sebastian unger sebastian.unger@uni...
TRANSCRIPT
19.12.2012
1
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
1st WS4D‐Workshop
Towards a comprehensive Security Frameworkfor Embedded Distributed Systems
Sebastian Unger
sebastian.unger@uni‐rostock.de
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 1
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
Motivation
State of the art
Approach
First results
Next steps
Agenda
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 2
19.12.2012
2
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
Motivation
AALIoTWoT
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 3
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
Ambient Assisted Living
Internetof
Things
Webof
Things
Ambient Intelligence
PervasiveComputing
Motivation
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 4
19.12.2012
3
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
• Existing basic security mechanisms
• How is security dealt with in …
… existing standards?
… existing industry projects?
… existing academic research projects?
State of the art
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 5
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
State of the art – Basic security mechanisms
subnet subnet
Same key for everyone
- or -
Individual keys
MACLayer
Security
router
MAC Layer Security
PHYMAC
Internet
TransportApplication
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 6
19.12.2012
4
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
State of the art – Basic security mechanisms
IP Sec
Transport ModeTunnel Mode
subnet subnet
IPSec is complex!
Vendor A Vendor B
PHYMAC
Internet
TransportApplication
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 7
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
State of the art – Basic security mechanisms
Transport Layer Security (TLS)
TLS
PHYMAC
Internet
TransportApplication
TCP!
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 8
19.12.2012
5
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
• Existing basic security mechanisms not ideal for embedded
devices
• Solve single aspects only and are not suitable for embedded
devices
• How is security covered in existing technologies?
State of the art – Existing basic security concepts
Conclusion
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 9
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
State of the art – Standards
DPWS(no logo available)
Universal Plug and Play
Digital Living Network Alliance
Devices Profile for Web Services
Security optional, rarely implemented [14]
Only security feature protects DRM streams
Security relies on TLSOnly truly free technology
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 10
19.12.2012
6
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
State of the art – Industry projects
Android@Home
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 11
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
State of the art – Industry projects
Android@Home
Literally no concrete, official
information available
Rumors:
• devices should run Android
• functionality can be enhanced by
means of an app store
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 12
19.12.2012
7
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
State of the art – Industry projects
• similar idea
• proprietary communication protocol
• e.g. sensor get integrated by
‚drivers‘ in central instance
• security: sophisticated access
control (but nothing else)
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 13
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
State of the art – Academic research projects
Cooltown[1] Amigo[2]
Hydra/Linksmart[3]
PEIS[4]
SM4ALL[5]
ubiSOAP(PLASTIC)[6]
PECES[7]
MundoCore[9]
GREEN[8]
Gaia[10]
MobiPADS[11]
iCOCOA[12]PACE[13]
Cooltown[1]
PEIS[4]
SM4ALL[5]MundoCore[9]
GREEN[8]
Gaia[10]
MobiPADS[11]
iCOCOA[12]PACE[13]
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 14
19.12.2012
8
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
State of the art – Academic research projects
Amigo
Hydra/Linksmart
ubiSOAP(PLASTIC)
PECES Certificate hierarchies (see TLS)Role-based access restriction
Centralized security approach (Kerberos)Authentication via password, no details on encryption/signatures, security as a service
Sophisticated approaches integrated (genetic algorithms, secure flow)no details on basics (encryption, signatures, …)
Based on Web ServicesOffers limited LW WS Security, nothing else
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 15
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
State of the art – Existing standards / projects
• Security often not considered at all
• If considered, then…
… employed technologies not suitable for embedded devices
… only single issues solved
No interoperability between approaches
Conclusion
S. Unger, S.Pfeiffer, D. Timmermann: How much Security for Switching a Light Bulb - The SOA Way. In
IWCMC’12 Security, Trust and Privacy Symposium (IWCMC2012-Security), Cyprus, August 2012. Accepted
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 16
19.12.2012
9
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
State of the art – Existing standards / projects
Conclusion 2: What do we need?
DPWSInteroperability
Comprehensive security architectureFeaturing• Message and connection security• Authentication• Trust brokering• Authorization brokering
Heterogeneity;Embedded distributed systems
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 17
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
Approach
Web Services
WS-Security Suite
Do not reinvent the wheel
Instead:
• Find existing solution from different domain
• isolate core concepts
• develop methodology to transport core
concepts to domain of embedded devices
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 18
19.12.2012
10
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
Approach
Web ServicesDevices Profile for
WS-Security SuiteDevices Profile for
Do not reinvent the wheel
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 19
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
Approach in detail
• Communication technology for distributed systems
• Base technology (Web Services) already adapted to embedded
devices (DPWS)
• WS Security suite offers all requested core features (message and
connection level security, trust and authorization brokering, …)
• Open technology fosters interoperability
S. Unger, G. Moritz: A comprehensive Security Framework for Distributed Systems of Resource-constrained
Devices. In IETF Workshop on Smart Object Security, Paris, March 2012. (Position paper)
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 20
19.12.2012
11
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
Approach in detail
The Web Service Security suite
WS-Federation
WS-Trust
WS-SecureConversation
WS-Security
WS-
Polic
y
Trust brokering
Centralized authentication
Authorization brokering
WS-Security ∈ WS Security Suite
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 21
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
Approach in detail
Methodology
Restrict generality Offload resource-intensive tasks
Potentially offloadable tasks:• Policy processing• Parameter negotiation• Connection establishment• Authentication / trust establishment• Verification of
trust and authorization
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 22
19.12.2012
12
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
First results: WS-CompactSecurity
WS-Federation
WS-Trust
WS-SecureConversation
WS-Security
WS-
Polic
y
WS-CompactSecurity
TLS
transform
compare
Goals:Demonstrate feasibilityFigure out possible drawbacks compared to state of the art
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 23
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
XML-Signature
XML-Encryption
WS-Security
WS CompactSecurity
Compact Signature
Compact Encryption
goal
combined &implemented
First results: WS-CompactSecurity
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 24
19.12.2012
13
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
First results: WS-CompactSecurity
0
5
10
15
20
25
30
35
40
45
5 chars 50 chars 10x5 chars
ms
Round Trip Times
No Security
TLS
WS Compact Security
Factor 1.5 – 2
S. Unger, S. Pfeiffer, D. Timmermann: Dethroning TLS in the Embedded World. In 5th IFIP International
Conference on New Technologies, Mobility and Security (NTMS) 2012, Istanbul, May 2012.
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 25
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
First results: WS-CompactSecurity
S. Unger, S. Pfeiffer, D. Timmermann: Dethroning TLS in the Embedded World. In 5th IFIP International
Conference on New Technologies, Mobility and Security (NTMS) 2012, Istanbul, May 2012.
WS Compact Security …
… is equally fast as TLS?
… eliminates dependency on TCP?
… eliminates dependency on X.509 certificates?
… offers opportunity to freely choose authentication method?
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 26
19.12.2012
14
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
Future steps
Transform remaining specifications
WS-Federation
WS-Trust
WS-SecureConversation
WS-Security
WS-
Polic
y
WS-CompactFederation
WS-CompactTrust
WS-CompactSecureConversation
WS-CompactSecurity
Result: Devices Profile for Web Service Security
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 27
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
Future steps
Transport results
Hypothesis: “Results are applicable to every
service-oriented base technology”
Devices Profile for Web Service Security–
Web Services=
Devices Profile for Security=
Security architecture for distributed embedded systems
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 28
19.12.2012
15
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
Future steps
Transport results
Result: Prove that approach is technology independent
SOAP vs. REST
Web Services (DPWS) CoAP
„Binary HTTP“ forembedded devices
Devices Profile forWeb Service Security CoAP Security
port
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 29
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
Bibliography (1)
[1] Barton, John; Kindberg, Tim: The Cooltown User Experience / Hewlett Packard Laboratories Palo Alto. 2001. Technical
Report
[2] IST Amigo Project: Ambient Intelligence for the networked home environment (Project Description). September 2004
[3] Eisenhauer, M.; Rosengren, P.; Antolin, P.: A Development Platform for Integrating Wireless Devices and Sensors into
Ambient Intelligence Systems. SECON Workshops 2009
[4] Saffiotti, A. et al.: The PEIS-Ecology Project: vision and results. In: IEEE/RSJ Int. Conf. on Intelligent Robots and
Systems (IROS). 2008
[5] Baldoni, R.: An Embedded Middleware Platform for Pervasive and Immersive Environments for-All. SECON Workshops
2009
[6] PLASTIC Consortium: A B3G Service Platform: The IST PLASTIC Projects. Technical Report
[7] Handte, M. et al.: D4.1 Secure Middleware Specification - Version 1.4 / Peces - Pervasive computing in embedded
systems. 2010. Technical Report
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 30
19.12.2012
16
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
Bibliography (2)
[8] Sivaharan, T et al.: GREEN: A Configurable and Re-Configurable Publish-Subscribe Middleware for Pervasive
Computing. In: Building 3760 LNCS (2005)
[9] Aitenbichler, M. et al.: MundoCore: A Light-weight Infrastructure for Pervasive Computing. In: Pervasive and Mobile
Computing (2007)
[10] Román, M. et al.: Gaia: a middleware platform for active spaces. In: SIG-MOBILE Mob. Comput. Commun. Rev. 6
(2002)
[11] Chan, A.; Chuang, S.-N.: MobiPADS: A Reflective Middleware for Context-Aware Mobile Computing. In: IEEE Trans.
Softw. Eng. 29 (2003)
[12] Ben Mokhtar, S et al.: COCOA: COnversation-based service COmposition in pervAsive computing environments with
QoS support. In: Journal of Systems and Software 80 (2007)
[13] Henricksen, K. et al.: Middleware for Distributed Context-Aware Systems. In: On the Move to Meaningful Internet
Systems 2005: CoopIS, DOA, and ODBASE
[14] Ellison, C.: UPnP Security Ceremonies Design Document.
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 31
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
Thank you!
Any questions?
Thank you very much for your attention!
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 32
19.12.2012
17
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
Future steps
Optional: Power dissipation profiling
WS-CompactFederation
WS-CompactTrust
WS-CompactSecureConversation
WS-CompactSecurity
Result: Profile to show potential for further optimization
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 33
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
Future steps
Optional: Authentication mechanisms for smart lab
Authentication mechanisms highly application specific
IV
t
Result: Evaluation and implementation of authentication mechanisms for smart lab
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 34
19.12.2012
18
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
Timeline
Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2
20132012 2014
Continue to analyze specifications, develop profile
Prototype development (DPWS)
Transport results, develop prototype
Write thesis
Optional components
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 35
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
Publications
S. Unger, E. Zeeb, F. Golatowski, D. Timmermann, H. Grandy: Extending the Devices Profile for Web Services for Secure
Mobile Device Communication. In The 4th International Workshop on Trustworthy Internet of People, Things & Services at
the Internet of Things Conference, Tokyo, Japan, November 2010.
S. Pfeiffer, S. Unger, D. Timmermann, A. Lehmann: Secure Information Flow Awareness for Smart Wireless eHealth
Systems. In 9th International Multi-Conference on Systems, Signals and Devices (SSD’12), Chemnitz, März 2012.
S. Unger, G. Moritz: A comprehensive Security Framework for Distributed Systems of Resource-constrained Devices. In
IETF Workshop on Smart Object Security, Paris, März 2012. (Position paper)
S. Unger, S. Pfeiffer, D. Timmermann: Dethroning TLS in the Embedded World. In 5th IFIP International Conference on
New Technologies, Mobility and Security (NTMS) 2012, Istanbul, Mai 2012.
S. Unger, S.Pfeiffer, D. Timmermann: How much Security for Switching a Light Bulb - The SOA Way. In IWCMC’12
Security, Trust and Privacy Symposium (IWCMC2012-Security), Zypern, August 2012. Akzeptiert
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 36
19.12.2012
19
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
WS Compact Security Records
<Envelope><Header><!-- ... --!></Header><Body>
</Body></Envelope>
<RecordCipherData=...EncKeyId=...EncRefs=...PrefixList=...Scheme=...SigKeyId=...SigRefs=...
/>
<Digest>...</Digest><Payload>...</Payload>
Supposed to be faster
Less interoperability
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 37
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
WS Compact Security Records
0
10
20
30
40
50
60
5 chars 50 chars 10x5 chars
ms
Round Trip Times
WS CSec (RC4)
WS CSec (AES)
WS SecRec (RC4)
WS SecRec (AES)
TLS (RC4)
TLS (AES)
Factor 1.17Factor 1.63
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 38
19.12.2012
20
http://www.general-anzeiger-bonn.de/bonn/bonn/suedstadt/Streit-Apple-gegen-Apfelkind-geht-weiter-article913066.html
WS Security and Compression
encrypt first, compress later
SOAP SOAPb64-coded cipher
compr. cipher
compress first, encrypt later
SOAP SOAPpayload
SOAP SOAP
compressed payload
11/30/12 Sebastian Unger: Towards a comprehensive Security Framework for Embedded Distributed Systems 39