1 / 23

GoodFood – Security Sensorweb and AmI

GoodFood – Security Sensorweb and AmI. Dr. René Hüsler Institute for Secure Softwaresystems +41 (0)41 349 34 44 rhuesler@hta.fhz.ch. Agenda. Introduction System Overview Security Questions Basic/Sensorweb Security TinyOS / TinySec Dataflows - System Security Conclusion / Next Steps

chiquita-kent
Download Presentation

GoodFood – Security Sensorweb and AmI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GoodFood – SecuritySensorweb and AmI Dr. René Hüsler Institute for Secure Softwaresystems +41 (0)41 349 34 44 rhuesler@hta.fhz.ch GoodFood Workshop 15.07.2004

  2. Agenda • Introduction • System Overview • Security Questions • Basic/Sensorweb Security • TinyOS / TinySec • Dataflows - System Security • Conclusion / Next Steps • Discussion GoodFood Workshop 15.07.2004

  3. System Overview GoodFood Workshop 15.07.2004

  4. Security Questions • Where is the plain information needed? • Who has access to the information? And from where? • Who controls/gains access to the information? (User- vs. System-Management) • Where and how is the information stored? (plain/ciphered) • Who manages the information collection, concentration and delivery? (Push or pull service) • What level of security provides the AmI core? GoodFood Workshop 15.07.2004

  5. Basic Security Where else is Security needed? Secure (TinySec) GoodFood Workshop 15.07.2004

  6. Basic Security • Security issues solved in the sensorweb • End-to-End Security • Node-to-Node • Reciphering in nodes (necessary) • Authentication • Authorisation • Symmetric and/or asymmetric Algorithm • Pre-Shared key vs. Certificates – usability GoodFood Workshop 15.07.2004

  7. Sensorweb Security • TinySec as base infrastructure • Adapted for GoodFood needs • Algorithm • Performance restrictions • Data overhead • AmI Integration • System security constraints • Access, Authorisation, Encryption etc. GoodFood Workshop 15.07.2004

  8. Sensorweb Security • Operational Modes • Setup (initiated by gateway or mobile nodes?) • Production (Data collection – processing - transfer) • Mobile nodes • What do they allow? • How do they interact? • Theft, removal, fake nodes GoodFood Workshop 15.07.2004

  9. Sensorweb Security • Management nodes (Mobile/fixed nodes) • Specialized nodes • Preconfiguration of sensornodes • What information is systemspecific • Different systems (customers) • Different fields • Different zones in the field GoodFood Workshop 15.07.2004

  10. Node Types Szenarios (special nodes) • Configuration • Initiated by Gateway • Readout • Communication and authorisation through Gateway • Full integration GoodFood Workshop 15.07.2004

  11. TinyOS - TinySec • Link layer security mechanism • Hop-by-hop, not end-to-end • Better support for aggregation • Enables higher level keying protocols • Low overhead security in software • Cryptographic checksum (MAC) • Ensures integrity • Enforces access control • Optional encryption for payload data GoodFood Workshop 15.07.2004

  12. Dataflow Ciphered? Access authorisation? Secure GoodFood Workshop 15.07.2004

  13. AmI Core System • Security restrictions • Integration in other systems • Interoperability • Dataexchange within • Access • User Management (How many users/roles?) • Key Management (PKI Infrastructure?) • Secure storage/archive GoodFood Workshop 15.07.2004

  14. Security Issues Systemwide Security • What is needed – how open is the system? • Legal aspects/guidelines • Who provides the overall security guidelines? • Currently a draft is under construction • Who is (has to be) involved? GoodFood Workshop 15.07.2004

  15. Conclusion / Next Steps • Security within sensorweb until gateway solved • Performance and overhead restrictions • Security taskforce • Participants • Workpackages • Timeline GoodFood Workshop 15.07.2004

  16. Discussion GoodFood Workshop 15.07.2004

  17. Workpackages • Legal Restrictions • User/Roles • Who has access when and how • Security Guidelines • Key Management • Interoperability • Archive/Backup GoodFood Workshop 15.07.2004

  18. Open Issues • End-to-End Security: Due to the fact that the TinySec package will be used and the limited resources end-to-end security will be solved on a wine yard specific or sensorweb restricted level. That means every node has the ability to de- and encipher the information that will be passed through them. The information about the communication path will be sent in plain which allows the collection of topology data but keeps the data secret. • Ease of sensor installation: Since the sensors will be wine yard specific the installation in the previously described operational scenario is very easy. The two modes (setup and operation) make the installation very easy and allow the reconfiguration or recollection anytime. • Topology: The gateway could store the overall topology but this is not necessary since the nodes know their communication partners (fixed during setup phase). The gateway can start anytime a sensor lookup/recovery to check whether all sensors (or a specific sensor) are still functioning or have been moved / removed. This recovery process increases the availability and stability of the overall system. GoodFood Workshop 15.07.2004

  19. Open Issues • Sensor functions: What information from the sensors (collected data) or the topology is necessary and can be transmitted plain? Data that are collected by the sensors are confidential but how are the location and node information treated? Tbd. • Sensor management: Online and offline management of the sensors has to be provided. Therefore reconfiguration of the topology initiated by the gateway or the management station must be possible. • Mobile sensors: Mobile sensors can collect information but do not use the sensorweb for the communication of the collected data. This communication is only possible through the gateway nodes which act as a control node for the whole topology. The concept of setup und operational phases would require too much overhead to integrate a mobile node into the network. Mobile nodes should be as flexible as possible in usage and position. Usually a mobile node is better equipped than a standard “field” node. GoodFood Workshop 15.07.2004

  20. Open Issues • Management station: The management of the topology as well as the security of the data will be done centrally on the protocol station, the central storage unit or a dedicated station. • Gateway communication: The gateway acts only as the management station for the topology and the communication setup. It is able to initiate reconfiguration and key-changes requested by the management station. • Tempest: All information on the nodes has to be treated confidential and a simple solution for this problem would be the inclusion of a smart-card chip on the nodes. Also a software solution – storing only ciphered data – is also reasonable but requires an additional node-specific key. GoodFood Workshop 15.07.2004

  21. Open Issues • Algorithms: Due to the fact that in most cases symmetric algorithms will be used the key management will be handled centrally. That means on every installation (e.g. wine yard) a central management station will be necessary. This station can and will be used also as the node that communicates with the next higher system. This can be the protocol handler or the central storage unit. The algorithm will be selected to fulfil the required needs, that could be synchronization, (node) computing power, compression, data to transmit and so on. The chosen hardware defines the constrains and their implications. GoodFood Workshop 15.07.2004

  22. GoodFood Workshop 15.07.2004

  23. GoodFood Workshop 15.07.2004

More Related