ws4 dsec talk @ kickoff rs3
DESCRIPTION
TRANSCRIPT
WS4Dsec
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Reliably Secure Web Services for Devices
1
www. .org
Andreas Lehmann, Stefan Pfeiffer, Frank Golatowski, Dirk Timmermann, Karsten Wolf
2/21/11
Prof. Dirk Timmermann
Prof. Karsten Wolf
Electrical Engineering
Computer Science
www. .org
Joint Interdisciplinary Research Project
2© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
2/21/11 3
search register
Interaction between business entities
communicate
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Service Oriented Architecture (SOA)
2/21/11 4
UDDI
Consumer Web Service
search register
communicate
WSDL
XML
SOAP
query language:defined by UDDI
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
WS-BPEL WS-BPEL
Web Service Technology
Interaction between technical entities
driven by >50 industry standards
2/21/11 52/21/11
Group Wolf – Computer Science
We provide tools & formal methods for analysis of systems and synthesis of services
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Andreas Lehmann
Service
WS-BPEL–
Formal Model
Service Service
Service
?
verification
diagnosis
validation
2/21/11 62/21/11
Group Wolf – Computer Science
We provide tools & formal methods for analysis of systems and synthesis of services
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Andreas Lehmann
Service
WS-BPEL–
Formal Model
Service Service
Service
?
verification
diagnosis
validation
asynchronoushardware circuits
business processes
others...
AI planning
biochemical reactions
2/21/11 72/21/11
Group Wolf – Computer Science
We provide tools & formal methods for analysis of systems and synthesis of services
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Andreas Lehmann Service ?
Service
Service ? Service
Specification
ImplementationTestTest
Test
partner synthesis
adapter synthesis
corrections
test case generation
2/21/11 82/21/11
Group Wolf – Computer Science
We provide tools & formal methods for analysis of systems and synthesis of services
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Andreas Lehmann
Formal Model–
WS-BPEL
Service ?
Service
Service ? Service
Specification
ImplementationTestTestTest
partner synthesis
adapter synthesis
corrections
test case generation
2/21/11 92/21/11
Group Wolf – Computer Science
We provide tools & formal methods for analysis of systems and synthesis of services
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Andreas Lehmann
2/21/11 10
refrigerator
picture frame
clock
coffee machine
electricity meter
mobile phones
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
More intelligent devices
2/21/11 11© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
More communication between devices
Web Service Technology to Devices ?
Static Configuration
Central Directory
Resource Hungry
2/21/11 12
Dynamic Configuration
No Central Directory
Resource Constrained
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
• Standardized by the WS-DD technical committee
• Apply the Web Services technology to the domain of embedded systems
• Is already integrated by Microsoft and Windows Vista.
2/21/11 13
DPWS – Devices Profile for Web Services
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Directory
2/21/11 14
Devices Profile for Web Services
Consumer Device / Web Service
search announce
communicate
WSDL
XML
SOAP
defined by WS-Discovery
WS-Discovery
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
2/21/11 15
Sensor NetworksEmbedded SystemsEnterprise Systems
uDPWSgSOAPAxis2
DPWS Protocol Stack Implementation
Enable Web Service Technology on Devices
Compatibility to Enterprise Web Services
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
--> -->
Stefan Pfeiffer
We bring Service-Oriented Architecture and Web Services technology to devices
Wireless Sensor
Networks
EnterpriseSystems
Embedded Systems
Group Timmermann – Electrical Engineering
2/21/11 16© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
• Involved in the WS-DD technical committee together with e.g.
• Participation on Standardization of DPWS
We bring Service-Oriented Architecture and Web Services technology to devices
Wireless Sensor
Networks
EnterpriseSystems
Embedded Systems
2/21/11 17© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Stefan Pfeiffer
Group Timmermann – Electrical Engineering
• Involved in the WS-DD technical committee together with e.g.
• Participation on Standardization of DPWS
• WS4D.org initiative
We bring Service-Oriented Architecture and Web Services technology to devices
Wireless Sensor
Networks
EnterpriseSystems
Embedded Systems
2/21/11 18© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Stefan Pfeiffer
Group Timmermann – Electrical Engineering
• Involved in the WS-DD technical committee together with e.g.
• Participation on Standardization of DPWS
• WS4D.org initiative
• WS-BPEL extension BPEL4D
We bring Service-Oriented Architecture and Web Services technology to devices
Wireless Sensor
Networks
EnterpriseSystems
Embedded Systems
2/21/11 19© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Stefan Pfeiffer
Group Timmermann – Electrical Engineering
• Involved in the WS-DD technical committee together with e.g.
• Participation on Standardization of DPWS
• WS4D.org initiative
• WS-BPEL extension BPEL4D
• Cross Domain Solutions
We bring Service-Oriented Architecture and Web Services technology to devices
Wireless Sensor
Networks
EnterpriseSystems
Embedded Systems
Industrial
Automotive
Tele-communication
Home
Medical
2/21/11 20© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Stefan Pfeiffer
Group Timmermann – Electrical Engineering
2/21/11 21
The Internet of Things
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
2/21/11 22
The Internet of Things
Security ?
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Security in DPWS
2/21/11 23
RSA
RC4AES
SHA
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Encryption + Transport Level Security
Encryption U
Security
X.509v3
Security in DPWS
2/21/11 24
Challenges:
• Central Authority may not be available
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Challenges
Security in DPWS
2/21/11 25
Challenges:
• Central Authority may not be available
• X.509.v3 message overhead
S. Unger,Sichere Service Schnittstellen für vernetzte Automotive
ApplikationenUniversität Rostock© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Challenges
Moteiv TelosB Wireless Sensor Node
CPU: 8 MHz TI MSP430 µC RAM: 10 kByteFlash: 48 kByte
Security in DPWS
2/21/11 26
Challenges:
• Central Authority may not be available
• X.509.v3 message overhead
• Restricted Memory (Ressource)
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Christian LercheuDPWS – Introduction
http://code.google.com/p/udpws/wiki/Introduction
Challenges
Energy Consumption for Message Signing
Ener
gy C
onsu
mpt
ion
in m
J
0,0
750,0
1500,0
2250,0
3000,0
RSA_1024 RSA_2048 ECC_160 ECC_224
Security in DPWS
2/21/11 27
Challenges:
• Central Authority may not be available
• X.509.v3 message overhead
• Restricted Memory (Ressource)
• Power Consumption
A. S. Wander, N. Gura, H. Eberle, V. Gupta, Sh. Ch. Shantz,“Energy analysis of public-key cryptography for wireless sensor
networks”, 2005© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Challenges
Security in DPWS
2/21/11 28
Challenges:
• Central Authority may not be available
• X.509.v3 message overhead
• Restricted Memory (Ressource)
• Power Consumption
• Granularity of Security Concepts
Transport Level Security
Message Level Security
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Challenges
Message
-->
Security in DPWS
2/21/11 29
Challenges:
• Central Authority may not be available
• X.509.v3 message overhead
• Restricted Memory (Ressource)
• Power Consumption
• Granularity of Security Concepts
• Interoperability and Integration
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Challenges
Security in DPWS
2/21/11 30
Challenges:
• Central Authority may not be available
• X.509.v3 message overhead
• Restricted Memory (Ressource)
• Power Consumption
• Granularity of Security Concepts
• Interoperability and Integration
• Formal modelling
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
device interaction
power consumption security aspects
Challenges
Security in DPWS
2/21/11 31
Challenges:
• Central Authority may not be available
• X.509.v3 message overhead
• Restricted Memory (Ressource)
• Power Consumption
• Granularity of Security Concepts
• Interoperability and Integration
• Formal modelling
• Improve / adapt existing solutions --> tools
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
+
Challenges
2/21/11 32© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Approach
Formally model devices,constraints, and requirements
Propose protocols, contracts, algorithms and formally verify them. ...import competencies from RS 3
Validate model in case studies
Validate solutions in case studies
2/21/11 33
DPWS Security Framework
Methods andFormal Verification
for Servicessec
Reliably Secure Web Services for Devices
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK
Stefan Pfeiffer Andreas Lehmann
http://ws4dsec.org