More Related Content
Similar to Ws4 dsec talk @ Kickoff RS3
Similar to Ws4 dsec talk @ Kickoff RS3 (20)
More from Universität Rostock
More from Universität Rostock (20)
Ws4 dsec talk @ Kickoff RS3
- 1. www. .org
WS4Dsec
Reliably Secure Web Services for Devices
Andreas Lehmann, Stefan Pfeiffer, Frank Golatowski, Dirk Timmermann, Karsten Wolf
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 1
- 2. Joint Interdisciplinary Research Project
Electrical www. .org
Engineering
Prof. Dirk Timmermann
Computer Science
Prof. Karsten Wolf
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 2
- 3. Service Oriented Architecture (SOA)
Interaction between business entities
register
search
communicate
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 3
- 4. Web Service Technology
Interaction between technical entities
UDDI
query language: WSDL
defined by UDDI
register
search
XML
Consumer communicate Web Service
WS-BPEL WS-BPEL
SOAP
driven by >50 industry standards
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 4
- 5. Group Wolf – Computer Science
We provide tools & formal methods for
analysis of systems and synthesis of services
Andreas Lehmann ?
Service Service
verification
Service
WS-BPEL diagnosis
–
Formal Service
Model validation
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 5
- 6. Group Wolf – Computer Science
We provide tools & formal methods for
analysis of systems and synthesis of services
others.
Andreas ? ..
asynchronous
Lehmann Service Service hardware circuits
verification
business
processes
Service
diagnosis
WS-BPEL
– Service
AI
Formal Model planning
validation
biochemical
reactions
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 6
- 7. Group Wolf – Computer Science
We provide tools & formal methods for
analysis of systems and synthesis of services
Andreas
Lehmann Service ?
partner
synthesis
Service ? Service
adapter
synthesis
Service corrections
Specification
Test test case
Test
Test Implementation generation
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 7
- 8. Group Wolf – Computer Science
We provide tools & formal methods for
analysis of systems and synthesis of services
Andreas
Lehmann Service ?
partner
synthesis
Service ? Service
adapter
synthesis
Service corrections Formal Model
–
Specification WS-BPEL
Test test case
Test
Test Implementation generation
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 8
- 9. Group Wolf – Computer Science
We provide tools & formal methods for
analysis of systems and synthesis of services
Andreas
Lehmann
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 9
- 10. More intelligent devices
coffee machine
mobile phones
clock
picture frame
electricity meter
refrigerator
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 10
- 12. Web Service Technology to Devices ?
Static Configuration Dynamic Configuration
Central Directory No Central Directory
Resource Hungry Resource Constrained
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 12
- 13. DPWS – Devices Profile for Web Services
• Standardized by the WS-DD technical committee
• Apply the Web Services technology to
the domain of embedded systems
• Is already integrated by Microsoft and Windows Vista.
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 13
- 14. Devices Profile for Web Services
Directory
WS-
Discovery
WSDL
defined by WS-Discovery
search announce
XML
Device /
Consumer communicate
Web Service
SOAP
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 14
- 15. DPWS Protocol Stack Implementation
Axis2 gSOAP uDPWS
--> -->
Enterprise Systems Embedded Systems Sensor Networks
Enable Web Service Technology on Devices
Compatibility to Enterprise Web Services
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 15
- 16. Group Timmermann – Electrical Engineering
We bring Service-Oriented Architecture and
Web Services technology to devices
Stefan Pfeiffer
Embedded
Systems
Wireless
Sensor
Networks
Enterprise
Systems
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 16
- 17. Group Timmermann – Electrical Engineering
We bring Service-Oriented Architecture and
Web Services technology to devices
Stefan Pfeiffer • Involved in the WS-DD
Embedded technical committee together with
Systems e.g.
Wireless
Sensor
Networks
• Participation on Standardization of
DPWS
Enterprise
Systems
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 17
- 18. Group Timmermann – Electrical Engineering
We bring Service-Oriented Architecture and
Web Services technology to devices
Stefan Pfeiffer • Involved in the WS-DD
Embedded technical committee together with
Systems e.g.
Wireless
Sensor
Networks
• Participation on Standardization of
DPWS
Enterprise
• WS4D.org initiative
Systems
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 18
- 19. Group Timmermann – Electrical Engineering
We bring Service-Oriented Architecture and
Web Services technology to devices
Stefan Pfeiffer • Involved in the WS-DD
Embedded technical committee together with
Systems e.g.
Wireless
Sensor
Networks
• Participation on Standardization of
DPWS
Enterprise
• WS4D.org initiative
Systems
• WS-BPEL extension BPEL4D
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 19
- 20. Group Timmermann – Electrical Engineering
We bring Service-Oriented Architecture and
Web Services technology to devices
• Involved in the WS-DD
Stefan Pfeiffer
Embedded technical committee together with e.g.
Systems
Wireless
Sensor
Networks
Industrial
Home
• Participation on Standardization of
Automotive DPWS
• WS4D.org initiative
Enterprise
Systems • WS-BPEL extension BPEL4D
Tele-
communication Medical
• Cross Domain Solutions
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 20
- 21. The Internet
of Things
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 21
- 22. The Internet
of Things
Security ?
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 22
- 23. Security in DPWS
RSA
X.509v3
SHA Encryption +
Transport Level
Security RC4
AES
Encryption U
Security
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 23
- 24. Challenges
Challenges:
Security in DPWS
• Central Authority may not be available
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 24
- 25. Challenges
Challenges:
Security in DPWS
• Central Authority may not be available
• X.509.v3 message overhead
S. Unger,
Sichere Service Schnittstellen für vernetzte Automotive
Applikationen
2/21/11 Universität Rostock
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 25
- 26. Challenges
Challenges:
Security in DPWS
Moteiv TelosB Wireless Sensor Node • Central Authority may not be available
CPU:
8 MHz TI MSP430 µC • X.509.v3 message overhead
RAM:
10 kByte
Flash:
48 kByte • Restricted Memory (Ressource)
Christian Lerche
uDPWS – Introduction
http://code.google.com/p/udpws/wiki/
2/21/11 Introduction
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 26
- 27. Challenges
Challenges:
Security in DPWS
Energy Consumption for Message Signing • Central Authority may not be available
3000,0
• X.509.v3 message overhead
Energy Consumption in mJ
2250,0
• Restricted Memory (Ressource)
• Power Consumption
1500,0
750,0
0,0
RSA_1024 RSA_2048 ECC_160 ECC_224
A. S. Wander, N. Gura, H. Eberle, V. Gupta, Sh. Ch. Shantz,
“Energy analysis of public-key cryptography for wireless sensor
2/21/11
networks”, 2005
© 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 27
- 28. Challenges
Challenges:
Security in DPWS
• Central Authority may not be available
• X.509.v3 message overhead
• Restricted Memory (Ressource)
Transport Level • Power Consumption
Security
-->
• Granularity of Security Concepts
Message
Message Level
Security
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 28
- 29. Challenges
Challenges:
Security in DPWS
• Central Authority may not be available
• X.509.v3 message overhead
• Restricted Memory (Ressource)
• Power Consumption
• Granularity of Security Concepts
• Interoperability and Integration
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 29
- 30. Challenges
Challenges:
Security in DPWS
device • Central Authority may not be available
interaction
• X.509.v3 message overhead
• Restricted Memory (Ressource)
• Power Consumption
• Granularity of Security Concepts
• Interoperability and Integration
• Formal modelling
power consumption security aspects
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 30
- 31. Challenges
Challenges:
Security in DPWS
• Central Authority may not be available
• X.509.v3 message overhead
• Restricted Memory (Ressource)
• Power Consumption
+
• Granularity of Security Concepts
• Interoperability and Integration
• Formal modelling
• Improve / adapt existing solutions
--> tools
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 31
- 32. Approach
Formally model devices,
constraints, and requirements
Validate model in case studies
Propose protocols, contracts, algorithms and
formally verify them.
...import competencies from RS 3
Validate solutions in case studies
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 32
- 33. Reliably Secure Web Services for
Devices
Stefan Pfeiffer Andreas
Lehmann
DPWS Methods and
Security sec Formal Verification
Framework for Services
http://ws4dsec.org
2/21/11 © 2011 UNIVERSITÄT ROSTOCK | FAKULTÄT FÜR INFORMATIK UND ELEKTROTECHNIK 33