Ws4 dsec talk @ Kickoff RS3

1,409 views
1,400 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,409
On SlideShare
0
From Embeds
0
Number of Embeds
830
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ws4 dsec talk @ Kickoff RS3

  1. 1. www. .org WS4Dsec Reliably Secure Web Services for DevicesAndreas Lehmann, Stefan Pfeiffer, Frank Golatowski, Dirk Timmermann, Karsten Wolf 2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 1
  2. 2. Joint Interdisciplinary Research Project Electrical www. .org EngineeringProf. Dirk Timmermann Computer Science Prof. Karsten Wolf 2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 2
  3. 3. Service Oriented Architecture (SOA)Interaction between business entities register search communicate2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 3
  4. 4. Web Service TechnologyInteraction between technical entities UDDI query language: WSDL defined by UDDI register search XML Consumer communicate Web Service WS-BPEL WS-BPEL SOAP driven by >50 industry standards2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 4
  5. 5. Group Wolf – Computer Science We provide tools & formal methods for analysis of systems and synthesis of servicesAndreas Lehmann ? Service Service verification Service WS-BPEL diagnosis – Formal Service Model validation 2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 5
  6. 6. Group Wolf – Computer Science We provide tools & formal methods for analysis of systems and synthesis of services others.Andreas ? .. asynchronousLehmann Service Service hardware circuits verification business processes Service diagnosis WS-BPEL – Service AIFormal Model planning validation biochemical reactions2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 6
  7. 7. Group Wolf – Computer Science We provide tools & formal methods for analysis of systems and synthesis of servicesAndreasLehmann Service ? partner synthesis Service ? Service adapter synthesis Service corrections Specification Test test case Test Test Implementation generation2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 7
  8. 8. Group Wolf – Computer Science We provide tools & formal methods for analysis of systems and synthesis of servicesAndreasLehmann Service ? partner synthesis Service ? Service adapter synthesis Service corrections Formal Model – Specification WS-BPELTest test case Test Test Implementation generation2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 8
  9. 9. Group Wolf – Computer Science We provide tools & formal methods for analysis of systems and synthesis of servicesAndreasLehmann2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 9
  10. 10. More intelligent devices coffee machine mobile phones clock picture frame electricity meter refrigerator2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 10
  11. 11. More communication between devices2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 11
  12. 12. Web Service Technology to Devices ? Static Configuration Dynamic Configuration Central Directory No Central Directory Resource Hungry Resource Constrained 2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 12
  13. 13. DPWS – Devices Profile for Web Services• Standardized by the WS-DD technical committee• Apply the Web Services technology to 
 the domain of embedded systems• Is already integrated by Microsoft and Windows Vista. 2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 13
  14. 14. Devices Profile for Web Services Directory WS- Discovery WSDLdefined by WS-Discovery search announce XML Device / Consumer communicate Web Service SOAP 2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 14
  15. 15. DPWS Protocol Stack Implementation Axis2 gSOAP uDPWS --> --> Enterprise Systems Embedded Systems Sensor Networks Enable Web Service Technology on Devices Compatibility to Enterprise Web Services 2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 15
  16. 16. Group Timmermann – Electrical Engineering We bring Service-Oriented Architecture and Web Services technology to devicesStefan Pfeiffer Embedded SystemsWireless SensorNetworks Enterprise Systems 2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 16
  17. 17. Group Timmermann – Electrical Engineering We bring Service-Oriented Architecture and Web Services technology to devicesStefan Pfeiffer • Involved in the WS-DD Embedded technical committee together with Systems e.g.Wireless SensorNetworks • Participation on Standardization of DPWS Enterprise Systems 2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 17
  18. 18. Group Timmermann – Electrical Engineering We bring Service-Oriented Architecture and Web Services technology to devicesStefan Pfeiffer • Involved in the WS-DD Embedded technical committee together with Systems e.g.Wireless SensorNetworks • Participation on Standardization of DPWS Enterprise • WS4D.org initiative Systems 2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 18
  19. 19. Group Timmermann – Electrical Engineering We bring Service-Oriented Architecture and Web Services technology to devicesStefan Pfeiffer • Involved in the WS-DD Embedded technical committee together with Systems e.g.Wireless SensorNetworks • Participation on Standardization of DPWS Enterprise • WS4D.org initiative Systems • WS-BPEL extension BPEL4D 2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 19
  20. 20. Group Timmermann – Electrical Engineering We bring Service-Oriented Architecture and Web Services technology to devices • Involved in the WS-DDStefan Pfeiffer Embedded technical committee together with e.g. SystemsWireless SensorNetworks Industrial Home • Participation on Standardization of Automotive DPWS • WS4D.org initiative Enterprise Systems • WS-BPEL extension BPEL4D Tele- communication Medical • Cross Domain Solutions 2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 20
  21. 21. The Internet of Things2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 21
  22. 22. The Internet of Things Security ?2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 22
  23. 23. Security in DPWS RSA  X.509v3SHA Encryption + Transport Level Security RC4 AES Encryption U Security2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 23
  24. 24. Challenges Challenges:Security in DPWS • Central Authority may not be available2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 24
  25. 25. Challenges Challenges:Security in DPWS • Central Authority may not be available • X.509.v3 message overhead S. Unger, Sichere Service Schnittstellen für vernetzte Automotive Applikationen2/21/11 Universität Rostock © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 25
  26. 26. Challenges Challenges:Security in DPWSMoteiv TelosB Wireless Sensor Node • Central Authority may not be availableCPU: 8 MHz TI MSP430 µC • X.509.v3 message overheadRAM: 10 kByteFlash: 48 kByte • Restricted Memory (Ressource) Christian Lerche uDPWS – Introduction http://code.google.com/p/udpws/wiki/2/21/11 Introduction © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 26
  27. 27. Challenges Challenges: Security in DPWS Energy Consumption for Message Signing • Central Authority may not be available 3000,0 • X.509.v3 message overheadEnergy Consumption in mJ 2250,0 • Restricted Memory (Ressource) • Power Consumption 1500,0 750,0 0,0 RSA_1024 RSA_2048 ECC_160 ECC_224 A. S. Wander, N. Gura, H. Eberle, V. Gupta, Sh. Ch. Shantz, “Energy analysis of public-key cryptography for wireless sensor 2/21/11 networks”, 2005 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 27
  28. 28. Challenges Challenges:Security in DPWS • Central Authority may not be available • X.509.v3 message overhead • Restricted Memory (Ressource) Transport Level • Power Consumption Security --> • Granularity of Security Concepts Message Message Level Security2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 28
  29. 29. Challenges Challenges:Security in DPWS • Central Authority may not be available • X.509.v3 message overhead • Restricted Memory (Ressource) • Power Consumption • Granularity of Security Concepts • Interoperability and Integration2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 29
  30. 30. Challenges Challenges:Security in DPWS device • Central Authority may not be available interaction • X.509.v3 message overhead • Restricted Memory (Ressource) • Power Consumption • Granularity of Security Concepts • Interoperability and Integration • Formal modellingpower consumption security aspects 2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 30
  31. 31. Challenges Challenges:Security in DPWS • Central Authority may not be available • X.509.v3 message overhead • Restricted Memory (Ressource) • Power Consumption + • Granularity of Security Concepts • Interoperability and Integration • Formal modelling • Improve / adapt existing solutions --> tools2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 31
  32. 32. ApproachFormally model devices,constraints, and requirements Validate model in case studies Propose protocols, contracts, algorithms and formally verify them. ...import competencies from RS 3 Validate solutions in case studies 2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 32
  33. 33. Reliably Secure Web Services for DevicesStefan Pfeiffer Andreas LehmannDPWS Methods andSecurity sec Formal VerificationFramework for Services http://ws4dsec.org 2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 33

×