • Middleware Architecture • Support of on the fly patches of security configuration Current state • XML “languages” for description purposes nearly finalized • GUI for description of modules, sensor nodes & requirements partly done Next steps • Finalization of selection algorithms • Investigation of assessment functions for complete configuration • Implementation of algorithms

  26. THANK YOU for your attention Questions?

More Related