ws4 dsec talk @ kickoff rs3

WS4Dsec

2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK

Reliably Secure Web Services for Devices

1

www. .org

Andreas Lehmann, Stefan Pfeiffer, Frank Golatowski, Dirk Timmermann, Karsten Wolf

2/21/11

Prof. Dirk Timmermann

Prof. Karsten Wolf

Electrical Engineering

Computer Science

www. .org

Joint Interdisciplinary Research Project

2© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK

2/21/11 3

search register

Interaction between business entities

communicate

© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK

Service Oriented Architecture (SOA)

2/21/11 4

UDDI

Consumer Web Service

search register

communicate

WSDL

XML

SOAP

query language:defined by UDDI


WS-BPEL WS-BPEL

Web Service Technology

Interaction between technical entities

driven by >50 industry standards

2/21/11 52/21/11

Group Wolf – Computer Science

We provide tools & formal methods for analysis of systems and synthesis of services


Andreas Lehmann

Service

WS-BPEL–

Formal Model

Service Service

Service

?

verification

diagnosis

validation

2/21/11 62/21/11




Andreas Lehmann

Service

WS-BPEL–

Formal Model

Service Service

Service

?

verification

diagnosis

validation

asynchronoushardware circuits

business processes

others...

AI planning

biochemical reactions

2/21/11 72/21/11




Andreas Lehmann Service ?

Service

Service ? Service

Specification

ImplementationTestTest

Test

partner synthesis

adapter synthesis

corrections

test case generation

2/21/11 82/21/11




Andreas Lehmann

Formal Model–

WS-BPEL

Service ?

Service

Service ? Service

Specification

ImplementationTestTestTest

partner synthesis

adapter synthesis

corrections

test case generation

2/21/11 92/21/11




Andreas Lehmann

2/21/11 10

refrigerator

picture frame

clock

coffee machine

electricity meter

mobile phones


More intelligent devices

2/21/11 11© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK

More communication between devices

Web Service Technology to Devices ?

Static Configuration

Central Directory

Resource Hungry

2/21/11 12

Dynamic Configuration

No Central Directory

Resource Constrained


• Standardized by the WS-DD technical committee

• Apply the Web Services technology to the domain of embedded systems

• Is already integrated by Microsoft and Windows Vista.

2/21/11 13

DPWS – Devices Profile for Web Services


Directory

2/21/11 14

Devices Profile for Web Services

Consumer Device / Web Service

search announce

communicate

WSDL

XML

SOAP

defined by WS-Discovery

WS-Discovery


2/21/11 15

Sensor NetworksEmbedded SystemsEnterprise Systems

uDPWSgSOAPAxis2

DPWS Protocol Stack Implementation

Enable Web Service Technology on Devices

Compatibility to Enterprise Web Services


--> -->

Stefan Pfeiffer

We bring Service-Oriented Architecture and Web Services technology to devices

Wireless Sensor

Networks

EnterpriseSystems

Embedded Systems

Group Timmermann – Electrical Engineering


• Involved in the WS-DD technical committee together with e.g.

• Participation on Standardization of DPWS


Wireless Sensor

Networks

EnterpriseSystems

Embedded Systems


Stefan Pfeiffer




• WS4D.org initiative


Wireless Sensor

Networks

EnterpriseSystems

Embedded Systems


Stefan Pfeiffer





• WS-BPEL extension BPEL4D


Wireless Sensor

Networks

EnterpriseSystems

Embedded Systems


Stefan Pfeiffer





• WS-BPEL extension BPEL4D

• Cross Domain Solutions


Wireless Sensor

Networks

EnterpriseSystems

Embedded Systems

Industrial

Automotive

Tele-communication

Home

Medical


Stefan Pfeiffer


2/21/11 21

The Internet of Things


2/21/11 22

The Internet of Things

Security ?


Security in DPWS

2/21/11 23

RSA

RC4AES

SHA


Encryption + Transport Level Security

Encryption U

Security

X.509v3

Security in DPWS

2/21/11 24

Challenges:

• Central Authority may not be available


Challenges

Security in DPWS

2/21/11 25

Challenges:


• X.509.v3 message overhead

S. Unger,Sichere Service Schnittstellen für vernetzte Automotive

ApplikationenUniversität Rostock© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK

Challenges

Moteiv TelosB Wireless Sensor Node

CPU: 8 MHz TI MSP430 µC RAM: 10 kByteFlash: 48 kByte

Security in DPWS

2/21/11 26

Challenges:



• Restricted Memory (Ressource)


Christian LercheuDPWS – Introduction

http://code.google.com/p/udpws/wiki/Introduction

Challenges

Energy Consumption for Message Signing

Ener

gy C

onsu

mpt

ion

in m

J

0,0

750,0

1500,0

2250,0

3000,0

RSA_1024 RSA_2048 ECC_160 ECC_224

Security in DPWS

2/21/11 27

Challenges:




• Power Consumption

A. S. Wander, N. Gura, H. Eberle, V. Gupta, Sh. Ch. Shantz,“Energy analysis of public-key cryptography for wireless sensor

networks”, 2005© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK

Challenges

Security in DPWS

2/21/11 28

Challenges:





• Granularity of Security Concepts

Transport Level Security

Message Level Security


Challenges

Message

-->

Security in DPWS

2/21/11 29

Challenges:






• Interoperability and Integration


Challenges

Security in DPWS

2/21/11 30

Challenges:







• Formal modelling


device interaction

power consumption security aspects

Challenges

Security in DPWS

2/21/11 31

Challenges:







• Formal modelling

• Improve / adapt existing solutions --> tools


+

Challenges


Approach

Formally model devices,constraints, and requirements

Propose protocols, contracts, algorithms and formally verify them. ...import competencies from RS 3

Validate model in case studies

Validate solutions in case studies

2/21/11 33

DPWS Security Framework

Methods andFormal Verification

for Servicessec

Reliably Secure Web Services for Devices


Stefan Pfeiffer Andreas Lehmann

http://ws4dsec.org