K.U.Leuven ESAT/SCD/COSIC Computer Security and Industrial - - PowerPoint PPT Presentation
K.U.Leuven ESAT/SCD/COSIC Computer Security and Industrial Cryptography Danny De Cock Danny.DeCock@esat.kuleuven.be Katholieke Universiteit Leuven/Dept. Elektrotechniek (ESAT) Computer Security and Industrial Cryptography (COSIC) Kasteelpark
Computer Security and Industrial Cryptography
Katholieke Universiteit Leuven/Dept. Elektrotechniek (ESAT) Computer Security and Industrial Cryptography (COSIC) Kasteelpark Arenberg 10 B-3001 Heverlee Belgium
June 2005 2
!SCD Chief: Prof. Dr. Joos Vandewalle !COSIC chiefs: Prof. Bart Preneel, Dr. Ingrid Verbauwhede !Contact data:
"Kasteelpark Arenberg 10, B-3001 Leuven (Belgium) "Telephone: +32-(0)16 321148 "Fax: +32(0)16 321969 "Email: bart.preneel@esat.kuleuven.be "Website: http://www.esat.kuleuven.be/cosic
Mission statement: Creating electronic equivalent of the real world:
"
confidentiality, digital signature, anonymity, privacy, payments, non-repudiation, digital right managements, elections
!
"
key management: ad hoc networks, PKI, group keying
"
anonymous communications and services
"
software tamper resistance and obfuscation
"
software agents
"
trusted systems: TCG/NGSCB, TPM…
"
e-document security and XML: XADES
!
Applications:
"
electronic payments, e-commerce, m-commerce and secure e-banking
"
e-government: electronic ID card
"
electronic voting: Cybervote
"
securing mobile and wireless communications: UMTS, WLAN, PAN….
"
ambient intelligence
June 2005 4
June 2005 5
!
"
EU/IST/FIDIS – Future of Identity in the Information Society
"
EU/IST/PRIME – Privacy and Identity Management in Europe
"
EU/MODINIS/ModinisIDM – Study on Identity Management in e-government of the European Member States
! With Lawfort (B) and A-SIT (AT)
!
"
EU/IST/GST – Global System for Telematics
"
EU/IST/TEAHA – The European Home Alliance
"
B/IWT/ADAPID – Advanced Applications of Electronic Identity Cards
"
B/IBBT/IDEM – Identity Management Systems for Federal and Flemish eGovernment
"
B/IBBT/INDEX – Inter-governmental Data Exchange between Federal and Flemish Administrations
"
B/IBBT/IPEA – Innovative Platform for Electronic Archiving
Date : June, 2004 Location : Athens, Greece Authors : Danny De Cock, K.U.Leuven
June 2005 7
!
Merloni Washing Machine
"
Ultra-low cost power line connection
"
TEAHA Smart Adapter
!
Zigbee/EHS/KNX/Bluetooth
!
Ultra-low cost power line connection
!
Residential Gateway
"
OSGi framework
"
Zigbee/EHS/KNX
"
Ethernet / Wifi / ADSL
!
EDF Power Meter
"
Serial line interface
!
Telefonica Back-End
"
OSGi based platforms for Aggregating services
"
Content and Service Provision/Service Aggregator
Multimedia Cluster Energy mgt Cluster ULC PLC EHS Zigbee Bluetooth UPnP RS232 Household Appliance Cluster Service Provider
June 2005 8
Based on implementation complexity and cost:
!
No security mechanisms
!
Non-cryptographic techniques (e.g., CRC, hardware enclosures,…)
!
Combine all of the above with cryptographic techniques Different security levels protect data in transit and persistently:
!
Ignore data protection
!
Protect data integrity and/or its confidentiality Different security layers to provide:
!
End-to-End security for users and applications
!
Point-to-Point secure communications
June 2005 9
TEAHA devices Residential Gateway
Remote User
Any Network Any Network
!
"
Simple hierarchy of devices, users, service providers
"
Seamless interoperability and interaction with other devices
"
Initialization of security parameters during device and service discovery
"
Implicit asset protection of registered TEAHA devices
!
#
Minimizes maintenance costs
#
Suited for a highly dynamic client-service architecture
!
#
Ideal and easy to understand and verify
!
#
Isolation of security features from non-critical code
!
#
Increased network privacy through transparent access control
June 2005 10
!
!
Registry Residential Gateway Wash Washing Machine
Ping Ping Ping Ping
Registration Proof SMWM Registration Proof SMRG Wash Washing Machine Registry Residential Gateway
Ping Ping Ping Ping
Registration Proof SMRG’ Registration Proof SMWM’ GUI User PC Registration Proof SMUPC Routing Internet Gateway Registration Proof SMIG
June 2005 11
Secure Communications Tunnel
Application Data
Application Data Securely Exchanged between Device 1 and 2 Store and Forward of Application Data, Allows for Heterogeneous Security Mechanisms Application Data Converter, Point to Point Secure Communications
Security Module
Hardware Component (optional)
secure confidential authenticate insecure
June 2005 12
June 2005 13
!
Loading new coins initiated/approved by washing machine user
!
Secure Smart Adapter acts as a protective shell around the machine
!
End to end security:
"
Service Provider validates request authenticated by Secure Smart Adapter
"
Secure Smart Adapter validates response from Service Provider
!
Triggered from non-home environment, e.g., Service Provider
!
Enters the home environment through a Residential Gateway
!
Request finds its way to the washing machine Secure Smart Adapter
!
Adapter processes the request and forwards it
"
Challenge-response query
!
Response is sent back through the same path
Pay Per Use Washing Machine Service Provider
June 2005 14
A Registry registers the new services New Device New Device Registry Search Device searches a registry Registry Registry Registry Registry Registry Registry The new device can only operate as a true TEAHA device if a Registry approves its existence
1 2 3 4
Existing TEAHA Device Existing TEAHA Device Existing TEAHA Device Existing TEAHA Device Existing TEAHA Device Existing TEAHA Device Optional: Go away – you do not exist!! Hi, I am new around here, could you help me?
a b c d
June 2005 15
Registry Registry
D1 D1 Service Query Data Transfer Direct Service Selection Secure P2P Discovery and Usage D2 D2
5 6 5 6
Optionally Through Security Tunnel
1 2 3 4 5 6 5 6
Ping Pong Data Transfer
June 2005 16
TEAHA http://www.teaha.org Myself
Danny.DeCock@esat.kuleuven.be http://www.esat.kuleuven.be/~decockd