Using OSGi for Secure Service Discovery - Antonio Kung, Founder/Director, Trialog, Danny De Cock, Researcher Applied Cryptography, K.U.Leuven & Hans Scholten, U.Twente
FIWARE Global Summit - Identity Management and Access Control
Similar a Using OSGi for Secure Service Discovery - Antonio Kung, Founder/Director, Trialog, Danny De Cock, Researcher Applied Cryptography, K.U.Leuven & Hans Scholten, U.Twente
How to maximize profit from IoT by using data platform - Albert Lewandowski, ...GetInData
Similar a Using OSGi for Secure Service Discovery - Antonio Kung, Founder/Director, Trialog, Danny De Cock, Researcher Applied Cryptography, K.U.Leuven & Hans Scholten, U.Twente (20)
Using OSGi for Secure Service Discovery - Antonio Kung, Founder/Director, Trialog, Danny De Cock, Researcher Applied Cryptography, K.U.Leuven & Hans Scholten, U.Twente
1.
2. Using OSGi for Secure
Service Discovery
Slides available at http://godot.be/slides
Antonio Kung, Founder/Director, TrialogAntonio Kung, Founder/Director, Trialog
Danny De Cock, Researcher Applied Cryptography, K.U.LeuvenDanny De Cock, Researcher Applied Cryptography, K.U.Leuven
Hans Scholten, U.TwenteHans Scholten, U.Twente
3. 3
Presentation StructurePresentation Structure
•• TEAHATEAHA
•• TEAHA Approach for seamless interworkingTEAHA Approach for seamless interworking
•• Using OSGi and Service DiscoveryUsing OSGi and Service Discovery
–– OSGi and TEAHA Features and NeedsOSGi and TEAHA Features and Needs
–– OSGi vs. TEAHA RegistrationOSGi vs. TEAHA Registration
–– TEAHA Security ModulesTEAHA Security Modules
–– Architecture for Service Discovery and SecurityArchitecture for Service Discovery and Security
4. 4
•• Industry groupsIndustry groups
The TEAHA ConsortiumThe TEAHA Consortium
•• Leading manufacturersLeading manufacturers
and service companiesand service companies
•• Technology and marketTechnology and market
research companies andresearch companies and
UniversitiesUniversities
5. 5
TEAHA MissionTEAHA Mission
•• Specify an open, secure framework for seamlessSpecify an open, secure framework for seamless
interoperability and interworkinginteroperability and interworking
Networked
Audio-Video
Applications
Networked
Home Control
Applications
AV &
Mobile
MMI
White goods
Energy Management
Security and Safety
Home Controls
Lighting Control
Health Care for Elderly and
Disabled
Infotainment
6. 6
TEAHA Has Technology ClustersTEAHA Has Technology Clusters
Security
Controller
Reference
Gateway
UPnP/WiFi
Display
Clock
Energy
Controller
Washing
Machine
Oven
Meter
Smoke
Sensor
CameraIntrusion
Detector
EHS/Power Line TEAHA/Zigbee
TV
7. 7
TEAHA Has Business ClustersTEAHA Has Business Clusters
Reference
Gateway
UPnP/WiFi
Display
Clock
Energy
Controller
Washing
Machine
Smoke
Sensor
Camera
EHS/Power Line TEAHA/Zigbee
TV
Energy
Household
Appliance
Multimedia
Intrusion
Detector
Home SafetySecurity
Controller
Meter
Oven
8. 8
Facts about StakeholdersFacts about Stakeholders
•• Stakeholders in a business clusterStakeholders in a business cluster
–– Are competitorsAre competitors
–– Share the same cultureShare the same culture
–– Are involved in the same value chainAre involved in the same value chain
–– Would prefer to abstract away from technology clustersWould prefer to abstract away from technology clusters
•• Stakeholders in different business clustersStakeholders in different business clusters
–– Do not understand each otherDo not understand each other
–– Do not need to understand other clustersDo not need to understand other clusters
–– Have different cultures, value chain, life cycleHave different cultures, value chain, life cycle
9. 9
Approach for Seamless InterworkingApproach for Seamless Interworking
•• There are issues in supporting the mixing ofThere are issues in supporting the mixing of
different types of clustersdifferent types of clusters
–– Technology clustersTechnology clusters
–– Business clustersBusiness clusters
–– ……
•• TEAHA focuses on solving those issuesTEAHA focuses on solving those issues
10. 10
Seamless Interworking Unsolved ProblemsSeamless Interworking Unsolved Problems
•• Service DiscoveryService Discovery
–– Can a device in one technology cluster discover a device fromCan a device in one technology cluster discover a device from
another technology cluster?another technology cluster?
–– Can these devices use one anotherCan these devices use one another’’s services?s services?
•• Secure CommunicationSecure Communication
–– Can a device in one technology cluster communicate securelyCan a device in one technology cluster communicate securely
with a device from another technology cluster?with a device from another technology cluster?
•• Authenticity: No faked devices!Authenticity: No faked devices!
•• Confidentiality: No eavesdroppers!Confidentiality: No eavesdroppers!
•• Trusted/Registered devices: No intruders!Trusted/Registered devices: No intruders!
•• Security PolicySecurity Policy
–– Can a business cluster be protected from other clusters?Can a business cluster be protected from other clusters?
•• Policy enforcement:Policy enforcement: is a multimedia application allowed to accessis a multimedia application allowed to access
security system information?security system information?
11. 11
Interworking Environment
Abstract ArchitectureAbstract Architecture
Application
Framework
LAN Abstraction
Business
Cluster
Support
Service
Applications
Bridge Utility
Service Access
Utility
Secure Service
Discovery Utility
Secure Communication Utility
Communication Layer
LAN 1 Proxy
LAN 1 Driver
LAN 2 Proxy
LAN 2 Driver
Security
Support
12. 12
TEAHA Business Cluster SupportTEAHA Business Cluster Support
Business Cluster Support
Cluster
Household Appliances
Cluster
Home Safety
LAN
App
Plug-in Selector
LAN
App
LAN
App
LAN
App
13. 13
Mapping on top OSGiMapping on top OSGi
LAN K driver
Communication
Secure Service
Discovery
Secure
Communication
Bridge Utility
Service Access
Utility
Service
Applications
OSGi
Network
bundles
OSGi
Device
bundles
OSGi
Application
bundles
LAN K proxy
LAN 1 driver
LAN 1 proxy
14. 14
Device 1 Device 2
Communication
LAN2 Proxy
LAN2 Driver
LAN1 Proxy
LAN1 Driver
Bridge Utility
Seamless Interworking in ActionSeamless Interworking in Action
App-PDU
App-PDU
LAN2-PDU
App-PDU
LAN1-PDU
App-PDU
Cluster
Energy Management
Cluster
Energy Management
15. 15
LAN2 Proxy
LAN2 Driver
LAN1 Proxy
LAN1 Driver
Service
Discovery
Device 1
Search for
Service
Communication
Device 2
Provides
Service
Service Discovery in ActionService Discovery in Action
App Service Description
Service Discovery
Proxy
LAN1 Service Description
App Service Description
App Service Description App Service Description
Service Discovery
Proxy
LAN2 Service Description
16. 16
OSGi and TEAHA Features and NeedsOSGi and TEAHA Features and Needs
•• OSGiOSGi
–– Targets wide application areaTargets wide application area
•• Embedded and dedicatedEmbedded and dedicated
devicesdevices
–– ProvidesProvides specificationsspecifications for afor a
serviceservice--oriented architectureoriented architecture
–– Defines a computingDefines a computing
environment forenvironment for networkednetworked
servicesservices and isand is
•• StandardizedStandardized
•• Component orientedComponent oriented
–– Embodies into aEmbodies into a serviceservice
platformplatform with secure executionwith secure execution
environmentenvironment
–– Not supportedNot supported
•• Device authenticationDevice authentication
•• Platform management protocolPlatform management protocol
•• TEAHATEAHA
–– TargetsTargets
•• Home applicationsHome applications andand
•• RelationshipsRelationships with A/Vwith A/V
applicationsapplications
–– Provides specifications for aProvides specifications for a
global home platform, focusesglobal home platform, focuses
•• OpennessOpenness
•• Secure communicationsSecure communications
•• InteroperabilityInteroperability
–– Defines a middleware platformDefines a middleware platform
for seamless interworking offor seamless interworking of
•• Wide variety of appliancesWide variety of appliances
available in the homeavailable in the home
environmentenvironment
•• Heterogeneous networksHeterogeneous networks
–– Embodies into a logical TEAHAEmbodies into a logical TEAHA
devicedevice
–– No open issuesNo open issues ☺☺
17. 17
OSGi vs. TEAHA RegistrationOSGi vs. TEAHA Registration
•• OSGiOSGi
–– Registration of services inRegistration of services in
the OSGi platformthe OSGi platform
–– Registration with the localRegistration with the local
OSGi registryOSGi registry
•• Code/Bundle signingCode/Bundle signing
•• PolicyPolicy--basedbased
–– OSGi services use oneOSGi services use one
anotheranother’’s services in thes services in the
OSGi platformOSGi platform
•• TEAHATEAHA
–– Registration of TEAHARegistration of TEAHA
devices in the wide homedevices in the wide home
environmentenvironment
–– Device registrationDevice registration
requires touch & playrequires touch & play
•• Secure zero configurationSecure zero configuration
•• PolicyPolicy--basedbased
–– Unregistered devices cannotUnregistered devices cannot
use registered devicesuse registered devices’’
servicesservices
–– DeviceDevice--Device serviceDevice service
usageusage
18. 18
TEAHA Devices and Security ModulesTEAHA Devices and Security Modules
Security Module (SM)
Security
Session
Manager
Security
Policy
Manager
Secure
Storage
Crypto
Engine
Generic Device
Services
Security
Module
Services
X Y
Z …
TEAHA Device
Network Interface
User Services
Device Services
Device Internals
Internal Services
Key Features of a Security Module:
• One SM per Device
• SM = OSGi bundle
• SM offers services to other bundles
• SM initialized by manufacturer
• Initialized SM ready to be used
• Combination of hard- and software
• Hardware Non-cloneable
• Software Risk for cloning
• Provide true strong authentication
• Secure communications rely on SM
• Insecure
• Authenticity
• Confidentiality
• Secure = Auth. + Conf.
19. 19
TEAHA Security Module ServicesTEAHA Security Module Services
Sealed in a tamper evident enclosure, e.g.,
Integrity-protected log file or database, hardware
enclosure,…
Inner Kernel with security features
Cryptographic Engine
• Signing primitives and keys
• Decryption primitives and keys
• Secret master keys
• Decrypt and re-encrypt (optional)
Secure Storage
• Device/user certificate(s), data,…
• Trusted (CA) certificates
• Session data (keys, logs)
Functionality
• Authenticate data
• Verify authenticated data
• Decrypt encrypted data
• Encrypt plaintext data
• Generate key pair
• Generate secret key
• Play key agreement protocol
• Generate random data
• Compare Local vs. Reference time
• Convert security mechanism
Implementationrelieson
API
Can be used for
- Applications
- Secure Communications
20. 20
TEAHA Secure Communication TypesTEAHA Secure Communication Types
Device I
Device H
Device J
Device F
Device E
Device G
Residential
Gateway
7 Communications Tube
3 4
Application Data1 2
65
4 Security levels:
• Protecting Integrity and/or Confidentiality
Security parameters (keys):
• Agreed on during device discovery
21. 21
Secure Key Agreement with StationSecure Key Agreement with Station--ToTo--StationStation
D2 sends a Pong message
Pong (Session Identifier, Data (optional))
D1D1
Key
Agreement
Messages
Secure
Data
Transfer
D1 broadcasts a Ping message
Ping (Session Identifier, Data (optional))
Data Transfer
Secure Send/Receive (Session
Identifier, Secured (optional) Data)
D2D2
D2D2
Optional
Confidentiality
And/Or
Integrity
ProtectionData Transfer
Secure Send/Receive (Session
Identifier, Secured (optional) Data)
1 2
34
5
65
6
Device + Service
Discovery
Service Usage
22. 22
RegistryRegistry
Secure Service Discovery and Use withSecure Service Discovery and Use with
RegistryRegistry
D1D1
Service
Query
Actual Data Transfer
Send/Receive (Session Identifier, Secured (optional) Data)
Direct
Service
Selection
Secure P2P Discovery and Usage
D2D2
Actual Data Transfer
Send/Receive (Session Identifier, Secured (optional) Data)
5
65
6
Optional
1 2
34
5
65
6
23. 23
Registration of DevicesRegistration of Devices
Registry
Service Y
Service X
Service Z
Registration Proof Z
Registration Proof Y
Registration Proof RG
Registration Proof X
Residential
Gateway
Device Y
Device X
Device Z
Master Registry issues Proofs of Registration
Strong Authentication (relying on Security Module) of Devices
Device-Device communication requires valid Proof of Registration
24. 24
Example: Only one Washing MachineExample: Only one Washing Machine
Wash
Washing
Machine
PingPing
Ping Ping
SMWM
25. 25
Example: Registry Device Comes OnlineExample: Registry Device Comes Online
Registry
Residential
Gateway
Wash
Washing
Machine
PingPing
Ping Ping
PingPing
Ping Ping
Registration Proof
SMWM
Registration Proof
SMRG
Residential Gateway (RG) assumes the role of a Registry Device
RG is personalized for the home
Issuing Registration Proof requires human interaction
- Physical presence of the registered device
- Knowledge of activation code of the new device
27. 27
Example: Separate Registration DomainsExample: Separate Registration Domains
Registry
Residential
Gateway
Wash
Washing
Machine
PingPing
Ping Ping
PingPing
Ping Ping
Registration Proof
SMWM
Registration Proof
SMRG
Neighbor Apartment
Wash
Registry
Residential
Gateway
PingPing
Ping Ping
Registration Proof
SMRG’
Registration ProofSMWM’
Washing
Machine
Neighbor’s devices receive Neighbor’s Registration Proofs
Name space reflects where a device belongs to
28. 28
ConclusionsConclusions
•• TEAHA provides a secure and interoperableTEAHA provides a secure and interoperable
architecture for networked home applicationsarchitecture for networked home applications
•• Security Module is an OSGi bundle that providesSecurity Module is an OSGi bundle that provides
–– Secure communications servicesSecure communications services
–– Protection against cloning of the deviceProtection against cloning of the device
–– Strong authentication of the device and servicesStrong authentication of the device and services
•• Initialization of securityInitialization of security--related parametersrelated parameters
embedded in the service discovery protocolembedded in the service discovery protocol
29. Attend the
2nd TEAHA Open Forum
November 28, 2005
Le Méridien - Nice, France
http://www.nethttp://www.net--athome.com/colocated_teaha.phpathome.com/colocated_teaha.php
30. 30
Secure Key Agreement with DiffieSecure Key Agreement with Diffie--HellmanHellman
D1 Receives a Pong message
Checks Authenticated (EK(data2)||αy)
Calculates K= (αy)x
Decrypts EK(data2)
Processes data2
D2 Receives a Secured Data Transfer message
Checks Authenticated (EK(data3))
D2 Decrypts the information within a session with D1
Decrypts EK(data3)
D1 Prepares Secure Data Transfer
Encrypts EK(data3)
Authenticates EK(data3)
D1 Broadcasts Secured Data Transfer message for D2
Broadcast of Authenticated (EK(data3))
D2 Receives a Ping message
Checks Authenticated (data1||αx)
Processes data1
Ping message sent from D1 to D2
Computes secret x
Calculates αx
Authenticates {data1||αx}
D1 Broadcasts the Ping message
Broadcast of Authenticated (data1||αx)
D2 Prepares a Pong message for D1
Computes secret y
Calculates αy
Calculates K= (αx)y
Encrypts data: EK(data2)
Authenticates {EK(data2)||αy}
D2 Broadcasts Pong message for D1
Broadcast of Authenticated (EK(data2)||αy)
1
2
3
4
5
6
31. 31
TEAHA Service DiscoveryTEAHA Service Discovery
Service
Discovery
Kernel
Registry mgt
Policy mgt
Secure
Communication
Communication
Service Access Utility
Secure Service
Discovery
Security
Support