0
Assessment Models to Improve the Usability of             Security in Wireless Sensor Networks                            ...
Outline• Introduction WSAN4CIP, TAMPRES• Motivation• Model-based security assessment approach• Example for practical secur...
WSAN4CIP• Protection of critical infrastructures• Potential threats  – Natural disasters (floods, earthquake)  – Terrorism...
WSAN4CIP demonstration sides (1)IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany   www.ihp-microelectronics.com   ...
WSAN4CIP demonstration sides (2)Briesen (Mark)                                                                            ...
TAMPRES• Development of novel protection means to ensure  tamper resistance and improve trustworthiness for  severely cont...
General Problem• Gap between application level (users) and  technological level (developers)• Complex trade-offs on techno...
Overview: Model-based System Security Assessment                                                                          ...
C1: Collection and Mapping of User Requirements• Full specification of the application mission   –Relevant phenomena   –Se...
Two-Step Requirement Definition Process                                       Transformation of requirements- Application ...
C2: Describing attributes components and system• Definition of a (Meta-) component model     – Hardware and software compo...
Component Meta-ModelIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany   www.ihp-microelectronics.com   © 2011- All ...
C3: Definition of Security Models• Should be able to decide whether a system is  secure for the given requirements• Inputs...
Currently implemented Model Approach• Define requirements, environmental information,  security properties, attacker prope...
Holistic Security Model (Ontology)IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany   www.ihp-microelectronics.com ...
Focused Views on the OntologySystem properties can be derived                                             Attacker model a...
Example for an Attack-centric Security Model• Based on Attack Trees     – A system is secure if all attacks:          1.  ...
General ArchitectureIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany   www.ihp-microelectronics.com   © 2011- All ...
Envisioned WSN Design ProcessIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany   www.ihp-microelectronics.com   © 2...
Example for a Component Selection Tool: configKit                                                -Selection of hardware   ...
Example for a Component Selection Tool                                                -Selection of hardware              ...
Conclusions• Assessment models can help to validate the fulfillment  of user requirements for a given system     Proposed ...
Thank You                                                  Questions?                                                     ...
Upcoming SlideShare
Loading in...5
×

Wsanacip tampres cluster meeting

438

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
438
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Wsanacip tampres cluster meeting"

  1. 1. Assessment Models to Improve the Usability of Security in Wireless Sensor Networks Steffen Peter IHP Im Technologiepark 25 15236 Frankfurt (Oder) GermanyIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011 - All rights reserved
  2. 2. Outline• Introduction WSAN4CIP, TAMPRES• Motivation• Model-based security assessment approach• Example for practical security modelIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  3. 3. WSAN4CIP• Protection of critical infrastructures• Potential threats – Natural disasters (floods, earthquake) – Terrorism, Vandalism, Crime (stealing Iron)• Providing monitoring capabilities for large scale infrastructure requires: – Low cost devices – No additional infrastructure – Robust, self-configuring systems – integration in SCADA infrastructures• WSNs protecting CIP become part of the CIP – need to be protected –Development and integration of mechanisms to protect the WSN IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  4. 4. WSAN4CIP demonstration sides (1)IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  5. 5. WSAN4CIP demonstration sides (2)Briesen (Mark) Rosengarten Jacobsdorf • Drinking water distribution network – Monitoring of a 20km pipeline in Germany – Reporting of operating state, alarm conditions and access control. –Integration in existing infrastructures • Nodes are exposed to physical attacks IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  6. 6. TAMPRES• Development of novel protection means to ensure tamper resistance and improve trustworthiness for severely contrained devices• Enhancing the security of the Future Internet by improving the resistance of its weakest link, i.e. wireless sensor nodes against physical attacks• Highly technical project with the goal to implement a tamper resistant sensor node with cryptographic accelerators and side-channel resistanceIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  7. 7. General Problem• Gap between application level (users) and technological level (developers)• Complex trade-offs on technological level often not understood on application level• Particularly true for Wireless Sensor Networks –Energy, Memory , Security, Cost – Trade-offs –No one-fits-all solutionIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  8. 8. Overview: Model-based System Security Assessment Understood by Application Requirements users C1: Collecting of (soft) user security requirements and transforming them to the (hard) model that allows assessment Security- and C3: Does the system satisfies the requirements?Assessment Models Need for adequate models Inferring properties of the composed system Based on meta-information of the basis components System = composition of basis component (Automatic) selection of basis components Technological basis components services, and C2: Describing individual (security-) properties protocols with of the components as meta-information complex trade-offs IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  9. 9. C1: Collection and Mapping of User Requirements• Full specification of the application mission –Relevant phenomena –Selection of sensors –Expected lifetime and reliability• Hide technical details –Users typically cannot express their security needs• Language easy to use for users – central catalogue – specific catalogues for specific domains IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  10. 10. Two-Step Requirement Definition Process Transformation of requirements- Application type (health care, home, industrial) Attacker model and capabilities- Required security attributes (concealment, integrity, robustness)- Parameters IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  11. 11. C2: Describing attributes components and system• Definition of a (Meta-) component model – Hardware and software components – Protocols, services• Security properties as part of the meta information of the components –Provided by the developers (they know what their components are doing) –Have to be observed by independent experts• Has to support composable security –sec (comp. A + comp. B) = f(sec(comp A), sec(comp B))IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  12. 12. Component Meta-ModelIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  13. 13. C3: Definition of Security Models• Should be able to decide whether a system is secure for the given requirements• Inputs are: –Technical requirements –Properties of the system• Output: –List of conflictsIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  14. 14. Currently implemented Model Approach• Define requirements, environmental information, security properties, attacker properties as properties in one large graph –Connected via relations (formulas) defining how properties depend on and define each other• Security is expressed as views on specific aspects –System is secure is the attribute is free of conflicts on context of requirements,• Starting point is a holistic security model –Successive refinement to assess the aspectsIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  15. 15. Holistic Security Model (Ontology)IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  16. 16. Focused Views on the OntologySystem properties can be derived Attacker model and capabilities from the properties of the can be derived from the user requirements, used components and the application context IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  17. 17. Example for an Attack-centric Security Model• Based on Attack Trees – A system is secure if all attacks: 1. can be prevented (property of the system), or 2. Do not apply (property of the system requirements) System Security propagation …Attacks… …Attacks…Require- ments/ SystemAttacker Properties modell IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  18. 18. General ArchitectureIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  19. 19. Envisioned WSN Design ProcessIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  20. 20. Example for a Component Selection Tool: configKit -Selection of hardware -Selection of required functions -Definition of security properties -Each change of inputs immediately updates the result Fast and easy refinement process -Proposed software configuration -Including prediction of footprintIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  21. 21. Example for a Component Selection Tool -Selection of hardware -Selection of required functions -Definition of security properties -Each change of inputs immediately updates the result Fast and easy refinement process -Proposed software configuration -Including prediction of footprintIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  22. 22. Conclusions• Assessment models can help to validate the fulfillment of user requirements for a given system Proposed approach shows the general feasibility• Challenges remain: -How to elicit the requirements from the user and to transform them to objective properties -Find models for a-priori reasoning of security-related behavior and conflicts -How to describe properties of components so that they support composition of securityIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2011- All rights reserved
  23. 23. Thank You Questions? Web: www.wsan4cip.eu www.tampres.eu peter@ihp-microelectronics.comIHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2008 - All rights reserved
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×