terraswarm terraswarm
play

TerraSwarm TerraSwarm A Toolkit for Construction of Authorization - PowerPoint PPT Presentation

Feb 28, 2024 •204 likes •538 views

TerraSwarm TerraSwarm A Toolkit for Construction of Authorization Service Infrastructure for the Internet of Things (IoT) Hokeun Kim 1 , Eunsuk Kang 1 , Edward A. Lee 1 , David Broman 2 1 University of California, Berkeley 2 KTH Royal Institute

  1. TerraSwarm TerraSwarm A Toolkit for Construction of Authorization Service Infrastructure for the Internet of Things (IoT) Hokeun Kim 1 , Eunsuk Kang 1 , Edward A. Lee 1 , David Broman 2 1 University of California, Berkeley 2 KTH Royal Institute of Technology IoTDI 2017, Pittsburgh, PA April 19, 2017 Sponsored by the TerraSwarm Research Center, one of six centers administered by the STARnet phase of the Focus Center Research Program (FCRP) a Semiconductor Research Corporation program sponsored by MARCO and DARPA.

  2. Overview – IoT & Authorization • Internet of Things • Authorization (access control) – Critical for computer security Private data Control Benefits, but also challenges • Existing security solutions? • Proposed approach – SST – May work well for some parts of – SST: Secure Swarm Toolkit the IoT, but not for the entire IoT! – An open-source toolkit for building authorization infrastructure for the IoT – To address IoT security challenges 2 TerraSwarm Research Center

  3. Motivation • Challenges in IoT security [1] Heterogeneity Security requirements & resource availability • Connectivity (wired connections vs. mobile devices) • System management • 3 TerraSwarm Research Center [1] Singh et al., 2016. "Twenty Security Considerations for Cloud-Supported Internet of Things"

  4. Motivation (cont'd) • Challenges in IoT security [1] Operation in an open (or hostile) Environment Physical access & wireless access to IoT devices • Higher risk of being compromised • Must be able to revoke access of compromised IoT devices • 4 TerraSwarm Research Center [1] Singh et al., 2016. "Twenty Security Considerations for Cloud-Supported Internet of Things"

  5. Motivation (cont'd) • Challenges in IoT security [1] Sources: "Ericsson Mobility Report", June 2016 / "Cisco Global Cloud Index: Forecast and Methodology,2015–2020", Published in 2016 Scalability 28 billion connected devices in 2021 • 15.3 ZB data traffic in 2020 • 1 ZB (Zetta byte) = 10 9 TB (Terra bytes) – 5 TerraSwarm Research Center [1] Singh et al., 2016. "Twenty Security Considerations for Cloud-Supported Internet of Things"

  6. Background: Authorization & IoT • Authorization – Access control • "Can I enter the EECS building?" – Allowing/denying access to resources – Revoking access (e.g., lost ID card) • Authentication – Identifying someone/something • "Member of EECS?" – Essential for authorization 6 TerraSwarm Research Center

  7. Background (cont'd) • Many IoT platforms use TLS (or DTLS [2] ) for authentication/authorization – E.g., Amazon AWS IoT, OpenIoT [3] , OSCAR [4] , etc. • TLS (Transport Layer Security, also called SSL/TLS) – Underlying security protocol for HTTPS – Widely used, very successful for web [1] Variant of TLS over UDP, 2012 "Datagram Transport Layer Security Version 1.2. RFC 6347" [2] John Soldatos et al., 2015. "OpenIoT: Open Source Internet-of-Things in the Cloud" 7 TerraSwarm Research Center [3] Vucinic et al., 2015. "OSCAR: Object security architecture for the Internet of Things"

  8. Background (cont'd) • TLS based on a Certificate Authority (CA) digital certificate Certificate issued by CA Public-key cryptography Certificate Web Server Browser Encrypted Secure channel • Challenges with using TLS for the entire IoT – Energy overhead of public-key crypto & certificates – Scalability (managing certificates for ~28 billion devices) – Revocation of certificates can be problematic [1,2] – Limited support for one-to-many communication [1] Mutton, "Certificate revocation: Why browsers remain affected by Heartbleed", Netcraft, April, 2014 8 TerraSwarm Research Center [2] Duncan, "How certificate revocation (doesn’t) work in practice", Netcraft, May, 2013

  9. Background (cont'd) • Challenges with applying other security solutions Kerberos Authentication Server * Service Server Client * *Ticket: temporary token for accessing service Source: http://www.yuden.co.jp/ut/solutions/wsn/ – Kerberos [1] – Security solutions for "Things" • Advantages for access revocation • E.g., WSN, MANET or swarm devices • Requires stable connection • Assume homogeneous environments • Centralized architecture • Not designed for Internet scale [2] [1] C. Neuman et al., 2005. "The Kerberos Network Authentication Service (V5)". RFC 4120 [2] Alcaraz et al., 2010. "Wireless sensor networks and the internet of things: Do we need 9 TerraSwarm Research Center a complete integration?"

  10. Proposed Approach • SST – Secure Swarm Toolkit – An open-source toolkit for authentication/authorization of the IoT (available on https://github.com/iotauth) 10 TerraSwarm Research Center

  11. Proposed Approach (Cont'd) • Specific goals of SST Integration of existing security solutions (not inventing new Heterogeneity ones) Locally centralized and Open Environment globally distributed (Access Revocation) architecture Ease of deployment Scalability by local domain experts at a large scale 11 TerraSwarm Research Center

  12. SST’s Design and Implementation • Auth [1] – Locally centralized, globally distributed auth entication/ auth orization entity (software) – Java program to be deployed on edge devices [2] (e.g., Intel IoT gateways) Auth Personal Auth Area Auth Smart Home Medical Center Network Internet Auth Auth Auth Auth [1] A prototype of Auth has been Conference Room Auth proposed in Kim et al., 2016. "A Secure Auth Network Architecture for the Internet of Things Based on Local Authorization Electric Vehicle Factory Entities" Auth [2] Lopez et al., 2015. "Edge-centric Computing: Vision and Challenges” Auth 12 TerraSwarm Research Center Smart Power Grid

  13. Design and Implementation (cont'd) • Secure communication accessors Auth IoT Service Message Message – Software building blocks for securely accessing Auth and the IoT services Secure Comm Accessor – Encapsulate crypto keys & operations Encrypt & Crypto Process Generate authenticate – Help IoT developers who are not Key Message Message Message security experts Decrypt & verify IoT Application (Actor-oriented Program Model) – Currently available accessors (in JavaScript) – We're still at a starting point and working on more accessors! – For more information, see https://accessors.org 13 TerraSwarm Research Center

  14. Design and Implementation (cont'd) • Example: How SST (Auth and accessors) works Encrypted with Distribution Key between Auth and Client Auth Session Key I want to use IoT Service! Client IoT Service SecureCommServer SecureCommClient Process Request Client To Send Message Access Respond Response To Client From Service 14 TerraSwarm Research Center

  15. Design and Implementation (cont'd) • Example: How SST (Auth and accessors) works Auth Client IoT Service SecureCommServer SecureCommClient Initiate challenge-response Process Request Client To Send Message Access Respond Response To Client From Service Challenge-response [1] to check whether IoT Server has the same Session Key [1] Similar to TLS PSK extension by Eronen and Tschofenig. 15 TerraSwarm Research Center 2005. Pre-Shared Key Ciphersuites for TLS. RFC 4279.

  16. Design and Implementation (cont'd) • Example: How SST (Auth and accessors) works OK, Client can access this IoT Service. Encrypted with Distribution Key between Auth and IoT Server Auth Session Key Client IoT Service SecureCommServer SecureCommClient Initiate challenge-response Process Request Client To Send Message Access Respond Response To Client From Service 16 TerraSwarm Research Center

  17. Design and Implementation (cont'd) • Example: How SST (Auth and accessors) works Auth Client IoT Service SecureCommServer SecureCommClient Initiate challenge-response Process Request Finish challenge-response Client To Send Message Secure communication Access Respond Response To Client From Service Protected communication channel using session key and standard cryptography [2] [2] Followed TLS 1.2’s standard, including 17 TerraSwarm Research Center sequence number, encrypt-then-MAC

  18. Heterogeneity SST for Heterogeneity Open Env. Scalability • SST’s configuration alternatives Less energy More security Distribution key Underlying protocol overhead guarantees D-3 P-2 Updated using public key TCP D-2 Permanent P-1 D-1 UDP No direct key distribution Crypto strength Cached session keys & key lifetimes K-3 K-2 K-1 C-1 C-2 C-3 Unlimited Multiple One Lightweight & long Strong & short Two (server-client) Authentication only O-1 S-1 More than two (broadcasting) Encryption O-2 S-2 Unlimited Ephemeral Diffie-Hellman Effect of knobs will be shown O-3 Number of S-3 through experiments! Session key usage session key sharers 18 TerraSwarm Research Center

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TerraSwarm TerraSwarm An Integrated Simulation Tool for Computer Architecture and Cyber-Physical

TerraSwarm TerraSwarm An Integrated Simulation Tool for Computer Architecture and Cyber-Physical

TerraSwarm TerraSwarm An Integrated Simulation Tool for Computer Architecture and Cyber-Physical Systems Hokeun Kim 1,2 , Armin Wasicek 3 , and Edward A. Lee 1 1 University of California, Berkeley 2 LinkedIn Corp. 3 Technical University Vienna

824 views • 35 slides
Session 1: Concepts & Language Refsesher P . S. Langeslag 22 October 2019 Concepts

Session 1: Concepts & Language Refsesher P . S. Langeslag 22 October 2019 Concepts

Session 1: Concepts & Language Refsesher P . S. Langeslag 22 October 2019 Concepts Religious Dimensions ? Ritual Ethics Religion Belief ? Experience Tradition Religious Dimensions ? Ritual Ethics Religion Belief ? Experience

518 views • 31 slides
APRIL 21, 2016 INTRODUCTION 2015 @ YYC LOOKING AHEAD Introduction Across Canada

APRIL 21, 2016 INTRODUCTION 2015 @ YYC LOOKING AHEAD Introduction Across Canada

APRIL 21, 2016 INTRODUCTION 2015 @ YYC LOOKING AHEAD Introduction Across Canada Airports Drive the Economy 150,000 on-airport jobs 135 million passengers per year $25 billion infrastructure investment $40

1.26k views • 99 slides
K. Christs rebuke of Peter Matthew 16:21 23, Mark 8:31 33, Luke 9:22 1. Matthew

K. Christs rebuke of Peter Matthew 16:21 23, Mark 8:31 33, Luke 9:22 1. Matthew

K. Christs rebuke of Peter Matthew 16:21 23, Mark 8:31 33, Luke 9:22 1. Matthew 16:21 Jesus told His disciples that Messiahs role as the suffering Servant had to come before He could reign as King. 2. Matthew 16:22 Peter

369 views • 32 slides
THE YEAR OF FAITH PARISH WORKSHOP GO AND ANNOUNCE THE GOSPEL OF THE LORD THE CALL IS FOR ALL

THE YEAR OF FAITH PARISH WORKSHOP GO AND ANNOUNCE THE GOSPEL OF THE LORD THE CALL IS FOR ALL

THE YEAR OF FAITH PARISH WORKSHOP GO AND ANNOUNCE THE GOSPEL OF THE LORD THE CALL IS FOR ALL Every baptised Christian has a duty to bring others into a fuller understanding of the Gospel and into a more personal relationship with Jesus Christ.

447 views • 10 slides
The Australian Grains Industry Conference Factors Influencing the Australian and Asian Economies

The Australian Grains Industry Conference Factors Influencing the Australian and Asian Economies

The Australian Grains Industry Conference Factors Influencing the Australian and Asian Economies Opportunities for Australian Agribusiness Graham Hodges Deputy CEO 28 July 2015 Summary conclusions Real global economic growth will

289 views • 13 slides
EVALUATION OF ANIMAL WELFARE DURING TRANSPORT OF SHEEP FOR SLAUGHTER. POR: MIGUEL ANGEL PULIDO

EVALUATION OF ANIMAL WELFARE DURING TRANSPORT OF SHEEP FOR SLAUGHTER. POR: MIGUEL ANGEL PULIDO

UNIVERSIDAD AUTNOMA DEL EST ADO DE MXICO FACUL T AD DE MEDICINA VETERINARIA Y ZOOTECNIA PCARN EVALUATION OF ANIMAL WELFARE DURING TRANSPORT OF SHEEP FOR SLAUGHTER. POR: MIGUEL ANGEL PULIDO RODRIGUEZ D2 COMIT TUTORIAL: DRA. MARA ANTONIA

347 views • 20 slides
Reachi hing ng v very r y remo mote und nderscreene ned p popula lations ns cha

Reachi hing ng v very r y remo mote und nderscreene ned p popula lations ns cha

Reachi hing ng v very r y remo mote und nderscreene ned p popula lations ns cha halle lleng nges a and nd opportuni nities Andr&Langlois,&quipe&dvaluation6 DAESSS6

614 views • 26 slides
Announcements Dont forget to work on your literature review (due April 11th) The literature

Announcements Dont forget to work on your literature review (due April 11th) The literature

Announcements Dont forget to work on your literature review (due April 11th) The literature review should be roughly three to five pages and include proper citations It should cover the relevant literature related to your topic It should

597 views • 38 slides
Webinar 8: How to improve postharvest management for horticultural crops Horticulture for

Webinar 8: How to improve postharvest management for horticultural crops Horticulture for

Webinar 8: How to improve postharvest management for horticultural crops Horticulture for Development Professional Series Questions? Email horticulture@ucdavis.edu Importance of Good Postharvest Handling (like Good Agricultural Practices

426 views • 11 slides
SPARQLytics: Multidimensional Analytics for RDF Michael Rudolf Database Technology Group,

SPARQLytics: Multidimensional Analytics for RDF Michael Rudolf Database Technology Group,

SPARQLytics: Multidimensional Analytics for RDF Michael Rudolf Database Technology Group, Technische Universitt Dresden March 8, 2017 Agenda Motivation RDF and SPARQL Multidimensional Analytics for RDF 2 Motivation Focus of Interest

469 views • 25 slides
Bayesian Network Resampling for the Analysis of Functional Relationships Marco Scutari

Bayesian Network Resampling for the Analysis of Functional Relationships Marco Scutari

Bayesian Network Resampling for the Analysis of Functional Relationships Marco Scutari marco.scutari@stat.unipd.it Department of Statistical Sciences University of Padova October 12, 2010 Marco Scutari University of Padova The Journal

392 views • 25 slides
BACK to Basics: The Diagnosis and Management of Low Back Pain Cindy J. Chang M.D. UCSF Primary

BACK to Basics: The Diagnosis and Management of Low Back Pain Cindy J. Chang M.D. UCSF Primary

2016 Annual Review in Family Medicine December 5, 2016 BACK to Basics: The Diagnosis and Management of Low Back Pain Cindy J. Chang M.D. UCSF Primary Care Sports Medicine Associate Clinical Professor of Orthopaedics and Family and Community

834 views • 68 slides
MULTI-FAMILY Vacancy is 6.4% +0.7% over 2010 and +1.3% since 2007 PRESENTED BY: Rent

MULTI-FAMILY Vacancy is 6.4% +0.7% over 2010 and +1.3% since 2007 PRESENTED BY: Rent

3/18/2012 Hampton Roads Overview 2012 HAMPTON ROADS REAL ESTATE MARKET REVIEW The average rent is currently $926/month ($.98/SF) +$26 over 2010 and +$64 since 2007 MULTI-FAMILY Vacancy is 6.4% +0.7% over 2010 and +1.3% since 2007

172 views • 3 slides
Mother of Unity God is all goodness and everywhere present. He

Mother of Unity God is all goodness and everywhere present. He

Myrtle Fillmore Mother of Unity God is all goodness and everywhere present. He is the loving Father, and I am His child and have all His a:ributes of

568 views • 12 slides
About the Classroom Congratulations! This Photo by Unknown Author is licensed under CC BY-SA-NC

About the Classroom Congratulations! This Photo by Unknown Author is licensed under CC BY-SA-NC

Te box! There will be time access. have microphone Only our presenters nes hone cropho Microp at the end for questions. Type them in the chat Tech stions? Questions? through Q&A. Send a message es? sues? Issu ch Is About the

340 views • 15 slides
Presents Kindergarten Readiness Workshops October 2017 Hosted by Southington YMCA Early Learning

Presents Kindergarten Readiness Workshops October 2017 Hosted by Southington YMCA Early Learning

Presents Kindergarten Readiness Workshops October 2017 Hosted by Southington YMCA Early Learning Center Goals of Early Childhood Collaborative 1) Advocating for high quality preschool and childcare 2) Empowering parents, families and

194 views • 7 slides
Welcome to 5th Grade!!! Housekeeping Items As you have questions, please write them down in the

Welcome to 5th Grade!!! Housekeeping Items As you have questions, please write them down in the

Welcome to 5th Grade!!! Housekeeping Items As you have questions, please write them down in the chat or wait until the end of the presentation. I will answer any questions in the chat or asked aloud at the end. This meeting will be

454 views • 22 slides
Investor Call FOURTH QUARTER 2018 JANUARY 16, 2019 Time: 8:30 AM CST Webcast: www.pnfp.com

Investor Call FOURTH QUARTER 2018 JANUARY 16, 2019 Time: 8:30 AM CST Webcast: www.pnfp.com

Investor Call FOURTH QUARTER 2018 JANUARY 16, 2019 Time: 8:30 AM CST Webcast: www.pnfp.com (investor relations) Audio only: 877-602-7944 M. TERRY TURNER, PRESIDENT AND CEO HAROLD R. CARPENTER, EVP AND CFO Safe Harbor Statements Forward

990 views • 50 slides
Determining Land Use 2 Here are a few questions for group discussion 1 Determining Land Use and

Determining Land Use 2 Here are a few questions for group discussion 1 Determining Land Use and

Determining Land Use and On-site/Off-Site Determinations Participant Manual Federal Facilities Academy Determining Land Use and On-site/Off-site Determinations FEDERAL FACILITIES ACADEMY WEBINAR FEDERAL FACILITIES RESTORATION AND REUSE OFFICE

465 views • 32 slides
Information Technology Information Technology at Small Colleges at Small Colleges ASCUE

Information Technology Information Technology at Small Colleges at Small Colleges ASCUE

Information Technology Information Technology at Small Colleges at Small Colleges ASCUE ASCUE 2005 2005 Myrtle Beach, SC Myrtle Beach, SC June 13, 2005 June 13, 2005 ASCUE'2005 - ASCUE'2005 - June 2005 June 2005 1 1 David V.

495 views • 24 slides
Keeping Up with the Congressmen Evaluating Constituents Awareness of Redistricting .

Keeping Up with the Congressmen Evaluating Constituents Awareness of Redistricting .

Background Data and Findings Conclusions . Keeping Up with the Congressmen Evaluating Constituents Awareness of Redistricting . Christopher N. Lawrence 1 Scott H. Huffmon 2 1 Assistant Professor of Political Science, Middle Georgia State

716 views • 28 slides
1 Peter Series Lesson #015 May 7, 2015 Dean Bible Ministries www.deanbibleministries.org Dr.

1 Peter Series Lesson #015 May 7, 2015 Dean Bible Ministries www.deanbibleministries.org Dr.

1 Peter Series Lesson #015 May 7, 2015 Dean Bible Ministries www.deanbibleministries.org Dr. Robert L. Dean, Jr. T HE T RIUNE G OD : T HE S ON 1 P ETER 1:3 1 Pet. 1:3, Blessed be the God and Father of our Lord Jesus Christ, who according

581 views • 29 slides
ACHD Transportation-Land Use (Draft Findings) ACHD Integration Plan (TLIP) Slide #: 1 LOS

ACHD Transportation-Land Use (Draft Findings) ACHD Integration Plan (TLIP) Slide #: 1 LOS

Variable LOS Transportation-Land Use Integration Plan ACHD Transportation-Land Use (Draft Findings) ACHD Integration Plan (TLIP) Slide #: 1 LOS Background Variable LOS Transportation-Land Use Integration Plan The first effort by ACHD

260 views • 22 slides

More recommend