Wsanacip tampres cluster meeting
-
Upload
fcleary -
Category
Technology
-
view
227 -
download
0
description
Transcript of Wsanacip tampres cluster meeting
IHPIm Technologiepark 2515236 Frankfurt (Oder)
Germany
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011 - All rights reserved
Assessment Models to Improve the Usability of Security in Wireless Sensor Networks
Steffen Peter
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Outline
• Introduction WSAN4CIP, TAMPRES
• Motivation
• Model-based security assessment approach
• Example for practical security model
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
WSAN4CIP
• Protection of critical infrastructures• Potential threats
– Natural disasters (floods, earthquake)– Terrorism, Vandalism, Crime (stealing Iron)
• Providing monitoring capabilities for large scale infrastructure requires:– Low cost devices– No additional infrastructure– Robust, self-configuring systems– integration in SCADA infrastructures
• WSNs protecting CIP become part of the CIP – need to be protected–Development and integration of mechanisms to protect the WSN
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
WSAN4CIP demonstration sides (1)
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
WSAN4CIP demonstration sides (2)
Briesen (Mark)
Jacobsdorf
Rosengarten
• Drinking water distribution network– Monitoring of a 20km pipeline in Germany– Reporting of operating state, alarm conditions and ac cess control.–Integration in existing infrastructures
• Nodes are exposed to physical attacks
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
TAMPRES
• Development of novel protection means to ensure tamper resistance and improve trustworthiness for severely contrained devices
• Enhancing the security of the Future Internet by improving the resistance of its weakest link, i.e. wireless sensor nodes against physical attacks
• Highly technical project with the goal to implement a tamper resistant sensor node with cryptographic accelerators and side-channel resistance
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
General Problem
• Gap between application level (users) and technological level (developers)
• Complex trade-offs on technological level often not understood on application level
• Particularly true for Wireless Sensor Networks –Energy, Memory , Security, Cost – Trade-offs–No one-fits-all solution
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Overview: Model-based System Security Assessment
Security- and Assessment Models
Application Requirements
Technological basis components
C1: Collecting of (soft) user security requirements and transforming them to the (hard) model that allows assessment
Understood by users
C3: Does the system satisfies the requirements?� Need for adequate models
System= composition of basis component
Inferring properties of the composed system� Based on meta-information of the basis components
(Automatic) selection of basis components
services, and protocols with complex trade-offs
C2: Describing individual (security-) properties of the components as meta-information
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
C1: Collection and Mapping of User Requirements
• Full specification of the application mission–Relevant phenomena –Selection of sensors–Expected lifetime and reliability
• Hide technical details–Users typically cannot
express their securityneeds
• Language easy to use for users– central catalogue– specific catalogues for
specific domains
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Two-Step Requirement Definition Process
Attacker model and capabilities
- Application type (health care, home, industrial)
- Required security attributes(concealment, integrity, robustness)
- Parameters
Transformation of requirements
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
C2: Describing attributes components and system
• Definition of a (Meta-) component model – Hardware and software components– Protocols, services
• Security properties as part of the meta information of the components–Provided by the developers (they know what their components are doing)–Have to be observed by independent experts
• Has to support composable security–sec (comp. A + comp. B) = f(sec(comp A), sec(comp B ))
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Component Meta-Model
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
C3: Definition of Security Models
• Should be able to decide whether a system is secure for the given requirements
• Inputs are:–Technical requirements–Properties of the system
• Output:–List of conflicts
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Currently implemented Model Approach
• Define requirements, environmental information, security properties, attacker properties as propert ies in one large graph–Connected via relations (formulas) defining how proper ties depend on and define each other
• Security is expressed as views on specific aspects–System is secure is the attribute is free of conflicts on context of requirements,
• Starting point is a holistic security model–Successive refinement to assess the aspects
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Holistic Security Model (Ontology)
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Focused Views on the Ontology
Attacker model and capabilities can be derived from the user requirements,and the application context
System properties can be derivedfrom the properties of the
used components
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Example for an Attack-centric Security Model
• Based on Attack Trees– A system is secure if all attacks:
1. can be prevented (property of the system), or
2. Do not apply (property of the system requirements)
Require-ments/
Attacker modell
System Properties
propagation
System Security
…Attacks… …Attacks…
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
General Architecture
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Envisioned WSN Design Process
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Example for a Component Selection Tool: configKit
-Selection of hardware-Selection of required functions-Definition of security properties
-Proposed software configuration-Including prediction of footprint
-Each change of inputs immediately updates the result���� Fast and easy refinement process
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Example for a Component Selection Tool
-Selection of hardware-Selection of required functions-Definition of security properties
-Proposed software configuration-Including prediction of footprint
-Each change of inputs immediately updates the result���� Fast and easy refinement process
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
Conclusions
• Assessment models can help to validate the fulfillm ent of user requirements for a given system���� Proposed approach shows the general feasibility
• Challenges remain:-How to elicit the requirements from the user and to transform them to objective properties
-Find models for a-priori reasoning of security-rela ted behavior and conflicts
-How to describe properties of components so that they support composition of security
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
Thank You
Questions?
Web: www.wsan4cip.euwww.tampres.eu