Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Using OSGi for Secure
Service Discovery
Slides available at http://godot.be/slides
Antonio Kung, Founder/Director, Trialog...
3
Presentation StructurePresentation Structure
•• TEAHATEAHA
•• TEAHA Approach for seamless interworkingTEAHA Approach for...
4
•• Industry groupsIndustry groups
The TEAHA ConsortiumThe TEAHA Consortium
•• Leading manufacturersLeading manufacturers...
5
TEAHA MissionTEAHA Mission
•• Specify an open, secure framework for seamlessSpecify an open, secure framework for seamle...
6
TEAHA Has Technology ClustersTEAHA Has Technology Clusters
Security
Controller
Reference
Gateway
UPnP/WiFi
Display
Clock...
7
TEAHA Has Business ClustersTEAHA Has Business Clusters
Reference
Gateway
UPnP/WiFi
Display
Clock
Energy
Controller
Washi...
8
Facts about StakeholdersFacts about Stakeholders
•• Stakeholders in a business clusterStakeholders in a business cluster...
9
Approach for Seamless InterworkingApproach for Seamless Interworking
•• There are issues in supporting the mixing ofTher...
10
Seamless Interworking Unsolved ProblemsSeamless Interworking Unsolved Problems
•• Service DiscoveryService Discovery
––...
11
Interworking Environment
Abstract ArchitectureAbstract Architecture
Application
Framework
LAN Abstraction
Business
Clus...
12
TEAHA Business Cluster SupportTEAHA Business Cluster Support
Business Cluster Support
Cluster
Household Appliances
Clus...
13
Mapping on top OSGiMapping on top OSGi
LAN K driver
Communication
Secure Service
Discovery
Secure
Communication
Bridge ...
14
Device 1 Device 2
Communication
LAN2 Proxy
LAN2 Driver
LAN1 Proxy
LAN1 Driver
Bridge Utility
Seamless Interworking in A...
15
LAN2 Proxy
LAN2 Driver
LAN1 Proxy
LAN1 Driver
Service
Discovery
Device 1
Search for
Service
Communication
Device 2
Prov...
16
OSGi and TEAHA Features and NeedsOSGi and TEAHA Features and Needs
•• OSGiOSGi
–– Targets wide application areaTargets ...
17
OSGi vs. TEAHA RegistrationOSGi vs. TEAHA Registration
•• OSGiOSGi
–– Registration of services inRegistration of servic...
18
TEAHA Devices and Security ModulesTEAHA Devices and Security Modules
Security Module (SM)
Security
Session
Manager
Secu...
19
TEAHA Security Module ServicesTEAHA Security Module Services
Sealed in a tamper evident enclosure, e.g.,
Integrity-prot...
20
TEAHA Secure Communication TypesTEAHA Secure Communication Types
Device I
Device H
Device J
Device F
Device E
Device G
...
21
Secure Key Agreement with StationSecure Key Agreement with Station--ToTo--StationStation
D2 sends a Pong message
Pong (...
22
RegistryRegistry
Secure Service Discovery and Use withSecure Service Discovery and Use with
RegistryRegistry
D1D1
Servi...
23
Registration of DevicesRegistration of Devices
Registry
Service Y
Service X
Service Z
Registration Proof Z
Registration...
24
Example: Only one Washing MachineExample: Only one Washing Machine
Wash
Washing
Machine
PingPing
Ping Ping
SMWM
25
Example: Registry Device Comes OnlineExample: Registry Device Comes Online
Registry
Residential
Gateway
Wash
Washing
Ma...
26
Example: Neighbor Installs Washing MachineExample: Neighbor Installs Washing Machine
Registry
Residential
Gateway
Wash
...
27
Example: Separate Registration DomainsExample: Separate Registration Domains
Registry
Residential
Gateway
Wash
Washing
...
28
ConclusionsConclusions
•• TEAHA provides a secure and interoperableTEAHA provides a secure and interoperable
architectu...
Attend the
2nd TEAHA Open Forum
November 28, 2005
Le Méridien - Nice, France
http://www.nethttp://www.net--athome.com/colo...
30
Secure Key Agreement with DiffieSecure Key Agreement with Diffie--HellmanHellman
D1 Receives a Pong message
Checks Auth...
31
TEAHA Service DiscoveryTEAHA Service Discovery
Service
Discovery
Kernel
Registry mgt
Policy mgt
Secure
Communication
Co...
Using OSGi for Secure Service Discovery - Antonio Kung, Founder/Director, Trialog, Danny De Cock, Researcher Applied Crypt...
Upcoming SlideShare
Loading in …5
×

Using OSGi for Secure Service Discovery - Antonio Kung, Founder/Director, Trialog, Danny De Cock, Researcher Applied Cryptography, K.U.Leuven & Hans Scholten, U.Twente

500 views

Published on

OSGi World Congress 2005 - Developer Forum Day 2

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Using OSGi for Secure Service Discovery - Antonio Kung, Founder/Director, Trialog, Danny De Cock, Researcher Applied Cryptography, K.U.Leuven & Hans Scholten, U.Twente

  1. 1. Using OSGi for Secure Service Discovery Slides available at http://godot.be/slides Antonio Kung, Founder/Director, TrialogAntonio Kung, Founder/Director, Trialog Danny De Cock, Researcher Applied Cryptography, K.U.LeuvenDanny De Cock, Researcher Applied Cryptography, K.U.Leuven Hans Scholten, U.TwenteHans Scholten, U.Twente
  2. 2. 3 Presentation StructurePresentation Structure •• TEAHATEAHA •• TEAHA Approach for seamless interworkingTEAHA Approach for seamless interworking •• Using OSGi and Service DiscoveryUsing OSGi and Service Discovery –– OSGi and TEAHA Features and NeedsOSGi and TEAHA Features and Needs –– OSGi vs. TEAHA RegistrationOSGi vs. TEAHA Registration –– TEAHA Security ModulesTEAHA Security Modules –– Architecture for Service Discovery and SecurityArchitecture for Service Discovery and Security
  3. 3. 4 •• Industry groupsIndustry groups The TEAHA ConsortiumThe TEAHA Consortium •• Leading manufacturersLeading manufacturers and service companiesand service companies •• Technology and marketTechnology and market research companies andresearch companies and UniversitiesUniversities
  4. 4. 5 TEAHA MissionTEAHA Mission •• Specify an open, secure framework for seamlessSpecify an open, secure framework for seamless interoperability and interworkinginteroperability and interworking Networked Audio-Video Applications Networked Home Control Applications AV & Mobile MMI White goods Energy Management Security and Safety Home Controls Lighting Control Health Care for Elderly and Disabled Infotainment
  5. 5. 6 TEAHA Has Technology ClustersTEAHA Has Technology Clusters Security Controller Reference Gateway UPnP/WiFi Display Clock Energy Controller Washing Machine Oven Meter Smoke Sensor CameraIntrusion Detector EHS/Power Line TEAHA/Zigbee TV
  6. 6. 7 TEAHA Has Business ClustersTEAHA Has Business Clusters Reference Gateway UPnP/WiFi Display Clock Energy Controller Washing Machine Smoke Sensor Camera EHS/Power Line TEAHA/Zigbee TV Energy Household Appliance Multimedia Intrusion Detector Home SafetySecurity Controller Meter Oven
  7. 7. 8 Facts about StakeholdersFacts about Stakeholders •• Stakeholders in a business clusterStakeholders in a business cluster –– Are competitorsAre competitors –– Share the same cultureShare the same culture –– Are involved in the same value chainAre involved in the same value chain –– Would prefer to abstract away from technology clustersWould prefer to abstract away from technology clusters •• Stakeholders in different business clustersStakeholders in different business clusters –– Do not understand each otherDo not understand each other –– Do not need to understand other clustersDo not need to understand other clusters –– Have different cultures, value chain, life cycleHave different cultures, value chain, life cycle
  8. 8. 9 Approach for Seamless InterworkingApproach for Seamless Interworking •• There are issues in supporting the mixing ofThere are issues in supporting the mixing of different types of clustersdifferent types of clusters –– Technology clustersTechnology clusters –– Business clustersBusiness clusters –– …… •• TEAHA focuses on solving those issuesTEAHA focuses on solving those issues
  9. 9. 10 Seamless Interworking Unsolved ProblemsSeamless Interworking Unsolved Problems •• Service DiscoveryService Discovery –– Can a device in one technology cluster discover a device fromCan a device in one technology cluster discover a device from another technology cluster?another technology cluster? –– Can these devices use one anotherCan these devices use one another’’s services?s services? •• Secure CommunicationSecure Communication –– Can a device in one technology cluster communicate securelyCan a device in one technology cluster communicate securely with a device from another technology cluster?with a device from another technology cluster? •• Authenticity: No faked devices!Authenticity: No faked devices! •• Confidentiality: No eavesdroppers!Confidentiality: No eavesdroppers! •• Trusted/Registered devices: No intruders!Trusted/Registered devices: No intruders! •• Security PolicySecurity Policy –– Can a business cluster be protected from other clusters?Can a business cluster be protected from other clusters? •• Policy enforcement:Policy enforcement: is a multimedia application allowed to accessis a multimedia application allowed to access security system information?security system information?
  10. 10. 11 Interworking Environment Abstract ArchitectureAbstract Architecture Application Framework LAN Abstraction Business Cluster Support Service Applications Bridge Utility Service Access Utility Secure Service Discovery Utility Secure Communication Utility Communication Layer LAN 1 Proxy LAN 1 Driver LAN 2 Proxy LAN 2 Driver Security Support
  11. 11. 12 TEAHA Business Cluster SupportTEAHA Business Cluster Support Business Cluster Support Cluster Household Appliances Cluster Home Safety LAN App Plug-in Selector LAN App LAN App LAN App
  12. 12. 13 Mapping on top OSGiMapping on top OSGi LAN K driver Communication Secure Service Discovery Secure Communication Bridge Utility Service Access Utility Service Applications OSGi Network bundles OSGi Device bundles OSGi Application bundles LAN K proxy LAN 1 driver LAN 1 proxy
  13. 13. 14 Device 1 Device 2 Communication LAN2 Proxy LAN2 Driver LAN1 Proxy LAN1 Driver Bridge Utility Seamless Interworking in ActionSeamless Interworking in Action App-PDU App-PDU LAN2-PDU App-PDU LAN1-PDU App-PDU Cluster Energy Management Cluster Energy Management
  14. 14. 15 LAN2 Proxy LAN2 Driver LAN1 Proxy LAN1 Driver Service Discovery Device 1 Search for Service Communication Device 2 Provides Service Service Discovery in ActionService Discovery in Action App Service Description Service Discovery Proxy LAN1 Service Description App Service Description App Service Description App Service Description Service Discovery Proxy LAN2 Service Description
  15. 15. 16 OSGi and TEAHA Features and NeedsOSGi and TEAHA Features and Needs •• OSGiOSGi –– Targets wide application areaTargets wide application area •• Embedded and dedicatedEmbedded and dedicated devicesdevices –– ProvidesProvides specificationsspecifications for afor a serviceservice--oriented architectureoriented architecture –– Defines a computingDefines a computing environment forenvironment for networkednetworked servicesservices and isand is •• StandardizedStandardized •• Component orientedComponent oriented –– Embodies into aEmbodies into a serviceservice platformplatform with secure executionwith secure execution environmentenvironment –– Not supportedNot supported •• Device authenticationDevice authentication •• Platform management protocolPlatform management protocol •• TEAHATEAHA –– TargetsTargets •• Home applicationsHome applications andand •• RelationshipsRelationships with A/Vwith A/V applicationsapplications –– Provides specifications for aProvides specifications for a global home platform, focusesglobal home platform, focuses •• OpennessOpenness •• Secure communicationsSecure communications •• InteroperabilityInteroperability –– Defines a middleware platformDefines a middleware platform for seamless interworking offor seamless interworking of •• Wide variety of appliancesWide variety of appliances available in the homeavailable in the home environmentenvironment •• Heterogeneous networksHeterogeneous networks –– Embodies into a logical TEAHAEmbodies into a logical TEAHA devicedevice –– No open issuesNo open issues ☺☺
  16. 16. 17 OSGi vs. TEAHA RegistrationOSGi vs. TEAHA Registration •• OSGiOSGi –– Registration of services inRegistration of services in the OSGi platformthe OSGi platform –– Registration with the localRegistration with the local OSGi registryOSGi registry •• Code/Bundle signingCode/Bundle signing •• PolicyPolicy--basedbased –– OSGi services use oneOSGi services use one anotheranother’’s services in thes services in the OSGi platformOSGi platform •• TEAHATEAHA –– Registration of TEAHARegistration of TEAHA devices in the wide homedevices in the wide home environmentenvironment –– Device registrationDevice registration requires touch & playrequires touch & play •• Secure zero configurationSecure zero configuration •• PolicyPolicy--basedbased –– Unregistered devices cannotUnregistered devices cannot use registered devicesuse registered devices’’ servicesservices –– DeviceDevice--Device serviceDevice service usageusage
  17. 17. 18 TEAHA Devices and Security ModulesTEAHA Devices and Security Modules Security Module (SM) Security Session Manager Security Policy Manager Secure Storage Crypto Engine Generic Device Services Security Module Services X Y Z … TEAHA Device Network Interface User Services Device Services Device Internals Internal Services Key Features of a Security Module: • One SM per Device • SM = OSGi bundle • SM offers services to other bundles • SM initialized by manufacturer • Initialized SM ready to be used • Combination of hard- and software • Hardware Non-cloneable • Software Risk for cloning • Provide true strong authentication • Secure communications rely on SM • Insecure • Authenticity • Confidentiality • Secure = Auth. + Conf.
  18. 18. 19 TEAHA Security Module ServicesTEAHA Security Module Services Sealed in a tamper evident enclosure, e.g., Integrity-protected log file or database, hardware enclosure,… Inner Kernel with security features Cryptographic Engine • Signing primitives and keys • Decryption primitives and keys • Secret master keys • Decrypt and re-encrypt (optional) Secure Storage • Device/user certificate(s), data,… • Trusted (CA) certificates • Session data (keys, logs) Functionality • Authenticate data • Verify authenticated data • Decrypt encrypted data • Encrypt plaintext data • Generate key pair • Generate secret key • Play key agreement protocol • Generate random data • Compare Local vs. Reference time • Convert security mechanism Implementationrelieson API Can be used for - Applications - Secure Communications
  19. 19. 20 TEAHA Secure Communication TypesTEAHA Secure Communication Types Device I Device H Device J Device F Device E Device G Residential Gateway 7 Communications Tube 3 4 Application Data1 2 65 4 Security levels: • Protecting Integrity and/or Confidentiality Security parameters (keys): • Agreed on during device discovery
  20. 20. 21 Secure Key Agreement with StationSecure Key Agreement with Station--ToTo--StationStation D2 sends a Pong message Pong (Session Identifier, Data (optional)) D1D1 Key Agreement Messages Secure Data Transfer D1 broadcasts a Ping message Ping (Session Identifier, Data (optional)) Data Transfer Secure Send/Receive (Session Identifier, Secured (optional) Data) D2D2 D2D2 Optional Confidentiality And/Or Integrity ProtectionData Transfer Secure Send/Receive (Session Identifier, Secured (optional) Data) 1 2 34 5 65 6 Device + Service Discovery Service Usage
  21. 21. 22 RegistryRegistry Secure Service Discovery and Use withSecure Service Discovery and Use with RegistryRegistry D1D1 Service Query Actual Data Transfer Send/Receive (Session Identifier, Secured (optional) Data) Direct Service Selection Secure P2P Discovery and Usage D2D2 Actual Data Transfer Send/Receive (Session Identifier, Secured (optional) Data) 5 65 6 Optional 1 2 34 5 65 6
  22. 22. 23 Registration of DevicesRegistration of Devices Registry Service Y Service X Service Z Registration Proof Z Registration Proof Y Registration Proof RG Registration Proof X Residential Gateway Device Y Device X Device Z Master Registry issues Proofs of Registration Strong Authentication (relying on Security Module) of Devices Device-Device communication requires valid Proof of Registration
  23. 23. 24 Example: Only one Washing MachineExample: Only one Washing Machine Wash Washing Machine PingPing Ping Ping SMWM
  24. 24. 25 Example: Registry Device Comes OnlineExample: Registry Device Comes Online Registry Residential Gateway Wash Washing Machine PingPing Ping Ping PingPing Ping Ping Registration Proof SMWM Registration Proof SMRG Residential Gateway (RG) assumes the role of a Registry Device RG is personalized for the home Issuing Registration Proof requires human interaction - Physical presence of the registered device - Knowledge of activation code of the new device
  25. 25. 26 Example: Neighbor Installs Washing MachineExample: Neighbor Installs Washing Machine Registry Residential Gateway Wash Washing Machine PingPing Ping Ping PingPing Ping Ping Registration Proof SMWM Registration Proof SMRG Neighbor Apartment Registration Proof Wash Washing Machine PingPing Ping Ping SMWM’ Neighbor’s device is not physically present Cannot receive a Registration Proof
  26. 26. 27 Example: Separate Registration DomainsExample: Separate Registration Domains Registry Residential Gateway Wash Washing Machine PingPing Ping Ping PingPing Ping Ping Registration Proof SMWM Registration Proof SMRG Neighbor Apartment Wash Registry Residential Gateway PingPing Ping Ping Registration Proof SMRG’ Registration ProofSMWM’ Washing Machine Neighbor’s devices receive Neighbor’s Registration Proofs Name space reflects where a device belongs to
  27. 27. 28 ConclusionsConclusions •• TEAHA provides a secure and interoperableTEAHA provides a secure and interoperable architecture for networked home applicationsarchitecture for networked home applications •• Security Module is an OSGi bundle that providesSecurity Module is an OSGi bundle that provides –– Secure communications servicesSecure communications services –– Protection against cloning of the deviceProtection against cloning of the device –– Strong authentication of the device and servicesStrong authentication of the device and services •• Initialization of securityInitialization of security--related parametersrelated parameters embedded in the service discovery protocolembedded in the service discovery protocol
  28. 28. Attend the 2nd TEAHA Open Forum November 28, 2005 Le Méridien - Nice, France http://www.nethttp://www.net--athome.com/colocated_teaha.phpathome.com/colocated_teaha.php
  29. 29. 30 Secure Key Agreement with DiffieSecure Key Agreement with Diffie--HellmanHellman D1 Receives a Pong message Checks Authenticated (EK(data2)||αy) Calculates K= (αy)x Decrypts EK(data2) Processes data2 D2 Receives a Secured Data Transfer message Checks Authenticated (EK(data3)) D2 Decrypts the information within a session with D1 Decrypts EK(data3) D1 Prepares Secure Data Transfer Encrypts EK(data3) Authenticates EK(data3) D1 Broadcasts Secured Data Transfer message for D2 Broadcast of Authenticated (EK(data3)) D2 Receives a Ping message Checks Authenticated (data1||αx) Processes data1 Ping message sent from D1 to D2 Computes secret x Calculates αx Authenticates {data1||αx} D1 Broadcasts the Ping message Broadcast of Authenticated (data1||αx) D2 Prepares a Pong message for D1 Computes secret y Calculates αy Calculates K= (αx)y Encrypts data: EK(data2) Authenticates {EK(data2)||αy} D2 Broadcasts Pong message for D1 Broadcast of Authenticated (EK(data2)||αy) 1 2 3 4 5 6
  30. 30. 31 TEAHA Service DiscoveryTEAHA Service Discovery Service Discovery Kernel Registry mgt Policy mgt Secure Communication Communication Service Access Utility Secure Service Discovery Security Support

×