How much Security for Switching a Light Bulb – The SOA Way

How much Security for Switching a Light Bulb –The SOA Way

Sebastian Unger,Stefan Pfeiffer, Dirk Timmermann

University of Rostock, Germany

Institute of Applied Microelectronics and Computer Engineering

Motivation

08/30/2012 Sebastian Unger – University of Rostock – [email protected] 2

Q: What will you get from this presentation (or from reading the paper)?

Motivation


Motivation

Q: What will you get from this presentation (or from reading the paper)?

A: Introduction to problems with security for distributed embedded devices


Agenda

• Introductive scenario and derived key

features

• State of the art and problem statements

• Outlook

• Conclusion


Scenario: Light Bulbs – The classical approach

light bulbs

switches


Scenario: Security Key Features



Authenticity



Authenticity

Integrity



Authenticity

Integrity

Confidentiality



Authenticity

Integrity

Confidentiality

Authorization


Scenario: Light Bulbs – The IoT approach

light bulbs

switches

SOA engine

digitalSTROM-module

SOA engine

PLC-module

Internet /LAN

SOA engine

smart-phone

SOA engine

PC

SOA engine

IoT wall-switch

ZigBEE

digitalSTROMIEEE 802.15.4

PLC

WiFi

Ethernet

6LoWPAN-module

SOA engine


Scenario: Security Key Features IoT



Seemless integration of new devices, includes negotiation of suitable authentication




Securely remove devices from network





Let participants gather security information about each other






Plus: all this across different trust domains


Problem Statement

Development of (new) security concepts is cumbersome and expensive

Technology designers tend to fall back on existing security techniques (even, if they are not ideal)


Terminology

What are those techniques and why are the not ideal?


MAC Layer Security

subnet subnet

Same key for everyone

- or -

Different key for everyone

MACLayer

Security ≙router


IP Sec

Transport ModeTunnel Mode

subnet subnet

routernode IPSec Gateway

IPSec is complex!

Vendor A Vendor B


Transport Layer Security (TLS aka. SSL)

TLS

PHYMAC

Internet

TransportApplication

TCP!


Conclusion Network Stack Security

• Existing basic security mechanisms not ideal for embedded

devices

• Solve single aspects only and are not suitable for embedded

devices

Security should be covered on application layer


Cooltown[1] Amigo[2]

Hydra/Linksmart[3]

PEIS[4]

SM4ALL[5]

ubiSOAP(PLASTIC)[6]

PECES[7]

MundoCore[9]

GREEN[8]

Gaia[10]

MobiPADS[11]

iCOCOA[12]PACE[13]

Cooltown[1]

PEIS[4]

SM4ALL[5]MundoCore[9]

GREEN[8]MobiPADS[11]

iCOCOA[12]PACE[13]


Application Layer Security: Academic Reserach Projects

Conclusion Application Layer Security


• Security often not considered at all

• If considered, then…

… employed technologies not suitable for embedded devices

… only single issues solved

No interoperability between approaches

Web Services

WS-Security Suite

Do not reinvent the wheel

Instead:

• Find existing solution from different domain

• isolate core concepts

• develop methodology to transport core

concepts to domain of embedded devices


Outlook: Future Work

Web ServicesDevices Profile for

WS-Security SuiteDevices Profile for

Do not reinvent the wheel


Outlook: Future Work

• Communication technology for distributed systems

• Base technology (Web Services) already adapted to embedded

devices (DPWS)

• WS Security suite offers all requested core features (message and

connection level security, trust and authorization brokering, …)

• Abstract Web Services to create security concept for any service-

oriented communication technology

• Open technology fosters interoperability


Future Work in Detail

• Although often employed, existing basic technologies

(IPSec, TLS, …) not ideal

• Many approaches on application layer security exist but

• they often solve single aspects only

• are not interoperable

Future WS Compact Security has the potential to form a basis for an

interoperable security concept for distributed embedded devices

(disregarding the base technology)


Conclusion

Bibliography (1)

[1] Barton, John; Kindberg, Tim: The Cooltown User Experience / Hewlett Packard Laboratories Palo Alto. 2001. Technical

Report

[2] IST Amigo Project: Ambient Intelligence for the networked home environment (Project Description). September 2004

[3] Eisenhauer, M.; Rosengren, P.; Antolin, P.: A Development Platform for Integrating Wireless Devices and Sensors into

Ambient Intelligence Systems. SECON Workshops 2009

[4] Saffiotti, A. et al.: The PEIS-Ecology Project: vision and results. In: IEEE/RSJ Int. Conf. on Intelligent Robots and

Systems (IROS). 2008

[5] Baldoni, R.: An Embedded Middleware Platform for Pervasive and Immersive Environments for-All. SECON

Workshops 2009

[6] PLASTIC Consortium: A B3G Service Platform: The IST PLASTIC Projects. Technical Report

[7] Handte, M. et al.: D4.1 Secure Middleware Specification - Version 1.4 / Peces - Pervasive computing in embedded

systems. 2010. Technical Report


Bibliography (2)

[8] Sivaharan, T et al.: GREEN: A Configurable and Re-Configurable Publish-Subscribe Middleware for Pervasive

Computing. In: Building 3760 LNCS (2005)

[9] Aitenbichler, M. et al.: MundoCore: A Light-weight Infrastructure for Pervasive Computing. In: Pervasive and Mobile

Computing (2007)

[10] Román, M. et al.: Gaia: a middleware platform for active spaces. In: SIG-MOBILE Mob. Comput. Commun. Rev. 6

(2002)

[11] Chan, A.; Chuang, S.-N.: MobiPADS: A Reflective Middleware for Context-Aware Mobile Computing. In: IEEE Trans.

Softw. Eng. 29 (2003)

[12] Ben Mokhtar, S et al.: COCOA: COnversation-based service COmposition in pervAsive computing environments with

QoS support. In: Journal of Systems and Software 80 (2007)

[13] Henricksen, K. et al.: Middleware for Distributed Context-Aware Systems. In: On the Move to Meaningful Internet

Systems 2005: CoopIS, DOA, and ODBASE

[14] Ellison, C.: UPnP Security Ceremonies Design Document.


Thank you!

Any questions?

Thank you very much for your attention!


How much Security for Switching a Light Bulb – The SOA Way

Documents

Transcript of How much Security for Switching a Light Bulb – The SOA Way