SlideShare una empresa de Scribd logo

Using OSGi for Secure Service Discovery - Antonio Kung, Founder/Director, Trialog, Danny De Cock, Researcher Applied Cryptography, K.U.Leuven & Hans Scholten, U.Twente

M
mfrancis

OSGi World Congress 2005 - Developer Forum Day 2

Tecnología
1 de 31
Descargar para leer sin conexión
Using OSGi for Secure Service Discovery Slides available at http://godot.be/slides Antonio Kung, Founder/Director, TrialogAntonio Kung, Founder/Director, Trialog Danny De Cock, Researcher Applied Cryptography, K.U.LeuvenDanny De Cock, Researcher Applied Cryptography, K.U.Leuven Hans Scholten, U.TwenteHans Scholten, U.Twente
3 Presentation StructurePresentation Structure •• TEAHATEAHA •• TEAHA Approach for seamless interworkingTEAHA Approach for seamless interworking •• Using OSGi and Service DiscoveryUsing OSGi and Service Discovery –– OSGi and TEAHA Features and NeedsOSGi and TEAHA Features and Needs –– OSGi vs. TEAHA RegistrationOSGi vs. TEAHA Registration –– TEAHA Security ModulesTEAHA Security Modules –– Architecture for Service Discovery and SecurityArchitecture for Service Discovery and Security
4 •• Industry groupsIndustry groups The TEAHA ConsortiumThe TEAHA Consortium •• Leading manufacturersLeading manufacturers and service companiesand service companies •• Technology and marketTechnology and market research companies andresearch companies and UniversitiesUniversities
5 TEAHA MissionTEAHA Mission •• Specify an open, secure framework for seamlessSpecify an open, secure framework for seamless interoperability and interworkinginteroperability and interworking Networked Audio-Video Applications Networked Home Control Applications AV & Mobile MMI White goods Energy Management Security and Safety Home Controls Lighting Control Health Care for Elderly and Disabled Infotainment
6 TEAHA Has Technology ClustersTEAHA Has Technology Clusters Security Controller Reference Gateway UPnP/WiFi Display Clock Energy Controller Washing Machine Oven Meter Smoke Sensor CameraIntrusion Detector EHS/Power Line TEAHA/Zigbee TV
7 TEAHA Has Business ClustersTEAHA Has Business Clusters Reference Gateway UPnP/WiFi Display Clock Energy Controller Washing Machine Smoke Sensor Camera EHS/Power Line TEAHA/Zigbee TV Energy Household Appliance Multimedia Intrusion Detector Home SafetySecurity Controller Meter Oven
8 Facts about StakeholdersFacts about Stakeholders •• Stakeholders in a business clusterStakeholders in a business cluster –– Are competitorsAre competitors –– Share the same cultureShare the same culture –– Are involved in the same value chainAre involved in the same value chain –– Would prefer to abstract away from technology clustersWould prefer to abstract away from technology clusters •• Stakeholders in different business clustersStakeholders in different business clusters –– Do not understand each otherDo not understand each other –– Do not need to understand other clustersDo not need to understand other clusters –– Have different cultures, value chain, life cycleHave different cultures, value chain, life cycle
9 Approach for Seamless InterworkingApproach for Seamless Interworking •• There are issues in supporting the mixing ofThere are issues in supporting the mixing of different types of clustersdifferent types of clusters –– Technology clustersTechnology clusters –– Business clustersBusiness clusters –– …… •• TEAHA focuses on solving those issuesTEAHA focuses on solving those issues
10 Seamless Interworking Unsolved ProblemsSeamless Interworking Unsolved Problems •• Service DiscoveryService Discovery –– Can a device in one technology cluster discover a device fromCan a device in one technology cluster discover a device from another technology cluster?another technology cluster? –– Can these devices use one anotherCan these devices use one another’’s services?s services? •• Secure CommunicationSecure Communication –– Can a device in one technology cluster communicate securelyCan a device in one technology cluster communicate securely with a device from another technology cluster?with a device from another technology cluster? •• Authenticity: No faked devices!Authenticity: No faked devices! •• Confidentiality: No eavesdroppers!Confidentiality: No eavesdroppers! •• Trusted/Registered devices: No intruders!Trusted/Registered devices: No intruders! •• Security PolicySecurity Policy –– Can a business cluster be protected from other clusters?Can a business cluster be protected from other clusters? •• Policy enforcement:Policy enforcement: is a multimedia application allowed to accessis a multimedia application allowed to access security system information?security system information?
11 Interworking Environment Abstract ArchitectureAbstract Architecture Application Framework LAN Abstraction Business Cluster Support Service Applications Bridge Utility Service Access Utility Secure Service Discovery Utility Secure Communication Utility Communication Layer LAN 1 Proxy LAN 1 Driver LAN 2 Proxy LAN 2 Driver Security Support
12 TEAHA Business Cluster SupportTEAHA Business Cluster Support Business Cluster Support Cluster Household Appliances Cluster Home Safety LAN App Plug-in Selector LAN App LAN App LAN App
13 Mapping on top OSGiMapping on top OSGi LAN K driver Communication Secure Service Discovery Secure Communication Bridge Utility Service Access Utility Service Applications OSGi Network bundles OSGi Device bundles OSGi Application bundles LAN K proxy LAN 1 driver LAN 1 proxy
14 Device 1 Device 2 Communication LAN2 Proxy LAN2 Driver LAN1 Proxy LAN1 Driver Bridge Utility Seamless Interworking in ActionSeamless Interworking in Action App-PDU App-PDU LAN2-PDU App-PDU LAN1-PDU App-PDU Cluster Energy Management Cluster Energy Management
15 LAN2 Proxy LAN2 Driver LAN1 Proxy LAN1 Driver Service Discovery Device 1 Search for Service Communication Device 2 Provides Service Service Discovery in ActionService Discovery in Action App Service Description Service Discovery Proxy LAN1 Service Description App Service Description App Service Description App Service Description Service Discovery Proxy LAN2 Service Description
16 OSGi and TEAHA Features and NeedsOSGi and TEAHA Features and Needs •• OSGiOSGi –– Targets wide application areaTargets wide application area •• Embedded and dedicatedEmbedded and dedicated devicesdevices –– ProvidesProvides specificationsspecifications for afor a serviceservice--oriented architectureoriented architecture –– Defines a computingDefines a computing environment forenvironment for networkednetworked servicesservices and isand is •• StandardizedStandardized •• Component orientedComponent oriented –– Embodies into aEmbodies into a serviceservice platformplatform with secure executionwith secure execution environmentenvironment –– Not supportedNot supported •• Device authenticationDevice authentication •• Platform management protocolPlatform management protocol •• TEAHATEAHA –– TargetsTargets •• Home applicationsHome applications andand •• RelationshipsRelationships with A/Vwith A/V applicationsapplications –– Provides specifications for aProvides specifications for a global home platform, focusesglobal home platform, focuses •• OpennessOpenness •• Secure communicationsSecure communications •• InteroperabilityInteroperability –– Defines a middleware platformDefines a middleware platform for seamless interworking offor seamless interworking of •• Wide variety of appliancesWide variety of appliances available in the homeavailable in the home environmentenvironment •• Heterogeneous networksHeterogeneous networks –– Embodies into a logical TEAHAEmbodies into a logical TEAHA devicedevice –– No open issuesNo open issues ☺☺
17 OSGi vs. TEAHA RegistrationOSGi vs. TEAHA Registration •• OSGiOSGi –– Registration of services inRegistration of services in the OSGi platformthe OSGi platform –– Registration with the localRegistration with the local OSGi registryOSGi registry •• Code/Bundle signingCode/Bundle signing •• PolicyPolicy--basedbased –– OSGi services use oneOSGi services use one anotheranother’’s services in thes services in the OSGi platformOSGi platform •• TEAHATEAHA –– Registration of TEAHARegistration of TEAHA devices in the wide homedevices in the wide home environmentenvironment –– Device registrationDevice registration requires touch & playrequires touch & play •• Secure zero configurationSecure zero configuration •• PolicyPolicy--basedbased –– Unregistered devices cannotUnregistered devices cannot use registered devicesuse registered devices’’ servicesservices –– DeviceDevice--Device serviceDevice service usageusage
18 TEAHA Devices and Security ModulesTEAHA Devices and Security Modules Security Module (SM) Security Session Manager Security Policy Manager Secure Storage Crypto Engine Generic Device Services Security Module Services X Y Z … TEAHA Device Network Interface User Services Device Services Device Internals Internal Services Key Features of a Security Module: • One SM per Device • SM = OSGi bundle • SM offers services to other bundles • SM initialized by manufacturer • Initialized SM ready to be used • Combination of hard- and software • Hardware Non-cloneable • Software Risk for cloning • Provide true strong authentication • Secure communications rely on SM • Insecure • Authenticity • Confidentiality • Secure = Auth. + Conf.
19 TEAHA Security Module ServicesTEAHA Security Module Services Sealed in a tamper evident enclosure, e.g., Integrity-protected log file or database, hardware enclosure,… Inner Kernel with security features Cryptographic Engine • Signing primitives and keys • Decryption primitives and keys • Secret master keys • Decrypt and re-encrypt (optional) Secure Storage • Device/user certificate(s), data,… • Trusted (CA) certificates • Session data (keys, logs) Functionality • Authenticate data • Verify authenticated data • Decrypt encrypted data • Encrypt plaintext data • Generate key pair • Generate secret key • Play key agreement protocol • Generate random data • Compare Local vs. Reference time • Convert security mechanism Implementationrelieson API Can be used for - Applications - Secure Communications
20 TEAHA Secure Communication TypesTEAHA Secure Communication Types Device I Device H Device J Device F Device E Device G Residential Gateway 7 Communications Tube 3 4 Application Data1 2 65 4 Security levels: • Protecting Integrity and/or Confidentiality Security parameters (keys): • Agreed on during device discovery
21 Secure Key Agreement with StationSecure Key Agreement with Station--ToTo--StationStation D2 sends a Pong message Pong (Session Identifier, Data (optional)) D1D1 Key Agreement Messages Secure Data Transfer D1 broadcasts a Ping message Ping (Session Identifier, Data (optional)) Data Transfer Secure Send/Receive (Session Identifier, Secured (optional) Data) D2D2 D2D2 Optional Confidentiality And/Or Integrity ProtectionData Transfer Secure Send/Receive (Session Identifier, Secured (optional) Data) 1 2 34 5 65 6 Device + Service Discovery Service Usage
22 RegistryRegistry Secure Service Discovery and Use withSecure Service Discovery and Use with RegistryRegistry D1D1 Service Query Actual Data Transfer Send/Receive (Session Identifier, Secured (optional) Data) Direct Service Selection Secure P2P Discovery and Usage D2D2 Actual Data Transfer Send/Receive (Session Identifier, Secured (optional) Data) 5 65 6 Optional 1 2 34 5 65 6
23 Registration of DevicesRegistration of Devices Registry Service Y Service X Service Z Registration Proof Z Registration Proof Y Registration Proof RG Registration Proof X Residential Gateway Device Y Device X Device Z Master Registry issues Proofs of Registration Strong Authentication (relying on Security Module) of Devices Device-Device communication requires valid Proof of Registration
24 Example: Only one Washing MachineExample: Only one Washing Machine Wash Washing Machine PingPing Ping Ping SMWM
25 Example: Registry Device Comes OnlineExample: Registry Device Comes Online Registry Residential Gateway Wash Washing Machine PingPing Ping Ping PingPing Ping Ping Registration Proof SMWM Registration Proof SMRG Residential Gateway (RG) assumes the role of a Registry Device RG is personalized for the home Issuing Registration Proof requires human interaction - Physical presence of the registered device - Knowledge of activation code of the new device
26 Example: Neighbor Installs Washing MachineExample: Neighbor Installs Washing Machine Registry Residential Gateway Wash Washing Machine PingPing Ping Ping PingPing Ping Ping Registration Proof SMWM Registration Proof SMRG Neighbor Apartment Registration Proof Wash Washing Machine PingPing Ping Ping SMWM’ Neighbor’s device is not physically present Cannot receive a Registration Proof
27 Example: Separate Registration DomainsExample: Separate Registration Domains Registry Residential Gateway Wash Washing Machine PingPing Ping Ping PingPing Ping Ping Registration Proof SMWM Registration Proof SMRG Neighbor Apartment Wash Registry Residential Gateway PingPing Ping Ping Registration Proof SMRG’ Registration ProofSMWM’ Washing Machine Neighbor’s devices receive Neighbor’s Registration Proofs Name space reflects where a device belongs to
28 ConclusionsConclusions •• TEAHA provides a secure and interoperableTEAHA provides a secure and interoperable architecture for networked home applicationsarchitecture for networked home applications •• Security Module is an OSGi bundle that providesSecurity Module is an OSGi bundle that provides –– Secure communications servicesSecure communications services –– Protection against cloning of the deviceProtection against cloning of the device –– Strong authentication of the device and servicesStrong authentication of the device and services •• Initialization of securityInitialization of security--related parametersrelated parameters embedded in the service discovery protocolembedded in the service discovery protocol
Attend the 2nd TEAHA Open Forum November 28, 2005 Le Méridien - Nice, France http://www.nethttp://www.net--athome.com/colocated_teaha.phpathome.com/colocated_teaha.php
30 Secure Key Agreement with DiffieSecure Key Agreement with Diffie--HellmanHellman D1 Receives a Pong message Checks Authenticated (EK(data2)||αy) Calculates K= (αy)x Decrypts EK(data2) Processes data2 D2 Receives a Secured Data Transfer message Checks Authenticated (EK(data3)) D2 Decrypts the information within a session with D1 Decrypts EK(data3) D1 Prepares Secure Data Transfer Encrypts EK(data3) Authenticates EK(data3) D1 Broadcasts Secured Data Transfer message for D2 Broadcast of Authenticated (EK(data3)) D2 Receives a Ping message Checks Authenticated (data1||αx) Processes data1 Ping message sent from D1 to D2 Computes secret x Calculates αx Authenticates {data1||αx} D1 Broadcasts the Ping message Broadcast of Authenticated (data1||αx) D2 Prepares a Pong message for D1 Computes secret y Calculates αy Calculates K= (αx)y Encrypts data: EK(data2) Authenticates {EK(data2)||αy} D2 Broadcasts Pong message for D1 Broadcast of Authenticated (EK(data2)||αy) 1 2 3 4 5 6
31 TEAHA Service DiscoveryTEAHA Service Discovery Service Discovery Kernel Registry mgt Policy mgt Secure Communication Communication Service Access Utility Secure Service Discovery Security Support

Recomendados

OCF/IoTivity for Healthcare/Fitness/Wearable
OCF/IoTivity for Healthcare/Fitness/WearableOCF/IoTivity for Healthcare/Fitness/Wearable
OCF/IoTivity for Healthcare/Fitness/WearableJonathan Jeon
 
Introduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOSIntroduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOSMediaTek Labs
 
Creating a successful IoT product with MediaTek Labs
Creating a successful IoT product with MediaTek LabsCreating a successful IoT product with MediaTek Labs
Creating a successful IoT product with MediaTek LabsMediaTek Labs
 
Developing IoT devices. Creating wearables with the new LinkIt™ 2523 HDK by SAC
Developing IoT devices. Creating wearables with the new LinkIt™ 2523 HDK by SACDeveloping IoT devices. Creating wearables with the new LinkIt™ 2523 HDK by SAC
Developing IoT devices. Creating wearables with the new LinkIt™ 2523 HDK by SACMediaTek Labs
 
MediaTek IoT power management webinar
MediaTek IoT power management webinarMediaTek IoT power management webinar
MediaTek IoT power management webinarMediaTek Labs
 
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...MediaTek Labs
 
IoT Meets Security
IoT Meets SecurityIoT Meets Security
IoT Meets SecuritySamsung Open Source Group
 
FIWARE Global Summit - Real-time Media Stream Processing Using Kurento
FIWARE Global Summit - Real-time Media Stream Processing Using KurentoFIWARE Global Summit - Real-time Media Stream Processing Using Kurento
FIWARE Global Summit - Real-time Media Stream Processing Using KurentoFIWARE
 

Recomendados

OCF/IoTivity for Healthcare/Fitness/Wearable
OCF/IoTivity for Healthcare/Fitness/WearableOCF/IoTivity for Healthcare/Fitness/Wearable
OCF/IoTivity for Healthcare/Fitness/WearableJonathan Jeon
 
Introduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOSIntroduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOSMediaTek Labs
 
Creating a successful IoT product with MediaTek Labs
Creating a successful IoT product with MediaTek LabsCreating a successful IoT product with MediaTek Labs
Creating a successful IoT product with MediaTek LabsMediaTek Labs
 
Developing IoT devices. Creating wearables with the new LinkIt™ 2523 HDK by SAC
Developing IoT devices. Creating wearables with the new LinkIt™ 2523 HDK by SACDeveloping IoT devices. Creating wearables with the new LinkIt™ 2523 HDK by SAC
Developing IoT devices. Creating wearables with the new LinkIt™ 2523 HDK by SACMediaTek Labs
 
MediaTek IoT power management webinar
MediaTek IoT power management webinarMediaTek IoT power management webinar
MediaTek IoT power management webinarMediaTek Labs
 
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...MediaTek Labs
 
IoT Meets Security
IoT Meets SecurityIoT Meets Security
IoT Meets SecuritySamsung Open Source Group
 
FIWARE Global Summit - Real-time Media Stream Processing Using Kurento
FIWARE Global Summit - Real-time Media Stream Processing Using KurentoFIWARE Global Summit - Real-time Media Stream Processing Using Kurento
FIWARE Global Summit - Real-time Media Stream Processing Using KurentoFIWARE
 
Geek Pic-Nic Master Class
Geek Pic-Nic Master ClassGeek Pic-Nic Master Class
Geek Pic-Nic Master ClassMediaTek Labs
 
MediaTek Linkit Smart 7688 Webinar
MediaTek Linkit Smart 7688 WebinarMediaTek Linkit Smart 7688 Webinar
MediaTek Linkit Smart 7688 WebinarMediaTek Labs
 
MediaTek Labs Webinar: Getting Started with LinkIt ONE
MediaTek Labs Webinar: Getting Started with LinkIt ONEMediaTek Labs Webinar: Getting Started with LinkIt ONE
MediaTek Labs Webinar: Getting Started with LinkIt ONEMediaTek Labs
 
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Márcio Rosa
 
Mikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster ForwardMikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster ForwardMikael Falkvidd
 
Présentation du système d'exploitation RIOT-OS
Présentation du système d'exploitation RIOT-OSPrésentation du système d'exploitation RIOT-OS
Présentation du système d'exploitation RIOT-OSPôle Systematic Paris-Region
 
MicroEJ OS and Edje: the software foundation for IoT devices
MicroEJ OS and Edje: the software foundation for IoT devicesMicroEJ OS and Edje: the software foundation for IoT devices
MicroEJ OS and Edje: the software foundation for IoT devicesMicroEJ
 
Eclipse Kura Shoot a-pi
Eclipse Kura Shoot a-piEclipse Kura Shoot a-pi
Eclipse Kura Shoot a-piEclipse Kura
 
Using Device Abstraction Layers in OSGi based Embedded Systems - Dimitar Valt...
Using Device Abstraction Layers in OSGi based Embedded Systems - Dimitar Valt...Using Device Abstraction Layers in OSGi based Embedded Systems - Dimitar Valt...
Using Device Abstraction Layers in OSGi based Embedded Systems - Dimitar Valt...mfrancis
 
Porting tock to open titan
Porting tock to open titanPorting tock to open titan
Porting tock to open titanRISC-V International
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10 veerababu penugonda(Mr-IoT)
 
Eclipse Edje: A Java API for Microcontrollers
Eclipse Edje: A Java API for MicrocontrollersEclipse Edje: A Java API for Microcontrollers
Eclipse Edje: A Java API for MicrocontrollersMicroEJ
 
Deploy Small IoT Embedded SOC Devices and a Back-End Platform with Java, usin...
Deploy Small IoT Embedded SOC Devices and a Back-End Platform with Java, usin...Deploy Small IoT Embedded SOC Devices and a Back-End Platform with Java, usin...
Deploy Small IoT Embedded SOC Devices and a Back-End Platform with Java, usin...Kynetics
 
WP1 Gateway HW Design & Implementation
WP1 Gateway HW Design & ImplementationWP1 Gateway HW Design & Implementation
WP1 Gateway HW Design & ImplementationAGILE IoT
 
TEGO Offering Smart Asset Solutions
TEGO Offering Smart Asset SolutionsTEGO Offering Smart Asset Solutions
TEGO Offering Smart Asset SolutionsBock Mary
 
Introduction to epid
Introduction to epidIntroduction to epid
Introduction to epidBeMyApp
 
Industrial transformation-simplified-with-mqtt-and-sparkplug
Industrial transformation-simplified-with-mqtt-and-sparkplugIndustrial transformation-simplified-with-mqtt-and-sparkplug
Industrial transformation-simplified-with-mqtt-and-sparkplugHugoMller5
 
LinkIt Smart 7688 - a more connected world
LinkIt Smart 7688 - a more connected worldLinkIt Smart 7688 - a more connected world
LinkIt Smart 7688 - a more connected worldCAVEDU Education
 
Eclipse IoT Edje project: the software foundation for IoT devices
Eclipse IoT Edje project: the software foundation for IoT devicesEclipse IoT Edje project: the software foundation for IoT devices
Eclipse IoT Edje project: the software foundation for IoT devicesMicroEJ
 
FIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE
 
Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...
Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...
Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...mfrancis
 
2005 OSGi Alliance Status - John Barr, Ph.D., Past President, OSGi Alliance; ...
2005 OSGi Alliance Status - John Barr, Ph.D., Past President, OSGi Alliance; ...2005 OSGi Alliance Status - John Barr, Ph.D., Past President, OSGi Alliance; ...
2005 OSGi Alliance Status - John Barr, Ph.D., Past President, OSGi Alliance; ...mfrancis
 

Más contenido relacionado

La actualidad más candente

Geek Pic-Nic Master Class
Geek Pic-Nic Master ClassGeek Pic-Nic Master Class
Geek Pic-Nic Master ClassMediaTek Labs
 
MediaTek Linkit Smart 7688 Webinar
MediaTek Linkit Smart 7688 WebinarMediaTek Linkit Smart 7688 Webinar
MediaTek Linkit Smart 7688 WebinarMediaTek Labs
 
MediaTek Labs Webinar: Getting Started with LinkIt ONE
MediaTek Labs Webinar: Getting Started with LinkIt ONEMediaTek Labs Webinar: Getting Started with LinkIt ONE
MediaTek Labs Webinar: Getting Started with LinkIt ONEMediaTek Labs
 
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Márcio Rosa
 
Mikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster ForwardMikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster ForwardMikael Falkvidd
 
MicroEJ OS and Edje: the software foundation for IoT devices
MicroEJ OS and Edje: the software foundation for IoT devicesMicroEJ OS and Edje: the software foundation for IoT devices
MicroEJ OS and Edje: the software foundation for IoT devicesMicroEJ
 
Eclipse Kura Shoot a-pi
Eclipse Kura Shoot a-piEclipse Kura Shoot a-pi
Eclipse Kura Shoot a-piEclipse Kura
 
Using Device Abstraction Layers in OSGi based Embedded Systems - Dimitar Valt...
Using Device Abstraction Layers in OSGi based Embedded Systems - Dimitar Valt...Using Device Abstraction Layers in OSGi based Embedded Systems - Dimitar Valt...
Using Device Abstraction Layers in OSGi based Embedded Systems - Dimitar Valt...mfrancis
 
Eclipse Edje: A Java API for Microcontrollers
Eclipse Edje: A Java API for MicrocontrollersEclipse Edje: A Java API for Microcontrollers
Eclipse Edje: A Java API for MicrocontrollersMicroEJ
 
Deploy Small IoT Embedded SOC Devices and a Back-End Platform with Java, usin...
Deploy Small IoT Embedded SOC Devices and a Back-End Platform with Java, usin...Deploy Small IoT Embedded SOC Devices and a Back-End Platform with Java, usin...
Deploy Small IoT Embedded SOC Devices and a Back-End Platform with Java, usin...Kynetics
 
WP1 Gateway HW Design & Implementation
WP1 Gateway HW Design & ImplementationWP1 Gateway HW Design & Implementation
WP1 Gateway HW Design & ImplementationAGILE IoT
 
TEGO Offering Smart Asset Solutions
TEGO Offering Smart Asset SolutionsTEGO Offering Smart Asset Solutions
TEGO Offering Smart Asset SolutionsBock Mary
 
Introduction to epid
Introduction to epidIntroduction to epid
Introduction to epidBeMyApp
 
Industrial transformation-simplified-with-mqtt-and-sparkplug
Industrial transformation-simplified-with-mqtt-and-sparkplugIndustrial transformation-simplified-with-mqtt-and-sparkplug
Industrial transformation-simplified-with-mqtt-and-sparkplugHugoMller5
 
LinkIt Smart 7688 - a more connected world
LinkIt Smart 7688 - a more connected worldLinkIt Smart 7688 - a more connected world
LinkIt Smart 7688 - a more connected worldCAVEDU Education
 
Eclipse IoT Edje project: the software foundation for IoT devices
Eclipse IoT Edje project: the software foundation for IoT devicesEclipse IoT Edje project: the software foundation for IoT devices
Eclipse IoT Edje project: the software foundation for IoT devicesMicroEJ
 
FIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE
 

La actualidad más candente (20)

Geek Pic-Nic Master Class
Geek Pic-Nic Master ClassGeek Pic-Nic Master Class
Geek Pic-Nic Master Class
 
MediaTek Linkit Smart 7688 Webinar
MediaTek Linkit Smart 7688 WebinarMediaTek Linkit Smart 7688 Webinar
MediaTek Linkit Smart 7688 Webinar
 
MediaTek Labs Webinar: Getting Started with LinkIt ONE
MediaTek Labs Webinar: Getting Started with LinkIt ONEMediaTek Labs Webinar: Getting Started with LinkIt ONE
MediaTek Labs Webinar: Getting Started with LinkIt ONE
 
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
Case VC+: Como tornar seguro um aplicativo mobile payment sem penalizar a exp...
 
Mikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster ForwardMikael Falkvidd IoT - Stena AB Faster Forward
Mikael Falkvidd IoT - Stena AB Faster Forward
 
Présentation du système d'exploitation RIOT-OS
Présentation du système d'exploitation RIOT-OSPrésentation du système d'exploitation RIOT-OS
Présentation du système d'exploitation RIOT-OS
 
MicroEJ OS and Edje: the software foundation for IoT devices
MicroEJ OS and Edje: the software foundation for IoT devicesMicroEJ OS and Edje: the software foundation for IoT devices
MicroEJ OS and Edje: the software foundation for IoT devices
 
Eclipse Kura Shoot a-pi
Eclipse Kura Shoot a-piEclipse Kura Shoot a-pi
Eclipse Kura Shoot a-pi
 
Using Device Abstraction Layers in OSGi based Embedded Systems - Dimitar Valt...
Using Device Abstraction Layers in OSGi based Embedded Systems - Dimitar Valt...Using Device Abstraction Layers in OSGi based Embedded Systems - Dimitar Valt...
Using Device Abstraction Layers in OSGi based Embedded Systems - Dimitar Valt...
 
Porting tock to open titan
Porting tock to open titanPorting tock to open titan
Porting tock to open titan
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10
 
Eclipse Edje: A Java API for Microcontrollers
Eclipse Edje: A Java API for MicrocontrollersEclipse Edje: A Java API for Microcontrollers
Eclipse Edje: A Java API for Microcontrollers
 
Deploy Small IoT Embedded SOC Devices and a Back-End Platform with Java, usin...
Deploy Small IoT Embedded SOC Devices and a Back-End Platform with Java, usin...Deploy Small IoT Embedded SOC Devices and a Back-End Platform with Java, usin...
Deploy Small IoT Embedded SOC Devices and a Back-End Platform with Java, usin...
 
WP1 Gateway HW Design & Implementation
WP1 Gateway HW Design & ImplementationWP1 Gateway HW Design & Implementation
WP1 Gateway HW Design & Implementation
 
TEGO Offering Smart Asset Solutions
TEGO Offering Smart Asset SolutionsTEGO Offering Smart Asset Solutions
TEGO Offering Smart Asset Solutions
 
Introduction to epid
Introduction to epidIntroduction to epid
Introduction to epid
 
Industrial transformation-simplified-with-mqtt-and-sparkplug
Industrial transformation-simplified-with-mqtt-and-sparkplugIndustrial transformation-simplified-with-mqtt-and-sparkplug
Industrial transformation-simplified-with-mqtt-and-sparkplug
 
LinkIt Smart 7688 - a more connected world
LinkIt Smart 7688 - a more connected worldLinkIt Smart 7688 - a more connected world
LinkIt Smart 7688 - a more connected world
 
Eclipse IoT Edje project: the software foundation for IoT devices
Eclipse IoT Edje project: the software foundation for IoT devicesEclipse IoT Edje project: the software foundation for IoT devices
Eclipse IoT Edje project: the software foundation for IoT devices
 
FIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access ControlFIWARE Global Summit - Identity Management and Access Control
FIWARE Global Summit - Identity Management and Access Control
 

Similar a Using OSGi for Secure Service Discovery - Antonio Kung, Founder/Director, Trialog, Danny De Cock, Researcher Applied Cryptography, K.U.Leuven & Hans Scholten, U.Twente

Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...
Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...
Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...mfrancis
 
2005 OSGi Alliance Status - John Barr, Ph.D., Past President, OSGi Alliance; ...
2005 OSGi Alliance Status - John Barr, Ph.D., Past President, OSGi Alliance; ...2005 OSGi Alliance Status - John Barr, Ph.D., Past President, OSGi Alliance; ...
2005 OSGi Alliance Status - John Barr, Ph.D., Past President, OSGi Alliance; ...mfrancis
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversWithTheBest
 
Ultimate list of 50 Best IoT platforms of 2019
Ultimate list of 50 Best IoT platforms of 2019Ultimate list of 50 Best IoT platforms of 2019
Ultimate list of 50 Best IoT platforms of 2019ThingsCloud
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 blior mazor
 
Kube Security Shifting left | Scanners & OPA
Kube Security Shifting left | Scanners & OPAKube Security Shifting left | Scanners & OPA
Kube Security Shifting left | Scanners & OPAHaggai Philip Zagury
 
Without App Standards, There's No Internet of Anything
Without App Standards, There's No Internet of AnythingWithout App Standards, There's No Internet of Anything
Without App Standards, There's No Internet of AnythingOpen Interconnect Consortium
 
Powersoft19 Overview - 2013
Powersoft19 Overview - 2013Powersoft19 Overview - 2013
Powersoft19 Overview - 2013Huzaifa Saadat
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VRISC-V International
 
Grid Middleware – Principles, Practice and Potential
Grid Middleware – Principles, Practice and PotentialGrid Middleware – Principles, Practice and Potential
Grid Middleware – Principles, Practice and PotentialPaul Brebner
 
INTERFACE by apidays 2023 - The Swiss Cheese Model of Layered API Security, L...
INTERFACE by apidays 2023 - The Swiss Cheese Model of Layered API Security, L...INTERFACE by apidays 2023 - The Swiss Cheese Model of Layered API Security, L...
INTERFACE by apidays 2023 - The Swiss Cheese Model of Layered API Security, L...apidays
 
Going Beyond the Device Heart Beat
Going Beyond the Device Heart BeatGoing Beyond the Device Heart Beat
Going Beyond the Device Heart BeatBalwinder Kaur
 
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoTUtilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoTPôle Systematic Paris-Region
 
FIWARE Global Summit - Implementing OPC‐UA with FIWARE Orion Context Broker
FIWARE Global Summit - Implementing OPC‐UA with FIWARE Orion Context BrokerFIWARE Global Summit - Implementing OPC‐UA with FIWARE Orion Context Broker
FIWARE Global Summit - Implementing OPC‐UA with FIWARE Orion Context BrokerFIWARE
 
Standardized Service Layering for IoT in oneM2M
Standardized Service Layering for IoT in oneM2MStandardized Service Layering for IoT in oneM2M
Standardized Service Layering for IoT in oneM2MNicolas Damour
 
Why Collaborate? Graham Nicholls, Extrada Inc.
Why Collaborate? Graham Nicholls, Extrada Inc.Why Collaborate? Graham Nicholls, Extrada Inc.
Why Collaborate? Graham Nicholls, Extrada Inc.mfrancis
 
Expedite Enterprise Software Development with JIRA®, TeamForge® SCM, and Jenkins
Expedite Enterprise Software Development with JIRA®, TeamForge® SCM, and JenkinsExpedite Enterprise Software Development with JIRA®, TeamForge® SCM, and Jenkins
Expedite Enterprise Software Development with JIRA®, TeamForge® SCM, and JenkinsCollabNet
 
Getting Started with IoT by Niraj Shah
Getting Started with IoT by Niraj ShahGetting Started with IoT by Niraj Shah
Getting Started with IoT by Niraj Shahmomoahmedabad
 
How to maximize profit from IoT by using data platform - Albert Lewandowski, ...
How to maximize profit from IoT by using data platform - Albert Lewandowski, ...How to maximize profit from IoT by using data platform - Albert Lewandowski, ...
How to maximize profit from IoT by using data platform - Albert Lewandowski, ...GetInData
 

Similar a Using OSGi for Secure Service Discovery - Antonio Kung, Founder/Director, Trialog, Danny De Cock, Researcher Applied Cryptography, K.U.Leuven & Hans Scholten, U.Twente (20)

Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...
Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...
Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...
 
2005 OSGi Alliance Status - John Barr, Ph.D., Past President, OSGi Alliance; ...
2005 OSGi Alliance Status - John Barr, Ph.D., Past President, OSGi Alliance; ...2005 OSGi Alliance Status - John Barr, Ph.D., Past President, OSGi Alliance; ...
2005 OSGi Alliance Status - John Barr, Ph.D., Past President, OSGi Alliance; ...
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank Chavers
 
Ultimate list of 50 Best IoT platforms of 2019
Ultimate list of 50 Best IoT platforms of 2019Ultimate list of 50 Best IoT platforms of 2019
Ultimate list of 50 Best IoT platforms of 2019
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 b
 
Kube Security Shifting left | Scanners & OPA
Kube Security Shifting left | Scanners & OPAKube Security Shifting left | Scanners & OPA
Kube Security Shifting left | Scanners & OPA
 
Without App Standards, There's No Internet of Anything
Without App Standards, There's No Internet of AnythingWithout App Standards, There's No Internet of Anything
Without App Standards, There's No Internet of Anything
 
Powersoft19 Overview - 2013
Powersoft19 Overview - 2013Powersoft19 Overview - 2013
Powersoft19 Overview - 2013
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
 
Grid Middleware – Principles, Practice and Potential
Grid Middleware – Principles, Practice and PotentialGrid Middleware – Principles, Practice and Potential
Grid Middleware – Principles, Practice and Potential
 
INTERFACE by apidays 2023 - The Swiss Cheese Model of Layered API Security, L...
INTERFACE by apidays 2023 - The Swiss Cheese Model of Layered API Security, L...INTERFACE by apidays 2023 - The Swiss Cheese Model of Layered API Security, L...
INTERFACE by apidays 2023 - The Swiss Cheese Model of Layered API Security, L...
 
Going Beyond the Device Heart Beat
Going Beyond the Device Heart BeatGoing Beyond the Device Heart Beat
Going Beyond the Device Heart Beat
 
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoTUtilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
Utilisation de la plateforme virtuelle QEMU/SystemC pour l'IoT
 
FIWARE Global Summit - Implementing OPC‐UA with FIWARE Orion Context Broker
FIWARE Global Summit - Implementing OPC‐UA with FIWARE Orion Context BrokerFIWARE Global Summit - Implementing OPC‐UA with FIWARE Orion Context Broker
FIWARE Global Summit - Implementing OPC‐UA with FIWARE Orion Context Broker
 
Standardized Service Layering for IoT in oneM2M
Standardized Service Layering for IoT in oneM2MStandardized Service Layering for IoT in oneM2M
Standardized Service Layering for IoT in oneM2M
 
Why Collaborate? Graham Nicholls, Extrada Inc.
Why Collaborate? Graham Nicholls, Extrada Inc.Why Collaborate? Graham Nicholls, Extrada Inc.
Why Collaborate? Graham Nicholls, Extrada Inc.
 
Expedite Enterprise Software Development with JIRA®, TeamForge® SCM, and Jenkins
Expedite Enterprise Software Development with JIRA®, TeamForge® SCM, and JenkinsExpedite Enterprise Software Development with JIRA®, TeamForge® SCM, and Jenkins
Expedite Enterprise Software Development with JIRA®, TeamForge® SCM, and Jenkins
 
Getting Started with IoT by Niraj Shah
Getting Started with IoT by Niraj ShahGetting Started with IoT by Niraj Shah
Getting Started with IoT by Niraj Shah
 
How to maximize profit from IoT by using data platform - Albert Lewandowski, ...
How to maximize profit from IoT by using data platform - Albert Lewandowski, ...How to maximize profit from IoT by using data platform - Albert Lewandowski, ...
How to maximize profit from IoT by using data platform - Albert Lewandowski, ...
 

Más de mfrancis

Eclipse Modeling Framework and plain OSGi the easy way - Mark Hoffman (Data I...
Eclipse Modeling Framework and plain OSGi the easy way - Mark Hoffman (Data I...Eclipse Modeling Framework and plain OSGi the easy way - Mark Hoffman (Data I...
Eclipse Modeling Framework and plain OSGi the easy way - Mark Hoffman (Data I...mfrancis
 
OSGi and Java 9+ - BJ Hargrave (IBM)
OSGi and Java 9+ - BJ Hargrave (IBM)OSGi and Java 9+ - BJ Hargrave (IBM)
OSGi and Java 9+ - BJ Hargrave (IBM)mfrancis
 
Simplify Web UX Coding using OSGi Modularity Magic - Paul Fraser (A2Z Living)
Simplify Web UX Coding using OSGi Modularity Magic - Paul Fraser (A2Z Living)Simplify Web UX Coding using OSGi Modularity Magic - Paul Fraser (A2Z Living)
Simplify Web UX Coding using OSGi Modularity Magic - Paul Fraser (A2Z Living)mfrancis
 
OSGi for the data centre - Connecting OSGi to Kubernetes - Frank Lyaruu
OSGi for the data centre - Connecting OSGi to Kubernetes - Frank LyaruuOSGi for the data centre - Connecting OSGi to Kubernetes - Frank Lyaruu
OSGi for the data centre - Connecting OSGi to Kubernetes - Frank Lyaruumfrancis
 
Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...
Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...
Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...mfrancis
 
OSGi with Docker - a powerful way to develop Java systems - Udo Hafermann (So...
OSGi with Docker - a powerful way to develop Java systems - Udo Hafermann (So...OSGi with Docker - a powerful way to develop Java systems - Udo Hafermann (So...
OSGi with Docker - a powerful way to develop Java systems - Udo Hafermann (So...mfrancis
 
A real world use case with OSGi R7 - Jurgen Albert (Data In Motion Consulting...
A real world use case with OSGi R7 - Jurgen Albert (Data In Motion Consulting...A real world use case with OSGi R7 - Jurgen Albert (Data In Motion Consulting...
A real world use case with OSGi R7 - Jurgen Albert (Data In Motion Consulting...mfrancis
 
OSGi Feature Model - Where Art Thou - David Bosschaert (Adobe)
OSGi Feature Model - Where Art Thou - David Bosschaert (Adobe)OSGi Feature Model - Where Art Thou - David Bosschaert (Adobe)
OSGi Feature Model - Where Art Thou - David Bosschaert (Adobe)mfrancis
 
Migrating from PDE to Bndtools in Practice - Amit Kumar Mondal (Deutsche Tele...
Migrating from PDE to Bndtools in Practice - Amit Kumar Mondal (Deutsche Tele...Migrating from PDE to Bndtools in Practice - Amit Kumar Mondal (Deutsche Tele...
Migrating from PDE to Bndtools in Practice - Amit Kumar Mondal (Deutsche Tele...mfrancis
 
OSGi CDI Integration Specification - Ray Augé (Liferay)
OSGi CDI Integration Specification - Ray Augé (Liferay)OSGi CDI Integration Specification - Ray Augé (Liferay)
OSGi CDI Integration Specification - Ray Augé (Liferay)mfrancis
 
How OSGi drives cross-sector energy management - Jörn Tümmler (SMA Solar Tech...
How OSGi drives cross-sector energy management - Jörn Tümmler (SMA Solar Tech...How OSGi drives cross-sector energy management - Jörn Tümmler (SMA Solar Tech...
How OSGi drives cross-sector energy management - Jörn Tümmler (SMA Solar Tech...mfrancis
 
Improved developer productivity thanks to Maven and OSGi - Lukasz Dywicki (Co...
Improved developer productivity thanks to Maven and OSGi - Lukasz Dywicki (Co...Improved developer productivity thanks to Maven and OSGi - Lukasz Dywicki (Co...
Improved developer productivity thanks to Maven and OSGi - Lukasz Dywicki (Co...mfrancis
 
It Was Twenty Years Ago Today - Building an OSGi based Smart Home System - Ch...
It Was Twenty Years Ago Today - Building an OSGi based Smart Home System - Ch...It Was Twenty Years Ago Today - Building an OSGi based Smart Home System - Ch...
It Was Twenty Years Ago Today - Building an OSGi based Smart Home System - Ch...mfrancis
 
Popular patterns revisited on OSGi - Christian Schneider (Adobe)
Popular patterns revisited on OSGi - Christian Schneider (Adobe)Popular patterns revisited on OSGi - Christian Schneider (Adobe)
Popular patterns revisited on OSGi - Christian Schneider (Adobe)mfrancis
 
Integrating SLF4J and the new OSGi LogService 1.4 - BJ Hargrave (IBM)
Integrating SLF4J and the new OSGi LogService 1.4 - BJ Hargrave (IBM)Integrating SLF4J and the new OSGi LogService 1.4 - BJ Hargrave (IBM)
Integrating SLF4J and the new OSGi LogService 1.4 - BJ Hargrave (IBM)mfrancis
 
OSG(a)i: because AI needs a runtime - Tim Verbelen (imec)
OSG(a)i: because AI needs a runtime - Tim Verbelen (imec)OSG(a)i: because AI needs a runtime - Tim Verbelen (imec)
OSG(a)i: because AI needs a runtime - Tim Verbelen (imec)mfrancis
 
Flying to Jupiter with OSGi - Tony Walsh (ESA) & Hristo Indzhov (Telespazio V...
Flying to Jupiter with OSGi - Tony Walsh (ESA) & Hristo Indzhov (Telespazio V...Flying to Jupiter with OSGi - Tony Walsh (ESA) & Hristo Indzhov (Telespazio V...
Flying to Jupiter with OSGi - Tony Walsh (ESA) & Hristo Indzhov (Telespazio V...mfrancis
 
MicroProfile, OSGi was meant for this - Ray Auge (Liferay)
MicroProfile, OSGi was meant for this - Ray Auge (Liferay)MicroProfile, OSGi was meant for this - Ray Auge (Liferay)
MicroProfile, OSGi was meant for this - Ray Auge (Liferay)mfrancis
 
Prototyping IoT systems with a hybrid OSGi & Node-RED platform - Bruce Jackso...
Prototyping IoT systems with a hybrid OSGi & Node-RED platform - Bruce Jackso...Prototyping IoT systems with a hybrid OSGi & Node-RED platform - Bruce Jackso...
Prototyping IoT systems with a hybrid OSGi & Node-RED platform - Bruce Jackso...mfrancis
 
How to connect your OSGi application - Dirk Fauth (Bosch)
How to connect your OSGi application - Dirk Fauth (Bosch)How to connect your OSGi application - Dirk Fauth (Bosch)
How to connect your OSGi application - Dirk Fauth (Bosch)mfrancis
 

Más de mfrancis (20)

Eclipse Modeling Framework and plain OSGi the easy way - Mark Hoffman (Data I...
Eclipse Modeling Framework and plain OSGi the easy way - Mark Hoffman (Data I...Eclipse Modeling Framework and plain OSGi the easy way - Mark Hoffman (Data I...
Eclipse Modeling Framework and plain OSGi the easy way - Mark Hoffman (Data I...
 
OSGi and Java 9+ - BJ Hargrave (IBM)
OSGi and Java 9+ - BJ Hargrave (IBM)OSGi and Java 9+ - BJ Hargrave (IBM)
OSGi and Java 9+ - BJ Hargrave (IBM)
 
Simplify Web UX Coding using OSGi Modularity Magic - Paul Fraser (A2Z Living)
Simplify Web UX Coding using OSGi Modularity Magic - Paul Fraser (A2Z Living)Simplify Web UX Coding using OSGi Modularity Magic - Paul Fraser (A2Z Living)
Simplify Web UX Coding using OSGi Modularity Magic - Paul Fraser (A2Z Living)
 
OSGi for the data centre - Connecting OSGi to Kubernetes - Frank Lyaruu
OSGi for the data centre - Connecting OSGi to Kubernetes - Frank LyaruuOSGi for the data centre - Connecting OSGi to Kubernetes - Frank Lyaruu
OSGi for the data centre - Connecting OSGi to Kubernetes - Frank Lyaruu
 
Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...
Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...
Remote Management and Monitoring of Distributed OSGi Applications - Tim Verbe...
 
OSGi with Docker - a powerful way to develop Java systems - Udo Hafermann (So...
OSGi with Docker - a powerful way to develop Java systems - Udo Hafermann (So...OSGi with Docker - a powerful way to develop Java systems - Udo Hafermann (So...
OSGi with Docker - a powerful way to develop Java systems - Udo Hafermann (So...
 
A real world use case with OSGi R7 - Jurgen Albert (Data In Motion Consulting...
A real world use case with OSGi R7 - Jurgen Albert (Data In Motion Consulting...A real world use case with OSGi R7 - Jurgen Albert (Data In Motion Consulting...
A real world use case with OSGi R7 - Jurgen Albert (Data In Motion Consulting...
 
OSGi Feature Model - Where Art Thou - David Bosschaert (Adobe)
OSGi Feature Model - Where Art Thou - David Bosschaert (Adobe)OSGi Feature Model - Where Art Thou - David Bosschaert (Adobe)
OSGi Feature Model - Where Art Thou - David Bosschaert (Adobe)
 
Migrating from PDE to Bndtools in Practice - Amit Kumar Mondal (Deutsche Tele...
Migrating from PDE to Bndtools in Practice - Amit Kumar Mondal (Deutsche Tele...Migrating from PDE to Bndtools in Practice - Amit Kumar Mondal (Deutsche Tele...
Migrating from PDE to Bndtools in Practice - Amit Kumar Mondal (Deutsche Tele...
 
OSGi CDI Integration Specification - Ray Augé (Liferay)
OSGi CDI Integration Specification - Ray Augé (Liferay)OSGi CDI Integration Specification - Ray Augé (Liferay)
OSGi CDI Integration Specification - Ray Augé (Liferay)
 
How OSGi drives cross-sector energy management - Jörn Tümmler (SMA Solar Tech...
How OSGi drives cross-sector energy management - Jörn Tümmler (SMA Solar Tech...How OSGi drives cross-sector energy management - Jörn Tümmler (SMA Solar Tech...
How OSGi drives cross-sector energy management - Jörn Tümmler (SMA Solar Tech...
 
Improved developer productivity thanks to Maven and OSGi - Lukasz Dywicki (Co...
Improved developer productivity thanks to Maven and OSGi - Lukasz Dywicki (Co...Improved developer productivity thanks to Maven and OSGi - Lukasz Dywicki (Co...
Improved developer productivity thanks to Maven and OSGi - Lukasz Dywicki (Co...
 
It Was Twenty Years Ago Today - Building an OSGi based Smart Home System - Ch...
It Was Twenty Years Ago Today - Building an OSGi based Smart Home System - Ch...It Was Twenty Years Ago Today - Building an OSGi based Smart Home System - Ch...
It Was Twenty Years Ago Today - Building an OSGi based Smart Home System - Ch...
 
Popular patterns revisited on OSGi - Christian Schneider (Adobe)
Popular patterns revisited on OSGi - Christian Schneider (Adobe)Popular patterns revisited on OSGi - Christian Schneider (Adobe)
Popular patterns revisited on OSGi - Christian Schneider (Adobe)
 
Integrating SLF4J and the new OSGi LogService 1.4 - BJ Hargrave (IBM)
Integrating SLF4J and the new OSGi LogService 1.4 - BJ Hargrave (IBM)Integrating SLF4J and the new OSGi LogService 1.4 - BJ Hargrave (IBM)
Integrating SLF4J and the new OSGi LogService 1.4 - BJ Hargrave (IBM)
 
OSG(a)i: because AI needs a runtime - Tim Verbelen (imec)
OSG(a)i: because AI needs a runtime - Tim Verbelen (imec)OSG(a)i: because AI needs a runtime - Tim Verbelen (imec)
OSG(a)i: because AI needs a runtime - Tim Verbelen (imec)
 
Flying to Jupiter with OSGi - Tony Walsh (ESA) & Hristo Indzhov (Telespazio V...
Flying to Jupiter with OSGi - Tony Walsh (ESA) & Hristo Indzhov (Telespazio V...Flying to Jupiter with OSGi - Tony Walsh (ESA) & Hristo Indzhov (Telespazio V...
Flying to Jupiter with OSGi - Tony Walsh (ESA) & Hristo Indzhov (Telespazio V...
 
MicroProfile, OSGi was meant for this - Ray Auge (Liferay)
MicroProfile, OSGi was meant for this - Ray Auge (Liferay)MicroProfile, OSGi was meant for this - Ray Auge (Liferay)
MicroProfile, OSGi was meant for this - Ray Auge (Liferay)
 
Prototyping IoT systems with a hybrid OSGi & Node-RED platform - Bruce Jackso...
Prototyping IoT systems with a hybrid OSGi & Node-RED platform - Bruce Jackso...Prototyping IoT systems with a hybrid OSGi & Node-RED platform - Bruce Jackso...
Prototyping IoT systems with a hybrid OSGi & Node-RED platform - Bruce Jackso...
 
How to connect your OSGi application - Dirk Fauth (Bosch)
How to connect your OSGi application - Dirk Fauth (Bosch)How to connect your OSGi application - Dirk Fauth (Bosch)
How to connect your OSGi application - Dirk Fauth (Bosch)
 

Último

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Último (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

Using OSGi for Secure Service Discovery - Antonio Kung, Founder/Director, Trialog, Danny De Cock, Researcher Applied Cryptography, K.U.Leuven & Hans Scholten, U.Twente

  • 1.
  • 2. Using OSGi for Secure Service Discovery Slides available at http://godot.be/slides Antonio Kung, Founder/Director, TrialogAntonio Kung, Founder/Director, Trialog Danny De Cock, Researcher Applied Cryptography, K.U.LeuvenDanny De Cock, Researcher Applied Cryptography, K.U.Leuven Hans Scholten, U.TwenteHans Scholten, U.Twente
  • 3. 3 Presentation StructurePresentation Structure •• TEAHATEAHA •• TEAHA Approach for seamless interworkingTEAHA Approach for seamless interworking •• Using OSGi and Service DiscoveryUsing OSGi and Service Discovery –– OSGi and TEAHA Features and NeedsOSGi and TEAHA Features and Needs –– OSGi vs. TEAHA RegistrationOSGi vs. TEAHA Registration –– TEAHA Security ModulesTEAHA Security Modules –– Architecture for Service Discovery and SecurityArchitecture for Service Discovery and Security
  • 4. 4 •• Industry groupsIndustry groups The TEAHA ConsortiumThe TEAHA Consortium •• Leading manufacturersLeading manufacturers and service companiesand service companies •• Technology and marketTechnology and market research companies andresearch companies and UniversitiesUniversities
  • 5. 5 TEAHA MissionTEAHA Mission •• Specify an open, secure framework for seamlessSpecify an open, secure framework for seamless interoperability and interworkinginteroperability and interworking Networked Audio-Video Applications Networked Home Control Applications AV & Mobile MMI White goods Energy Management Security and Safety Home Controls Lighting Control Health Care for Elderly and Disabled Infotainment
  • 6. 6 TEAHA Has Technology ClustersTEAHA Has Technology Clusters Security Controller Reference Gateway UPnP/WiFi Display Clock Energy Controller Washing Machine Oven Meter Smoke Sensor CameraIntrusion Detector EHS/Power Line TEAHA/Zigbee TV
  • 7. 7 TEAHA Has Business ClustersTEAHA Has Business Clusters Reference Gateway UPnP/WiFi Display Clock Energy Controller Washing Machine Smoke Sensor Camera EHS/Power Line TEAHA/Zigbee TV Energy Household Appliance Multimedia Intrusion Detector Home SafetySecurity Controller Meter Oven
  • 8. 8 Facts about StakeholdersFacts about Stakeholders •• Stakeholders in a business clusterStakeholders in a business cluster –– Are competitorsAre competitors –– Share the same cultureShare the same culture –– Are involved in the same value chainAre involved in the same value chain –– Would prefer to abstract away from technology clustersWould prefer to abstract away from technology clusters •• Stakeholders in different business clustersStakeholders in different business clusters –– Do not understand each otherDo not understand each other –– Do not need to understand other clustersDo not need to understand other clusters –– Have different cultures, value chain, life cycleHave different cultures, value chain, life cycle
  • 9. 9 Approach for Seamless InterworkingApproach for Seamless Interworking •• There are issues in supporting the mixing ofThere are issues in supporting the mixing of different types of clustersdifferent types of clusters –– Technology clustersTechnology clusters –– Business clustersBusiness clusters –– …… •• TEAHA focuses on solving those issuesTEAHA focuses on solving those issues
  • 10. 10 Seamless Interworking Unsolved ProblemsSeamless Interworking Unsolved Problems •• Service DiscoveryService Discovery –– Can a device in one technology cluster discover a device fromCan a device in one technology cluster discover a device from another technology cluster?another technology cluster? –– Can these devices use one anotherCan these devices use one another’’s services?s services? •• Secure CommunicationSecure Communication –– Can a device in one technology cluster communicate securelyCan a device in one technology cluster communicate securely with a device from another technology cluster?with a device from another technology cluster? •• Authenticity: No faked devices!Authenticity: No faked devices! •• Confidentiality: No eavesdroppers!Confidentiality: No eavesdroppers! •• Trusted/Registered devices: No intruders!Trusted/Registered devices: No intruders! •• Security PolicySecurity Policy –– Can a business cluster be protected from other clusters?Can a business cluster be protected from other clusters? •• Policy enforcement:Policy enforcement: is a multimedia application allowed to accessis a multimedia application allowed to access security system information?security system information?
  • 11. 11 Interworking Environment Abstract ArchitectureAbstract Architecture Application Framework LAN Abstraction Business Cluster Support Service Applications Bridge Utility Service Access Utility Secure Service Discovery Utility Secure Communication Utility Communication Layer LAN 1 Proxy LAN 1 Driver LAN 2 Proxy LAN 2 Driver Security Support
  • 12. 12 TEAHA Business Cluster SupportTEAHA Business Cluster Support Business Cluster Support Cluster Household Appliances Cluster Home Safety LAN App Plug-in Selector LAN App LAN App LAN App
  • 13. 13 Mapping on top OSGiMapping on top OSGi LAN K driver Communication Secure Service Discovery Secure Communication Bridge Utility Service Access Utility Service Applications OSGi Network bundles OSGi Device bundles OSGi Application bundles LAN K proxy LAN 1 driver LAN 1 proxy
  • 14. 14 Device 1 Device 2 Communication LAN2 Proxy LAN2 Driver LAN1 Proxy LAN1 Driver Bridge Utility Seamless Interworking in ActionSeamless Interworking in Action App-PDU App-PDU LAN2-PDU App-PDU LAN1-PDU App-PDU Cluster Energy Management Cluster Energy Management
  • 15. 15 LAN2 Proxy LAN2 Driver LAN1 Proxy LAN1 Driver Service Discovery Device 1 Search for Service Communication Device 2 Provides Service Service Discovery in ActionService Discovery in Action App Service Description Service Discovery Proxy LAN1 Service Description App Service Description App Service Description App Service Description Service Discovery Proxy LAN2 Service Description
  • 16. 16 OSGi and TEAHA Features and NeedsOSGi and TEAHA Features and Needs •• OSGiOSGi –– Targets wide application areaTargets wide application area •• Embedded and dedicatedEmbedded and dedicated devicesdevices –– ProvidesProvides specificationsspecifications for afor a serviceservice--oriented architectureoriented architecture –– Defines a computingDefines a computing environment forenvironment for networkednetworked servicesservices and isand is •• StandardizedStandardized •• Component orientedComponent oriented –– Embodies into aEmbodies into a serviceservice platformplatform with secure executionwith secure execution environmentenvironment –– Not supportedNot supported •• Device authenticationDevice authentication •• Platform management protocolPlatform management protocol •• TEAHATEAHA –– TargetsTargets •• Home applicationsHome applications andand •• RelationshipsRelationships with A/Vwith A/V applicationsapplications –– Provides specifications for aProvides specifications for a global home platform, focusesglobal home platform, focuses •• OpennessOpenness •• Secure communicationsSecure communications •• InteroperabilityInteroperability –– Defines a middleware platformDefines a middleware platform for seamless interworking offor seamless interworking of •• Wide variety of appliancesWide variety of appliances available in the homeavailable in the home environmentenvironment •• Heterogeneous networksHeterogeneous networks –– Embodies into a logical TEAHAEmbodies into a logical TEAHA devicedevice –– No open issuesNo open issues ☺☺
  • 17. 17 OSGi vs. TEAHA RegistrationOSGi vs. TEAHA Registration •• OSGiOSGi –– Registration of services inRegistration of services in the OSGi platformthe OSGi platform –– Registration with the localRegistration with the local OSGi registryOSGi registry •• Code/Bundle signingCode/Bundle signing •• PolicyPolicy--basedbased –– OSGi services use oneOSGi services use one anotheranother’’s services in thes services in the OSGi platformOSGi platform •• TEAHATEAHA –– Registration of TEAHARegistration of TEAHA devices in the wide homedevices in the wide home environmentenvironment –– Device registrationDevice registration requires touch & playrequires touch & play •• Secure zero configurationSecure zero configuration •• PolicyPolicy--basedbased –– Unregistered devices cannotUnregistered devices cannot use registered devicesuse registered devices’’ servicesservices –– DeviceDevice--Device serviceDevice service usageusage
  • 18. 18 TEAHA Devices and Security ModulesTEAHA Devices and Security Modules Security Module (SM) Security Session Manager Security Policy Manager Secure Storage Crypto Engine Generic Device Services Security Module Services X Y Z … TEAHA Device Network Interface User Services Device Services Device Internals Internal Services Key Features of a Security Module: • One SM per Device • SM = OSGi bundle • SM offers services to other bundles • SM initialized by manufacturer • Initialized SM ready to be used • Combination of hard- and software • Hardware Non-cloneable • Software Risk for cloning • Provide true strong authentication • Secure communications rely on SM • Insecure • Authenticity • Confidentiality • Secure = Auth. + Conf.
  • 19. 19 TEAHA Security Module ServicesTEAHA Security Module Services Sealed in a tamper evident enclosure, e.g., Integrity-protected log file or database, hardware enclosure,… Inner Kernel with security features Cryptographic Engine • Signing primitives and keys • Decryption primitives and keys • Secret master keys • Decrypt and re-encrypt (optional) Secure Storage • Device/user certificate(s), data,… • Trusted (CA) certificates • Session data (keys, logs) Functionality • Authenticate data • Verify authenticated data • Decrypt encrypted data • Encrypt plaintext data • Generate key pair • Generate secret key • Play key agreement protocol • Generate random data • Compare Local vs. Reference time • Convert security mechanism Implementationrelieson API Can be used for - Applications - Secure Communications
  • 20. 20 TEAHA Secure Communication TypesTEAHA Secure Communication Types Device I Device H Device J Device F Device E Device G Residential Gateway 7 Communications Tube 3 4 Application Data1 2 65 4 Security levels: • Protecting Integrity and/or Confidentiality Security parameters (keys): • Agreed on during device discovery
  • 21. 21 Secure Key Agreement with StationSecure Key Agreement with Station--ToTo--StationStation D2 sends a Pong message Pong (Session Identifier, Data (optional)) D1D1 Key Agreement Messages Secure Data Transfer D1 broadcasts a Ping message Ping (Session Identifier, Data (optional)) Data Transfer Secure Send/Receive (Session Identifier, Secured (optional) Data) D2D2 D2D2 Optional Confidentiality And/Or Integrity ProtectionData Transfer Secure Send/Receive (Session Identifier, Secured (optional) Data) 1 2 34 5 65 6 Device + Service Discovery Service Usage
  • 22. 22 RegistryRegistry Secure Service Discovery and Use withSecure Service Discovery and Use with RegistryRegistry D1D1 Service Query Actual Data Transfer Send/Receive (Session Identifier, Secured (optional) Data) Direct Service Selection Secure P2P Discovery and Usage D2D2 Actual Data Transfer Send/Receive (Session Identifier, Secured (optional) Data) 5 65 6 Optional 1 2 34 5 65 6
  • 23. 23 Registration of DevicesRegistration of Devices Registry Service Y Service X Service Z Registration Proof Z Registration Proof Y Registration Proof RG Registration Proof X Residential Gateway Device Y Device X Device Z Master Registry issues Proofs of Registration Strong Authentication (relying on Security Module) of Devices Device-Device communication requires valid Proof of Registration
  • 24. 24 Example: Only one Washing MachineExample: Only one Washing Machine Wash Washing Machine PingPing Ping Ping SMWM
  • 25. 25 Example: Registry Device Comes OnlineExample: Registry Device Comes Online Registry Residential Gateway Wash Washing Machine PingPing Ping Ping PingPing Ping Ping Registration Proof SMWM Registration Proof SMRG Residential Gateway (RG) assumes the role of a Registry Device RG is personalized for the home Issuing Registration Proof requires human interaction - Physical presence of the registered device - Knowledge of activation code of the new device
  • 26. 26 Example: Neighbor Installs Washing MachineExample: Neighbor Installs Washing Machine Registry Residential Gateway Wash Washing Machine PingPing Ping Ping PingPing Ping Ping Registration Proof SMWM Registration Proof SMRG Neighbor Apartment Registration Proof Wash Washing Machine PingPing Ping Ping SMWM’ Neighbor’s device is not physically present Cannot receive a Registration Proof
  • 27. 27 Example: Separate Registration DomainsExample: Separate Registration Domains Registry Residential Gateway Wash Washing Machine PingPing Ping Ping PingPing Ping Ping Registration Proof SMWM Registration Proof SMRG Neighbor Apartment Wash Registry Residential Gateway PingPing Ping Ping Registration Proof SMRG’ Registration ProofSMWM’ Washing Machine Neighbor’s devices receive Neighbor’s Registration Proofs Name space reflects where a device belongs to
  • 28. 28 ConclusionsConclusions •• TEAHA provides a secure and interoperableTEAHA provides a secure and interoperable architecture for networked home applicationsarchitecture for networked home applications •• Security Module is an OSGi bundle that providesSecurity Module is an OSGi bundle that provides –– Secure communications servicesSecure communications services –– Protection against cloning of the deviceProtection against cloning of the device –– Strong authentication of the device and servicesStrong authentication of the device and services •• Initialization of securityInitialization of security--related parametersrelated parameters embedded in the service discovery protocolembedded in the service discovery protocol
  • 29. Attend the 2nd TEAHA Open Forum November 28, 2005 Le Méridien - Nice, France http://www.nethttp://www.net--athome.com/colocated_teaha.phpathome.com/colocated_teaha.php
  • 30. 30 Secure Key Agreement with DiffieSecure Key Agreement with Diffie--HellmanHellman D1 Receives a Pong message Checks Authenticated (EK(data2)||αy) Calculates K= (αy)x Decrypts EK(data2) Processes data2 D2 Receives a Secured Data Transfer message Checks Authenticated (EK(data3)) D2 Decrypts the information within a session with D1 Decrypts EK(data3) D1 Prepares Secure Data Transfer Encrypts EK(data3) Authenticates EK(data3) D1 Broadcasts Secured Data Transfer message for D2 Broadcast of Authenticated (EK(data3)) D2 Receives a Ping message Checks Authenticated (data1||αx) Processes data1 Ping message sent from D1 to D2 Computes secret x Calculates αx Authenticates {data1||αx} D1 Broadcasts the Ping message Broadcast of Authenticated (data1||αx) D2 Prepares a Pong message for D1 Computes secret y Calculates αy Calculates K= (αx)y Encrypts data: EK(data2) Authenticates {EK(data2)||αy} D2 Broadcasts Pong message for D1 Broadcast of Authenticated (EK(data2)||αy) 1 2 3 4 5 6
  • 31. 31 TEAHA Service DiscoveryTEAHA Service Discovery Service Discovery Kernel Registry mgt Policy mgt Secure Communication Communication Service Access Utility Secure Service Discovery Security Support